QUESTION
Which type of malware creates a network of remotely controlled IoT de- vices unknown to the
owners?
A) Macro
B) Cross-site scripting
C) Embedded software exploitation
D) Botnet
Answer:
D
QUESTION
What enables IoT devices to be infected by the Mirai malware?
A) Default passwords
B) Plaintext communication
C) Stolen certificates
D) Cloud storage
Answer:
A
QUESTION
A company develops a small tracker to be used in parcels to track progress via Global
Positioning System (GPS). Testing reveals that the tracker has a Joint Test Action Group (JTAG)
port on the circuit board that can be used to overwrite the firmware on the tracker and provide
false location data.
,Which two Internet of Things Security Foundation (IoTSF) Best Practice Guide- lines (BPGs)
should this company follow in its design process to ensure security from these forms of attack?
Choose 2 answers.
1. Device secure boot
2. Credential management
3. Physical security
4. Application security
A) 1, 3
B) 1, 2
C) 2, 3
D) 3, 4
Answer:
A
QUESTION
A company develops an IoT-based security system. The system uses prox- imity sensors that
communicate with a central gateway using a 433 MHZ radio signal. Testing reveals that the
traffic can be sniffed with a software-defined radio, and an attacker could spoof the proximity
sensor by copying the au- thentication details from the radio traffic.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure the security of the radio data?
A) Device secure boot
B) Physical security
C) Network connections
D) Application security
Answer:
C
QUESTION
A company hosts a database in a public cloud. Multiple IoT devices are compromised and used
to generate a high volume of requests targeting the database to affect its availability.
Which type of attack is this? A) Cross-site scripting
B) Distributed denial of service (DDoS)
C) Spear phishing
D) Structured Query Language (SQL) injection
Answer:
,B
QUESTION
A company developed an IoT smart photo frame that allows users to upload photos to their
device using a web browser. Testing revealed that users can upload files onto the root filesystem.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure filesystem permissions are set correctly?
A) Device secure boot
B) Physical security
C) Secure operating system
D) Application security
Answer:
C
QUESTION
A company uses IoT devices to capture data in the field and transmit it for central processing.
The company plans to follow the Internet of Things Security Foundation's (IoTSF) Best Practice
Guidelines (BPGs) to ensure that personal data is protected.
Which IoTSF guideline should this company use? A) Device secure boot
B) Physical security
C) Securing software updates
D) Application security
Answer:
D
QUESTION
A company is developing a smart speaker. The company wants to review industry standards on
device boot and operating system security to improve security in its devices.
Which two resources should this company evaluate? Choose 2 answers.
1. Code of Practice
2. Best Practice Guidelines
3. Human-in-the-loop
4. Internet of Bodies
A) 1, 2
, B) 1, g3
C) 3, g4
D) 2, g4
Answer:
A
QUESTION
Malware ghas ginfected gseveral gIoT gdevices gin ga gcompany. gThese gdevices gwere gusing gdefault
gconfigurations.
What gshould gthe gcompany gdo gto gprevent gthe gmalware gfrom gbeing ginstalled?
A) Alter gthe gport gthe gdevices guse gto gcommunicate
B) Scan gfor gunusual gpackets gbeing gsent gto gthe gdevices
C) Change gthe gdevices' gusernames gand gpasswords
D) Install ga gfirewall glimiting gcommunication gto gthe gdevices
Answer:
C
QUESTION
What gdoes gblockchain gimplement gto gensure greliable gdata gare greturned gwhen gthere gare gmultiple
gsensors gmeasuring gthe gsame gdata?
A) Mega-merger gmethod
B) Agreed gconsensus gmechanism
C) Shared gstorage gquorum
D) Byzantine gPaxos galgorithm
Answer:
B
QUESTION
Which gblockchain gfeature gin gan gIoT gapplication gensures gthat ga gtransaction gis gtamperproof gonce
it gis gvalidated?
g
A) Decentralization
B) Immutability gC) gAuditability gD) gResilience
Which type of malware creates a network of remotely controlled IoT de- vices unknown to the
owners?
