IoT Security 1.1 Chapter 2 Quiz Answers
1. Which domain of the ETSI model includes management functions such as data analytics and connectivity management?
- application
- M2M
- transport
- network
2. Which layer of the OSI model contains protocols used for process-to-process communications?
- physical
- data link
- transport
- application
3. What are the three broad requirements specified by the CIA security triad?
- Data must be protected from unauthorized access.
- Data must be protected from theft and unuthorized alteration or destruction.
- Data must always be acessible by the people who need to use it when they need to use it.
- Data must be protected from firmware alteration.
- Data should never leave the location from which it was gathered.
- Data must be retained for an appropriate amount of time before it can be deleted.
4. What is the primary focus of data management in the IoT realm?
- how things are connected to the networks
- when and where data is processed
- which data protocols are used
- what applications are being used
5. What is the function of the DREAD tool?
- It is used to prevent threats from attacking the system.
- It is used to identify threats.
- It is used to mitigate threats.
- It is used to rate threats.
6. What is a function that is provided by the network layer of the OSI model?
- exchanging frames between devices
- placing data on the network medium
- segmenting, transferring, and reassembling data
- directing data packets to destination hosts on other networks
7. Which level of the IoT reference model converts data into information that is suitable for storage and higher level processing?
- data abstraction
- fog computing
- application
- data accumulation
8. Which function is provided by the data abstraction level of the IoT reference model?
- to interpret information based on the nature of the device data and business needs
- to render data and data storage in ways that enable application development
- to enable data in motion to be converted to data at rest
- to transcend multiple applications to include the communication and collaboration required between people and processes
9. Match the category to the security objective of the Threat Model Analysis of an IoT System.
- reputation → Document any possible impact on the reputation of the organization if the IoT system is attacked.,
- financial → Document the financial risks of the various aspects of the IoT system so that management can determine which level of risk is acceptable.,
- availability guarantees → Document the expected availability and guaranteed uptime of the IoT system.,
- privacy and regulation → Document the impact of privacy concerns as well as regulation requirements.,
- identity → Document the controls that are in place to ensure that evidence is collected on the identity of users accessing and using the IoT system.
10. Which task in the step of decomposing the IoT system gathers information about approaches to input validation, authentication, authorization, configuration, and any other areas of the IoT system that are vulnerable?
- Document the security profile.
- Identify trust boundaries.
- Identify entry points.
- Identify privileged code.
11. Which task in the step of decomposing the IoT system gathers information where secure resources are stored and manipulated to see who has elevated rights?
- Identify data flow.
- Identify trust boundaries.
- Identify entry points.
- Identify sensitive data.
12. What are two benefits of using a layered model to explain protocols and operations? (Choose two.)
- They provide an exclusive language to describe networking functions and capabilities.
- They assist in protocol design because protocols operating at a specific layer have defined information that they act upon and a defined interface to the layers above and below.
- They prevent technology or capability changes in one layer from affecting other layers above and below.
- They limit competition because products from different vendors will not work together.
- They describe which functions occur at each layer of the model to encourage the removal of industry standardization.
13. Which document created in the Threat Model Analysis process will describe the IoT system architecture?
- the expected availability and guaranteed uptime of the IoT system
- the impact of privacy concerns as well as regulation requirements
- the controls that are in place to ensure that evidence is collected on the identity of users accessing and using the IoT system
- the components of the IoT system at each layer
14. Match the term to the description.
- vulnerabilities → weaknesses in the IoT system that could be exploited by a threat,
- threats → potential dangers to any asset such as data or components of the IoT system,
- attack surfaces → different points where attackers could get into a system and where they could get data out of the system,
- threat actors → people or entities who exploit vulnerabilities
15. After threats are rated, what is the next step recommended by the Threat Model Analysis for an IoT system?
- Document the IoT system architecture.
- Decompose the IoT system.
- Recommend mitigation.
- Identify security objectives.
16. In the IoT reference model, at which layer or layers of the model is security implemented?
- application level
- connectivity level
- physical devices & controllers level
- all levels of the IoT reference model
17. Which task in the step of decomposing the IoT system can gather information about where data is input into the IoT system?
- Identify privileged code.
- Identify trust boundaries.
- Identify data flow.
- Identify entry points.
18. Which three types of documents should be included when documenting the IoT system architecture using the Threat Model Analysis for an IoT System? (Choose three.)
- any possible impact on the reputation of the organization if the IoT system is attacked
- the financial risks of the various aspects of the IoT system
- the technologies, protocols, and standards used to implement the IoT system
- components of the IoT system at each layer
- the impact of privacy concerns as well as regulation requirements
- the flow of data between components and between layers
19. In the context of IoT in the manufacturing industry, which model segments devices and equipment into hierarchical functions?
- ETSI
- IoT
- TCP/IP
- Purdue Model for Control Hierarchy
20. At which functional layer of the IoT simplified model would an aircraft turbine RPM sensor exist?
- cloud
- network
- device
- application
21. What is the function of the STRIDE tool?
- It is used to identify threats.
- It is used to mitigate threats.
- It is used to prevent threats from attacking the system.
- It is used to rate threats.
22. Which domain of the ETSI model includes sensors and gateways connecting to the network through Bluetooth?
- transport
- network
- application
- M2M
23. What is the function of the network access layer in the TCP/IP model?
- represents data to the user and controls dialogs
- controls hardware devices and media
- determines the best path through the network
- supports communications across diverse networks
24. Which statement describes IFTTT (If This Then That)?
- It uses Microsoft Windows APIs to link a computer and a smartphone.
- It is a logic block used in Python programming.
- It is a simple web service that allows the connection of an event to an action.
- It is a simplified and easy-to-use graphical programming tool.