Programmering
Which two CPU types are based on the Complex Instruction Set Computing architecture? (Choose two.) Android iOS ARM AMD MIPS Intel
AMD Intel
In the context of the importance of security in IoT networks, which model provides a common framework for understanding the placement of various standards and protocols in an IoT system? TCPAP IoT-A OSI ETSI
ETSI
Which CVSS metric group contains metrics set by end users? Environmental metric group Extended metric group Temporal metric group Base metric group
Environmental metric group
Why do some IoT devices rely on gateways for the internet connection? Many IoT devices do not have a network connector Many IoT devices use a low powered processor Many IoT devices do not support a full TCP/IP stack. Many IoT devices have limited memory capacity
Many IoT devices do not support a full TCP/IP stack.
Which measure should be taken to defeat a brute force attack? Only allow a limited number of authentication failures before an account is locked out. Only allow passwords to be stored in an encrypted format. Only use dictionary words that are greater than 10 characters. Only store the hashed equivalent of a password.
Only allow a limited number of authentication failures before an account is locked out.
Which programming language is an example of an interpreted language? C# Java Python C
Python
A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet? FIN ACK SYN RST
RST
A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting? cross-site scripting broken authentication security misconfiguration SQL injections
SQL injections
According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work role in the risk management specialty area conducts comprehensive assessments of the management, operational, and technical security controls to determine their overall effectiveness? Security Architect Security Control Assessor Vulnerability Assessment Analyst Secure Software Assessor
Security Control Assessor
In a typical smart home setup, which two devices directly share the cable signal from the local cable service provider? (Choose two.) TV cable modem home gateway MCU or SBC board smart thermostat
TV cable modem
Which statement describes a security vulnerability of using a medical device on a legacy computer system in a hospital? The hard disk may become full. The OS of the PC may not receive up-to-date security patches. The CPU may become too slow for the medical application The memory may become the bottleneck for performance
The OS of the PC may not receive up-to-date security patches.
For the IoT reference model, what are two security measures that should be considered? (Choose two.) The data in use on a device should use encryption and be secured. The hardware and software of each device connected to the IoT network should be secured. The movement of data and communications between each level should be secured. The legacy applications used on the IoT network should be removed and secured. The authentication method of users at each level should be secured.
The hardware and software of each device connected to the IoT network should be secured. The movement of data and communications between each level should be secured.
According to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework by NIST, which work role in the Vulnerability Assessment and Management specialty area performs assessments of IT systems and identifies where those systems deviate from acceptable configurations or policy? Vulnerability Assessment Analyst Secure Software Assessor Security Architect Security Control Assessor
Vulnerability Assessment Analyst
What are three items that should be included in the documentation describing the components of the IoT system at each layer? (Choose three.) applications devices protocols technologies communications network the flow of data between components and layers
applications devices communications network
Which type of address spoofing is typically used in DoS attacks? destination IP address spoofing MAC address spoofing blind IP address spoofing non-blind IP address spoofing
blind IP address spoofing
Which technology is used to secure IoT transactions? DREAD blockchain T-V pairing STRIDE
blockchain
Which technology type describes a refrigerator that has become part of a botnet that is attacking businesses? consumer technology information technology industry technology operational technology
consumer technology
What are three variables used by DREAD? (Choose three.) privacy damage reputation exploitability denial of service affected users
damage exploitability affected users
What are three technologies used by a blockchain? (Choose three.) security zones T-V pairing decentralized ledger blocks of hexadecimal digits digital signature algorithm for reaching consensus
decentralized ledger digital signature algorithm for reaching consensus
What are two attributes of IoT that make applying traditional security methods challenging? (Choose two.) wireless protocols decentralized topologies device usage small device size limited device resources
decentralized topologies limited device resources
What is a local exploit used by threat actors? SQL injections device cloning eavesdropping attack routing attack
device cloning
Which two types of IoT firmware vulnerabilities are caused by the use of default or weak login credentials? (Choose two.) distributed denial of Service (DDoS) back door installation out-of-date firmware default credentials buffer overflow
distributed denial of Service (DDoS) default credentials
A threat actor has intercepted security keys that are used to establish communications. Which popular remote exploit was used by the threat actor? eavesdropping attack denial-of-service username enumeration extraction of security parameters
eavesdropping attack
What are three best practices used to mitigate XSS attacks? (Choose three.) SSL encryption escaping multifactor authentication payload encryption validating input password manager sanitizing
