IoT Security 1.1 Chapter 6 Quiz Answers

IoT Security 1.1 Chapter 6 Quiz Exam Answers

1. What is a characteristic of a blockchain?

  • It uses risk avoidance.
  • It is a government approved authentication protocol.
  • It is immutable.
  • It uses the XML format.

Explanation: A blockchain is immutable, which means it is unable to be changed. This is important because blockchain technology is used to secure and track transactions.

2. Which problem associated with transactions is solved by blockchain technology?

  • trust
  • encryption
  • fee collection
  • key sharing

Explanation: Blockchain is a technology that solves the problem of trust in transactions. This includes trusting the identity of the person making the transaction, that all transactions are accurate, and that there are no illegal transactions.

3. When hiring a third party team to perform a black box vulnerability assessment for an organization, how much information is commonly provided to the team?

  • specific knowledge of current vulnerabilities
  • no knowledge of current network architecture
  • limited knowledge of current network architecture
  • full knowledge of current network architecture

Explanation: A black box vulnerability assessment is commonly characterized by the following:

  • This assessment is the closest to an actual attack.
  • The assessors have no knowledge of the network architecture prior to conducting their assessment.

4. How should trust boundaries be established in an IoT system?

  • only between the internal devices and devices located on the internet
  • always between two neighboring zones
  • between the internal devices and internet devices, but not third party application hosts
  • between two entities where the level of trust at either end of a flow is different

Explanation: After the system architecture is depicted and zones added, trust boundaries can be added to the DFD. Trust boundaries delimit sections of the network where the level of trust between entities at either end of a flow is different. Trust boundaries should only cross data flows.

5. Which password attack method uses a list that contains hashed values and clear text equivalents in order to speed up the process of gaining entry to a system?

  • dictionary attack
  • password sniffing and cracking attack
  • brute force
  • rainbow tables

Explanation: Rainbow tables contain hashed values and clear text equivalents which allow intercepted hashes to be looked up without actually unencrypting the hashed password.

6. Which statement describes the purpose of a data flow diagram (DFD) of an IoT system?

  • A DFD depicts the pathways that data will take between different functional components of the system.
  • A DFD uses regular flowchart symbols to depict data flow pathways.
  • A DFD includes entry points into an IoT system, but not the people using those entry points.
  • A DFD uses zones to limit the exposure of different parts of the system to vulnerabilities associated with each zone.

Explanation: Data flow diagrams (DFDs) are useful for visualizing an IoT system. DFDs depict the pathways that data will take between different functional components of the system, including entry points into the system and the devices and people using those entry points. DFDs also label the kind of data flows and the protocols in use.

7. What is a disruptive technology?

  • a technology that can displace competitors because it uses a very different approach
  • a technology that cannot be used outside of the public sector
  • a technology that negatively affects the global environment
  • a technology that causes negative consequences in the stock market

Explanation: A disruptive technology is a product or service that has a vastly different approach and that can displace competitors or cause new markets. Some consider IoT and blockchain disruptive technologies.

8. What describes a block as it is used in blockchain technology?

  • a key used to authenticate the individual who created a message
  • a mathematical scheme for authenticating digital information
  • an algorithm calculated by computers that is used to create the link between blocks
  • a list of transactions linked together with other lists of transactions

Explanation: In blockchain technology, a block is a list of transactions that are linked together with other lists of transactions.

9. What describes proof of work as it is used in a blockchain technology?

  • a key used to authenticate the individual who created a message
  • a process to validate transactions between blocks
  • an algorithm calculated by computers that is used to create the link between blocks
  • a mathematical scheme for authenticating digital information

Explanation: Proof of work is a process to validate transactions between blocks.

10. Which blockchain feature is used to track the transaction process?

  • decentralized ledger
  • T-V pairing
  • digital signature
  • algorithm for reaching consensus

Explanation: A blockchain uses four main technologies and features:

  • Digital signatures for authentication
  • A decentralized ledger to track the transaction process
  • An algorithm for reaching consensus so it is easy for others to verify a transaction
  • A hash of the previous block thus forming a blockchain

11. What is the name of the first block that is created in a blockchain?

  • block 0
  • root block
  • genesis block
  • nonce block

Explanation: The first block in a blockchain is the genesis block and has an index value of 0.

12. Which type of security tool is used to discover hosts on the network, locate open ports, and identify the operating system running on a host?

  • risk assessment tools
  • web application vulnerability tools
  • port mapping tools
  • password vulnerability tools

Explanation: Port mapping tools are invaluable for discovering open ports on end systems and network devices. They are able to discover hosts on the network and report not only on the open ports, but also identify the operating systems that are running on hosts.

