- web.groovymark@gmail.com
- November 30, 2024
Question 21
Which two technology areas affect the networking requirements within the customer IoT landscape? Choose 2 answers.
- Smart roads
- Smart home
- Sonography
4. Wearables
a) 2, 4
b) 1, 2
c) 2, 3
d) 1, 3
Correct Answer: a) 2, 4
Explanation: Smart homes and wearables significantly influence networking needs due to their connectivity requirements.
Question 22
How does the processing of IoT data in the cloud change when transitioning from the Lambda architecture to Kappa architecture?
a) The batch layer is removed.
b) The streaming layer is removed.
c) The batch layer replaces the serving layer.
d) The streaming layer replaces the serving layer.
Correct Answer: a) The batch layer is removed.
Explanation: Kappa architecture simplifies the data processing pipeline by eliminating the need for a separate batch layer.
Question 23
Which component in the Lambda architecture acts as the streaming layer in a streaming processing system?
a) Real-time engine
b) Batch engine
c) Serving back-end
d) Data storage
Correct Answer: a) Real-time engine
Explanation: The real-time engine processes streaming data in the Lambda architecture, enabling quick insights.
Question 24
Which task does an information consumer perform within an IoT ecosystem?
a) Collects data from their sensors and shares it based on terms and conditions
b) Builds applications that use data from various sources after obtaining consent
c) Identifies risks by communicating with the data owner for risk management
d) Maintains backups of the data collected from the sensors for disaster recovery
Correct Answer: b) Builds applications that use data from various sources after obtaining consent
Explanation: Information consumers create applications that leverage IoT data while respecting privacy and consent.
Question 25
Which vulnerability do IoT botnets target on IoT devices by applying data found on the internet?
a) Unencrypted communications
b) Default credentials
c) Cleartext passwords
d) Exposed sensors
Correct Answer: b) Default credentials
Explanation: IoT botnets often exploit devices with default login credentials, making them vulnerable to attacks.
Question 26
Which two stakeholder groups contribute to addressing the challenges of IoT security? Choose 2 answers.
- Governments
- Universities
- Standards development bodies
4. Law enforcement organizations
a) 2, 3
b) 1, 2
c) 1, 3
d) 1, 4
Correct Answer: c) 1, 3
Explanation: Governments and standards development bodies play crucial roles in establishing policies and frameworks for IoT security.
Question 27
Which two issues can result from global deployment of insecurely configured IoT devices? Choose 2 answers.
- Devices are compromised to provide fake data
- Device hardware is attacked until destroyed
- Devices are compromised to form botnets
4. Device software is built into a sandbox environment
a) 2, 3
b) 1, 3
c) 3, 4
d) 2, 4
Correct Answer: b) 1, 3
Explanation: Insecure IoT devices can be exploited to generate false data or to create botnets for malicious purposes.
Question 28
Which type of malware creates a network of remotely controlled IoT devices unknown to the owners?
a) Macro
b) Cross-site scripting
c) Embedded software exploitation
d) Botnet
Correct Answer: d) Botnet
Explanation: Botnets are networks of compromised devices controlled by a hacker, often used for distributed attacks.
Question 29
What enables IoT devices to be infected by the Mirai malware?
a) Default passwords
b) Plaintext communication
c) Stolen certificates
d) Cloud storage
Correct Answer: a) Default passwords
Explanation: The Mirai malware exploits IoT devices that have not changed their default passwords, allowing for mass infections.
Question 30
A company develops a small tracker to be used in parcels to track progress via Global Positioning System (GPS). Testing reveals that the tracker has a Joint Test Action Group (JTAG) port on the circuit board that can be used to overwrite the firmware on the tracker and provide false location data. Which two Internet of Things Security Foundation (IoTSF) Best Practice Guidelines (BPGs) should this company follow in its design process to ensure security from these forms of attack? Choose 2 answers.
- Device secure boot
- Credential management
- Physical security
4. Application security
a) 1, 3
b) 1, 2
c) 2, 3
d) 3, 4
Correct Answer: a) 1, 3
Explanation: Implementing secure boot and physical security measures can help prevent unauthorized firmware alterations.
