Practice CEH Wireless, IoT and Cloud Security questions with full explanations on every answer.
Start practicing
Wireless, IoT and Cloud Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A security analyst discovers that an IoT device in a smart building is periodically sending small DNS queries to an external domain known for command-and-control activity. Which security control should be implemented to detect and block such traffic without disrupting legitimate operations?
2A cloud security engineer notices that an S3 bucket containing sensitive customer data is configured with a bucket policy that allows 'Principal': '*' and 'Action': 's3:GetObject'. The bucket is not publicly accessible via the AWS Management Console, but the engineer is concerned about data exposure. What is the most likely risk?
3During a penetration test of a corporate wireless network, you capture a WPA2 handshake and successfully recover the PSK. Later, you notice that some clients are using WPA3-Personal. Which attack could be used to downgrade a WPA3 client to WPA2 and capture its handshake?
4A company deploys IoT sensors in a remote facility with limited bandwidth. The sensors send small data packets every few seconds. Which wireless technology is most appropriate for this application?
5A security analyst detects multiple failed authentication attempts on a cloud-based SSH server from a single IP address. The analyst implements a rule to block that IP. However, the attacks continue from different IPs. Which additional control should be implemented to reduce the attack surface?
6During a wireless penetration test, you discover that the target network uses WPA2-Enterprise with PEAP-MSCHAPv2. You capture the authentication traffic of a legitimate user. Which attack can you perform to recover the user's domain credentials?
7A company uses a cloud-based identity provider (IdP) for single sign-on (SSO). Which security control is most effective in preventing account takeover due to credential stuffing?
8An organization deploys a fleet of IoT cameras that communicate with a central server over the internet. The cameras use HTTP to send video streams. What is the most critical security improvement to protect the video data in transit?
9Which TWO of the following are effective countermeasures against rogue access point attacks on a corporate wireless network?
10Which THREE of the following are common security risks associated with cloud computing?
11Which TWO of the following are characteristics of a Bluetooth Low Energy (BLE) IoT device that make it suitable for a battery-powered sensor?
12Which THREE of the following are best practices for securing IoT devices in a home automation network?
13Refer to the exhibit. During a wireless audit, you capture a beacon frame from a corporate access point. What is the most significant security concern based on this information?
14Refer to the exhibit. A security analyst reviews a CloudTrail log entry. What is the primary security concern indicated by this log?
15A security analyst notices unusual traffic from a smart thermostat to an external IP address. The thermostat is on a separate IoT VLAN. Which action should the analyst take to investigate and mitigate the threat?
16During a penetration test, an ethical hacker captures a WPA2 handshake and successfully cracks the PSK. Which additional action must be taken to decrypt previously captured traffic?
17A cloud security engineer wants to ensure that only authorized users can access an S3 bucket containing sensitive data. Which AWS service should be used to enforce fine-grained access control?
18Which TWO of the following are common security risks associated with bring-your-own-device (BYOD) policies in a corporate environment?
19You are the security lead for a multinational corporation that uses a hybrid cloud architecture with AWS and on-premises data centers. The company recently deployed a fleet of IoT sensors in a remote factory to monitor equipment. These sensors communicate via MQTT to an AWS IoT Core endpoint, which forwards data to an S3 bucket and a DynamoDB table. The factory network is isolated but has a site-to-site VPN to the corporate HQ. Over the past week, the S3 bucket has experienced an unusual number of PUT requests from an IP address that resolves to a known malicious host. The DynamoDB table shows write spikes at odd hours. The MQTT broker logs indicate that some sensors are publishing data with invalid client IDs. Meanwhile, the VPN logs show no anomalies. You need to identify the likely attack vector and recommend a course of action. Which of the following is the BEST course of action?
20A penetration tester is assessing the security of a smart building's IoT infrastructure. The building uses Zigbee sensors for temperature and motion detection, and some devices communicate using MQTT over Wi-Fi. During the assessment, the tester captures traffic and notices that some Zigbee devices are sending unencrypted frames containing sensor IDs and values. Which TWO actions should the tester recommend to mitigate the identified vulnerabilities? (Choose two.)
21A security analyst reviews the iptables firewall configuration on a Linux server acting as a gateway for a small office. The server has two interfaces: eth0 (external) and eth1 (internal, 192.168.1.0/24). Based on the exhibit, which of the following is a valid security concern?
22You are a security consultant for a mid-sized company that recently migrated its customer relationship management (CRM) system to a public cloud provider (AWS). The CRM is a web application behind an Application Load Balancer (ALB) with WAF enabled. The application stores sensitive customer data in an RDS MySQL database. The security team has configured security groups to allow only HTTPS (443) from the internet to the ALB, and from the ALB to the application servers on port 8080. The application servers can connect to the database on port 3306. During a routine vulnerability scan, you discover that the database is publicly accessible from the internet on port 3306, which contradicts the intended design. You verify that the security group for the database allows inbound traffic from 0.0.0.0/0 on port 3306. The database contains unencrypted personal identifiable information (PII). What is the most effective immediate action to remediate this vulnerability?
23Drag and drop the steps to perform a SQL injection attack manually into the correct order.
24Match each footprinting technique to its description.
The Wireless, IoT and Cloud Security domain covers the key concepts tested in this area of the CEH exam blueprint published by EC-Council. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CEH domains — no account required.
The Courseiva CEH question bank contains 24 questions in the Wireless, IoT and Cloud Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Wireless, IoT and Cloud Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included