7.3.3 Quiz – Cloud, Mobile, and IoT Security Answers

7.3.3 Quiz – Cloud, Mobile, and IoT Security Answers

1. Which term is an essential characteristic of cloud computing as defined in NIST SP 800-145?

  • centralized storage
  • resource pooling
  • reduced bandwidth requirements
  • slow elasticity

Explanation: NIST SP 800-145 defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

The five essential characteristics of cloud computing are:
– On-demand self-service
– Broad network access
– Resource pooling
– Rapid elasticity
– Measured service

2. Which cloud technology attack method involves breaching the infrastructure to gather and steal information such as valid usernames, passwords, tokens, and PINs?

  • account takeover
  • credential harvesting
  • privilege escalation
  • side-channel attacks

Explanation: Credential harvesting is the act of gathering and stealing valid usernames, passwords, tokens, PINs, and any other types of credentials through infrastructure breaches.

3. Which cloud technology attack method could exploit a bug in a software application to gain access to resources that normally would not be accessible to a user?

  • account takeover
  • credential harvesting
  • privilege escalation
  • side-channel attacks

Explanation: Privilege escalation is exploiting a bug or design flaw in a software or firmware application to access resources normally protected from an application or a user.

4. Which term describes when a lower-privileged user accesses functions reserved for higher-privileged users?

  • vertical privilege escalation
  • horizontal privilege escalation
  • credential harvesting
  • metadata service attacks

Explanation: Vertical privilege escalation occurs when a lower-privileged user accesses functions reserved for higher-privileged users (for example, a standard user accessing functions of an administrator).

5. Which cloud technology attack method could a threat actor use to access a user or application account that allows access to more accounts and information?

  • account takeover
  • metadata service attacks
  • resource exhaustion and DoS attacks
  • side-channel attacks

Explanation: In an account takeover attack, the threat actor gains access to a user or application account and uses it to access more accounts and information.

6. Which tool could be used to find vulnerabilities that could lead to metadata service attacks?

  • Nimbostratus
  • Clair
  • Falco
  • Dagda

Explanation: Tools such as nimbostratus (https://github.com/andresriancho/nimbostratus) can be used to find vulnerabilities that could lead to metadata service attacks.

7. Which cloud technology attack method could generate crafted packets to cause a cloud application to crash?

  • resource exhaustion attack
  • account takeover
  • metadata service attack
  • side-channel attack

Explanation: Threat actors can launch strategic DoS attacks against applications hosted in the cloud that could lead to resource exhaustion. For example, they can leverage a single-packet DoS vulnerability in network equipment used in cloud environments, or they can leverage tools to generate crafted packets to cause an application to crash.

8. Which cloud technology attack method would require the threat actor to create a malicious application and install it into a SaaS, PaaS, or IaaS environment?

  • resource exhaustion attack
  • account takeover
  • metadata service attack
  • cloud malware injection attack

Explanation: In a cloud malware injection attack, the attacker creates a malicious application and injects it into a SaaS, PaaS, or IaaS environment. Once the malware injection is completed, the malware is executed as one of the valid instances running in the cloud infrastructure. Subsequently, the attacker can leverage this foothold to launch additional attacks, such as covert channels, backdoors, eavesdropping, data manipulation, and data theft.

9. What is a common cause of data breaches in attacks against misconfigured cloud assets?

  • using insecure permission configurations for cloud object storage services
  • using hard-coded credentials to access different services
  • implementing metadata service to get a set of temporary access credentials
  • adding sensitive information in user startup scripts

Explanation: Insecure permission configurations for cloud object storage services, such as Amazon’s AWS S3 buckets, often cause data breaches.

10. A threat actor has compromised a VM in a cloud environment that shares the same physical hardware as non-compromised VMs. Which cloud technology attack method could now be used to exfiltrate credentials, cryptographic keys, and other sensitive information?

  • side-channel attack
  • cloud malware injection attack
  • resource exhaustion attack
  • account takeover

Explanation: Side-channel attacks are often based on information gained from implementing the underlying computer system (or cloud environment) instead of a specific weakness in the implemented technology or algorithm.

11. Which tool helps software developers and cloud consumers deploy applications in the cloud and use the resources that the cloud provider offers?

  • Software development kits (SDKs)
  • Cloud development kits (CDKs)
  • Identity and access management (IAM)
  • Nimbostratus

Explanation: Cloud development kits (CDKs) help software developers and cloud consumers deploy applications in the cloud and use the resources that the cloud provider offers.

12. Which mobile device vulnerability is targeted when a threat actor reverse engineers a mobile app to see how it creates and stores keys in the iOS Keychain?

  • insecure storage
  • passcode vulnerabilities and biometric integrations
  • certificate pinning
  • using known vulnerable components

Explanation: An attacker could use static analysis or reverse engineering to see how applications create and store keys in the iOS Keychain.

13. Which tool is an open-source framework used to test the security of iOS applications?

  • Needle
  • Drozer
  • APK Studio
  • ApkX

Explanation: Needle is an open-source framework used to test the security of iOS applications. Drozer, APK Studio, and ApkX are Android testing tools.

