Question 1

0 / 2 pts
Which popular exploit used by threat actors intercepts a system update and
injects an update of their own?
Correct Answer

firmware replacement

routing attack

eavesdropping attack

You Answered

SQL injections

Refer to curriculum topic: 5.1.1

Some of the most popular local exploits targeted by threat actors are as follows:

 Firmware Replacement – Updates and patches to devices are usually done

remotely. If the process is not secure, threat actors could intercept the
update and install their own malicious update.They could have full control
over the device and begin attacking other devices in the system.
 Cloning – By creating a duplicate device, both in physical form and the
software and firmware running on that device, the threat actor could
replace a legitimate device. When the device is up and running, the threat
actor could then steal information, or compromise additional devices.
 Denial of service (DoS) – The threat actor could launch a DoS attack to fill
the communications channel, causing devices to respond to requests late,
or not at all. Depending on the devices, this could cause a lot of damage.
 Extraction of Security Parameters – When a device is not protected
properly, the threat actor may be able to extract security parameters
from it such as authentication information or security keys.

Question 2
2 / 2 pts
How does UPnP assist a user to easily set up network-enabled devices?
Correct!

It automatically configures communication between UPnP-enabled devices.

It forces the devices to use UDP for all connections because of its lower overhead.

It allows for the detection of all devices without user intervention.

It allows users to deploy enterprise-level networks easily and efficiently.

Refer to curriculum topic: 5.1.3

UPnP (universal plug and play) will enable all UPnP devices to communicate with
each other easily. It is used mainly in residential setups as the multicast nature of
the UPnP consumes too many resources on networks for it to be efficiently
deployed in an enterprise network.

Question 3
0 / 2 pts
What is a characteristic of the message queueing telemetry transport (MQTT)
protocol?

It is designed to connect servers together.

You Answered

MQTT uses the User Datagram Protocol.

Correct Answer

The MQTT protocol requires a message broker.

It is mainly used for instant messaging.

Refer to curriculum topic: 5.1.3

MQTT requires a message broker that manages communication between
publisher and subscriber clients.

Question 4
0 / 2 pts
A threat actor has hijacked a session to assume the identity of a valid user. Which
web front-end vulnerability is the threat actor exploiting?
You Answered

security misconfiguration

SQL injections

cross-site scripting

Correct Answer

broken authentication

Refer to curriculum topic: 5.1.2

Web front-end vulnerabilities apply to apps, APIs and services. Some of the most
significant vulnerabilities are as follows:

 Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor

injects code, most often JavaScript, into the output of a web application.
This forces client-side scripts to run the way that the threat actor wants
them to run in the browser.
 SQL injections: In a SQLi the threat actor targets the SQL database itself,
rather than the web browser. This allows the threat actor to control the
application database.
 Broken authentication: Broken authentication includes both session
management and protecting the identity of a user. A threat actor can
hijack a session to assume the identity of a user especially when session
tokens are left unexpired.
 Security misconfiguration: Security misconfiguration consists of several
types of vulnerabilities all of which are centered on the lack of
maintenance to the web application configuration.

Question 5
0 / 2 pts
Which password is the most hardened password for use on an IoT device?
You Answered

12gnkjl9!!!ddfgr
ajkyfrjn0999y*

Correct Answer

Hnmmmkoty#4

1245rdghy67#

Refer to curriculum topic: 5.2.1

Hardened passwords should consist of at least 12 characters with a combination
of uppercase, lowercase, numbers, and special characters.

Question 6
2 / 2 pts
A client wants to deploy MQTT on a large enterprise network and is worried
about the security of MQTT. The client wants all messages encrypted, including
all messages between the broker and clients. What could the client do to achieve
this goal?

Use unique client IDs for each client.

Use client certificates.

Invoke SSL encryption.

Correct!

Apply payload encryption.

Refer to curriculum topic: 5.2.1

Payload encryption works at the application layer and provides end to end
encryption, protecting all messages between the client and the broker.

Question 7
2 / 2 pts
What is one of the most widely exposed vulnerabilities listed by the Open Web
Applications Security Project (OWASP)?
Correct!

single-factor authentication

malware

botnets

adware

Refer to curriculum topic: 5.1.1

According to Open Web Applications Security Project (OWASP), the most widely
exposed vulnerabilities are these:

 Username enumeration – The threat actor is able to find valid usernames

through the authentication application.
 Weak passwords – The threat actor uses default passwords which have
not been changed or is able to set account passwords that the threat
actor chooses.
 Account lockout – The threat actor finds a way to attempt to authenticate
many times after multiple failed attempts.
 Lack of multi-factor authentication – It is easier for a threat actor to gain
access when only one form of authentication is required.
 Insecure 3rd party components – As vulnerabilities are discovered, they
often become patched. When components such as Secure Shell (SSH),
BusyBox, or web servers are not kept up to date, the threat actor might
expose these vulnerabilities and gain access.

