IoT Security 1.1 Chapter 3 Quiz Answers

IoT Security 1.1 Chapter 3 Quiz Answers

1. Which type of vulnerability is present when a programmer does not account for the size of the input that a user might enter?

  • backdoor installation
  • denial of service
  • out of date firmware
  • buffer overflow

Explanation: An IoT device using vulnerable software can experience a buffer overflow attack. If a programmer has not accounted for the amount of the input that a user might enter, a threat actor could cause data to be corrupted, execute a denial of service, or run malicious code on the target system.

2. Which type of memory media would provide space to store collected data in an IoT device?

  • SD card
  • DRAM
  • SRAM

Explanation: An SD card inserted in an IoT device can be used to store data necessary for IoT operation (for example, the entire operating system and configuration files) or to store collected data. EPROM is read-only media, the contents of which can only be altered through a specific system program. SRAM and DRAM are volatile memory.

3. Which two pieces of information are needed to search for an IoT device in the FCC ID database? (Choose two.)

  • IP address
  • grantee code
  • product code
  • product description
  • product serial number

Explanation: A known FCC ID is needed in order to search the FCC ID database. The FCC ID is made of two components, a grantee code followed by a product code.

4. Which type of attack takes advantage of vulnerabilities in servers to grant unauthorized users higher than approved levels of access?

  • privilege escalation
  • default login
  • backdoor installation
  • buffer overflow

Explanation: Privilege escalation is an exploit where vulnerabilities in servers or access control systems are exploited to grant unauthorized users higher levels of privilege than they should have. After the privilege is granted, a threat actor can access sensitive information or take control of a system.

5. Which type of technology is classified as embedded software that includes a minimal operating system for controlling an IoT device?

  • microprocessor
  • microcontroller
  • firmware
  • SD card

Explanation: Firmware is embedded software that contains a minimal operating system and related programs used for controlling an IoT device.

6. Which two programming languages are examples of compiled languages? (Choose two.)

  • PHP
  • C
  • Perl
  • Java
  • Python

Explanation: C and Java are compiled programming languages. Python, PHP, and Perl are interpreted programming languages.

7. What is a key difference between an embedded device and a prototyping device?

  • An embedded device is programmed for one specific purpose, whereas a prototyping device is designed to perform different functions.
  • An embedded device does not contain an operating system, whereas a prototyping device does.
  • An embedded device does not connect to the internet, whereas a prototyping device does.
  • An embedded device uses removable media to hold the programming code, whereas a prototyping device uses a hard disk to hold the programming code.

Explanation: An embedded device is a product that contains a computing system designed for a special purpose. A prototyping device, such as Raspberry Pi, or Arduino, either needs a complete operating system to operate and be more closely related to a desktop computer or can be configured by writing program code to instruct it do various functions as desired.

8. Which two commercial IoT operating systems support processors from multiple manufacturers? (Choose two.)

  • ARM Mbed
  • Windows 10 IoT Core
  • Busybox
  • Android Embedded
  • VxWorks

Explanation: VxWorks, Windows 10 IoT Core, and ARM Mbed are commercially available OS for IoT devices. VxWorks supports all of the major processors. Windows 10 IoT Core supports ARM and x86/64 processors. ARM Mbed, on the other hand, only runs on ARM processors.

9. Which two scripting languages are designed to be executed directly under an operating system? (Choose two.)

  • JavaScript
  • Python
  • shell script
  • PowerShell
  • PHP

Explanation: Linux shell scripts and Windows PowerShell provide scripting capability to perform various tasks directly under the operating system. JavaScript is designed for web browsers. Python and PHP are interpreted languages requiring a proper interpreter to be installed on the operating system.

10. An administrator wants to implement an access control model that makes access decisions based on the role and responsibilities of an individual within an organization. Which access control model best addresses this requirement?

  • attribute-based
  • role-based
  • discretionary
  • mandatory

Explanation: Role-based access control, also known as nondiscretionary, uses access decisions based on the role of individuals and their responsibilities within an organization.

11. Which interface is used to troubleshoot embedded system software?

  • SPI
  • JTAG
  • I2C
  • UART

Explanation: The JTAG port (or interface) on an embedded system provides access to the system for troubleshooting software issues. JTAG is not a communication protocol but rather a protocol to be used for testing and debugging.

12. What are two IoT wireless standards that IoT manufacturers can use over longer distances while still supporting some level of security? (Choose two.)