14. Match the Bluetooth Low Energy (BLE) phase to the description.

7.3.3 Quiz - Cloud, Mobile, and IoT Security Answers 1

Explanation:
Phase 1: Transport-specific key distribution
Phase 2: Short-term key generation
Phase 3: Pairing feature exchange

15. Which option is a security vulnerability that affects IoT implementations?

  • plaintext communication and data leakage
  • VM escape vulnerabilities
  • certificate pinning
  • hyperjacking

Explanation: Common IoT security vulnerabilities include:
– Insecure defaults
– Plaintext communication and data leakage
– Hard-coded configurations
– Outdated firmware/hardware and the use of insecure or outdated components

16. Which two IoT systems should never be exposed to the Internet? (Choose two.)

  • turbines in a power plant
  • robots in a factory
  • refrigerators in a restaurant
  • thermostat in a home
  • carbon monoxide detectors in a home

Explanation: Many IoT, ICS, and SCADA systems should never be exposed to the Internet. For example, programmable logic controllers (PLCs) controlling turbines in a power plant, stadium lighting, and factory robots should never be exposed to the Internet.

17. Which option is a collection of compute interface specifications designed to offer management and monitoring capabilities independently of the CPU, firmware, and operating system of the host?

  • Intelligent Platform Management Interface (IPMI)
  • Shodan
  • Supervisory control and data acquisition (SCADA)
  • Mobile Security Framework (MobSF)

Explanation: The Intelligent Platform Management Interface (IPMI) is a collection of compute interface specifications (often used by IoT systems) designed to offer management and monitoring capabilities independently of the host system’s CPU, firmware, and operating system.

18. A threat actor uploaded a VM with malicious software to the VMware Marketplace. When an organization deploys the VM, the threat actor can manipulate the systems, applications, and user data. What type of VM vulnerability has been enabled?

  • VM repository vulnerability
  • Hypervisor vulnerability
  • Hyperjacking
  • VM escape vulnerability

Explanation: A VM repository vulnerability is when a threat actor has found a way to upload fake or impersonated VMs with malicious software and backdoors. These ready-to-use VMs are deployed by many organizations, allowing the threat actor to manipulate the systems, applications, and data of the user.

19. Which tool is a set of open-source analysis tools that uses the ClamAV antivirus engine to help detect vulnerabilities, Trojans, backdoors, and malware in Docker images and containers?

  • Anchore’s Grype
  • Clair
  • Dagda
  • Falco

Explanation: Dagda is a set of open-source static analysis tools that can help detect vulnerabilities, Trojans, backdoors, and malware in Docker images and containers. It uses the ClamAV antivirus engine to detect malware and vulnerabilities.

20. Which credential harvesting tool could be used to send a spear phishing email with a link to a malicious site to a target victim?

  • Social-Engineer Toolkit (SET)
  • Searchsploit
  • Drozer
  • Dagda

Explanation: The Social-Engineer Toolkit (SET) can perform a social engineering attack and instantiate a fake website to perform a credential harvesting attack.

21. Why do cloud architectures help minimize the impact of DoS or DDoS attacks compared to hosting services on-premise?

  • cloud providers use a distributed architecture
  • cloud providers provide sandbox analysis
  • cloud providers limit network exposure to the internet
  • cloud providers use Intelligent Platform Management Interfaces (IPMI)

Explanation: One of the benefits of leveraging cloud services is the distributed and resilient architecture that most leading cloud providers offer. This architecture helps minimize the impact of a DoS or distributed denial-of-service (DDoS) attack compared to what it would be if you were hosting your application on-premises in your data center.

22. Which option is a characteristic of a VM hypervisor?

  • Type 1 hypervisors are also known as native or bare-metal hypervisors.
  • Type 1 hypervisors run on top of other operating systems.
  • Type 2 hypervisors include VMware ESXi and Microsoft Hyper-V.
  • Type 2 hypervisors run directly on the physical (bare-metal) system.

Explanation: There are two types of hypervisors:
– Type 1 hypervisors (native or bare-metal hypervisors) run directly on the physical (bare-metal) system. Examples of Type 1 hypervisors include VMware ESXi, Proxmox Virtual Environment, Xen, and Microsoft Hyper-V.
– Type 2, or hosted, hypervisors run on top of other operating systems. Examples of type 2 hypervisors include VirtualBox and VMware Player or Workstation.

23. A threat actor has compromised a VM in a data center and discovered a vulnerability that provides access to data in another VM. What type of VM vulnerability has been discovered?

  • VM escape vulnerability
  • VM repository vulnerability
  • Hypervisor vulnerability
  • Hyperjacking

Explanation: VM escape vulnerabilities allow a threat actor to “escape” the VM and obtain access to other virtual machines on the system or access to the hypervisor.

24. Which tool can be used to perform on-path attacks in BLE implementations?

  • GATTacker
  • Social-Engineer Toolkit (SET)
  • Nimbostratus
  • Dagda

Explanation: Tools such as GATTacker can be used to perform on-path attacks in Bluetooth Low-Energy (BLE) implementations.

25. Which tool is an open-source container vulnerability scanner that can be used to find vulnerabilities in a Docker image?

  • Anchore’s Grype
  • GATTacker
  • Social-Engineer Toolkit (SET)
  • Nimbostratus

Explanation: Anchore’s Grype is an open-source container vulnerability scanner that can be used to find vulnerabilities in a Docker image.

Subscribe
Notify of
guest

1 Comment
Inline Feedbacks
View all comments
Lance
Lance
4 months ago

Correction on Question 14:
Phase 1 – pairing feature exchange
Phase 2 – short-term key generation
Phase 3 – transport-specific key distribution