Question 8
0 / 2 pts
What are two of the most widely exposed vulnerabilities currently listed by the
Open Web Applications Security Project (OWASP)? (Choose two.)
Correct Answer

username enumeration

You Answered
spam

You Answered

phishing

Correct Answer

account lockout

malware

Refer to curriculum topic: 5.1.1

According to Open Web Applications Security Project (OWASP), the most widely
exposed vulnerabilities are these:

 Username enumeration – The threat actor is able to find valid usernames

through the authentication application.
 Weak passwords – The threat actor uses default passwords which have
not been changed or is able to set account passwords that the threat
actor chooses.
 Account lockout – The threat actor finds a way to attempt to authenticate
many times after multiple failed attempts.
 Lack of multifactor authentication – It is easier for a threat actor to gain
access when only one form of authentication is required.
 Insecure 3rd party components – As vulnerabilities are discovered, they
often become patched. When components such as Secure Shell (ssh),
BusyBox, or web servers are not kept up to date, the threat actor might
expose these vulnerabilities and gain access.

Question 9
0 / 2 pts
What is a commonly exposed mobile application vulnerability?

user enumeration

You Answered

malware
Correct Answer

insecure data storage

SQL injections

Refer to curriculum topic: 5.1.1

Threat actors can gain access and control mobile devices through compromised
mobile applications, even though both Android and iOS are relatively secure.
Some of the most widely exposed vulnerabilities are as follows:

 Insecure communication – The communication technology and channel

must be secured. When there is weak negotiation, poor handshake
practices, and the use of incorrect versions of SSL, the communication is
not secure.
 Insecure data storage – Many applications have access to data storage
areas of mobile devices, even though they may not need it. Data storage
must be secured and applications must be tested to ensure there is no
data leakage.
 Insecure authentication –A session must be managed properly to ensure
that it is performed securely. Users must be identified when necessary,
and their identity must be maintained securely.
 Improper platform usage – Mobile apps use features built into the
platforms such as TouchID, Keychain, and Android intents. Should these
security controls be misused, access to the device and other apps can be
compromised.
 Insufficient cryptography – The cryptography used to encrypt sensitive
data must be sufficient and must be applied when necessary.

Question 10
2 / 2 pts
A threat actor has injected JavaScript code into the output of a web application
and is manipulating client-side scripts to run as desired in the browser. Which
web front-end vulnerability is the threat actor exploiting?
Correct!

cross-site scripting

broken authentication
SQL injections

security misconfiguration

Refer to curriculum topic: 5.1.2

Web front-end vulnerabilities apply to apps, APIs, and services. Some of the most
significant vulnerabilities are as follows:

 Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor

injects code, most often JavaScript, into the output of a web application.
This forces client-side scripts to run the way that the threat actor wants
them to run in the browser.
 SQL injections: In an SQLi the threat actor targets the SQL database itself,
rather than the web browser. This allows the threat actor to control the
application database.
 Broken authentication: Broken authentication includes both session
management and protecting the identity of a user. A threat actor can
hijack a session to assume the identity of a user especially when session
tokens are left unexpired.
 Security misconfiguration: Security misconfiguration consists of several
types of vulnerabilities all of which are centered on the lack of
maintenance to the web application configuration.

Question 11
2 / 2 pts
For which type of devices is the use of DDS (data distribution service) in M2M
connections well suited?

for devices that require subscription of data on a server referred to as a broker

for devices that require a collection of data for centralized storage and filtration

for devices where live data is not the only data and which use a client-server
model

Correct!

for devices that measure real-time data in microseconds that need to be filtered
and delivered efficiently
Refer to curriculum topic: 5.1.3
Devices that measure real-time data in microseconds are good candidates for
DDS (data distribution service). DDS will filter the data and send the required
data efficiently to endpoints requiring it. DDS is the protocol of choice when
dealing with applications that require speed and reliability.

Question 12
0 / 2 pts
What is the safest way to prevent an XXE attack?
Correct Answer

Disable XML external entity and DTD processing in the application.

You Answered

Use Pass phrases instead of a password.

Use hardened passwords with a minimum of 12 characters.

Use SSL encryption on all traffic between the server and external clients.

Refer to curriculum topic: 5.2.1

An XXE attack can be prevented by disabling XML external entity and DTD
processing in the application.

Question 13
0 / 2 pts
What is a characteristic of the constrained application protocol (CoAP)?
Correct Answer

It allows for efficient sensor and node communication without requiring a

centralized control mechanism.

You Answered

It is primarily designed to collect data from many devices and deliver that data to
the IT infrastructure.
It supports the last will and testament option.

It is mostly used for multiple clients where live data is the only data.

