IoT Sec 1.1 Fundamentals: IoT Security Final Exam Answers

IoT Sec 1.1 (Version 1.1) – IoT Fundamentals: IoT Security Final Exam Answers

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer. If the question is not here, find it in Questions Bank.

NOTE: If you have the new question on this test, please comment Question and Multiple-Choice list in form below this article. We will update answers for you in the shortest time. Thank you! We truly value your contribution to the website.

1. What process is used by blockchain technology to validate transactions?

  • scope of work
  • digital signatures
  • synchronous key encryption
  • proof of work

2. Which programming language is an example of an interpreted language?

  • C#
  • Java
  • Python
  • C

3. Which DFD symbol represents data output from sensing, actuating, traffic forwarding, analysis, and control systems?

  • external entity
  • data flow
  • data store
  • process

4. What are three items that should be included in the documentation describing the components of the loT system at each layer? (Choose three.)

  • devices
  • technologies
  • the flow of data between components and layers
  • communications network
  • applications
  • protocols

5. According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work role in the risk management specialty area conducts comprehensive assessments of the management, operational, and technical security controls to determine their overall effectiveness?

  • Security Architect
  • Security Control Assessor
  • Vulnerability Assessment Analyst
  • Secure Software Assessor

6. Put the steps in the Threat Modeling process into the correct order. (Not all options are used.)

IoT Sec 1.1 Fundamentals: IoT Security Final Exam Answers 1

IoT Sec 1.1 (Version 1.1) – IoT Fundamentals: IoT Security Final Exam Q6

7. A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting?

  • cross-site scripting
  • broken authentication
  • security misconfiguration
  • SQL injections

8. According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work role in the Vulnerability Assessment and Management specialty area performs assessments of IT systems and identifies where those systems deviate from acceptable configurations or policy?

  • Vulnerability Assessment Analyst
  • Secure Software Assessor
  • Security Architect
  • Security Control Assessor

9. In a typical smart home setup, which two devices directly share the cable signal from the local cable service provider? (Choose two.)

  • TV
  • cable modem
  • home gateway
  • MCU or SBC board
  • smart thermostat

10. What are two OWASP communication layer vulnerabilities commonly found when securing the foT device network services attack surface? (Choose two.)

  • poorly implemented encryption
  • LAN traffic
  • lack of payload verification
  • nonstandard protocols
  • protocol fuzzing

11. Which statement describes a security vulnerability of using a medical device on a legacy computer system in a hospital?

  • The hard disk may become full.
  • The OS of the PC may not receive up-to-date security patches.
  • The CPU may become too slow for the medical application
  • The memory may become the bottleneck for performance

12. Match the feature of a personal fitness device to the supporting technology. (Not all targets are used.)

IoT Sec 1.1 (Version 1.1) - IoT Fundamentals: IoT Security Final Exam Q20

IoT Sec 1.1 (Version 1.1) – IoT Fundamentals: IoT Security Final Exam Q20

13. What is a local exploit used by threat actors?

  • SQL injections
  • device cloning
  • eavesdropping attack
  • routing attack

14. A threat actor uses a newly discovered vulnerability to access the home wireless router of a user. The threat actor then changes the password for the wireless network served by the router and causes all wireless devices to lose connectivity. Which factor of smart home security is affected by this attack?

  • firmware
  • authentication
  • WPA2
  • encryption

15. Which technology is used to secure lot transactions?

  • DREAD
  • blockchain
  • T-V pairing
  • STRIDE

16. Match the loT standard or protocol with a category.

IoT Sec 1.1 (Version 1.1) - IoT Fundamentals: IoT Security Final Exam Q31

IoT Sec 1.1 (Version 1.1) – IoT Fundamentals: IoT Security Final Exam Q31

17. When creating devices for the home loT market, what are vendors commonly sacrificing in order to provide simplicity of setup and administration?

  • low costs
  • advanced features
  • security
  • device lifespan.

17. Which measure should be taken to defeat a brute force attack?

  • Only allow a limited number of authentication failures before an account is locked out.
  • Only allow passwords to be stored in an encrypted format.
  • Only use dictionary words that are greater than 10 characters.
  • Only store the hashed equivalent of a password.

19. Match the security requirement with the appropriate layer of the lot functional model. (Not all options are used.)

IoT Sec 1.1 (Version 1.1) - IoT Fundamentals: IoT Security Final Exam Q36

IoT Sec 1.1 (Version 1.1) – IoT Fundamentals: IoT Security Final Exam Q36

20. What is the goal of a threat actor when performing a DoS attack?

  • to prevent legitimate users from accessing online services
  • to gain access to the physical network and hijack a session
  • to monitor, capture, and control communications
  • to discover subnets and hosts on a network

21. What are three variables used by DREAD? (Choose three.)

  • privacy
  • damage
  • reputation
  • exploitability
  • denial of service
  • affected users

22. For the loT reference model, what are two security measures that should be considered? (Choose two.)

  • The data in use on a device should use encryption and be secured.
  • The hardware and software of each device connected to the loT network should be secured.
  • The movement of data and communications between each level should be secured.
  • The legacy applications used on the loT network should be removed and secured.
  • The authentication method of users at each level should be secured.

