Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCEHDomainsWireless, IoT and Cloud Security
CEHFree — No Signup

Wireless, IoT and Cloud Security

Practice CEH Wireless, IoT and Cloud Security questions with full explanations on every answer.

24questions

Start practicing

Wireless, IoT and Cloud Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CEH Domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice Wireless, IoT and Cloud Security questions

10Q20Q30Q50Q

All CEH Wireless, IoT and Cloud Security questions (24)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A security analyst discovers that an IoT device in a smart building is periodically sending small DNS queries to an external domain known for command-and-control activity. Which security control should be implemented to detect and block such traffic without disrupting legitimate operations?

2

A cloud security engineer notices that an S3 bucket containing sensitive customer data is configured with a bucket policy that allows 'Principal': '*' and 'Action': 's3:GetObject'. The bucket is not publicly accessible via the AWS Management Console, but the engineer is concerned about data exposure. What is the most likely risk?

3

During a penetration test of a corporate wireless network, you capture a WPA2 handshake and successfully recover the PSK. Later, you notice that some clients are using WPA3-Personal. Which attack could be used to downgrade a WPA3 client to WPA2 and capture its handshake?

4

A company deploys IoT sensors in a remote facility with limited bandwidth. The sensors send small data packets every few seconds. Which wireless technology is most appropriate for this application?

5

A security analyst detects multiple failed authentication attempts on a cloud-based SSH server from a single IP address. The analyst implements a rule to block that IP. However, the attacks continue from different IPs. Which additional control should be implemented to reduce the attack surface?

6

During a wireless penetration test, you discover that the target network uses WPA2-Enterprise with PEAP-MSCHAPv2. You capture the authentication traffic of a legitimate user. Which attack can you perform to recover the user's domain credentials?

7

A company uses a cloud-based identity provider (IdP) for single sign-on (SSO). Which security control is most effective in preventing account takeover due to credential stuffing?

8

An organization deploys a fleet of IoT cameras that communicate with a central server over the internet. The cameras use HTTP to send video streams. What is the most critical security improvement to protect the video data in transit?

9

Which TWO of the following are effective countermeasures against rogue access point attacks on a corporate wireless network?

10

Which THREE of the following are common security risks associated with cloud computing?

11

Which TWO of the following are characteristics of a Bluetooth Low Energy (BLE) IoT device that make it suitable for a battery-powered sensor?

12

Which THREE of the following are best practices for securing IoT devices in a home automation network?

13

Refer to the exhibit. During a wireless audit, you capture a beacon frame from a corporate access point. What is the most significant security concern based on this information?

14

Refer to the exhibit. A security analyst reviews a CloudTrail log entry. What is the primary security concern indicated by this log?

15

A security analyst notices unusual traffic from a smart thermostat to an external IP address. The thermostat is on a separate IoT VLAN. Which action should the analyst take to investigate and mitigate the threat?

16

During a penetration test, an ethical hacker captures a WPA2 handshake and successfully cracks the PSK. Which additional action must be taken to decrypt previously captured traffic?

17

A cloud security engineer wants to ensure that only authorized users can access an S3 bucket containing sensitive data. Which AWS service should be used to enforce fine-grained access control?

18

Which TWO of the following are common security risks associated with bring-your-own-device (BYOD) policies in a corporate environment?

19

You are the security lead for a multinational corporation that uses a hybrid cloud architecture with AWS and on-premises data centers. The company recently deployed a fleet of IoT sensors in a remote factory to monitor equipment. These sensors communicate via MQTT to an AWS IoT Core endpoint, which forwards data to an S3 bucket and a DynamoDB table. The factory network is isolated but has a site-to-site VPN to the corporate HQ. Over the past week, the S3 bucket has experienced an unusual number of PUT requests from an IP address that resolves to a known malicious host. The DynamoDB table shows write spikes at odd hours. The MQTT broker logs indicate that some sensors are publishing data with invalid client IDs. Meanwhile, the VPN logs show no anomalies. You need to identify the likely attack vector and recommend a course of action. Which of the following is the BEST course of action?

20

A penetration tester is assessing the security of a smart building's IoT infrastructure. The building uses Zigbee sensors for temperature and motion detection, and some devices communicate using MQTT over Wi-Fi. During the assessment, the tester captures traffic and notices that some Zigbee devices are sending unencrypted frames containing sensor IDs and values. Which TWO actions should the tester recommend to mitigate the identified vulnerabilities? (Choose two.)

21

A security analyst reviews the iptables firewall configuration on a Linux server acting as a gateway for a small office. The server has two interfaces: eth0 (external) and eth1 (internal, 192.168.1.0/24). Based on the exhibit, which of the following is a valid security concern?

22

You are a security consultant for a mid-sized company that recently migrated its customer relationship management (CRM) system to a public cloud provider (AWS). The CRM is a web application behind an Application Load Balancer (ALB) with WAF enabled. The application stores sensitive customer data in an RDS MySQL database. The security team has configured security groups to allow only HTTPS (443) from the internet to the ALB, and from the ALB to the application servers on port 8080. The application servers can connect to the database on port 3306. During a routine vulnerability scan, you discover that the database is publicly accessible from the internet on port 3306, which contradicts the intended design. You verify that the security group for the database allows inbound traffic from 0.0.0.0/0 on port 3306. The database contains unencrypted personal identifiable information (PII). What is the most effective immediate action to remediate this vulnerability?

23

Drag and drop the steps to perform a SQL injection attack manually into the correct order.

24

Match each footprinting technique to its description.

Practice all 24 Wireless, IoT and Cloud Security questions

Other CEH exam domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksCryptography and Malware AnalysisSocial Engineering and Physical Security

Frequently asked questions

What does the Wireless, IoT and Cloud Security domain cover on the CEH exam?

The Wireless, IoT and Cloud Security domain covers the key concepts tested in this area of the CEH exam blueprint published by EC-Council. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CEH domains — no account required.

How many Wireless, IoT and Cloud Security questions are in the CEH question bank?

The Courseiva CEH question bank contains 24 questions in the Wireless, IoT and Cloud Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Wireless, IoT and Cloud Security for CEH?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Wireless, IoT and Cloud Security questions for CEH?

Yes — the session launcher on this page draws questions exclusively from the Wireless, IoT and Cloud Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CEH domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

PT0-002CS0-003SY0-701200-201