IoT Security 1.1 Chapter 5 Quiz

¡Supera tus tareas y exámenes ahora con Quizwiz!

What is the safest way to prevent an XXE attack?

Disable XML external entity and DTD processing in the application.

What is a characteristic of Extensible Messaging and Presence Protocol (XMPP)?

It uses an addressing scheme ([email protected]) which helps simplify connections.

A threat actor has hijacked a session to assume the identity of a valid user. Which web front-end vulnerability is the threat actor exploiting?

broken authentication

A threat actor has injected JavaScript code into the output of a web application and is manipulating client-side scripts to run as desired in the browser. Which web front-end vulnerability is the threat actor exploiting?

cross-site scripting

Which popular exploit used by threat actors intercepts a system update and injects an update of their own?

firmware replacement

What is a commonly exposed mobile application vulnerability

insecure data storage

Which attack involves a compromise of data that occurs between two end points?

man-in-the-middle attack

A threat actor has placed a rogue device on the network to manipulate the chosen destination of all packets. Which remote exploit was used by the threat actor?

routing attack

What is one of the most widely exposed vulnerabilities listed by the Open Web Applications Security Project (OWASP)?

single-factor authentication

True or False? On some home routers, to compromise the security on the router, a Flash applet can be used to change the DNS server settings with an UPnP request.

true

A client wants to deploy MQTT on a large enterprise network and is worried about the security of MQTT. The client wants all messages encrypted, including all messages between the broker and clients. What could the client do to achieve this goal?

Apply payload encryption.

Which popular exploit used by threat actors fills the communications channel so that the targeted device responds to requests late or not at all?

DoS

Which password is the most hardened password for use on an IoT device?

Hnmmmkoty#4

What is a characteristic of the message queueing telemetry transport (MQTT) publish-subscribe model?

It allows for a retained messages option that can be used to provide status updates.

What is a characteristic of the constrained application protocol (CoAP)?

It allows for efficient sensor and node communication without requiring a centralized control mechanism.

How does UPnP assist a user to easily set up network-enabled devices?

It automatically configures communication between UPnP-enabled devices.

What is a characteristic of the Constrained Application Protocol (CoAP)?

It is a document transfer protocol.

What is a characteristic of the message queueing telemetry transport (MQTT) protocol?

The MQTT protocol requires a message broker.

For which type of devices is the use of DDS (data distribution service) in M2M connections well suited?

for devices that measure real-time data in microseconds that need to be filtered and delivered efficiently

What are two of the most widely exposed vulnerabilities currently listed by the Open Web Applications Security Project (OWASP)? (Choose two.)

username enumeration, account lockout


Conjuntos de estudio relacionados

Unit 3: Fluid & Electrolyte balance

View Set

The Byzantine Empire and Crusades Study Guide

View Set

Database Design DE Semester 1 Final Exam

View Set

med surg endocrine Nclex practice questions: SET ONE

View Set

MIDTERM (ch. 6, 24, 25, 27, + 3, 18, 21, 22)

View Set

HIM 410: Module 1: Health Data Content and Standards

View Set