IOT SECURITY CHAPTER 1-6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which two CPU types are based on the Reduced Instruction Set Computing architecture? (Choose two.)

ARM, MIPS

What is the result of an attacker rooting an IoT device?

An attacker that gains root access has complete control over that device.

What is a key difference between an embedded device and a prototyping device?

An embedded device is programmed for one specific purpose, whereas a prototyping device is designed to perform different functions.

What are two of the most common wireless technologies used in home automation and home security applications? (Choose two.)

Bluetooth, Wi-Fi

Which two programming languages are examples of compiled languages? (Choose two.)

C, Java

Which attack commonly includes the use of botnet and handler systems?

DDoS attack

Which two application layer protocols use UDP? (Choose two.)

DHCP, TFTP

What are the three broad requirements specified by the CIA security triad?

Data must be protected from unauthorized access. Data must always be acessible by the people who need to use it when they need to use it. Data must be protected from theft and unuthorized alteration or destruction.

Which popular exploit used by threat actors fills the communications channel so that the targeted device responds to requests late or not at all?

DoS

Which two types of attacks are typically carried out by using ICMP messages? (Choose two.)

DoS, reconnaissance

Which task in the step of decomposing the IoT system gathers information about approaches to input validation, authentication, authorization, configuration, and any other areas of the IoT system that are vulnerable?

Document the security profile.

What is the best practice to mitigate risks in healthcare IoT?

Ensure that the IoT devices in use or to be purchased are secure and that device security has been adequately configured.

Which password is the most hardened password for use on an IoT device?

Hnmmmkoty#4

Which task in the step of decomposing the IoT system can gather information about where data is input into the IoT system?

Identify entry points.

Which task in the step of decomposing the IoT system gathers information where secure resources are stored and manipulated to see who has elevated rights?

Identify sensitive data.

What is a characteristic of the message queueing telemetry transport (MQTT) publish-subscribe model?

It allows for a retained messages option that can be used to provide status updates.

What is meant by the term big.LITTLE computing?

It is a CPU technology that uses different CPU cores to handle tasks based on processing requirements.

Which statement describes IFTTT (If This Then That)?

It is a simple web service that allows the connection of an event to an action.

What is the function of an eMMC flash chip in an IoT device?

It is an embedded chip that stores the firmware, operating system, and software.

What is the function of the STRIDE tool?

It is used to identify threats.

What is the function of the DREAD tool?

It is used to rate threats.

Which interface is used to troubleshoot embedded system software?

JTAG

Which statement describes the function of the Kali VM?

Kali is a popular Linux distribution VM that contains many tools used for assessing network security

What are two IoT wireless standards that IoT manufacturers can use over longer distances while still supporting some level of security? (Choose two.)

LTE-M, LoRa

Which IoT wireless option is commonly used by devices that require a low power wide-area network connection and do not use a fixed power supply?

LoRaWAN

Which domain of the ETSI model includes sensors and gateways connecting to the network through Bluetooth?

M2M

According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work category defines Vulnerability Assessment and Management?

Protect and Defend

In the context of IoT in the manufacturing industry, which model segments devices and equipment into hierarchical functions?

Purdue Model for Control Hierarchy

After threats are rated, what is the next step recommended by the Threat Model Analysis for an IoT system?

Recommend mitigation.

Which type of memory media would provide space to store collected data in an IoT device?

SD card

According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work category defines risk management?

Securely Provision

After host A receives a web page from server B, host A terminates the connection with server B. Match each option to its correct step in the normal termination proccess for a TCP connection.

Server B sends a FIN to host A. → Step 3, Host A sends a FIN to server B. → Step 1, Server B sends an ACK to host A. → Step 2, Host A sends an ACK to server B. → Step 4

A home owner recently installed an IoT smart plug that was designed to be controlled over the internet. After a couple of days the home owner notices a new wireless name of Outlet4375 appears when they attempt to connect a smartphone to the house wireless network. Which statement identifies the situation that is occurring?

The smart plug was never connected to the home Wi-Fi and is awaiting a connection on the Outlet4375 wireless network.

What are constrained devices as they relate to the IoT?

They have very limited power, memory, and processing cycles.

What are two benefits of using a layered model to explain protocols and operations? (Choose two.)

