The purpose of this Sample Question Set is to provide you with information about the GIAC Cloud Penetration Tester (GCPN) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GCPN certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GCPN Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Cloud Penetration Tester (GCPN) certification exam.
These sample questions are simple and basic questions that represent likeness to the real GIAC Cloud Penetration Tester exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium GIAC GCPN Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.
GIAC GCPN Sample Questions:
01. Which tool is commonly used to enumerate Azure Functions for security assessments?
a) Azucar
b) Nikto
c) SQLmap
d) Metasploit
02. A security team detects unauthorized API calls originating from an unknown IP address via Azure CLI. What is the best remediation action?
a) Delete all virtual machines running in Azure
b) Increase the timeout limit for API requests
c) Rotate API keys and revoke all active CLI sessions
d) Allow list the unknown IP address for investigation
03. Which stealth techniques can Red Teams use to evade detection in cloud penetration testing?
(Choose two)
a) Rotating API keys frequently
b) Using cloud-based VPNs for lateral movement
c) Disabling cloud security monitoring tools
d) Implementing role assumption techniques in AWS
04. What security measures should be implemented to prevent unauthorized discovery of cloud resources?
(Choose two)
a) Enforce least privilege access policies
b) Enable logging and monitoring for API calls
c) Disable firewall protections to reduce latency
d) Allow unrestricted access to cloud storage
05. During a security audit, you find that a Windows Container is running with excessive privileges and can access the host system. What is the best mitigation strategy?
a) Apply the principle of least privilege to the container permissions
b) Increase the memory allocation to improve container performance
c) Restart the container every hour to reduce attack risk
d) Remove logging configurations to prevent unauthorized access
06. What methods can be used to discover exposed cloud databases?
(Choose two)
a) Restricting database connections
b) Cloud SQL enumeration tools
c) Shodan searches for cloud-based databases
d) Removing all database logs
07. Which of the following techniques can be used to secure Windows Containers in Azure?
(Choose two)
a) Enforcing least privilege container permissions
b) Running all containers as root users
c) Enabling Microsoft Defender for Containers
d) Allowing unrestricted outbound network access
08. What is the primary security risk of exposing API keys in web applications?
a) Reduced CPU performance in virtual machines
b) Increased application latency
c) Inability to execute server-side code
d) Unauthorized access to cloud services
09. You are performing a penetration test on an AWS environment and discover an IAM policy that grants "s3:*" permissions to "Principal":"*" on an S3 bucket. What is the most significant security risk associated with this configuration?
a) The S3 bucket may be deleted accidentally
b) Unauthorized users can read, write, and delete objects in the S3 bucket
c) AWS Lambda functions will fail to execute
d) The S3 bucket performance will degrade
10. How can attackers harvest usernames in Azure Active Directory environments?
a) By using OpenID Connect (OIDC) enumeration
b) By disabling logging in Azure Monitor
c) By modifying cloud storage permissions
d) By using SQL injection on cloud databases
Answers:
Question: 01
Answer: a |
Question: 02
Answer: c |
Question: 03
Answer: b, d |
Question: 04
Answer: a, b |
Question: 05
Answer: a |
Question: 06
Answer: b, c |
Question: 07
Answer: a, c |
Question: 08
Answer: d |
Question: 09
Answer: b |
Question: 10
Answer: a |
Note: For any error in GIAC Cloud Penetration Tester (GCPN) certification exam sample questions, please update us by writing an email on feedback@edusum.com.
