IoT Hacking

Ace your homework & exams now with Quizwiz!

Which of the following Nmap command is used by attackers to identify IPv6 capabilities of an IoT device? nmap -n -Pn -sS -pT:0-65535 -v -A -oX <Name><IP> nmap -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP> nmap -sA -P0 <IP>

nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX <Name><IP>

Out of the following RFCrack commands, which command is used by an attacker to perform jamming? python RFCrack.py -i python RFCrack.py -r -M MOD_2FSK -F 314350000 python RFCrack.py -r -U "-75" -L "-5" -M MOD_2FSK -F 314350000 python RFCrack.py -j -F 314000000

python RFCrack.py -j -F 314000000

If an attacker wants to reconstruct malicious firmware from a legitimate firmware in order to maintain access to the victim device, which of the following tools can he use to do so? Zigbee Framework RIoT Vulnerability Scanner RFCrack Firmware Mod Kit

Firmware Mod Kit

Which of the following IoT devices is included in the buildings service sector? HVAC, transport, fire and safety, lighting, security, access, etc. Turbines, windmills, UPS, batteries, generators, meters, drills, fuel cells, etc. Digital cameras, power systems, MID, e-readers, dishwashers, desktop computers, etc. MRI, PDAs, implants, surgical equipment, pumps, monitors, telemedicine, etc.

HVAC, transport, fire and safety, lighting, security, access, etc.

Which of the following TCP/UDP port is used by the infected devices to spread malicious files to other devices in the network? Port 23 Port 48101 Port 22 Port 53

Port 48101

Which of the following tools is used to perform a rolling code attack by obtaining the rolling code sent by the victim? Zigbee framework HackRF one RF crack RIoT vulnerability scanning

RF crack

In which of the following attacks, an attacker intercepts legitimate messages from a valid communication and continuously send the intercepted message to the target device to crash the target device? Ransomware Attack Side Channel Attack Man-in-the-middle Attack Replay Attack

Replay Attack

What is the name of the code that is used in locking or unlocking a car or a garage and prevents replay attacks? Hex code Polymorphic code Rolling code Unicode

Rolling code

Which of the following tools offers SaaS technology and assists in operating IoT products in a reliable, scalable, and secure manner? SeaCat.io DigiCert IoT Security Solution Firmalyzer Enterprise beSTORM

SeaCat.io

If an attacker wants to gather information such as IP address, hostname, ISP, device's location, and the banner of the target IoT device, which of the following tools should he use to do so? Nmap Shodan RIoT vulnerability scanner Foren6

Shodan

In which of the following attacks does an attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks? Rolling code attack Sybil attack Replay attack DoS attack

Sybil attack

Encrypted communications, strong authentication credentials, secure web interface, encrypted storage, and automatic updates are the security considerations for which of the following components? Mobile Cloud Platform Edge Gateway

Cloud Platform

In order to prevent an illegitimate user from performing a brute force attack, what security mechanism should be implemented to the accounts? Use of strong passwords Secure boot chain mechanism Account lockout mechanism Use of SSL/TLS

Account lockout mechanism

Name an attack where the attacker connects to nearby devices and exploits the vulnerabilities of the Bluetooth protocol to compromise the device? Rolling code attack Jamming attack DDoS attack BlueBorne attack

BlueBorne attack

Which of the following IoT technology components collects data that undergoes data analysis, from the gateway? Sensing technology IoT gateway Cloud server/data storage Remote control using mobile app

Cloud server/data storage

Name an attack where an attacker uses an army of botnets to target a single online service or system. Sybil attack Replay attack DDoS attack Side channel attack

DDoS attack

Name the communication model, where the IoT devices use protocols such as ZigBee, Z-Wave or Bluetooth, to interact with each other? Device-to-Device Communication Model Device-to-Cloud Communication Model Device-to-Gateway Communication Model Back-End Data-Sharing Communication Model

Device-to-Device Communication Model

Name the communication model where the IoT devices communicate with the cloud service through gateways? Device-to-device communication model Device-to-cloud communication model Device-to-gateway communication model Back-end data-sharing communication model

Device-to-gateway communication model

Which of the following tools can be used to protect private data and home networks while preventing unauthorized access using PKI-based security solutions for IoT devices? DigiCert IoT Security Solution SeaCat.io Censys Firmalyzer Enterprise

