Chapter 11 Wireless and IoT Security
You are tasked with updating the company policy for tablets and phones to make them harder to penetrate if they fall into the wrong hands. Which of the following would be good practices to consider? (Select two.) -Make passcodes or passwords mandatory after a short period of time. -Disable all internet access except when connected to the corporate wireless network. -Always erase data when a bad passcode is given. -Ensure Simple Passcode is turned off. -Disable fingerprints or other biometric security.
-Make passcodes or passwords mandatory after a short period of time. -Ensure Simple Passcode is turned off.
Which frequency does ZigBee operate at? 908.42 MHz 5 GHz 2.4 GHz 50 MHz
2.4 GHz
Which of the following frequency ranges does Bluetooth operate in? 2.4 GHz 5 GHz 3.6 GHz 900 MHz
2.4 GHz
Who maintains the Android source code? Apple AOSP Linux Microsoft
AOSP Is stored in a Git repository. Is available to anyone. Can be redistributed and modified.
Which type of wireless network does not use a wireless access point? 802.11g Ad-hoc Mobile hotspot LAN-to-LAN
Ad-hoc
Which of the following is the client responsible for in a PaaS cloud service model? Stopping insider attacks Security of the platform All applications developed Authorization
All applications developed In a Platform as a Service (PaaS) service model, the cloud provider is responsible for the platform and services provided, and the client is responsible for all applications developed.
Which security control layer involves putting in place policies that comply with industry standards, such as OWASP? Network Physical Application Management
Application Security at the Application layer involves putting in place policies that comply with industry standards, such as OWASP (Open Web Application Security Project).
Which IoT security category does disabling guest or demo accounts fall under? Authentication Physical security Updates Encryption
Authentication
Which of the following IoT security challenges can 2FA (two-factor authentication) help mitigate? Data privacy Encryption Authentication Web interface
Authentication
Which of the following attacks sends unwanted messages to Bluetooth devices? Blueprinting KNOB attack Bluesnarfing Bluejacking
Bluejacking Bluejacking is the act of sending unwanted data to Bluetooth devices that are enabled and discoverable. Bluejacking hackers don't gain control of the device and can't steal data from it. The messages they send are usually more annoying than malicious.
Which of the following Kali Linux utilities can be used to find Bluetooth devices? (Select two.) BluetoothView Bluetooth Finder Bluelog Bluesnarfer Blueranger
Bluelog Blueranger
Which of the following is a utility that hackers can use to locate vulnerable Bluetooth devices? Bluesnarf Bluesniff Bluebug Blueprint
Bluesniff Bluesniff is a Bluetooth wardriving utility that finds hidden Bluetooth devices. Hackers use it to locate vulnerable devices.
Which of the following tools is best for ensuring that users have access to only the applications and resources they need in a private cloud? CASB NIDS AD DPI
CASB Implementing a Cloud Access Security Broker (CASB) is the best way to ensure that users have access to only the applications and resources they need in a private cloud. A CASB is an on-premises cloud-based software tool or service that sits between an organization and a cloud service provider. CASBs: -Monitor communication for compliance with an organization's security policies and procedures. -Can offer malware protection and encryption. -Can give more specific protection and monitoring capabilities than secure web gateways (SWGs) and enterprise firewalls.
Mary is using her laptop at the local coffee shop. Before being allowed to their wireless internet, she was prompted to agree to the terms and conditions of using the network. Which wireless access method is the coffee shop using? WPS PSK Captive portal Open network
Captive portal
Which of the following attacks targets the managed service provider itself? Cloud hopper Cybersquatting Side-channel Wrapping
Cloud hopper A cloud hopper attack targets a managed service provider (MSP) and not the end users themselves. An MSP is a third-party company that handles all IT resources for an organization, including on-site and cloud-based services. In this attack, the hacker uses spear phishing or other social engineering attacks against the MSP's staff to gain access to the MSP's systems. From there, the hacker can gain access to the MSP's clients' networks and systems.
