IoT Security 1.1 Chapter 6 Quiz Exam Answers
1. What is a characteristic of a blockchain?
- It uses risk avoidance.
- It is a government approved authentication protocol.
- It is immutable.
- It uses the XML format.
2. Which problem associated with transactions is solved by blockchain technology?
- trust
- encryption
- fee collection
- key sharing
3. When hiring a third party team to perform a black box vulnerability assessment for an organization, how much information is commonly provided to the team?
- specific knowledge of current vulnerabilities
- no knowledge of current network architecture
- limited knowledge of current network architecture
- full knowledge of current network architecture
4. How should trust boundaries be established in an IoT system?
- only between the internal devices and devices located on the internet
- always between two neighboring zones
- between the internal devices and internet devices, but not third party application hosts
- between two entities where the level of trust at either end of a flow is different
5. Which password attack method uses a list that contains hashed values and clear text equivalents in order to speed up the process of gaining entry to a system?
- dictionary attack
- password sniffing and cracking attack
- brute force
- rainbow tables
6. Which statement describes the purpose of a data flow diagram (DFD) of an IoT system?
- A DFD depicts the pathways that data will take between different functional components of the system.
- A DFD uses regular flowchart symbols to depict data flow pathways.
- A DFD includes entry points into an IoT system, but not the people using those entry points.
- A DFD uses zones to limit the exposure of different parts of the system to vulnerabilities associated with each zone.
7. What is a disruptive technology?
- a technology that can displace competitors because it uses a very different approach
- a technology that cannot be used outside of the public sector
- a technology that negatively affects the global environment
- a technology that causes negative consequences in the stock market
8. What describes a block as it is used in blockchain technology?
- a key used to authenticate the individual who created a message
- a mathematical scheme for authenticating digital information
- an algorithm calculated by computers that is used to create the link between blocks
- a list of transactions linked together with other lists of transactions
9. What describes proof of work as it is used in a blockchain technology?
- a key used to authenticate the individual who created a message
- a process to validate transactions between blocks
- an algorithm calculated by computers that is used to create the link between blocks
- a mathematical scheme for authenticating digital information
10. Which blockchain feature is used to track the transaction process?
- decentralized ledger
- T-V pairing
- digital signature
- algorithm for reaching consensus
11. What is the name of the first block that is created in a blockchain?
- block 0
- root block
- genesis block
- nonce block
12. Which type of security tool is used to discover hosts on the network, locate open ports, and identify the operating system running on a host?
- risk assessment tools
- web application vulnerability tools
- port mapping tools
- password vulnerability tools
13. Which statement describes the Common Vulnerability Scoring System (CVSS)?
- It is a comprehensive security solution for IoT systems.
- It is a vulnerability assessment system.
- It is an evaluation system for vulnerability mitigation.
- It is a risk assessment system.
14. When using a third party assessor to perform a grey box vulnerability assessment for an organization, what type of information is commonly provided to the assessor?
- no knowledge of current network architecture
- limited knowledge of current network architecture
- specific knowledge of current vulnerabilities
- full knowledge of current network architecture
15. Match the CVSS metric group with the correct description.
- Temporal metric group → measures the characteristics of a vulnerability that may change over time, but not across user environments,
- Environmental metric group → measures the aspects of a vulnerability that are rooted in the environment of a specific organization,
- Base metric group → represents the characteristics of a vulnerability that are constant over time and across contexts
16. Which type of global network topology is used by blockchain technology?
- hub-and-spoke
- ring
- full mesh
- peer-to-peer
17. Which three steps of the defense-centric threat modeling process are concerned with understanding the IoT system? (Choose three.)
- Document the IoT system architecture.
- Identify and rate threats.
- Identify security objectives.
- Develop mitigation processes.
- Recommend mitigation.
- Decompose the IoT system.
18. What is used as the mathematical scheme for authenticating digital information in a blockchain?
- symmetric key
- block
- digital signature
- proof of work
19. In the video Blockchain: The Next Frontier of IoT, what fundamental question does the Trusted IoT Alliance try to answer?
- How does the world view the development of IoT and what should be changed in that development life cycle?
- How does the world ensure that IoT devices are accepted?
- How do you drive the integrity around the data, the management, and the operations of IoT devices and networks?
- What market forces drive the technology that surrounds IoT devices?
20. Which type of password attack is inefficient because it attempts to use every possible combination of letters, numbers, and symbols to access a system?
- brute force
- password sniffing and cracking
- rainbow tables
- dictionary attack
21. What is a way that blockchain can help in the field of IoT?
- It can protect the operating system of the IoT device.
- It can provide a secure transaction without cryptography.
- It can prevent device tampering.
- It can track sensor data measurements and prevent malicious data.
22. What is proof of work as it relates to blockchain?
- It is the security certificate issued.
- It is a list of all the devices or people that have touched the transaction.
- It is a process that includes a risk factor value that can change as the transaction moves through the process.
- It is an algorithm used for transaction validation.
23. What is the purpose of performing a vulnerability assessment?
- Analyze risks so that they may be prioritized and addressed accordingly.
- Examine off-the-shelf tools to discover, investigate, and disseminate threat information.
- Research recent patches and updates that have become available.
- Identify vulnerabilities that are likely to be exploited by threat actors.