IoT Security 1.1 Chapter 5 Quiz Exam Answers
1. A client wants to deploy MQTT on a large enterprise network and is worried about the security of MQTT. The client wants all messages encrypted, including all messages between the broker and clients. What could the client do to achieve this goal?
- Use client certificates.
- Invoke SSL encryption.
- Apply payload encryption.
- Use unique client IDs for each client.
Explanation: Payload encryption works at the application layer and provides end to end encryption, protecting all messages between the client and the broker.
2. What is the safest way to prevent an XXE attack?
- Use SSL encryption on all traffic between the server and external clients.
- Use Pass phrases instead of a password.
- Disable XML external entity and DTD processing in the application.
- Use hardened passwords with a minimum of 12 characters.
Explanation: An XXE attack can be prevented by disabling XML external entity and DTD processing in the application.
3. A threat actor has injected JavaScript code into the output of a web application and is manipulating client-side scripts to run as desired in the browser. Which web front-end vulnerability is the threat actor exploiting?
- SQL injections
- cross-site scripting
- security misconfiguration
- broken authentication
Explanation: Web front-end vulnerabilities apply to apps, APIs, and services. Some of the most significant vulnerabilities are as follows:
- Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
- SQL injections: In an SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
- Broken authentication: Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
- Security misconfiguration: Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.
4. True or False?
On some home routers, to compromise the security on the router, a Flash applet can be used to change the DNS server settings with an UPnP request.
Explanation: On some home routers, security can be compromised by running a flash applet which can change the DNS server settings when an UPnP request is made. This could be used to redirect legitimate traffic to malevolent websites.
5. A threat actor has hijacked a session to assume the identity of a valid user. Which web front-end vulnerability is the threat actor exploiting?
- cross-site scripting
- SQL injections
- broken authentication
- security misconfiguration
Explanation: Web front-end vulnerabilities apply to apps, APIs and services. Some of the most significant vulnerabilities are as follows:
- Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
- SQL injections: In a SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
- Broken authentication: Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
- Security misconfiguration: Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.
6. How does UPnP assist a user to easily set up network-enabled devices?
- It forces the devices to use UDP for all connections because of its lower overhead.
- It allows for the detection of all devices without user intervention.
- It automatically configures communication between UPnP-enabled devices.
- It allows users to deploy enterprise-level networks easily and efficiently.
Explanation: UPnP (universal plug and play) will enable all UPnP devices to communicate with each other easily. It is used mainly in residential setups as the multicast nature of the UPnP consumes too many resources on networks for it to be efficiently deployed in an enterprise network.
7. What are two of the most widely exposed vulnerabilities currently listed by the Open Web Applications Security Project (OWASP)? (Choose two.)
- malware
- phishing
- spam
- username enumeration
- account lockout
Explanation: According to Open Web Applications Security Project (OWASP), the most widely exposed vulnerabilities are these:
- Username enumeration – The threat actor is able to find valid usernames through the authentication application.
- Weak passwords – The threat actor uses default passwords which have not been changed or is able to set account passwords that the threat actor chooses.
- Account lockout – The threat actor finds a way to attempt to authenticate many times after multiple failed attempts.
- Lack of multifactor authentication – It is easier for a threat actor to gain access when only one form of authentication is required.
- Insecure 3rd party components – As vulnerabilities are discovered, they often become patched. When components such as Secure Shell (ssh), BusyBox, or web servers are not kept up to date, the threat actor might expose these vulnerabilities and gain access.
8. Which password is the most hardened password for use on an IoT device?
- 1245rdghy67#
- Hnmmmkoty#4
- 12gnkjl9!!!ddfgr
- ajkyfrjn0999y*
Explanation: Hardened passwords should consist of at least 12 characters with a combination of uppercase, lowercase, numbers, and special characters.
9. Which popular exploit used by threat actors intercepts a system update and injects an update of their own?
- routing attack
- eavesdropping attack
- SQL injections
- firmware replacement
Explanation: Some of the most popular local exploits targeted by threat actors are as follows:
- Firmware Replacement – Updates and patches to devices are usually done remotely. If the process is not secure, threat actors could intercept the update and install their own malicious update.They could have full control over the device and begin attacking other devices in the system.