Which cloud deployment model would MOST likely be used by several organizations that share the same regulatory requirements? Public cloud Private cloud Hybrid cloud Community cloud
Community cloud A community cloud would be the most likely cloud deployment model used by several organizations that share the same regulatory requirements.
You are configuring a pfsense appliance to support a new guest Wi-Fi network, which will be used by potentially hundreds of customers per day. This new network will connect to the internet through your corporate network, although many switches and firewalls are in place to help with security. You are using a pfsense appliance to serve up the terms and conditions for users to agree to. What might be the BEST option for keeping your corporate network secure? Only allow trusted customers to connect, and only after giving out the password individually. Create a VLAN for the new Wi-Fi network. Use a separate access point and pull new cable directly from the access point to the router to the internet. Only turn on the network when the corporate offices are closed.
Create a VLAN for the new Wi-Fi network.
Which of the following IoT attacks involves using IoT devices as a zombie army to target a server or system? DDoS attack Rolling code attack HVAC exploitation Injection attack
DDoS attack In a DDoS attack (distributed denial-of-service attack), a hacker exploits vulnerabilities to take over all the devices in an IoT network to use as a zombie army that targets a server or system. When this happens, services on the device are unavailable.
Which security control makes a system more difficult to attack? Detective Deterrent Preventive Corrective
Deterrent
Which IoT communication model would MOST likely be used by a thermostat? Device-to-device model Device-to-cloud model Backend data-sharing model Device-to-gateway model
Device-to-device model it transmits small data packets at a very low data rate.
Which EAP protocol provides authentication using a protected access credential? PEAP EAP-TLS EAP-FAST EAP-TTLS
EAP-FAST EAP Flexible Authentication via Secure Tunneling (EAP-FAST) uses a protected access credential (PAC) to authenticate users. EAP-FAST: -Establishes a TLS tunnel in which client authentication credentials are transmitted. -Is susceptible to attackers who intercept the protected access credential (PAC) and use it to compromise user credentials.This vulnerability is mitigated by manual PAC provisioning or by using server certificates. -Was created by Cisco.
Which of the following are best practices to secure mobile devices for users? (Select three.) Auto-upload photos to social media. Disable passcodes for login. Encrypt the device storage. Don't auto-upload photos to social media. Set up remote wipe. Jailbreak or root the device. Install as many apps as possible.
Encrypt the device storage. Don't auto-upload photos to social media. Set up remote wipe.
Which Wi-Fi attack uses a rogue access point configured with the same SSID as the organization's SSID? Access point misconfiguration Wardriving Evil twin MAC spoofing
Evil twin
In order to test your wireless network security, you will be using aircrack-ng to try to gain access to the wireless network named CorpNet. You have used the airodump-ng utility to capture the output listed below. What is the next step if you are trying to complete the process quickly? -Copy the MAC address of the computer accessing the target network and spoof it on your attacking machine. -Perform a SYN attack against the wireless access point to force a full authentication handshake. -Use a password cracking utility like John the Ripper to try to break the password using a wordlist. -Force a full authentication handshake while you are monitoring with airodump-ng.
Force a full authentication handshake while you are monitoring with airodump-ng.
Which of the following IoT components acts as a bridge between a device and the cloud? Remote control Gateway system Sensors Data storage
Gateway system
One common setting on electronic tablets is a feature that erases all data if the password or passcode is entered incorrectly too many times. This can be a very good thing for corporate devices or devices that contain company data. What is a logical reason that this setting could be a bad idea in certain situations? -All corporate devices would have to have the setting enabled and all users trained on proper use, which would take time and resources. -There are no logical reasons to not use this setting in a corporate setting. -If a user doesn't know about the policy, is inattentive, or a child gets the device and enters the passcode incorrectly, important data could be lost. -You might be tempted to use easier passwords or passcodes to prevent unnecessary data wiping, reducing the device's security.
If a user doesn't know about the policy, is inattentive, or a child gets the device and enters the passcode incorrectly, important data could be lost.
