CEH Chapter 8 Practice Questions
Which of the following is an iOS jailbreaking type that cannot be patched by Apple, as the failure is within the hardware itself, and provides admin-level access after successful completion? A. iBoot B. Userland C. Untethered D. BootROM
D
Which of the following is the best choice for performing a bluebugging attack? A. PhoneSnoop B. BBProxy C. btCrawler D. Blooover
D
A homeowner accesses an app on his cell phone to set up a view list on his television. Which IoT communication model is in play here? A. Device-to-Gateway B. Back-End Data-Sharing C. Device-to-Cloud D. Device-to-Device
A
A mobile device communication session using SSL fails, and data is available for viewing by an attacker. Which OWASP Top 10 Mobile Vulnerability category has been made available for exploit? A. M3 - Insecure communication B. M4 - Insufficient authentication C. M5 - Insufficient cryptography D. M10 - Extraneous Functionality
A
An attacker leverages a vulnerability within Bluetooth on an IoT device and successfully shuts down the air conditioning to the data center floor. Which of the following best describes the attack type used? A. HVAC B. BlueAir C. Rolling code D. BlueBorne
A
An individual attempts to make a call using his cell phone; however, it seems unresponsive. After a few minutes of effort, he turns it off and turns it on again. During his next phone call, the phone disconnects and becomes unresponsive again. Which Bluetooth attack is underway? A. Bluesmacking B. Bluejacking C. Bluesniffing D. Bluesnarfing
A
Which of the following is a pairing mode in Bluetooth that rejects every pairing request? A. Non-pairing B. Non-discoverable C. Promiscuous D. Bluejack
A
Which of the following tools is a vulnerability scanner for Android devices? A. X-ray B. evasi0n7 C. Pangu D. DroidSheep Guard
A
Within the Attify Zigbee Framework, which of the following is used to discover target devices within range? A. zbstumbler B. zbdump C. zbreplay D. zbassoc/flood
A
Which of the following are valid countermeasures in the prevention of IoT hacking? (Choose all that apply.) A. Disable guest and demo accounts. B. Enable lockout features for excessive login attempts. C. Disable telnet. D. Implement patch management and ensure device firmware is up to date.
A, B, C, D
In which phase of the IoT hacking methodology would the Shodan search engine most likely be used? A. Vulnerability scanning B. Information gathering C. Launching attacks D. Gaining access
B
Jack receives a text message on his phone advising him of a major attack at his bank. The message includes a link to check his accounts. After clicking the link, an attacker takes control of his accounts in the background. Which of the following attacks is Jack facing? A. Phishing B. Smishing C. Vishing D. App sandboxing
B
Of the tools listed, which is the best choice for quickly discovering IP addresses of IoT devices on your network? A. IoTInspector B. MultiPing C. Z-Wave Sniffer D. beSTORM
B
Which OWASP Top 10 IoT vulnerability category deals with poorly protected passwords? A. I1 - Insecure Web Interface B. I2 - Insufficient Authentication/Authorization C. I8 - Insufficient Security Configurability D. I9 - Insecure Software/Firmware
B
Which of the following allows an Android user to attain privileged control of the device? A. DroidSheep B. SuperOneClick C. Faceniff D. ZitMo
B
Which of the following is the most popular short-range communication technology for IoT devices? A. RFID B. Zigbee C. QR codes D. LiFi
B
Which of the following jailbreaking techniques will leave the phone in a jailbroken state even after a reboot? A. Tethered B. Untethered C. Semi-tethered D. Rooted
B
Within IoT architecture, which of the following carries out message routing and identification? A. Edge Technology layer B. Access Gateway layer C. Internet layer D. Middleware layer
B
You wish to gain administrative privileges over your Android device. Which of the following tools is the best option for rooting the device? A. Pangu B. SuperOneClick C. Cydia D. evasi0n7
B
A company hires you as part of their security team. They are implementing new policies and procedures regarding mobile devices in the network. Which of the following would not be a recommended practice? A. Create a BYOD policy and ensure all employees are educated and aware of it. B. Whitelist applications and ensure all employees are educated and aware of them. C. Allow jailbroken and rooted devices on the network, as long as the employee has signed the policy. D. Implement MDM.
C
Operations promotes the use of mobile devices in the enterprise. Security disagrees, noting multiple risks involved in adding mobile devices to the network. Which of the following provides some protections against the risks security is concerned about? A. Implement WPA. B. Add MAC filtering to all WAPs. C. Implement MDM. D. Ensure all WAPs are from a single vendor.
C
Which IoT communication model makes use of a component adding a collective before sending data to the cloud, which adds a measure of security control to the application? A. Device to device B. Device to cloud C. Device to gateway D. Device to security
C
Which of the following is an advanced hardware- and software-designed radio used for security testing in IoT? A. Fluke B. Raspberry pi C. HackRF One D. Alfa AWUS036NH
C
Which of the following tools is the best choice for sniffing IoT traffic? A. Firmalyzer B. beSTORM C. Foren6 D. Shodan
C
Which of the following tools would be used in a blackjacking attack? A. Aircrack B. BBCrack C. BBProxy D. Paros Proxy
C
Which type of jailbreaking allows user-level access but does not allow iBoot-level access? A. iBoot B. Bootrom C. Userland D. iRoot
C
An attacker is using Shodan to search for devices on a target. She types the following as the search string: webcam geo:"-85.97,31.81". Which of the following correctly describes this action? A. The search string syntax is incorrect. B. The attacker is searching for webcams with serial numbers starting between 3181 and 8597. C. The attacker is searching for webcam manufacturers starting with "geo." D. The attacker is searching for webcams in the geographic location -31.80, 85.95 (longitude and latitude).
D
In October of 2016, a DDoS attack involving millions of IoT devices caused a disruption of service to large numbers of users in North America and Europe. Which of the following malware was used in the attack? A. WannaCry B. Cryptolocker C. Locky D. Mirai
D
In this attack on VANET, vehicles appear to be in multiple places at once, causing congestion and severely impairing the use of data. Which of the following best describes this attack? A. Rolling code B. BlueBorne C. Side channel D. Sybil
D
