IoT Security 1.1 Chapter 4 Quiz Answers

IoT Security 1.1 Chapter 4 Quiz Exam Answers

1. Why would an engineer only use very short-range radios to allow sensor data to travel from node to node until the data reaches the IoT gateway?

  • increased bandwidth
  • channel requirements
  • power constraints
  • high availability

Explanation: IoT devices may have power constraints that may only permit the use of very short-range radios. IoT wireless protocols may use a topology that allows sensor data to travel from node to node until the data reaches the gateway.

2. A home owner recently installed an IoT smart plug that was designed to be controlled over the internet. After a couple of days the home owner notices a new wireless name of Outlet4375 appears when they attempt to connect a smartphone to the house wireless network. Which statement identifies the situation that is occurring?

  • The smart plug will always broadcast the Outlet4375 wireless name for management connections.
  • The wireless network name of Outlet4375 is a wireless network used for securely isolating the network traffic of the smart plug.
  • The smart plug was never connected to the home Wi-Fi and is awaiting a connection on the Outlet4375 wireless network.
  • The home Wi-Fi network name should be changed to match the Outlet4375 wireless network name in order to activate the smart plug.

Explanation: In order for a smart plug to be controlled over the internet, it must connect to the home Wi-Fi network. The smart plug will commonly set up a promiscuous mode hot spot that can be identified by the cell phone app of the vendor or the PC software to allow the buyer to connect to the smart plug and configure it to access the home Wi-Fi network.

3. Which OWASP communication layer vulnerability should be researched when securing the IoT network traffic attack surface?

  • injection
  • replay attack
  • unencrypted services
  • protocol fuzzing

Explanation: When securing the IoT network traffic attack surface, the following vulnerabilities should be taken into account:

  • LAN traffic
  • LAN to internet traffic
  • short range
  • nonstandard protocols
  • wireless
  • packet manipulation (protocol fuzzing)

4. A threat actor uses non-blind spoofing to launch an attack. What are two objectives for the attack? (Choose two.)

  • depleting the batteries of IP-based IoT devices
  • flooding the network with maliciously formatted packets
  • overwhelming web servers
  • determining the state of a firewall
  • predicting TCP sequence-numbers

Explanation: IP address spoofing attacks occur when a threat actor creates packets with false source IP address information. With non-blind spoofing, the threat actor can see the traffic that is being sent between the host and the target. Reasons for non-blind spoofing include determining the state of a firewall, TCP sequence-number prediction, or hijacking an authorized session.

5. Which type of IoT wireless network would interconnect audio devices and smart watches to a cell phone that serves as an IoT gateway?

  • wireless home-area network
  • wireless personal-area network
  • wireless field-area network
  • wireless body-area network

Explanation: The wireless personal-area network commonly uses Bluetooth to interconnect personal fitness trackers, smart watches, and audio devices to a cell phone that serves as an IoT gateway.

6. In which type of scenario would an IoT gateway not be required to convert traffic to Wi-Fi or wired ethernet?

  • when smart objects forward data within a mesh network
  • when smart objects forward data using TCP/IP protocols
  • when smart objects forward data within a hub-and-spoke topology
  • when smart objects forward data within a star topology

Explanation: Smart objects and things can communicate directly with the cloud or data center (IP capable) if they have their own IPv6 protocol stacks and messaging protocols. Being IP capable allows the things to send through the IP network without requiring translation into IP by an IoT gateway.

7. Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication?

  • ICMP attack
  • man-in-the-middle attack
  • DoS attack
  • SYN flood attack

Explanation: The man-in-the-middle attack is a common IP-related attack where threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication.

8. Which parameter is used to identify applications when a user sends a service request to a remote server?

  • server IP address
  • source port number
  • TCP sequence number
  • destination port number

Explanation: In TCP/IP transmissions, the protocols at the transport layer of both the OSI and TCP/IP model use port addressing to enable multiple conversations to be tracked and connected with the correct applications. The destination port number in the packets sent by the source device identifies the requested application.

9. Which two OWASP communication layer vulnerabilities should be researched when securing the IoT device network services attack surface? (Choose two.)

  • vulnerable UDP services
  • XBee
  • information disclosure
  • non-standard protocols
  • Zigbee

Explanation: When the IoT device network services attack surface is being secured, the following vulnerabilities should be taken into account:

  • Information disclosure
  • Injection
  • Denial of service
  • Unencrypted services
  • Poorly implemented encryption
  • Test/development services
  • Vulnerable UDP services
  • Replay attack
  • Lack of payload verification
  • Lack of message integrity check

10. Which customized IEEE 802.15.4 wireless topology can contain a large amount of full function devices and a small amount of reduced function devices?

  • hub-and-spoke
  • mesh
  • star
  • cluster-tree

Explanation: The cluster-tree topology contains mainly full function devices (FFDs). Any of these FFDs can act as a coordinator and provide synchronization services to other devices and coordinators. A reduced function device (RFD) may connect to a cluster-tree network as a leaf node at the end of a branch.

11. Which type of IoT wireless deployment would allow smart objects to be deployed over a very large area?

  • mesh topology
  • hub-and-spoke topology
  • star topology
  • IP capable topology

Explanation: The wireless mesh topology allows smart objects to connect with other smart objects to eventually reach an IoT gateway. This allows the smart objects to be deployed over a much larger area than would otherwise be possible if each node were required to communicate directly with the IoT gateway.

12. Which basic security service protects against alteration of data while it is in transit?

  • replay protection
  • message confidentiality
  • message integrity
  • access control

Explanation: 802.15.4 operates at the OSI physical and data link layers. There are four basic security services performed at the data link layer:

  • Access control – prevents unauthorized devices from joining the network
  • Message integrity – protects against alteration of data while it is in transit
  • Message confidentiality – prevents threat actors from reading the transmitted data
  • Replay protection – prevents threat actors from successfully capturing legitimate messages and sending them out on the network at a later time

13. Which IoT wireless option is commonly used by devices that require a low power wide-area network connection and do not use a fixed power supply?