According to OWASP, what is the number one risk for mobile devices? Extraneous functionality Improper platform usage Unsecure communcations Unsecure data storage
Improper platform usage In 2016, the Open Web Application Security Project (OWASP) published their latest Top 10 Mobile Risks list. They are: M1: Improper Platform Usage M2: Unsecure Data Storage M3: Unsecure Communications M4: Unsecure Authentication M5: Insufficient Cryptography M6: Unsecure Authorization M7: Client Code Quality M8: Code Tampering M9: Reverse Engineering M10: Extraneous Functionality
YuJin drove his smart car to the beach to fly his drone in search of aquatic animal activity. Which of the following operation systems are MOST likely being used by his car and drone? Integrity RTOS and Snappy RIOT OS and Brillo ARM Mbed and Snappy Contiki and Integrity RTOS
Integrity RTOS and Snappy Integrity RTOS is used in the aerospace, industrial, automotive, and medical sectors. Snappy, or Ubuntu Core, is used for drones, robots, and so on.
You are using nmap to locate all the IoT devices on your network. You use the following command to perform the scan. What does the -A do? It disables an aggressive scan, which can cause intrusion detection software to generate alerts. It scans all targets on the segment. It increases the volume of the output. It scans for OS and software version used.
It scans for OS and software version used. While locating IoT devices using the nmap command, the -A scans for OS and software versions. Its official label is aggressive since it makes several detailed queries. The -A should never be used without the network owner's permission.
Which of the following are benefits of a BYOD policy? (Select three.) Variety of devices Mixing personal and corporate data Bypassing security policies Lower costs Work flexibility Confidential data exposure Increased productivity
Lower costs Work flexibility Increased productivity
Mary has discovered that someone hacked in and stole personal files from her Google Drive. Which type of attack was MOST likely carried out against her? Wrapping MITC Cloud hopper XSS
MITC An MITC (man-in-the-cloud) attack takes advantage of cloud file sync services, such as Google Drive or Dropbox. These services use a synchronization token that authenticates a user's app with the service. The hacker can use a variety of methods to trick the victim into installing the hacker's synchronization token on the victim's drive. The hacker can then steal the victim's token and use that to gain access to the cloud service. After the hacker has taken what they want, they restore the victim's token so the attack goes undetected.
Which layer in the IoT architecture covers the processes that happen in the cloud? Internet Edge Technology Access Gateway Middleware
Middleware
What are the policies organizations use to maintain security on mobile devices called? Bring Your Own Device Security management Mobile application management Mobile device management
Mobile device management The term mobile device management (MDM) generally describes the policies and procedures organizations use to maintain security and permissions on mobile devices. More specifically, administrators use MDM software to secure mobile devices and enforce enterprise policies on the devices. MDM software usually offers a suite of features, including: -Policy management -Security management -Inventory management -Telecom service management -Mobile application management
Which Bluetooth security mode uses Diffie-Hellman techniques for key exchange and generation? Mode 1 Mode 2 Mode 3 Mode 4
Mode 4 Bluetooth security Mode 4 requires encryption and the use of Diffie-Hellman techniques for key exchange and key generation. This is the highest security mode and is required by later versions of Bluetooth.
Which protocol is used in the Bluetooth pairing process? SSL UDP TCP/IP OBEX
OBEX Bluetooth devices use a protocol called OBject EXchange (OBEX) to perform the pairing process.
Which of the following BEST describes the type of network Bluetooth devices create? CAN LAN PAN WAN
PAN Bluetooth is designed to allow devices to communicate within a personal area network (PAN). PAN devices include cell phones, personal digital assistants (PDAs), printers, and keyboards.
Which cloud service model would MOST likely be used by a software developer? PaaS SaaS SECaaS IaaS
PaaS PaaS is often used in software development. Many cloud providers offer cloud solutions that are specifically designed for developing, testing, and deploying software programs.