23. Which CVSS metric group contains metrics set by end users?

  • Environmental metric group
  • Extended metric group
  • Temporal metric group
  • Base metric group

24. Which type of address spoofing is typically used in DoS attacks?

  • destination IP address spoofing
  • MAC address spoofing
  • blind IP address spoofing
  • non-blind IP address spoofing

25. What is the challenge that must be overcome with symmetric key cryptography?

  • choosing the encryption algorithm to ensure the secure transfer of the key
  • having the sender and receiver agree on the same secret key without anyone intercepting it
  • identifying the strength of the symmetric keys for implementation
  • selecting a central authority to manage the symmetric key

26. What is the intent of a threat actor that is performing a port scan against a targeted device?

  • to identify the IP address assigned to the device
  • to intercept traffic that is addressed to another host
  • to check if certain application protocols are enabled
  • to test connectivity to the device

27. A manufacturing organization is generating a large amount of data via their IoT sensors. At which location should the data be processed if it is to be processed close to the ground where the loT sensors are connected to the network?

  • cloud
  • fog
  • mist
  • device

28. What are three potential vulnerabilities related to attacks toward the memory of an IoT device? (Choose three.)

  • removal of storage media
  • encryption key
  • sensitive data
  • privilege escalation
  • damage
  • clear-text authentication credential

29. Which technology type includes industrial control sytems such as SCADA?

  • industry technology
  • information technology
  • operational technology
  • consumer technology

30. What are three best practices used to mitigate XSS attacks? (Choose three.)

  • SSL encryption
  • escaping
  • multifactor authentication
  • payload encryption
  • validating input
  • password manager
  • sanitizing

31. In the context of the importance of security in loT networks, which model provides a common framework for understanding the placement of various standards and protocols in an IoT system?

  • TCPAP
  • LOT-A
  • OSI
  • ETSI

32. A user is concerned that the SD card in surveillance cameras could be stolen or destroyed by an attacker. Which security measure can help protect the surveillance cameras?

  • tamper proof enclosure
  • battery backup for the device
  • firewall appliance
  • antimalware software

33. Which type of loT wireless network would use ruggedized network components to interconnect sensors and actuators at dispersed locations in challenging manufacturing environments?

  • wireless body-area network
  • wireless neighborhood-area network
  • wireless home-area network
  • wireless field-area network

34. Which two CPU types are based on the Complex Instruction Set Computing architecture? (Choose two.)

  • Android
  • iOS
  • ARM
  • AMD
  • MIPS
  • Intel

35. A network security engineer is reviewing security logs and notices an unauthorized device sending authenticated messages that occurred during a previous M2M session. Which basic security service would protect against this type of incident?

  • message confidentiality
  • access control
  • replay protection
  • message integrity

36. A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet?

  • FIN
  • ACK
  • SYN
  • RST

37. When comparing the OSI and loT reference models, what is the intent of the loT reference model?

  • to foster competition because products from different vendors will work together
  • to assist in protocol design so that protocols operating at a specific layer have defined information that they act upon
  • to provide common terminology and help clarify how information flows and is processed for a unified IoT industry
  • to describe which functions occur at each layer of the model to encourage industry standardization

38. Which two types of IoT firmware vulnerabilities are caused by the use of default or weak login credentials? (Choose two.)

  • distributed denial of Service (DDoS)
  • back door installation
  • out-of-date firmware
  • default credentials
  • buffer overflow

39. What is one of the most widely exposed vulnerabilities listed by the Open Web Applications Security Project (OWASP)?

  • spam
  • phishing
  • weak passwords
  • malware

40. Which loT technology commonly benefits from the deployment of a star topology?

  • wireless sensor
  • home automation
  • asset and inventory tracking
  • industrial control

41. What are three technologies used by a blockchain? (Choose three.)

  • security zones
  • T-V pairing
  • decentralized ledger
  • blocks of hexadecimal digits
  • digital signature
  • algorithm for reaching consensus

42. A threat actor has intercepted security keys that are used to establish communications. Which popular remote exploit was used by the threat actor?

  • eavesdropping attack
  • denial-of-service
  • username enumeration
  • extraction of security parameters

43. Why do some loT devices rely on gateways for the internet connection?

  • Many loT devices do not have a network connector
  • Many loT devices use a low powered processor
  • Many loT devices do not support a full TCP/IP stack.
  • Many loT devices have limited memory capacity

44. Why are most loT devices not directly connected to a Wi-Fi access point or router?

  • services constraints
  • device and compatibility constraints
  • security and encryption constraints
  • power and processing constraints

45. Which technology type describes a refrigerator that has become part of a botnet that is attacking businesses?

  • consumer technology
  • information technology
  • industry technology
  • operational technology

46. An loT device uses Busybox. What is the purpose of entering the busybox command in the command line?

  • to see the list of available commands
  • to enter the interactive mode
  • to run a script file named busybox
  • to create a script named busybox

47. A security researcher has completed a vulnerability assessment and has documented a list of vulnerabilities. When performing a risk assessment, what should these documented items be translated into?

  • threats
  • risks
  • assets
  • vulnerabilities

48. What are two attributes of loT that make applying traditional security methods challenging? (Choose two.)

  • wireless protocols
  • decentralized topologies
  • device usage
  • small device size
  • limited device resources

49. Which type of access control model assigns security level labels to information and is typically used in military or mission critical applications?

  • nondiscretionary
  • mandatory
  • discretionary
  • attribute-based

50. Match the question to one of the three contributors to the determination of risk when performing a risk assessment (Not all options are used.)
IoT Sec 1.1 Fundamentals: IoT Security Final Exam Answers 2


Related Articles

guest
0 Comments
Inline Feedbacks
View all comments