  • LoRaWAN
  • cellular
  • thread
  • ZigBee

Explanation: LoRaWAN is a specification for low power wide-area network connection. Unlike cellular, LoRaWAN devices do not require a fixed power supply.

14. Which three IoT wireless mesh protocols are built on top of 802.15.4? (Choose three.)

  • Bluetooth Low Energy
  • near field communication
  • 6LoWPAN
  • ZigBee
  • Wi-Fi
  • Thread

Explanation: The IEEE 802.15.4 protocol was originally developed for use in personal-area networks (PANs) and consists of physical (PHY) and media access layer specifications. Due to the layered architecture, developers have been able to create diverse upper-layer protocols to allow ZigBee, Thread, and 6LoWPAN to run on top of 802.15.4.

15. Which two techniques are used in a smurf attack? (Choose two.)

  • botnets
  • amplification
  • resource exhaustion
  • reflection
  • session hijacking

Explanation: A smurf attack uses amplification and reflection techniques to overwhelm a targeted host. The threat actor forwards ICMP echo request messages that contain the source IP address of the victim to a large number of hosts. These hosts all reply to the spoofed IP address of the victim with the intent of overwhelming it.

16. After host A receives a web page from server B, host A terminates the connection with server B. Match each option to its correct step in the normal termination proccess for a TCP connection.

  • Host A sends an ACK to server B. → Step 4
  • Host A sends a FIN to server B. → Step 1
  • Server B sends an ACK to host A. → Step 2
  • Server B sends a FIN to host A. → Step 3

17. Which devices scan and infect more targets during the process of a DDoS attack?

  • botmasters
  • web servers
  • zombies
  • CnC servers

Explanation: In DDoS attack scenarios, zombies, or infected hosts, continue to scan and infect targets with the intent of creating more zombies. The command-and-control (CnC) server communicates with zombies using a covert channel. When ready, the threat actor (botmaster) uses the CnC servers to instruct the botnet of zombies to launch a DDoS attack on a specific target.

18. Which two types of attacks are typically carried out by using ICMP messages? (Choose two.)

  • password gathering
  • opening back doors
  • reconnaissance
  • relaying spam
  • DoS

Explanation: Threat actors use ICMP messages for reconnaissance and scanning attacks. ICMP messages are also used by threat actors to launch DoS attacks.

19. Which two techniques are used to carry out DoS attacks? (Choose two.)

  • using ICMP messages to profile host operating systems
  • using maliciously formatted packets
  • gaining access to the physical network and hijacking a current session
  • sending an overwhelming amount of traffic
  • using pings to discover subnets and hosts on a network

Explanation: With denial of service (DoS) attacks, threat actors overwhelm a targeted host by sending an overwhelming quantity of maliciously formatted packets. This causes the targeted host to crash or become unable to respond to legitimate requests.

20. Which two application layer protocols use UDP? (Choose two.)

  • HTTPS
  • DHCP
  • HTTP
  • TFTP
  • FTP

Explanation: Application layer protocols TFTP and DHCP use UDP as the transport layer protocol. HTTP, HTTPS, and FTP use TCP as the transport layer protocol.

21. When does the level of trust and reliability of data change during communication between IoT systems?

  • when data is generated by a device inside a trusted network and travels to an untrusted network
  • when data is generated by a device inside an untrusted network and stays in an untrusted network
  • when data is generated by a device within a DMZ and stays within the DMZ
  • when data is generated by a device inside a trusted network and stays within the network

Explanation: When referring to security, crossing a trust boundary means that the level of trust and reliability of data has changed. As data moves from a trusted network to an untrusted network, the security of the data changes.

22. What are two of the most common wireless technologies used in home automation and home security applications? (Choose two.)

  • Bluetooth
  • near field communication
  • Wi-Fi
  • cellular
  • IEEE 802.15.4

Explanation: Bluetooth and Wi-Fi both use radio waves to transmit data and are commonly used in IoT home applications. Bluetooth is used in wireless personal-area networks and Wi-Fi is used in wireless local-area networks.

23. A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on the network. The program sweeps through all of the known ports trying to find closed ports. It causes the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which two programs could be used by the threat actor to launch the attack? (Choose two.)

  • ping
  • WireShark
  • UDP Unicorn
  • Low Orbit Ion Cannon
  • Smurf

Explanation: A threat actor can use a tool like UDP Unicorn or Low Orbit Ion Cannon to send a flood of UDP packets to launch a UDP flood attack that causes all the resources on a network to become consumed. These types of programs will sweep through all the known ports trying to find closed ports. This causes the server to reply with an ICMP port unreachable message. Because of the many closed ports on the server, there is so much traffic on the segment that almost all the bandwidth gets used. The end result is very similar to a DoS attack.

24. Which attack commonly includes the use of botnet and handler systems?

  • DoS attack
  • address spoofing attack
  • ICMP attack
  • DDoS attack

Explanation: A DDoS attack is similar in intent to a DoS attack, except that a DDoS attack is larger because it originates from multiple and coordinated sources. DDoS attacks commonly include a botnet, handler systems, and zombie computers.

25. Which network environment is suitable for a Media Access Control (MAC) address spoofing attack?

  • on a WAN connection
  • inside an internal network
  • between an organization network and ISP
  • within the cloud

Explanation: Media Access Control (MAC) address spoofing attacks are used when threat actors have access to the internal network. Threat actors alter the MAC address of their host to match the known MAC address of a target host.


guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x