What is the process of connecting two Bluetooth devices together called? Syncing Pairing Discovery OBEX
Pairing
Which of the following should be performed first to determine WAP placement? Passive survey Active survey Vulnerability scanning Penetration testing
Passive survey
During pairing, what is exchanged between two devices to confirm the correct devices are being paired? Nothing Passphrase Certificate Passkey
Passkey A security passkey is exchanged between two devices to confirm the correct devices are being paired. The passkey can be pre-programmed or manually created, depending on the devices being paired.
Mary has been receiving text messages that contain links to malicious websites. Which type of attack is Mary a victim of? Agent Smith attack Simjacker SMiShing SS7 vulnerability
SMiShing SMiShing is a phishing attack that uses text messages. The goal is to get users to click on a malicious link that directs them to the attacker's malicious website or to malware.
A coworker has run Scout Suite against your Microsoft Azure environment. What were they looking for? Scout Suite scans cloud deployments for viruses. Scout Suite is used to help increase efficiency of cloud resources. Scout Suite is used to determine software version risks on cloud deployments. Scout Suite is used to show potential security risks on cloud deployments.
Scout Suite is used to show potential security risks on cloud deployments.
Which of the following is the BEST search engine for IoT devices? Shodan Bing Google Yahoo!
Shodan The best search engine for IoT devices is Shodan. Shodan is a search engine that catalogs connected devices with version and configuration information (where possible).
Frequently, the reason a mobile device is compromised is because a user installed an app from an unofficial source. What is the name for this type of installation? Simjacking Unsecure app installation SMiShing Sideloading
Sideloading Sideloading is when an app is downloaded from an unofficial website, loaded from an external storage device, or otherwise transferred to the device and installed.
Which of the following mobile device attacks targets vulnerabilities in a device's S@T browser? Agent Smith attack SS7 vulnerability Simjacker SMiShing
Simjacker A simjacker attack allows an attacker to take control of a device's SIM card. This attack works by sending an SMS message to the victim. This message contains hidden SIM instructions that are supported by the device's S@T browser. This browser is an application that resides on the SIM card and not the phone itself. Because the SMS message is sent to the SIM card, the user doesn't actually see anything, and he or she does not need to take any action for the attack to work.
You have chosen to use a popular Software as a Service (SaaS) cloud storage solution for user data on each company workstation. How much responsibility does your company typically have for the security of the files you store with this SaaS solution? -All security is the responsibility of the customer regardless of the model. -The provider is supposed to evenly split security responsibility with the customer in a SaaS model. -The provider is supposed to provide all security in a SaaS model. -The
The provider is supposed to provide all security in a SaaS model.
While using Wireshark for some network traffic analysis, you filter for DHCP traffic and see the following information. What conclusion can you make? There are two DHCP servers answering requests. There is a rogue DHCP server, and its IP address is 10.10.10.1. There is a rogue DHCP server, and its IP address is 10.10.10.10. There is a rogue DHCP server, and its IP address is 10.10.10.197.
There are two DHCP servers answering requests.
Working from the command line in Kali Linux, you are auditing Bluetooth device security on your network. You have used hciconfig to enable your laptop's Bluetooth device and hcitool to scan for available devices. What is the next step? Use sdptool to query a device to see which Bluetooth services are available on it. Use hcitool to determine the clock offset and class for a device. Use bluelog to verify available devices. Use l2ping to determine if a listed Bluetooth device is in range for pairing.
Use l2ping to determine if a listed Bluetooth device is in range for pairing.
Which wireless component functions as a bridge between a wired and wireless network? Antenna Wireless access point SSID Wireless NIC
Wireless access point
Which set of tools is often used to intercept the four-way handshake? WiFi Explorer Reaver inSSIDer Plus aircrack-ng
aircrack-ng The aircrack-ng suite of tools is commonly used to carry out the attacks to capture a four-way handshake. These tools can be used to discover and monitor wireless networks, perform deauthentication attacks, and intercept the four-way handshake packets.