Question 31
A company develops an IoT-based security system. The system uses proximity sensors that communicate with a central gateway using a 433 MHz radio signal. Testing reveals that the traffic can be sniffed with a software-defined radio, and an attacker could spoof the proximity sensor by copying the authentication details from the radio traffic. Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should this company follow in its design process to ensure the security of the radio data?
a) Device secure boot
b) Physical security
c) Network connections
d) Application security
Correct Answer: c) Network connections
Explanation: Securing network connections is vital to protect communication from eavesdropping and spoofing attacks.
Question 32
A company hosts a database in a public cloud. Multiple IoT devices are compromised and used to generate a high volume of requests targeting the database to affect its availability. Which type of attack is this?
a) Cross-site scripting
b) Distributed denial of service (DDoS)
c) Spear phishing
d) Structured Query Language (SQL) injection
Correct Answer: b) Distributed denial of service (DDoS)
Explanation: A DDoS attack overwhelms a target with excessive traffic to disrupt service availability.
Question 33
A company developed an IoT smart photo frame that allows users to upload photos to their device using a web browser. Testing revealed that users can upload files onto the root filesystem. Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should this company follow in its design process to ensure filesystem permissions are set correctly?
a) Device secure boot
b) Physical security
c) Secure operating system
d) Application security
Correct Answer: c) Secure operating system
Explanation: Ensuring a secure operating system can help manage permissions effectively and prevent unauthorized file uploads.
Question 34
A company uses IoT devices to capture data in the field and transmit it for central processing. The company plans to follow the Internet of Things Security Foundation’s (IoTSF) Best Practice Guidelines (BPGs) to ensure that personal data is protected. Which IoTSF guideline should this company use?
a) Device secure boot
b) Physical security
c) Securing software updates
d) Application security
Correct Answer: d) Application security
Explanation: Application security practices are essential for protecting personal data collected by IoT devices.
Question 35
A company is developing a smart speaker. The company wants to review industry standards on device boot and operating system security to improve security in its devices. Which two resources should this company evaluate? Choose 2 answers.
- Code of Practice
- Best Practice Guidelines
- Human-in-the-loop
4. Internet of Bodies
a) 1, 2
b) 1, 3
c) 3, 4
d) 2, 4
Correct Answer: a) 1, 2
Explanation: Reviewing the Code of Practice and Best Practice Guidelines will provide valuable insights into security standards for smart devices.
Question 36
Malware has infected several IoT devices in a company. These devices were using default configurations. What should the company do to prevent the malware from being installed?
a) Alter the port the devices use to communicate
b) Scan for unusual packets being sent to the devices
c) Change the devices’ usernames and passwords
d) Install a firewall limiting communication to the devices
Correct Answer: c) Change the devices' usernames and passwords
Explanation: Changing default credentials is a critical first step in securing IoT devices against malware infections.
Question 37
What does blockchain implement to ensure reliable data are returned when there are multiple sensors measuring the same data?
a) Mega-merger method
b) Agreed consensus mechanism
c) Shared storage quorum
d) Byzantine Paxos algorithm
Correct Answer: b) Agreed consensus mechanism
Explanation: A consensus mechanism is necessary in blockchain to validate and agree upon the data reported by multiple sensors.
Question 38
Which blockchain feature in an IoT application ensures that a transaction is tamperproof once it is validated?
a) Decentralization
b) Immutability
c) Auditability
d) Resilience
Correct Answer: b) Immutability
Explanation: Once a transaction is added to the blockchain, it cannot be altered, ensuring data integrity.
Question 39
What is the purpose of the consensus mechanism enabled through blockchain when collecting the same signals from multiple IoT sensors?
a) Ensuring that data from each sensor is treated equally
b) Providing a single version of the truth across all sensor data
c) Identifying a single sensor with the most accurate data
d) Verifying data from sensors by a central authority
Correct Answer: b) Providing a single version of the truth across all sensor data
Explanation: The consensus mechanism reconciles data from multiple sources to ensure accuracy and consistency.
Question 40
What are two categories of ethical concern when collecting data through IoT? Choose 2 answers.
- Accessing and using data
- Building applications to store data
- Control and property rights of data
4. Diagnostics of data quality
a) 2, 3
b) 1, 4
c) 1, 3
d) 2, 4
Correct Answer: c) 1, 3
Explanation: Ethical concerns often revolve around how data is accessed and used, as well as ownership rights related to collected data.