escaping validating input sanitizing
A threat actor uses a newly discovered vulnerability to access the home wireless router of a user. The threat actor then changes the password for the wireless network served by the router and causes all wireless devices to lose connectivity. Which factor of smart home security is affected by this attack? firmware authentication WPA2 encryption
firmware
What is the challenge that must be overcome with symmetric key cryptography? choosing the encryption algorithm to ensure the secure transfer of the key having the sender and receiver agree on the same secret key without anyone intercepting it identifying the strength of the symmetric keys for implementation selecting a central authority to manage the symmetric key
having the sender and receiver agree on the same secret key without anyone intercepting it
Which IoT technology commonly benefits from the deployment of a star topology? wireless sensor home automation asset and inventory tracking industrial control
home automation
Which type of access control model assigns security level labels to information and is typically used in military or mission critical applications? nondiscretionary mandatory discretionary attribute-based
mandatory
A manufacturing organization is generating a large amount of data via their IoT sensors. At which location should the data be processed if it is to be processed close to the ground where the IoT sensors are connected to the network? cloud fog mist device
mist
Which technology type includes industrial control sytems such as SCADA? industry technology information technology operational technology consumer technology
operational technology
What are two OWASP communication layer vulnerabilities commonly found when securing the IoT device network services attack surface? (Choose two.) poorly implemented encryption LAN traffic lack of payload verification nonstandard protocols protocol fuzzing
poorly implemented encryption lack of payload verification
Why are most IoT devices not directly connected to a Wi-Fi access point or router? services constraints device and compatibility constraints security and encryption constraints power and processing constraints
power and processing constraints
Which DFD symbol represents data output from sensing, actuating, traffic forwarding, analysis, and control systems? external entity data flow data store process
process
What process is used by blockchain technology to validate transactions? scope of work digital signatures synchronous key encryption proof of work
proof of work
A network security engineer is reviewing security logs and notices an unauthorized device sending authenticated messages that occurred during a previous M2M session. Which basic security service would protect against this type of incident? message confidentiality access control replay protection message integrity
replay protection
A security researcher has completed a vulnerability assessment and has documented a list of vulnerabilities. When performing a risk assessment, what should these documented items be translated into? threats risks assets vulnerabilities
risks
When creating devices for the home IoT market, what are vendors commonly sacrificing in order to provide simplicity of setup and administration? low costs advanced features security device lifespan.
security
What are three potential vulnerabilities related to attacks toward the memory of an IoT device? (Choose three.) privilege escalation sensitive data clear-text authentication credential removal of storage media encryption key damage
sensitive data clear-text authentication credential encryption key
A user is concerned that the SD card in surveillance cameras could be stolen or destroyed by an attacker. Which security measure can help protect the surveillance cameras? tamper proof enclosure battery backup for the device firewall appliance antimalware software
tamper proof enclosure
What is the intent of a threat actor that is performing a port scan against a targeted device? to identify the IP address assigned to the device to intercept traffic that is addressed to another host to check if certain application protocols are enabled to test connectivity to the device
to check if certain application protocols are enabled
What is the goal of a threat actor when performing a DoS attack? to prevent legitimate users from accessing online services to gain access to the physical network and hijack a session to monitor, capture, and control communications to discover subnets and hosts on a network
to prevent legitimate users from accessing online services
When comparing the OSI and IoT reference models, what is the intent of the IoT reference model? to foster competition because products from different vendors will work together to assist in protocol design so that protocols operating at a specific layer have defined information that they act upon to provide common terminology and help clarify how information flows and is processed for a unified IoT industry to describe which functions occur at each layer of the model to encourage industry standardization
to provide common terminology and help clarify how information flows and is processed for a unified IoT industry
An IoT device uses Busybox. What is the purpose of entering the busybox command in the command line? to see the list of available commands to enter the interactive mode to run a script file named busybox to create a script named busybox
to see the list of available commands
What is one of the most widely exposed vulnerabilities listed by the Open Web Applications Security Project (OWASP)? spam phishing weak passwords malware
weak passwords
Which type of IoT wireless network would use ruggedized network components to interconnect sensors and actuators at dispersed locations in challenging manufacturing environments? wireless body-area network wireless neighborhood-area network wireless home-area network wireless field-area network
wireless field-area network