IoT Security 1.1 Chapter 1 Quiz Exam Answers
1. What tool is used by nefarious individuals or groups to accelerate reconnaissance of internet-connected devices?
Explanation: Shodan is a tool used by researchers, security professionals, large enterprises, and computer emergency response teams (CERTs) to find specific devices and device types. It is also used by threat actors to accelerate reconnaissance of internet-connected devices.
2. Which storage medium is used to hold the PL-App image on a Raspberry Pi?
- SSD
- µSD card
- HDD
- USB flash drive
Explanation: The PL-App launcher application creates and places an OS image onto a microSD (µSD) card that is inserted into the Raspberry Pi for its operation.
3. Which IoT technology type would include a compromised home temperature sensor causing a home to be uncomfortably hot?
- consumer technology
- operational technology
- information technology
- industry technology
Explanation: IoT security includes devices and applications from information technology (IT), operational technology (OT), and consumer technology (CT).
- IT – includes devices in the data center, in the cloud, bring your own devices (BYODs), and thousands of sensors and actuators connected in the field
- OT – includes industrial control systems (ICSs), supervisory control and data acquisition (SCADA) systems, and all the devices that connect to these systems
- CT – includes connected devices in the home, wearable technology, smart cars, and more
4. Which technology type includes a company receiving an unusual amount of phishing emails?
- consumer technology
- operational technology
- industry technology
- information technology
Explanation: IoT security includes devices and applications from information technology (IT), operational technology (OT), and consumer technology (CT).
- IT – includes devices in the data center, in the cloud, bring your own devices (BYODs), and thousands of sensors and actuators connected in the field
- OT – includes industrial control systems (ICSs), supervisory control and data acquisition (SCADA) systems, and all the devices that connect to these systems
- CT – includes connected devices in the home, wearable technology, smart cars, and more
5. Which statement describes the function of the Kali VM?
- Kali is a popular VM appliance for network-based intrusion detection.
- Kali is a popular Linux distribution VM that contains many tools used for assessing network security.
- Kali is a popular VM appliance for a network-based firewall.
- Kali is a popular Linux distribution for advanced graphical design projects.
Explanation: Kali is a very popular Linux distribution that contains many tools for assessing network security. It is designed for digital forensics and penetration testing.
6. Which technology type describes an SQL injection that has compromised a database?
- consumer technology
- information technology
- operational technology
- industry technology
Explanation: IoT security includes devices and applications from information technology (IT), operational technology (OT), and consumer technology (CT).
- IT – includes devices in the data center, in the cloud, bring your own devices (BYODs), and thousands of sensors and actuators connected in the field
- OT – includes industrial control systems (ICSs), supervisory control and data acquisition (SCADA) systems, and all the devices that connect to these systems
- CT – includes connected devices in the home, wearable technology, smart cars, and more
7. In an IoT healthcare monitoring system design, what kind of components form a body sensor network?
- location and Bluetooth service
- sensors and gateway
- gateway and cloud computing
- sensors
Explanation: A body sensor network (BSN) is formed by several different sensors that a patient is wearing that collect health information about a patient. A gateway device connects the BSN to the monitoring platform across the internet.
8. In a typical smart home, which device provides network connections for smart IoT devices?
- MCU board
- SBC board
- smart TV
- home gateway
Explanation: The TV and cable modem directly share the cable signal from the local cable service provider. Smart IoT devices need to connect to the local network through the home gateway. If an internet connection is needed, the home gateway device can bridge the internet connections from the cable modem.
9. According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work category defines Vulnerability Assessment and Management?
- Investigate
- Collect and Operate
- Protect and Defend
- Securely Provision
Explanation: Vulnerability Assessment and Management is in the Protect and Defend work category of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST. Vulnerability Assessment and Management includes conducting assessments of threats and vulnerabilities; determining deviations from acceptable configurations or policies; assessing the level of risk; and developing or recommending appropriate mitigation countermeasures.
10. In August of 2017, the FDA approved an update that fixed a security flaw in the software that monitored a cardiac pacemaker. What is the wireless technology that was used for monitoring the pacemaker?
- Bluetooth
- cellular
- radio frequency
- Wi-Fi
Explanation: In August of 2017, the United States government Food and Drug Administration (FDA) approved a software update that patches a security flaw in radio frequency-enabled implantable cardiac pacemakers. The devices include an embedded microprocessor and firmware that is vulnerable to attack remotely over radio frequency (RF).
11. Which cloud computing application feature provides users with rich visualization to discover and communicate categorized and summarized health exercise data?
- dashboard
- heart monitoring
- location service
- wireless connection
Explanation: An application dashboard can analyze and display user activity data when smart personal fitness devices send exercise data to a cloud computing service for storage and analysis.
12. True or False?
In a smart home implementation, fog computing is a better option compared with cloud computing to process status and configuration changes for IoT devices.
Explanation: Fog computing is the computing process implemented locally. It is a better choice, compared with cloud computing, because local computing and processing can reduce latency of communication and provide fast response.