DigiCert IoT Security Solution

In order to protect a device against insecure network services vulnerability, which of the following solutions should be implemented? Enable two-factor authentication End-to-end encryption Disable UPnP Implement secure password recovery mechanisms

Disable UPnP

Proper communication and storage encryption, no default credentials, strong passwords, and up-to-date components are the security considerations for which of the following component? Mobile Cloud Platform Edge Gateway

Edge

Which of the following IoT architecture layers consists of all the hardware parts like sensors, RFID tags, readers or other soft sensors, and the device itself? Access gateway layer Edge technology layer Internet layer Middleware layer Application layer

Edge technology layer

In which of the following attacks does an attacker use a malicious script to exploit poorly patched vulnerabilities in an IoT device? Sybil attack Side channel attack Replay attack Exploit kits

Exploit kits

In IoT hacking, which of the following component is used to send some unwanted commands in order to trigger some events which are not planned? Eavesdropper Fake Server Wi-Fi Device Bluetooth Device

Fake Server

Using which one of the following tools can an attacker perform BlueBorne or airborne attacks such as replay, fuzzing, and jamming? Zigbee framework RIoT vulnerability scanning HackRF one Foren6

HackRF one

Information such as IP address, protocols used, open ports, device type, and geo-location of a device is extracted by an attacker in which of the following phases of IoT hacking? Vulnerability scanning Gain access Information gathering Launch attacks

Information gathering

If an attacker wants to gather information such as IP address, hostname, ISP, device's location, and the banner of the target IoT device, which of the following types of tools can he use to do so? Sniffing tools Vulnerability scanning tools IoT hacking tools Information gathering tools

Information gathering tools

Secure update server, verify updates before installation, and sign updates are the solutions for which of the following IoT device vulnerabilities? Insecure network services Privacy concerns Insecure software / firmware Insecure cloud interface

Insecure software / firmware

An attacker can perform attacks such as CSRF, SQLi, and XSS attack by exploiting which of the following IoT device vulnerability? Insecure web interface Insecure cloud interface Insecure network services Insecure software/firmware

Insecure web interface

Name the IoT security vulnerability that gives rise to issues such as weak credentials, lack of account lockout mechanism, and account enumeration? Insufficient authentication/authorization Insecure network services Insecure web interface Privacy concerns

Insecure web interface

Which of the following IoT architecture layers carries out communication between two end points such as device-to-device, device-to-cloud, device-to-gateway, and back-end data-sharing? Access gateway layer Edge technology layer Internet layer Middleware layer Application layer

Internet layer

Which of the following IoT technology components bridges the gap between the IoT device and the end user? Sensing technology IoT gateway Cloud server/data storage Remote control using mobile app

IoT gateway

Name an attack where an attacker interrupts communication between two devices by using the same frequency signals on which the devices are communicating. Jamming attack Replay attack Side channel attack Man-in-the-middle attack

Jamming attack

Which of the following is a security consideration for the gateway component of IoT architecture? Local storage security, encrypted communications channels Multi-directional encrypted communications, strong authentication of all the components, automatic updates Secure web interface, encrypted storage Storage encryption, update components, no default passwords

Multi-directional encrypted communications, strong authentication of all the components, automatic updates

Which of the following protocol uses magnetic field induction to enable communication between two electronic devices? LTE-Advanced Near Field Communication (NFC) Multimedia over Coax Alliance (MoCA) Ha-Low

Near Field Communication (NFC)

Which of the following tools can an attacker use to gather information such as open ports and services of IoT devices connected to the network? RFCrack Multiping Foren6 Nmap

Nmap

Which of the following short range wireless communication protocol is used for home automation that allows devices to communicate with each other on local wireless LAN? VSAT Cellular MoCA Thread

Thread

Once an attacker gathers information about a target device in the first phase, what is the second phase in IoT device hacking? Gain access Information gathering Maintain access Vulnerability scanning

Vulnerability scanning

Which of the following protocols is a type of short-range wireless communication? ZigBee LTE-Advanced Very Small Aperture Terminal (VSAT) Power-line Communication (PLC)

ZigBee

Out of the following tools, which tool can be used to find buffer overflow vulnerabilities present in the system? Z-Wave Sniffer Censys Firmalyzer Enterprise beSTORM

beSTORM


Related study sets

Chapter 3: Product and Service Innovation

View Set