A) Macro
B) Cross-site scripting
C) Embedded software exploitation
D) Botnet
Answer:
D
QUESTION
What enables IoT devices to be infected by the Mirai malware?
A) Default passwords
B) Plaintext communication
C) Stolen certificates
D) Cloud storage
Answer:
A
QUESTION
A company develops a small tracker to be used in parcels to track progress via Global
Positioning System (GPS). Testing reveals that the tracker has a Joint Test Action Group (JTAG)
port on the circuit board that can be used to overwrite the firmware on the tracker and provide
false location data.
,Which two Internet of Things Security Foundation (IoTSF) Best Practice Guide- lines (BPGs)
should this company follow in its design process to ensure security from these forms of attack?
Choose 2 answers.
1. Device secure boot
2. Credential management
3. Physical security
4. Application security
A) 1, 3
B) 1, 2
C) 2, 3
D) 3, 4
Answer:
A
QUESTION
A company develops an IoT-based security system. The system uses prox- imity sensors that
communicate with a central gateway using a 433 MHZ radio signal. Testing reveals that the
traffic can be sniffed with a software-defined radio, and an attacker could spoof the proximity
sensor by copying the au- thentication details from the radio traffic.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure the security of the radio data?
A) Device secure boot
B) Physical security
C) Network connections
D) Application security
Answer:
C
QUESTION
A company hosts a database in a public cloud. Multiple IoT devices are compromised and used
to generate a high volume of requests targeting the database to affect its availability.
Which type of attack is this? A) Cross-site scripting
B) Distributed denial of service (DDoS)
C) Spear phishing
D) Structured Query Language (SQL) injection
Answer:
,B
QUESTION
A company developed an IoT smart photo frame that allows users to upload photos to their
device using a web browser. Testing revealed that users can upload files onto the root filesystem.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure filesystem permissions are set correctly?
A) Device secure boot
B) Physical security
C) Secure operating system
D) Application security
Answer:
C
QUESTION
A company uses IoT devices to capture data in the field and transmit it for central processing.
The company plans to follow the Internet of Things Security Foundation's (IoTSF) Best Practice
Guidelines (BPGs) to ensure that personal data is protected.
Which IoTSF guideline should this company use? A) Device secure boot
B) Physical security
C) Securing software updates
D) Application security
Answer:
D
QUESTION
A company is developing a smart speaker. The company wants to review industry standards on
device boot and operating system security to improve security in its devices.
Which two resources should this company evaluate? Choose 2 answers.
1. Code of Practice
2. Best Practice Guidelines
3. Human-in-the-loop
4. Internet of Bodies
A) 1, 2
, B) 1, g3
C) 3, g4
D) 2, g4
Answer:
A
QUESTION
Malware ghas ginfected gseveral gIoT gdevices gin ga gcompany. gThese gdevices gwere gusing gdefault
gconfigurations.
What gshould gthe gcompany gdo gto gprevent gthe gmalware gfrom gbeing ginstalled?
A) Alter gthe gport gthe gdevices guse gto gcommunicate
B) Scan gfor gunusual gpackets gbeing gsent gto gthe gdevices
C) Change gthe gdevices' gusernames gand gpasswords
D) Install ga gfirewall glimiting gcommunication gto gthe gdevices
Answer:
C
QUESTION
What gdoes gblockchain gimplement gto gensure greliable gdata gare greturned gwhen gthere gare gmultiple
gsensors gmeasuring gthe gsame gdata?
A) Mega-merger gmethod
B) Agreed gconsensus gmechanism
C) Shared gstorage gquorum
D) Byzantine gPaxos galgorithm
Answer:
B
QUESTION
Which gblockchain gfeature gin gan gIoT gapplication gensures gthat ga gtransaction gis gtamperproof gonce
it gis gvalidated?
g
A) Decentralization
B) Immutability gC) gAuditability gD) gResilience