13. According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work category defines risk management?
- Analyze
- Protect and Defend
- Investigate
- Securely Provision
Explanation: Risk management is in the Securely Provision work category of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST. Risk management includes all the processes necessary to assure that existing and new IT systems meet the cybersecurity and risk requirements of an organization.
14. What is the best practice to mitigate risks in healthcare IoT?
- Ensure that the IoT devices run the latest model of the operating system.
- Ensure that all IoT devices that are provided are from the same manufacturer.
- Ensure that the IoT devices in use or to be purchased are secure and that device security has been adequately configured.
- Ensure that the IoT devices purchased carry a minimum 5-year warranty.
Explanation: The best way to mitigate risks in healthcare IoT is to not put vulnerable devices on the network in the first place. Device manufacturers must design and build their devices with security in mind throughout the development lifecycle. Healthcare personnel must ensure the devices they use or purchase are secure and that device security has been adequately configured.
15. Which device is targeted most by Mirai?
- end device such as a PC or printer
- CCTV
- router
- switch
Explanation: Mirai most often targets closed-circuit television (CCTV) cameras. Using a brute force dictionary attack, Mirai runs through a list of default usernames and passwords.
16. What should be updated regularly to protect against newly discovered vulnerabilities?
- wireless technology
- device firmware
- encryption algorithm
- authentication setting
Explanation: In general, the security requirements for a Smart Home should include these:
WPA2 – The wireless network should use the latest Wi-Fi security, which is currently WPA2.
Encryption – It protects the confidentiality and integrity of information transmitted over a network.
Authentication – Strong authentication protects the device from unauthorized use or reconfiguration and prevents disclosure or modification of the data stored on the device.
Firmware – The IoT device manufacturers should update the firmware for any newly discovered vulnerabilities. The home IoT device users should enable the checking of updates automatically.
17. Which type of security vulnerability was targeted by the ransomware WannaCry and WannaCrypt?
- denial of service
- phishing
- unpatched, older versions of Windows
- distributed denial of service
Explanation: WannaCry or WannaCrypt ransomware targeted unpatched, older versions of Windows. They encrypted user data and demanded ransom payments in Bitcoin. The systems that were affected by the attack were ones that did not have the latest patches applied.
18. Which statement describes a risk to a patient due to security vulnerabilities of healthcare devices?
- Vital therapies can be manipulated or interrupted.
- The heart monitoring device needs upgrading.
- The patient needs to move to a different healthcare facility.
- The patient cannot communicate with family members.
Explanation: Vulnerabilities in connected healthcare devices result in many risks. For example, if a threat actor can get into these devices due to weak or open authentication, vital therapies can be manipulated, interrupted, or disabled, resulting in patient injury or death.
19. A threat actor uses network scanning tools and penetration tools to discover the IP address and manufacturer of a home wireless router. The threat actor then uses internet searches to discover the default administrative access details. Successful remote access of the home router allows the threat actor to use it as a vector to attack other devices. Which element of smart home security is affected by this attack?
- firmware
- authentication
- encryption
- WPA2
Explanation: In general, the security requirements for a Smart Home should include these:
WPA2 – The wireless network should use the latest Wi-Fi security which is currently WPA2.
Encryption – It protects the confidentiality and integrity of information transmitted over a network.
Authentication – Strong authentication protects the device from unauthorized use or reconfiguration and prevents disclosure or modification of the data stored on the device.
Firmware – The IoT device manufacturers should update the firmware for any newly discovered vulnerabilities. The home IoT device users should enable the checking of updates automatically.
20. What is the default name of the file that records the configuration settings when the PL-App image is transferred to the µSD card?
- myini.txt
- chestnut.txt
- mysetting.txt
- rapsberry3.txt
Explanation: During the process of configuring and writing the PL-App image onto the µSD card, a file called chestnut.txt is created that records the configuration information.
21. True or False?
Shodan is used by researchers to mine information about what devices are connected, where they are connected, and what services are exposed.
Explanation: Shodan is a tool used by researchers, security professionals, large enterprises, and computer emergency response teams (CERTs) to find specific devices and device types.
22. A threat actor parks close to the home of a user and uses packet capture software to intercept the home wireless traffic. The threat actor then analyzes the traffic of the temperature sensor of the home to determine if someone is in the house now. Which factor of the smart home security system is affected by this attack?
- firmware
- authentication
- WPA2
- encryption
Explanation: In general, the security requirements for a smart home should include the following:
– WPA2 – The wireless network should use the latest Wi-Fi security, which is currently WPA2.
– Encryption – It protects the confidentiality and integrity of information transmitted over a network.
– Authentication – Strong authentication protects the device from unauthorized use or reconfiguration and prevents disclosure or modification of the data stored on the device.
– Firmware – The IoT device manufacturers should update the firmware for any newly discovered vulnerabilities. The home IoT device users should enable the checking of updates automatically.