IoT Security 1.1 Chapter 3 Quiz Answers
1. Which type of vulnerability is present when a programmer does not account for the size of the input that a user might enter?
- backdoor installation
- denial of service
- out of date firmware
- buffer overflow
2. Which type of memory media would provide space to store collected data in an IoT device?
- SD card
- DRAM
- EPROM
- SRAM
3. Which two pieces of information are needed to search for an IoT device in the FCC ID database? (Choose two.)
- IP address
- grantee code
- product code
- product description
- product serial number
4. Which type of attack takes advantage of vulnerabilities in servers to grant unauthorized users higher than approved levels of access?
- privilege escalation
- default login
- backdoor installation
- buffer overflow
5. Which type of technology is classified as embedded software that includes a minimal operating system for controlling an IoT device?
- microprocessor
- microcontroller
- firmware
- SD card
6. Which two programming languages are examples of compiled languages? (Choose two.)
- PHP
- C
- Perl
- Java
- Python
7. What is a key difference between an embedded device and a prototyping device?
- An embedded device is programmed for one specific purpose, whereas a prototyping device is designed to perform different functions.
- An embedded device does not contain an operating system, whereas a prototyping device does.
- An embedded device does not connect to the internet, whereas a prototyping device does.
- An embedded device uses removable media to hold the programming code, whereas a prototyping device uses a hard disk to hold the programming code.
8. Which two commercial IoT operating systems support processors from multiple manufacturers? (Choose two.)
- ARM Mbed
- Windows 10 IoT Core
- Busybox
- Android Embedded
- VxWorks
9. Which two scripting languages are designed to be executed directly under an operating system? (Choose two.)
- JavaScript
- Python
- shell script
- PowerShell
- PHP
10. An administrator wants to implement an access control model that makes access decisions based on the role and responsibilities of an individual within an organization. Which access control model best addresses this requirement?
- attribute-based
- role-based
- discretionary
- mandatory
11. Which interface is used to troubleshoot embedded system software?
- SPI
- JTAG
- I2C
- UART
12. What are two IoT wireless standards that IoT manufacturers can use over longer distances while still supporting some level of security? (Choose two.)
- LoRa
- White-Fi
- LTE-M
- Zigbee
- 802.11a
13. What is the function of an eMMC flash chip in an IoT device?
- It is an embedded chip that stores the firmware, operating system, and software.
- It is a chip to provide internet connectivity options for the device.
- It is an onboard battery chip to power the firmware operation.
- It is a removable medium to store data collected by the device.
14. What is the function of a data encryption algorithm?
- authenticates devices by verifying the identity of the device
- securely deletes data to prevent data loss
- provides data confidentiality by making data unreadable to unauthorized individuals
- authenticates a user by verifying the credentials of the connected user
15. What is meant by the term big.LITTLE computing?
- It refers to the use of a cloud and fog computing combination for an organization.
- It is a term to describe data center solutions based on different customer needs.
- It is a storage solution that separates data storage from local and remote data centers.
- It is a CPU technology that uses different CPU cores to handle tasks based on processing requirements.
16. A user is concerned that an attacker may have gained remote access to an IoT device and is executing malicious commands. Which type of vulnerability best describes this situation?
- distributed denial-of-service (DDoS)
- buffer overflow
- out-of-date firmware
- backdoor installation
17. What is the result of an attacker rooting an IoT device?
- An attacker that gains root access has limited access until the attacker installs backdoor software.
- An attacker that gains root access will be able to read the memory of that device.
- An attacker that gains root access is limited to local access of that device.
- An attacker that gains root access has complete control over that device.
18. Which two CPU types are based on the Reduced Instruction Set Computing architecture? (Choose two.)
- Android
- ARM
- MIPS
- AMD
- Intel
- iOS
19. What are constrained devices as they relate to the IoT?
- They are located in a highly secured environment.
- They have very limited power, memory, and processing cycles.
- They are designed for use in a very rough environment.
- To reduce possible attacks to a minimum, they have just a few communication interfaces.
20. What are three potential vulnerabilities related to a hardware sensor? (Choose three.)
- tampering
- environment manipulation
- damage
- sensitive data
- clear-text authentication credential
- encryption keys
21. Which type of access control model uses access control lists to allow users to control access to their own data?
- attribute-based
- role-based
- mandatory
- discretionary
22. A security engineer is researching the secure deployments of critical IoT devices. How does the principle of identity and access management (IAM) define security with these types of devices?
- limits which device will be the authentication server and which clients are allowed access to the network
- limits those who can access what resources and the privileges they have once they obtain access
- limits which third parties can send an access token to the resource server to make a resource request
- limits which third parties can request an access token and attempt to authenticate