- Cloning – By creating a duplicate device, both in physical form and the software and firmware running on that device, the threat actor could replace a legitimate device. When the device is up and running, the threat actor could then steal information, or compromise additional devices.
- Denial of service (DoS) – The threat actor could launch a DoS attack to fill the communications channel, causing devices to respond to requests late, or not at all. Depending on the devices, this could cause a lot of damage.
- Extraction of Security Parameters – When a device is not protected properly, the threat actor may be able to extract security parameters from it such as authentication information or security keys.
10. Which attack involves a compromise of data that occurs between two end points?
- man-in-the-middle attack
- username enumeration
- denial-of-service
- extraction of security parameters
Explanation: Threat actors frequently attempt to access devices over the internet through communication protocols. Some of the most popular remote exploits are as follows:
- Man-In-the-middle attack (MITM) – The threat actor gets between devices in the system and intercepts all of the data being transmitted. This information could simply be collected or modified for a specific purpose and delivered to its original destination.
- Eavesdropping attack – When devices are being installed, the threat actor can intercept data such as security keys that are used by constrained devices to establish communications once they are up and running.
- SQL injection (SQLi) – Threat actors uses a flaw in the Structured Query Language (SQL) application that allows them to have access to modify the data or gain administrative privileges.
- Routing attack – A threat actor could either place a rogue routing device on the network or modify routing packets to manipulate routers to send all packets to the chosen destination of the threat actor. The threat actor could then drop specific packets, known as selective forwarding, or drop all packets, known as a sinkhole attack.
11. What is a characteristic of the constrained application protocol (CoAP)?
- It allows for efficient sensor and node communication without requiring a centralized control mechanism.
- It is mostly used for multiple clients where live data is the only data.
- It is primarily designed to collect data from many devices and deliver that data to the IT infrastructure.
- It supports the last will and testament option.
Explanation: CoAP uses a client-server model that allows for efficient sensor and node communication. CoAP is a lightweight protocol that uses UDP (but can use TCP) and is mainly used for M2M communication.
12. Which popular exploit used by threat actors fills the communications channel so that the targeted device responds to requests late or not at all?
- DoS
- eavesdropping attack
- routing attack
- phishing
Explanation: Some of the most popular local exploits targeted by threat actors are as follows:
- Firmware Replacement – Updates and patches to devices are usually done remotely. If the process is not secure, threat actors could intercept the update and install their own malicious update. They could have full control over the device and begin attacking other devices in the system.
- Cloning – By creating a duplicate device, both in physical form and the software and firmware running on that device, the threat actor could replace a legitimate device. When the device is up and running, the threat actor could then steal information, or compromise additional devices.
- Denial of Service (DoS) – The threat actor could launch a DoS attack to fill the communications channel causing devices to respond to requests late, or not at all. Depending on the devices, this could cause a lot of damage.
- Extraction of Security Parameters – When a device is not protected properly, the threat actor may be able to extract security parameters from it such as authentication information or security keys.
13. A threat actor has placed a rogue device on the network to manipulate the chosen destination of all packets. Which remote exploit was used by the threat actor?
- extraction of security parameters
- routing attack
- denial-of-service
- username enumeration
Explanation: Threat actors frequently attempt to access devices over the internet through communication protocols. Some of the most popular remote exploits are as follows:
- Man-In-the-middle attack (MITM) – The threat actor gets between devices in the system and intercepts all of the data being transmitted. This information could simply be collected or modified for a specific purpose and delivered to its original destination.
- Eavesdropping attack – When devices are being installed, the threat actor can intercept data such as security keys that are used by constrained devices to establish communications once they are up and running.
- SQL injection (SQLi) – Threat actors uses a flaw in the Structured Query Language (SQL) application that allows them to have access to modify the data or gain administrative privileges.
- Routing attack – A threat actor could either place a rogue routing device on the network or modify routing packets to manipulate routers to send all packets to the chosen destination of the threat actor. The threat actor could then drop specific packets, known as selective forwarding, or drop all packets, known as a sinkhole attack.
14. What is a characteristic of the message queueing telemetry transport (MQTT) publish-subscribe model?
- It allows for a retained messages option that can be used to provide status updates.
