Programmering

Which two CPU types are based on the Complex Instruction Set Computing architecture? (Choose two.) Android iOS ARM AMD MIPS Intel

AMD Intel

In the context of the importance of security in IoT networks, which model provides a common framework for understanding the placement of various standards and protocols in an IoT system? TCPAP IoT-A OSI ETSI

ETSI

Which CVSS metric group contains metrics set by end users? Environmental metric group Extended metric group Temporal metric group Base metric group

Environmental metric group

Why do some IoT devices rely on gateways for the internet connection? Many IoT devices do not have a network connector Many IoT devices use a low powered processor Many IoT devices do not support a full TCP/IP stack. Many IoT devices have limited memory capacity

Many IoT devices do not support a full TCP/IP stack.

Which measure should be taken to defeat a brute force attack? Only allow a limited number of authentication failures before an account is locked out. Only allow passwords to be stored in an encrypted format. Only use dictionary words that are greater than 10 characters. Only store the hashed equivalent of a password.

Only allow a limited number of authentication failures before an account is locked out.

Which programming language is an example of an interpreted language? C# Java Python C

Python

A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet? FIN ACK SYN RST

RST

A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting? cross-site scripting broken authentication security misconfiguration SQL injections

SQL injections

According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work role in the risk management specialty area conducts comprehensive assessments of the management, operational, and technical security controls to determine their overall effectiveness? Security Architect Security Control Assessor Vulnerability Assessment Analyst Secure Software Assessor

Security Control Assessor

In a typical smart home setup, which two devices directly share the cable signal from the local cable service provider? (Choose two.) TV cable modem home gateway MCU or SBC board smart thermostat

TV cable modem

Which statement describes a security vulnerability of using a medical device on a legacy computer system in a hospital? The hard disk may become full. The OS of the PC may not receive up-to-date security patches. The CPU may become too slow for the medical application The memory may become the bottleneck for performance

The OS of the PC may not receive up-to-date security patches.

For the IoT reference model, what are two security measures that should be considered? (Choose two.) The data in use on a device should use encryption and be secured. The hardware and software of each device connected to the IoT network should be secured. The movement of data and communications between each level should be secured. The legacy applications used on the IoT network should be removed and secured. The authentication method of users at each level should be secured.

The hardware and software of each device connected to the IoT network should be secured. The movement of data and communications between each level should be secured.

According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work role in the Vulnerability Assessment and Management specialty area performs assessments of IT systems and identifies where those systems deviate from acceptable configurations or policy? Vulnerability Assessment Analyst Secure Software Assessor Security Architect Security Control Assessor

Vulnerability Assessment Analyst

What are three items that should be included in the documentation describing the components of the IoT system at each layer? (Choose three.) applications devices protocols technologies communications network the flow of data between components and layers

applications devices communications network

Which type of address spoofing is typically used in DoS attacks? destination IP address spoofing MAC address spoofing blind IP address spoofing non-blind IP address spoofing

blind IP address spoofing

Which technology is used to secure IoT transactions? DREAD blockchain T-V pairing STRIDE

blockchain

Which technology type describes a refrigerator that has become part of a botnet that is attacking businesses? consumer technology information technology industry technology operational technology

consumer technology

What are three variables used by DREAD? (Choose three.) privacy damage reputation exploitability denial of service affected users

damage exploitability affected users

What are three technologies used by a blockchain? (Choose three.) security zones T-V pairing decentralized ledger blocks of hexadecimal digits digital signature algorithm for reaching consensus

decentralized ledger digital signature algorithm for reaching consensus

What are two attributes of IoT that make applying traditional security methods challenging? (Choose two.) wireless protocols decentralized topologies device usage small device size limited device resources

decentralized topologies limited device resources

What is a local exploit used by threat actors? SQL injections device cloning eavesdropping attack routing attack

device cloning

Which two types of IoT firmware vulnerabilities are caused by the use of default or weak login credentials? (Choose two.) distributed denial of Service (DDoS) back door installation out-of-date firmware default credentials buffer overflow

distributed denial of Service (DDoS) default credentials

A threat actor has intercepted security keys that are used to establish communications. Which popular remote exploit was used by the threat actor? eavesdropping attack denial-of-service username enumeration extraction of security parameters

eavesdropping attack

What are three best practices used to mitigate XSS attacks? (Choose three.) SSL encryption escaping multifactor authentication payload encryption validating input password manager sanitizing