They prevent technology or capability changes in one layer from affecting other layers above and below. They assist in protocol design because protocols operating at a specific layer have defined information that they act upon and a defined interface to the layers above and below.

A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on the network. The program sweeps through all of the known ports trying to find closed ports. It causes the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which two programs could be used by the threat actor to launch the attack? (Choose two.)

UDP Unicorn, Low Orbit Ion Cannon

Which statement describes a risk to a patient due to security vulnerabilities of healthcare devices?

Vital therapies can be manipulated or interrupted.

Which two commercial IoT operating systems support processors from multiple manufacturers? (Choose two.)

VxWorks, Windows 10 IoT Core

Which three IoT wireless mesh protocols are built on top of 802.15.4? (Choose three.)

ZigBee, 6LoWPAN, Thread

In the IoT reference model, at which layer or layers of the model is security implemented?

all levels of the IoT reference model

Which domain of the ETSI model includes management functions such as data analytics and connectivity management

application

Which layer of the OSI model contains protocols used for process-to-process communications?

application

A threat actor uses network scanning tools and penetration tools to discover the IP address and manufacturer of a home wireless router. The threat actor then uses internet searches to discover the default administrative access details. Successful remote access of the home router allows the threat actor to use it as a vector to attack other devices. Which element of smart home security is affected by this attack?

authentification

A user is concerned that an attacker may have gained remote access to an IoT device and is executing malicious commands. Which type of vulnerability best describes this situation?

backdoor installation

Which type of vulnerability is present when a programmer does not account for the size of the input that a user might enter?

buffer overflow

Which device is targeted most by Mirai?

cctv

What is the default name of the file that records the configuration settings when the PL-App image is transferred to the µSD card?

chexnut.txt

Which customized IEEE 802.15.4 wireless topology can contain a large amount of full function devices and a small amount of reduced function devices?

cluster-tree

Which three types of documents should be included when documenting the IoT system architecture using the Threat Model Analysis for an IoT System? (Choose three.)

components of the IoT system at each layer the flow of data between components and between layers the technologies, protocols, and standards used to implement the IoT system

Which IoT technology type would include a compromised home temperature sensor causing a home to be uncomfortably hot?

consumer technology

What is the function of the network access layer in the TCP/IP model?

controls hardware devices and media

What are three potential vulnerabilities related to a hardware sensor? (Choose three.)

damage, tampering, environment manipulation

Which cloud computing application feature provides users with rich visualization to discover and communicate categorized and summarized health exercise data?

dashboard

Which parameter is used to identify applications when a user sends a service request to a remote server?

destination port number

A threat actor uses non-blind spoofing to launch an attack. What are two objectives for the attack? (Choose two.)

determining the state of a firewall, predicting TCP sequence-numbers

At which functional layer of the IoT simplified model would an aircraft turbine RPM sensor exist?

device

What should be updated regularly to protect against newly discovered vulnerabilities?

device firmware

What is a function that is provided by the network layer of the OSI model?

directing data packets to destination hosts on other networks

Which type of access control model uses access control lists to allow users to control access to their own data?

discretionary

A threat actor parks close to the home of a user and uses packet capture software to intercept the home wireless traffic. The threat actor then analyzes the traffic of the temperature sensor of the home to determine if someone is in the house now. Which factor of the smart home security system is affected by this attack?

encryption

Match the category to the security objective of the Threat Model Analysis of an IoT System.

financial → Document the financial risks of the various aspects of the IoT system so that management can determine which level of risk is acceptable., reputation → Document any possible impact on the reputation of the organization if the IoT system is attacked., privacy and regulation → Document the impact of privacy concerns as well as regulation requirements., availability guarantees → Document the expected availability and guaranteed uptime of the IoT system., identity → Document the controls that are in place to ensure that evidence is collected on the identity of users accessing and using the IoT system.

