Introduction to IoT – Chapter 5 Quiz Answers

1. What are three examples of personally identifiable information? (Choose three.)

  • bank account number
  • home water usage
  • vehicle identification number
  • birth date
  • home thermometer value
  • vehicle fuel consumption

Explanation: Refer to curriculum topic: 5.1.1
Personally identifiable information is any data that is related to an actual person that when used on its own or in combination with other information can identify, contact, or locate a specific individual.

2. Which two online activities pose high security risks? (Choose two.)

  • verifying a banking site URL before entering information
  • sharing information on social media
  • following email links that have already been scanned by the email server
  • using a VPN to access the Internet from a Wi-Fi hot spot
  • creating a very complex password for a new account and storing it in a password manager service

Explanation: Refer to curriculum topic: 5.1.3
The two most risky online behaviors listed are these:

  • Sharing news articles only with friends and family on social media. The more information shared on social media, the more an attacker can learn.
  • Following email links that have already been scanned by the email server. Scanned emails can still contain forged links to malicious sites.

3. Which three passwords are the least secure? (Choose three.)

  • 135792468
  • 34%cafe_!
  • s3CurE_p@ss
  • asdfghjkl
  • randolph
  • Ci3c0_RocK$

Explanation: Refer to curriculum topic: 5.1.3
Strong passwords should be at least 8 characters in length and include upper and lower case characters, numbers, and special characters.

4. How can a virtual assistant be a security risk?

  • Encryption protocols are not supported.
  • Personal devices could be remotely seen.
  • Sensor options could be modified.
  • Personal information could be leaked.

Explanation: Refer to curriculum topic: 5.1.3
The sensors could be used to access a home network and gain access to PCs and data. Personal information such as passwords or credit card information could be compromised.

5. What is used to identify a wireless network?

  • IP address
  • MAC address
  • SSID
  • SPI

Explanation: Refer to curriculum topic: 5.1.2
A wireless network is identified by a name which is known as the service set identifier or SSID.

6. Match the security best practice to the description.

The correct answer is:

  • employing access controls → assign user roles and privilege levels
  • implementing human resource security measures → research and perform background checks on employees
  • regularly testing incident responses → perform and test emergency response scenarios
  • educating users → train users on security proceedures

7. What is a goal of performing a risk assessment?

  • educating users in secure procedures
  • restricting access to physical assets
  • valuing assets to justify security expenditures
  • outlining job duties and expectations

Explanation: Refer to curriculum topic: 5.1.2
One of the goals of performing a risk assessment is to understand the value of protected assets so that security expenditures are justified.

8. How are USB flash drives a security risk?

  • They cannot be encrypted.
  • They have a controller that can be infected.
  • They contain wireless antennas.
  • They contain a remote sensor.

Explanation: Refer to curriculum topic: 5.1.3
USB and thumb drives include a tiny controller that can be infected with malware. No antivirus scanning will detect the malware because it is contained in the controller and not in the data area.

9. Why would an IT person use Zabasearch?

  • to research an IoT device
  • to research an app
  • to research a business
  • to research a person

Explanation: Refer to curriculum topic: 5.1.1
Zabasearch ( is a comprehensive people search engine.

10. Which action can help reduce online risk?

  • only accept unsolicited software updates when logged into a secure network
  • only download programs with the most positive reviews on 3rd party websites
  • only conduct transactions on websites after verifying the URL is correct
  • only click embedded links in email messages from friends

Explanation: Refer to curriculum topic: 5.1.3
Malicious websites can easily be made to mirror official bank or financial institution websites. Before clicking the links or providing any information, double-check the URL to make sure it is the correct web page for the institution.

11. Which three elements should be combined when creating a strong password? (Choose three.)

  • dictionary words
  • combinations of letters and numbers
  • phrases
  • personal information
  • special characters
  • pet names

Explanation: Refer to curriculum topic: 5.1.3
Strong passwords should have combined letters, numbers, special characters, phrases, and be at least eight (8) characters long.

12. What is the goal of a white hat hacker?

  • modifying data
  • protecting data
  • validating data
  • stealing data

Explanation: Refer to curriculum topic: 5.1.1
White hat hackers are actually “good guys” and are paid by companies and governments to test for security vulnerabilities so that data is better protected.

13. What is a wireless router security best practice that limits access to only specific internal hosts?

  • enabling the built-in firewall
  • enabling encryption
  • disabling SSID advertisements
  • MAC address filtering

Explanation: Refer to curriculum topic: 5.1.3
Media Access Control (MAC) address filtering enables a wireless router to check the MAC addresses of internal devices trying to connect to it. This allows connections to be limited to only devices with MAC addresses known to the router.

14. What are two recommended steps to protect and secure a wireless network? (Choose two.)

  • Update firmware.
  • Enable remote management.
  • Locate the wireless router where it is accessible to users.
  • Use WPA2-AES encryption.
  • Use the default SSID.

Explanation: Refer to curriculum topic: 5.1.2
Two best practices for securing wireless networks are to encrypt the wireless traffic with WPA2 encryption and to keep the wireless router firmware updated. This prevents data from being readable by an attacker and fixes any known bugs and vulnerabilities in the router.

15. An employee is using a coffee shop Wi-Fi hotspot to access corporate email. What action can the employee take to reduce the security risk of using a hotspot?

  • Scan emails with antivirus software.
  • Verify the name of the sender of emails before opening them.
  • Only click on embedded links in email messages from trusted colleagues.
  • Encrypt traffic through a VPN.

Explanation: Refer to curriculum topic: 5.1.3
Attackers will often deploy fake Wi-Fi hotspots in public locations, such as coffee shops, to lure users. The attacker has access to all the information exchanged via the compromised hotspot, putting the unsuspecting users at risk. For this reason, always send data through an encrypted VPN when using a hotspot.

Notify of

Inline Feedbacks
View all comments