IoT Security 1.1 Chapter 1 Quiz Answers

Explanation: Shodan is a tool used by researchers, security professionals, large enterprises, and computer emergency response teams (CERTs) to find specific devices and device types. It is also used by threat actors to accelerate reconnaissance of internet-connected devices.

Explanation: The PL-App launcher application creates and places an OS image onto a microSD (µSD) card that is inserted into the Raspberry Pi for its operation.

Explanation: IoT security includes devices and applications from information technology (IT), operational technology (OT), and consumer technology (CT).

• IT – includes devices in the data center, in the cloud, bring your own devices (BYODs), and thousands of sensors and actuators connected in the field
• OT – includes industrial control systems (ICSs), supervisory control and data acquisition (SCADA) systems, and all the devices that connect to these systems
• CT – includes connected devices in the home, wearable technology, smart cars, and more

Explanation: IoT security includes devices and applications from information technology (IT), operational technology (OT), and consumer technology (CT).

• IT – includes devices in the data center, in the cloud, bring your own devices (BYODs), and thousands of sensors and actuators connected in the field
• OT – includes industrial control systems (ICSs), supervisory control and data acquisition (SCADA) systems, and all the devices that connect to these systems
• CT – includes connected devices in the home, wearable technology, smart cars, and more

Explanation: Kali is a very popular Linux distribution that contains many tools for assessing network security. It is designed for digital forensics and penetration testing.

Explanation: IoT security includes devices and applications from information technology (IT), operational technology (OT), and consumer technology (CT).

• IT – includes devices in the data center, in the cloud, bring your own devices (BYODs), and thousands of sensors and actuators connected in the field
• OT – includes industrial control systems (ICSs), supervisory control and data acquisition (SCADA) systems, and all the devices that connect to these systems
• CT – includes connected devices in the home, wearable technology, smart cars, and more

Explanation: A body sensor network (BSN) is formed by several different sensors that a patient is wearing that collect health information about a patient. A gateway device connects the BSN to the monitoring platform across the internet.

Explanation: The TV and cable modem directly share the cable signal from the local cable service provider. Smart IoT devices need to connect to the local network through the home gateway. If an internet connection is needed, the home gateway device can bridge the internet connections from the cable modem.

Explanation: Vulnerability Assessment and Management is in the Protect and Defend work category of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST. Vulnerability Assessment and Management includes conducting assessments of threats and vulnerabilities; determining deviations from acceptable configurations or policies; assessing the level of risk; and developing or recommending appropriate mitigation countermeasures.

Explanation: In August of 2017, the United States government Food and Drug Administration (FDA) approved a software update that patches a security flaw in radio frequency-enabled implantable cardiac pacemakers. The devices include an embedded microprocessor and firmware that is vulnerable to attack remotely over radio frequency (RF).

Explanation: An application dashboard can analyze and display user activity data when smart personal fitness devices send exercise data to a cloud computing service for storage and analysis.

Explanation: Fog computing is the computing process implemented locally. It is a better choice, compared with cloud computing, because local computing and processing can reduce latency of communication and provide fast response.

Explanation: Risk management is in the Securely Provision work category of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST. Risk management includes all the processes necessary to assure that existing and new IT systems meet the cybersecurity and risk requirements of an organization.

Explanation: The best way to mitigate risks in healthcare IoT is to not put vulnerable devices on the network in the first place. Device manufacturers must design and build their devices with security in mind throughout the development lifecycle. Healthcare personnel must ensure the devices they use or purchase are secure and that device security has been adequately configured.

Explanation: Mirai most often targets closed-circuit television (CCTV) cameras. Using a brute force dictionary attack, Mirai runs through a list of default usernames and passwords.

Explanation: In general, the security requirements for a Smart Home should include these:

WPA2 – The wireless network should use the latest Wi-Fi security, which is currently WPA2.
Encryption – It protects the confidentiality and integrity of information transmitted over a network.
Authentication – Strong authentication protects the device from unauthorized use or reconfiguration and prevents disclosure or modification of the data stored on the device.
Firmware – The IoT device manufacturers should update the firmware for any newly discovered vulnerabilities. The home IoT device users should enable the checking of updates automatically.

Explanation: WannaCry or WannaCrypt ransomware targeted unpatched, older versions of Windows. They encrypted user data and demanded ransom payments in Bitcoin. The systems that were affected by the attack were ones that did not have the latest patches applied.

Explanation: Vulnerabilities in connected healthcare devices result in many risks. For example, if a threat actor can get into these devices due to weak or open authentication, vital therapies can be manipulated, interrupted, or disabled, resulting in patient injury or death.

Explanation: In general, the security requirements for a Smart Home should include these:

WPA2 – The wireless network should use the latest Wi-Fi security which is currently WPA2.
Encryption – It protects the confidentiality and integrity of information transmitted over a network.
Authentication – Strong authentication protects the device from unauthorized use or reconfiguration and prevents disclosure or modification of the data stored on the device.
Firmware – The IoT device manufacturers should update the firmware for any newly discovered vulnerabilities. The home IoT device users should enable the checking of updates automatically.

Explanation: During the process of configuring and writing the PL-App image onto the µSD card, a file called chestnut.txt is created that records the configuration information.

Explanation: Shodan is a tool used by researchers, security professionals, large enterprises, and computer emergency response teams (CERTs) to find specific devices and device types.

Explanation: In general, the security requirements for a smart home should include the following:

– WPA2 – The wireless network should use the latest Wi-Fi security, which is currently WPA2.
– Encryption – It protects the confidentiality and integrity of information transmitted over a network.
– Authentication – Strong authentication protects the device from unauthorized use or reconfiguration and prevents disclosure or modification of the data stored on the device.
– Firmware – The IoT device manufacturers should update the firmware for any newly discovered vulnerabilities. The home IoT device users should enable the checking of updates automatically.