WGU D337 Objective Assessment (Latest
2025/2026) Internet of Things (IoT) and
Infrastructure Quiz Bank| Questions and
100% Correct Answers
QUESTION
Which type of malware creates a network of remotely controlled IoT devices unknown to the
owners?
A) Macro
B) Cross-site scripting
C) Embedded software exploitation
D) Botnet
Correct Answer:
D
QUESTION
What enables IoT devices to be infected by the Mirai malware?
A) Default passwords
B) Plaintext communication
C) Stolen certificates
D) Cloud storage
Correct Answer:
A
QUESTION
A company develops a small tracker to be used in parcels to track progress via Global
Positioning System (GPS). Testing reveals that the tracker has a Joint Test Action Group (JTAG)
port on the circuit board that can be used to overwrite the firmware on the tracker and provide
false location data.
,Which two Internet of Things Security Foundation (IoTSF) Best Practice Guidelines (BPGs)
should this company follow in its design process to ensure security from these forms of attack?
Choose 2 answers.
1. Device secure boot
2. Credential management
3. Physical security
4. Application security
A) 1, 3
B) 1, 2
C) 2, 3
D) 3, 4
Correct Answer:
A
QUESTION
A company develops an IoT-based security system. The system uses proximity sensors that
communicate with a central gateway using a 433 MHZ radio signal. Testing reveals that the
traffic can be sniffed with a software-defined radio, and an attacker could spoof the proximity
sensor by copying the authentication details from the radio traffic.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure the security of the radio data?
A) Device secure boot
B) Physical security
C) Network connections
D) Application security
Correct Answer:
C
QUESTION
A company hosts a database in a public cloud. Multiple IoT devices are compromised and used
to generate a high volume of requests targeting the database to affect its availability.
Which type of attack is this? A) Cross-site scripting
B) Distributed denial of service (DDoS)
C) Spear phishing
D) Structured Query Language (SQL) injection
Correct Answer:
,B
QUESTION
A company developed an IoT smart photo frame that allows users to upload photos to their
device using a web browser. Testing revealed that users can upload files onto the root filesystem.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure filesystem permissions are set correctly?
A) Device secure boot
B) Physical security
C) Secure operating system
D) Application security
Correct Answer:
C
QUESTION
A company uses IoT devices to capture data in the field and transmit it for central processing.
The company plans to follow the Internet of Things Security Foundation's (IoTSF) Best Practice
Guidelines (BPGs) to ensure that personal data is protected.
Which IoTSF guideline should this company use? A) Device secure boot
B) Physical security
C) Securing software updates
D) Application security
Correct Answer:
D
QUESTION
A company is developing a smart speaker. The company wants to review industry standards on
device boot and operating system security to improve security in its devices.
Which two resources should this company evaluate? Choose 2 answers.
1. Code of Practice
2. Best Practice Guidelines
3. Human-in-the-loop
4. Internet of Bodies
A) 1, 2
, B) 1, 3
C) 3, 4
D) 2, 4
Correct Answer:
A
QUESTION
Malware has infected several IoT devices in a company. These devices were using default
configurations.
What should the company do to prevent the malware from being installed?
A) Alter the port the devices use to communicate
B) Scan for unusual packets being sent to the devices
C) Change the devices' usernames and passwords
D) Install a firewall limiting communication to the devices
Correct Answer:
C
QUESTION
What does blockchain implement to ensure reliable data are returned when there are multiple
sensors measuring the same data?
A) Mega-merger method
B) Agreed consensus mechanism
C) Shared storage quorum
D) Byzantine Paxos algorithm
Correct Answer:
B
QUESTION
Which blockchain feature in an IoT application ensures that a transaction is tamperproof once it
is validated?
A) Decentralization
B) Immutability C) Auditability D) Resilience
2025/2026) Internet of Things (IoT) and
Infrastructure Quiz Bank| Questions and
100% Correct Answers
QUESTION
Which type of malware creates a network of remotely controlled IoT devices unknown to the
owners?
A) Macro
B) Cross-site scripting
C) Embedded software exploitation
D) Botnet
Correct Answer:
D
QUESTION
What enables IoT devices to be infected by the Mirai malware?
A) Default passwords
B) Plaintext communication
C) Stolen certificates
D) Cloud storage
Correct Answer:
A
QUESTION
A company develops a small tracker to be used in parcels to track progress via Global
Positioning System (GPS). Testing reveals that the tracker has a Joint Test Action Group (JTAG)
port on the circuit board that can be used to overwrite the firmware on the tracker and provide
false location data.
,Which two Internet of Things Security Foundation (IoTSF) Best Practice Guidelines (BPGs)
should this company follow in its design process to ensure security from these forms of attack?
Choose 2 answers.
1. Device secure boot
2. Credential management
3. Physical security
4. Application security
A) 1, 3
B) 1, 2
C) 2, 3
D) 3, 4
Correct Answer:
A
QUESTION
A company develops an IoT-based security system. The system uses proximity sensors that
communicate with a central gateway using a 433 MHZ radio signal. Testing reveals that the
traffic can be sniffed with a software-defined radio, and an attacker could spoof the proximity
sensor by copying the authentication details from the radio traffic.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure the security of the radio data?
A) Device secure boot
B) Physical security
C) Network connections
D) Application security
Correct Answer:
C
QUESTION
A company hosts a database in a public cloud. Multiple IoT devices are compromised and used
to generate a high volume of requests targeting the database to affect its availability.
Which type of attack is this? A) Cross-site scripting
B) Distributed denial of service (DDoS)
C) Spear phishing
D) Structured Query Language (SQL) injection
Correct Answer:
,B
QUESTION
A company developed an IoT smart photo frame that allows users to upload photos to their
device using a web browser. Testing revealed that users can upload files onto the root filesystem.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure filesystem permissions are set correctly?
A) Device secure boot
B) Physical security
C) Secure operating system
D) Application security
Correct Answer:
C
QUESTION
A company uses IoT devices to capture data in the field and transmit it for central processing.
The company plans to follow the Internet of Things Security Foundation's (IoTSF) Best Practice
Guidelines (BPGs) to ensure that personal data is protected.
Which IoTSF guideline should this company use? A) Device secure boot
B) Physical security
C) Securing software updates
D) Application security
Correct Answer:
D
QUESTION
A company is developing a smart speaker. The company wants to review industry standards on
device boot and operating system security to improve security in its devices.
Which two resources should this company evaluate? Choose 2 answers.
1. Code of Practice
2. Best Practice Guidelines
3. Human-in-the-loop
4. Internet of Bodies
A) 1, 2
, B) 1, 3
C) 3, 4
D) 2, 4
Correct Answer:
A
QUESTION
Malware has infected several IoT devices in a company. These devices were using default
configurations.
What should the company do to prevent the malware from being installed?
A) Alter the port the devices use to communicate
B) Scan for unusual packets being sent to the devices
C) Change the devices' usernames and passwords
D) Install a firewall limiting communication to the devices
Correct Answer:
C
QUESTION
What does blockchain implement to ensure reliable data are returned when there are multiple
sensors measuring the same data?
A) Mega-merger method
B) Agreed consensus mechanism
C) Shared storage quorum
D) Byzantine Paxos algorithm
Correct Answer:
B
QUESTION
Which blockchain feature in an IoT application ensures that a transaction is tamperproof once it
is validated?
A) Decentralization
B) Immutability C) Auditability D) Resilience