- The last will and testament option allows for immediate session termination, thus saving power.
- Clients that are connected will prevent other clients from connecting, thus preserving power.
- Clients are prevented from subscribing to any subtopics in order to keep traffic to a minimum.
Explanation: MQTT is used for machine to machine (M2M) IoT communications and has an option to retain messages that can be used to provide status updates. MQTT allows clients to receive many messages when subscribed to a topic within subtopics. It also supports an option called the last will and testament option that ensures that the client receives the most current updates of the topics subscribed to. Clients connected do not prevent other clients from connecting and the traffic model that is used helps to keep traffic to a minimum, thus enabling reduction in power.
15. What is a commonly exposed mobile application vulnerability?
- insecure data storage
- SQL injections
- user enumeration
- malware
Explanation: Threat actors can gain access and control mobile devices through compromised mobile applications, even though both Android and iOS are relatively secure. Some of the most widely exposed vulnerabilities are as follows:
- Insecure communication – The communication technology and channel must be secured. When there is weak negotiation, poor handshake practices, and the use of incorrect versions of SSL, the communication is not secure.
- Insecure data storage – Many applications have access to data storage areas of mobile devices, even though they may not need it. Data storage must be secured and applications must be tested to ensure there is no data leakage.
- Insecure authentication –A session must be managed properly to ensure that it is performed securely. Users must be identified when necessary, and their identity must be maintained securely.
- Improper platform usage – Mobile apps use features built into the platforms such as TouchID, Keychain, and Android intents. Should these security controls be misused, access to the device and other apps can be compromised.
- Insufficient cryptography – The cryptography used to encrypt sensitive data must be sufficient and must be applied when necessary.
16. What is one of the most widely exposed vulnerabilities listed by the Open Web Applications Security Project (OWASP)?
- malware
- adware
- single-factor authentication
- botnets
Explanation: According to Open Web Applications Security Project (OWASP), the most widely exposed vulnerabilities are these:
Username enumeration – The threat actor is able to find valid usernames through the authentication application.
Weak passwords – The threat actor uses default passwords which have not been changed or is able to set account passwords that the threat actor chooses.
Account lockout – The threat actor finds a way to attempt to authenticate many times after multiple failed attempts.
Lack of multi-factor authentication – It is easier for a threat actor to gain access when only one form of authentication is required.
Insecure 3rd party components – As vulnerabilities are discovered, they often become patched. When components such as Secure Shell (SSH), BusyBox, or web servers are not kept up to date, the threat actor might expose these vulnerabilities and gain access.
17. What is a characteristic of the message queueing telemetry transport (MQTT) protocol?
- It is mainly used for instant messaging.
- The MQTT protocol requires a message broker.
- MQTT uses the User Datagram Protocol.
- It is designed to connect servers together.
Explanation: MQTT requires a message broker that manages communication between publisher and subscriber clients.
18. What is a characteristic of the Constrained Application Protocol (CoAP)?
- It is a document transfer protocol.
- It is designed to connect servers together.
- It is an inefficient messaging protocol.
- It uses the TCP protocol.
Explanation: CoAP (Constrained Application Protocol) is a document transfer protocol that utilizes the User Datagram Protocol (UDP).
19. For which type of devices is the use of DDS (data distribution service) in M2M connections well suited?
- for devices that require a collection of data for centralized storage and filtration
- for devices where live data is not the only data and which use a client-server model
- for devices that require subscription of data on a server referred to as a broker
- for devices that measure real-time data in microseconds that need to be filtered and delivered efficiently
Explanation: Devices that measure real-time data in microseconds are good candidates for DDS (data distribution service). DDS will filter the data and send the required data efficiently to endpoints requiring it. DDS is the protocol of choice when dealing with applications that require speed and reliability.
20. What is a characteristic of Extensible Messaging and Presence Protocol (XMPP)?
- It uses a client-server model to inform clients of state changes as they occur.
- It uses a publish-subscribe Model and supports the last will and testament option.
- It uses an addressing scheme ([email protected]) which helps simplify connections.
- It uses UDP for efficient packet sizes.
Explanation: XMPP uses an addressing scheme ([email protected]) to simplify connections and enable communication when data is sent between distant points.