13. Which statement describes the Common Vulnerability Scoring System (CVSS)?

  • It is a comprehensive security solution for IoT systems.
  • It is a vulnerability assessment system.
  • It is an evaluation system for vulnerability mitigation.
  • It is a risk assessment system.

Explanation: The Common Vulnerability Scoring System (CVSS) is a risk assessment designed to convey the common attributes and severity of vulnerabilities in computer hardware and software systems.

14. When using a third party assessor to perform a grey box vulnerability assessment for an organization, what type of information is commonly provided to the assessor?

  • no knowledge of current network architecture
  • limited knowledge of current network architecture
  • specific knowledge of current vulnerabilities
  • full knowledge of current network architecture

Explanation: The goal of grey box testers is to verify vulnerabilities, identify the effort required to exploit them, and determine the potential impacts of exploits.

15. Match the CVSS metric group with the correct description.

  • Temporal metric group → measures the characteristics of a vulnerability that may change over time, but not across user environments,
  • Environmental metric group → measures the aspects of a vulnerability that are rooted in the environment of a specific organization,
  • Base metric group → represents the characteristics of a vulnerability that are constant over time and across contexts

16. Which type of global network topology is used by blockchain technology?

  • hub-and-spoke
  • ring
  • full mesh
  • peer-to-peer

Explanation: Blockchain technology uses a peer-to-peer network of computers running the Blockchain protocol and each computer holds an identical copy of the transaction ledger.

17. Which three steps of the defense-centric threat modeling process are concerned with understanding the IoT system? (Choose three.)

  • Document the IoT system architecture.
  • Identify and rate threats.
  • Identify security objectives.
  • Develop mitigation processes.
  • Recommend mitigation.
  • Decompose the IoT system.

Explanation: The three steps concerned with understanding the IoT system are identify security objectives, document the IoT system architecture, and decompose the IoT system.

18. What is used as the mathematical scheme for authenticating digital information in a blockchain?

  • symmetric key
  • block
  • digital signature
  • proof of work

Explanation: Blockchain technology uses a digital signature as the mathematical scheme for authenticating digital information.

19. In the video Blockchain: The Next Frontier of IoT, what fundamental question does the Trusted IoT Alliance try to answer?

  • How does the world view the development of IoT and what should be changed in that development life cycle?
  • How does the world ensure that IoT devices are accepted?
  • How do you drive the integrity around the data, the management, and the operations of IoT devices and networks?
  • What market forces drive the technology that surrounds IoT devices?

Explanation: At the 49 second mark of the video, Anoop Nannra discusses how blockchain technology plays a role in enhancing IoT security and how the Trusted IoT Alliance is trying to answer the question of how do you drive the integrity around the data, the management, and the operations of IoT devices and networks.

20. Which type of password attack is inefficient because it attempts to use every possible combination of letters, numbers, and symbols to access a system?

  • brute force
  • password sniffing and cracking
  • rainbow tables
  • dictionary attack

Explanation: A brute force attack is inefficient because it is very time consuming and attempts every possible combination of letters, numbers, and symbols to challenge logins.

21. What is a way that blockchain can help in the field of IoT?

  • It can protect the operating system of the IoT device.
  • It can provide a secure transaction without cryptography.
  • It can prevent device tampering.
  • It can track sensor data measurements and prevent malicious data.

Explanation: Blockchain can be useful in several ways for the IoT:

Blockchain can track sensor data measurements and prevent malicious data.
It can provide IoT device identification, authentication, and secure data transfer.
IoT sensors can exchange data directly with each other securely and without the need for an intermediary.
A distributed ledger eliminates a single source of failure within the IoT ecosystem.
IoT deployment is simplified and operation costs of IoT are reduced because there is no intermediary.
IoT devices are directly addressable with blockchain, providing an immutable history of connected devices for trust and transparency.

22. What is proof of work as it relates to blockchain?

  • It is the security certificate issued.
  • It is a list of all the devices or people that have touched the transaction.
  • It is a process that includes a risk factor value that can change as the transaction moves through the process.
  • It is an algorithm used for transaction validation.

Explanation: Proof of work (PoW) uses an algorithm (hash) or a block added to the blockchain to validate transactions. Each block is a list of transactions with a hash of the previous block (prior PoW) and a hash of the current block.

23. What is the purpose of performing a vulnerability assessment?

  • Analyze risks so that they may be prioritized and addressed accordingly.
  • Examine off-the-shelf tools to discover, investigate, and disseminate threat information.
  • Research recent patches and updates that have become available.
  • Identify vulnerabilities that are likely to be exploited by threat actors.

Explanation: Performing a vulnerability assessment allows a security researcher to identify vulnerabilities that are likely to be exploited by threat actors. These vulnerability assessments may be automated or manually performed.


guest
0 Comments
Inline Feedbacks
View all comments