escaping validating input sanitizing

A threat actor uses a newly discovered vulnerability to access the home wireless router of a user. The threat actor then changes the password for the wireless network served by the router and causes all wireless devices to lose connectivity. Which factor of smart home security is affected by this attack? firmware authentication WPA2 encryption

firmware

What is the challenge that must be overcome with symmetric key cryptography? choosing the encryption algorithm to ensure the secure transfer of the key having the sender and receiver agree on the same secret key without anyone intercepting it identifying the strength of the symmetric keys for implementation selecting a central authority to manage the symmetric key

having the sender and receiver agree on the same secret key without anyone intercepting it

Which IoT technology commonly benefits from the deployment of a star topology? wireless sensor home automation asset and inventory tracking industrial control

home automation

Which type of access control model assigns security level labels to information and is typically used in military or mission critical applications? nondiscretionary mandatory discretionary attribute-based

mandatory

A manufacturing organization is generating a large amount of data via their IoT sensors. At which location should the data be processed if it is to be processed close to the ground where the IoT sensors are connected to the network? cloud fog mist device

mist

Which technology type includes industrial control sytems such as SCADA? industry technology information technology operational technology consumer technology

operational technology

What are two OWASP communication layer vulnerabilities commonly found when securing the IoT device network services attack surface? (Choose two.) poorly implemented encryption LAN traffic lack of payload verification nonstandard protocols protocol fuzzing

poorly implemented encryption lack of payload verification

Why are most IoT devices not directly connected to a Wi-Fi access point or router? services constraints device and compatibility constraints security and encryption constraints power and processing constraints

power and processing constraints

Which DFD symbol represents data output from sensing, actuating, traffic forwarding, analysis, and control systems? external entity data flow data store process

process

What process is used by blockchain technology to validate transactions? scope of work digital signatures synchronous key encryption proof of work

proof of work

A network security engineer is reviewing security logs and notices an unauthorized device sending authenticated messages that occurred during a previous M2M session. Which basic security service would protect against this type of incident? message confidentiality access control replay protection message integrity

replay protection

A security researcher has completed a vulnerability assessment and has documented a list of vulnerabilities. When performing a risk assessment, what should these documented items be translated into? threats risks assets vulnerabilities

risks

When creating devices for the home IoT market, what are vendors commonly sacrificing in order to provide simplicity of setup and administration? low costs advanced features security device lifespan.

security

What are three potential vulnerabilities related to attacks toward the memory of an IoT device? (Choose three.) privilege escalation sensitive data clear-text authentication credential removal of storage media encryption key damage

sensitive data clear-text authentication credential encryption key

A user is concerned that the SD card in surveillance cameras could be stolen or destroyed by an attacker. Which security measure can help protect the surveillance cameras? tamper proof enclosure battery backup for the device firewall appliance antimalware software

tamper proof enclosure

What is the intent of a threat actor that is performing a port scan against a targeted device? to identify the IP address assigned to the device to intercept traffic that is addressed to another host to check if certain application protocols are enabled to test connectivity to the device

to check if certain application protocols are enabled

What is the goal of a threat actor when performing a DoS attack? to prevent legitimate users from accessing online services to gain access to the physical network and hijack a session to monitor, capture, and control communications to discover subnets and hosts on a network

to prevent legitimate users from accessing online services

When comparing the OSI and IoT reference models, what is the intent of the IoT reference model? to foster competition because products from different vendors will work together to assist in protocol design so that protocols operating at a specific layer have defined information that they act upon to provide common terminology and help clarify how information flows and is processed for a unified IoT industry to describe which functions occur at each layer of the model to encourage industry standardization

to provide common terminology and help clarify how information flows and is processed for a unified IoT industry

An IoT device uses Busybox. What is the purpose of entering the busybox command in the command line? to see the list of available commands to enter the interactive mode to run a script file named busybox to create a script named busybox

to see the list of available commands

What is one of the most widely exposed vulnerabilities listed by the Open Web Applications Security Project (OWASP)? spam phishing weak passwords malware

weak passwords

Which type of IoT wireless network would use ruggedized network components to interconnect sensors and actuators at dispersed locations in challenging manufacturing environments? wireless body-area network wireless neighborhood-area network wireless home-area network wireless field-area network

wireless field-area network