Chapter 9 Homework
An attacker is attempting to compromise a network through a router. Which of the following are they least likely to perform?
SQL injection
Which of the following is not a best practice for protecting embedded OS's?
Scan
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
What type of kernel was designed to offer the most flexibility and support for sophisticated features?
monolithic
What type of malicious code could survive an OS reinstall to allow an attacker to access the system at a later date?
BIOS-based rootkit
A user is analyzing their network for devices using embedded systems and is trying to find vulnerabilities associated with those devices. Where on the NVD should they look?
CVE
Which of the following systems is least likely to use VxWorks embedded real-time OS?
Cisco ASAs
Which malware targeted medical systems due to the problems with patching?
Conficker
What could a home user do in order to secure their home network against Chromecast vulnerabilities?
Disable uPnP
Which of the following can be a small program developed specifically for use with embedded systems, or a stripped-down version of an OS commonly used on general-purpose computers?
Embedded OS
Which of the following is usually considered the biggest security threat to an organization?
Employees
Which of the following best describes software that resides on a chip?
Firmware
Originally, which of the following was used to perform routing and switching before specialized hardware was developed?
General purpose computers
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
Java
A device that performs more than one function, such as printing and faxing is called which of the following?
MFD
What type of embedded OS is certified to run multiple levels of classification, such as unclassified, secret, and top secret, on the same CPU without leakage between levels?
MILS
What type of operating system sacrifices flexibility for simplicity and fewer hardware resources?
Microkernel
What is the most common motivator behind today's cyber security attacks?
Money
If you are concerned about the attack surface a system presents, what type of embedded OS configuration would you NOT use?
Multiple embedded
Which of the following systems should be used for equipment monitoring and when automation is critical?
SCADA
To increase the impact a single vulnerability can have viruses, worms, Trojans, and other attack vectors take advantage of which of the following?
Shared code
An attacker masquerades as a support technician in order to replace keyboards with key logging keyboards. What technique are they employing?
Social engineering
A penetration tester is attempting to compromise a router during an engagement so that they can intercept traffic and harvest credentials. What way should they compromise the router?
Specially crafted URL
Which of the following is often found within an embedded OS that can cause a potential vulnerability to an attack?
Web server
A cloud administrator is setting up management for devices in a SCADA network and wants to manage them through Microsoft Graph. Which type of OS should they use to be the most compatible?
Windows 10 IoT
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
Which of the following is a software flaw that would cause billions of embedded systems to suddenly stop or fail when the clock struck midnight on the eve of the past millennium?
Y2K
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
When designing sensitive embedded systems that need only a fraction of the features offered by other kernels, there are risks for vulnerabilities that might outweigh the benefits. What type of kernel should be chosen for this system?
proprietary
An IT technician downloaded dd-wrt to experiment with embedded Linux operating systems. What major worm was this previously subjected to?
psyb0t