  • LoRa
  • White-Fi
  • LTE-M
  • Zigbee
  • 802.11a

Explanation: There are several IoT wireless standards that support some level of security.
These include the following:

• Zigbee – 10-100 meters; low-power; low-data rate; offers basic encryption
• White-Fi (IEEE 802.11af) – Up to 100 meters; low power, WPA security
• LoRa – Up to 10 kilometers; low-power; offers better encryption than Zigbee 64-128 bit
• LTE-M (Long Term Evolution for Machines) – Long range; uses cellular; most secure; offers NSA AES 256-bit security

13. What is the function of an eMMC flash chip in an IoT device?

  • It is an embedded chip that stores the firmware, operating system, and software.
  • It is a chip to provide internet connectivity options for the device.
  • It is an onboard battery chip to power the firmware operation.
  • It is a removable medium to store data collected by the device.

Explanation: An eMMC (Embedded MultiMediaCard) is an internal chip for mobile and IoT devices using the MultiMedia Card standard. It contains a controller and flash memory. Components necessary for the device to operate, such as firmware, operating system, and software, are stored in it.

14. What is the function of a data encryption algorithm?

  • authenticates devices by verifying the identity of the device
  • securely deletes data to prevent data loss
  • provides data confidentiality by making data unreadable to unauthorized individuals
  • authenticates a user by verifying the credentials of the connected user

Explanation: A data encryption algorithm provides confidentiality by applying an algorithm that makes data unreadable to those who are not authorized to view it. This algorithm can be applied to files or network traffic that contains confidential information.

15. What is meant by the term big.LITTLE computing?

  • It refers to the use of a cloud and fog computing combination for an organization.
  • It is a term to describe data center solutions based on different customer needs.
  • It is a storage solution that separates data storage from local and remote data centers.
  • It is a CPU technology that uses different CPU cores to handle tasks based on processing requirements.

Explanation: ARM has a technology termed big.LITTLE which uses heterogeneous processor cores with differing processing capabilities and power requirements. The LITTLE processor uses less power when the task does not require much processing capability. The big processor provides the most computing performance but with higher power requirements.

16. A user is concerned that an attacker may have gained remote access to an IoT device and is executing malicious commands. Which type of vulnerability best describes this situation?

  • distributed denial-of-service (DDoS)
  • buffer overflow
  • out-of-date firmware
  • backdoor installation

Explanation: A backdoor is usually installed by an attacker after the attacker gains remote access to an IoT device. The attacker could then execute malicious commands on the device remotely from anywhere in the world.

17. What is the result of an attacker rooting an IoT device?

  • An attacker that gains root access has limited access until the attacker installs backdoor software.
  • An attacker that gains root access will be able to read the memory of that device.
  • An attacker that gains root access is limited to local access of that device.
  • An attacker that gains root access has complete control over that device.

Explanation: An attacker that successfully roots an operating system can then read, modify, or delete any file on that system.

18. Which two CPU types are based on the Reduced Instruction Set Computing architecture? (Choose two.)

  • Android
  • ARM
  • MIPS
  • AMD
  • Intel
  • iOS

Explanation: CPUs from ARM and MIPS are based on the Reduced Instruction Set Computing architecture. CPUs from Intel and AMD are based on the Complex Instruction Set Computing architecture. Android and iOS are operating systems for mobile devices.

19. What are constrained devices as they relate to the IoT?

  • They are located in a highly secured environment.
  • They have very limited power, memory, and processing cycles.
  • They are designed for use in a very rough environment.
  • To reduce possible attacks to a minimum, they have just a few communication interfaces.

Explanation: A constrained device usually has very limited power, memory, and processing cycles. The IoT is largely made up of constrained devices, such as smart sensors and embedded devices.

20. What are three potential vulnerabilities related to a hardware sensor? (Choose three.)

  • tampering
  • environment manipulation
  • damage
  • sensitive data
  • clear-text authentication credential
  • encryption keys

Explanation: Vulnerabilities related to a hardware sensor itself include environment manipulation, tampering, and damage. Sensitive data, clear-text authentication credentials, and weak or no encryption relate to the potential vulnerabilities of memory within a device.

21. Which type of access control model uses access control lists to allow users to control access to their own data?

  • attribute-based
  • role-based
  • mandatory
  • discretionary

Explanation: Discretionary access control uses access control lists or other methods to allow users to control access to data that they own.

22. A security engineer is researching the secure deployments of critical IoT devices. How does the principle of identity and access management (IAM) define security with these types of devices?

  • limits which device will be the authentication server and which clients are allowed access to the network
  • limits those who can access what resources and the privileges they have once they obtain access
  • limits which third parties can send an access token to the resource server to make a resource request
  • limits which third parties can request an access token and attempt to authenticate

Explanation: Identity and access management (IAM) is a critical IoT security principle that defines those who can access what resources and the privileges they have once they obtain access.

Inline Feedbacks
View all comments