Which type of technology is classified as embedded software that includes a minimal operating system for controlling an IoT device?

firmware

Which level of the IoT reference model converts data into information that is suitable for storage and higher level processing?

fog computing

For which type of devices is the use of DDS (data distribution service) in M2M connections well suited?

for devices that measure real-time data in microseconds that need to be filtered and delivered efficiently

In a typical smart home, which device provides network connections for smart IoT devices?

home gateway

Which two OWASP communication layer vulnerabilities should be researched when securing the IoT device network services attack surface? (Choose two.)

information disclosure, vulnerable UDP services

Which technology type describes an SQL injection that has compromised a database?

information technology

Which technology type includes a company receiving an unusual amount of phishing emails?

information technology

What is a commonly exposed mobile application vulnerability

insecure data storage

Which network environment is suitable for a Media Access Control (MAC) address spoofing attack?

inside an internal network

A security engineer is researching the secure deployments of critical IoT devices. How does the principle of identity and access management (IAM) define security with these types of devices?

limits those who can access what resources and the privileges they have once they obtain access

Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication?

man-in-the-middle attack

Which type of IoT wireless deployment would allow smart objects to be deployed over a very large area?

mesh topology

Which basic security service protects against alteration of data while it is in transit?

message integrity

Why would an engineer only use very short-range radios to allow sensor data to travel from node to node until the data reaches the IoT gateway?

power constraints

Which type of attack takes advantage of vulnerabilities in servers to grant unauthorized users higher than approved levels of access?

privilege escalation

Which two pieces of information are needed to search for an IoT device in the FCC ID database? (Choose two.)

product code, grantee code

Which OWASP communication layer vulnerability should be researched when securing the IoT network traffic attack surface?

protocol fuzzing

What is the function of a data encryption algorithm?

provides data confidentiality by making data unreadable to unauthorized individuals

In August of 2017, the FDA approved an update that fixed a security flaw in the software that monitored a cardiac pacemaker. What is the wireless technology that was used for monitoring the pacemaker?

radio frequency

Which two techniques are used in a smurf attack? (Choose two.)

reflection, amplification

An administrator wants to implement an access control model that makes access decisions based on the role and responsibilities of an individual within an organization. Which access control model best addresses this requirement?

role-based

Which two techniques are used to carry out DoS attacks? (Choose two.)

sending an overwhelming amount of traffic, using maliciously formatted packets

In an IoT healthcare monitoring system design, what kind of components form a body sensor network?

sensors

Which two scripting languages are designed to be executed directly under an operating system? (Choose two.)

shell script, PowerShell

What tool is used by nefarious individuals or groups to accelerate reconnaissance of internet-connected devices?

shodan

Which document created in the Threat Model Analysis process will describe the IoT system architecture?

the components of the IoT system at each layer

Match the term to the description.

threats → potential dangers to any asset such as data or components of the IoT system, threat actors → people or entities who exploit vulnerabilities, vulnerabilities → weaknesses in the IoT system that could be exploited by a threat, attack surfaces → different points where attackers could get into a system and where they could get data out of the system

Which function is provided by the data abstraction level of the IoT reference model?

to render data and data storage in ways that enable application development

In a smart home implementation, fog computing is a better option compared with cloud computing to process status and configuration changes for IoT devices.

true

Shodan is used by researchers to mine information about what devices are connected, where they are connected, and what services are exposed.

true

True or False? On some home routers, to compromise the security on the router, a Flash applet can be used to change the DNS server settings with an UPnP request.

true

Which type of security vulnerability was targeted by the ransomware WannaCry and WannaCrypt?

unpatched, older versions of Windows

What are two of the most widely exposed vulnerabilities currently listed by the Open Web Applications Security Project (OWASP)? (Choose two.)

username enumeration, account lockout

What is the primary focus of data management in the IoT realm?

when and where data is processed

When does the level of trust and reliability of data change during communication between IoT systems?

when data is generated by a device inside a trusted network and travels to an untrusted network

In which type of scenario would an IoT gateway not be required to convert traffic to Wi-Fi or wired ethernet?

when smart objects forward data using TCP/IP protocols

Which type of IoT wireless network would interconnect audio devices and smart watches to a cell phone that serves as an IoT gateway?

wireless personal-area network

Which devices scan and infect more targets during the process of a DDoS attack?

zombies

Which storage medium is used to hold the PL-App image on a Raspberry Pi?

µSD card


Ensembles d'études connexes

CH 20 THE LYMPHATIC SYSTEM & LYMPHOID ORGANS & TISSUE

View Set

Health Problems of the Adolescent

View Set

Git Essential Training: The Basics: 1. What is Git?

View Set

XCEL Chapter 10 - Health Insurance Underwriting

View Set

Exam 3 Extra Credit Questions (Dynamic Study Modules)

View Set

VET TECH PREP (DIagnostic Imaging)

View Set