Refer to curriculum topic: 5.1.3

CoAP uses a client-server model that allows for efficient sensor and node
communication. CoAP is a lightweight protocol that uses UDP (but can use TCP)
and is mainly used for M2M communication.

Question 14
0 / 2 pts
Which attack involves a compromise of data that occurs between two end points?
You Answered

username enumeration

extraction of security parameters

denial-of-service

Correct Answer

man-in-the-middle attack

Refer to curriculum topic: 5.1.1

Threat actors frequently attempt to access devices over the internet through
communication protocols. Some of the most popular remote exploits are as
follows:

 Man-In-the-middle attack (MITM) – The threat actor gets between

devices in the system and intercepts all of the data being transmitted. This
information could simply be collected or modified for a specific purpose
and delivered to its original destination.
 Eavesdropping attack – When devices are being installed, the threat actor
can intercept data such as security keys that are used by constrained
devices to establish communications once they are up and running.
  SQL injection (SQLi) – Threat actors uses a flaw in the Structured Query
Language (SQL) application that allows them to have access to modify the
data or gain administrative privileges.
 Routing attack – A threat actor could either place a rogue routing device
on the network or modify routing packets to manipulate routers to send
all packets to the chosen destination of the threat actor. The threat actor
could then drop specific packets, known as selective forwarding, or drop
all packets, known as a sinkhole attack.

Question 15
0 / 2 pts
What is a characteristic of the message queueing telemetry transport (MQTT)
publish-subscribe model?
You Answered

The last will and testament option allows for immediate session termination, thus
saving power.

Clients that are connected will prevent other clients from connecting, thus
preserving power.

Clients are prevented from subscribing to any subtopics in order to keep traffic to
a minimum.

Correct Answer

It allows for a retained messages option that can be used to provide status
updates.

Refer to curriculum topic: 5.1.3

MQTT is used for machine to machine (M2M) IoT communications and has an
option to retain messages that can be used to provide status updates. MQTT
allows clients to receive many messages when subscribed to a topic within
subtopics. It also supports an option called the last will and testament option that
ensures that the client receives the most current updates of the topics subscribed
to. Clients connected do not prevent other clients from connecting and the traffic
model that is used helps to keep traffic to a minimum, thus enabling reduction in
power.

Question 1
0 / 2 pts
What is a characteristic of Extensible Messaging and Presence Protocol (XMPP)?

It uses a client-server model to inform clients of state changes as they occur.

You Answered

It uses UDP for efficient packet sizes.

It uses a publish-subscribe Model and supports the last will and testament option.

Correct Answer

It uses an addressing scheme (name@domain.com) which helps simplify

connections.

Refer to curriculum topic: 5.1.3

XMPP uses an addressing scheme (name@domain.com) to simplify connections
and enable communication when data is sent between distant points.

Question 2
0 / 2 pts
A threat actor has injected JavaScript code into the output of a web application
and is manipulating client-side scripts to run as desired in the browser. Which
web front-end vulnerability is the threat actor exploiting?
You Answered

SQL injections

broken authentication

Correct Answer

cross-site scripting

security misconfiguration
Refer to curriculum topic: 5.1.2
Web front-end vulnerabilities apply to apps, APIs, and services. Some of the most
significant vulnerabilities are as follows:

 Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor

injects code, most often JavaScript, into the output of a web application.
This forces client-side scripts to run the way that the threat actor wants
them to run in the browser.
 SQL injections: In an SQLi the threat actor targets the SQL database itself,
rather than the web browser. This allows the threat actor to control the
application database.
 Broken authentication: Broken authentication includes both session
management and protecting the identity of a user. A threat actor can
hijack a session to assume the identity of a user especially when session
tokens are left unexpired.
 Security misconfiguration: Security misconfiguration consists of several
types of vulnerabilities all of which are centered on the lack of
maintenance to the web application configuration.

Question 3
0 / 2 pts
Which password is the most hardened password for use on an IoT device?
Correct Answer

Hnmmmkoty#4

You Answered

ajkyfrjn0999y*

12gnkjl9!!!ddfgr

1245rdghy67#

Refer to curriculum topic: 5.2.1

Hardened passwords should consist of at least 12 characters with a combination
of uppercase, lowercase, numbers, and special characters.

Question 4
0 / 2 pts
What are two of the most widely exposed vulnerabilities currently listed by the
Open Web Applications Security Project (OWASP)? (Choose two.)

malware

spam

Correct!

account lockout

You Answered

phishing

Correct Answer

username enumeration

Refer to curriculum topic: 5.1.1

According to Open Web Applications Security Project (OWASP), the most widely
exposed vulnerabilities are these:

 Username enumeration – The threat actor is able to find valid usernames

through the authentication application.
 Weak passwords – The threat actor uses default passwords which have
not been changed or is able to set account passwords that the threat
actor chooses.
 Account lockout – The threat actor finds a way to attempt to authenticate
many times after multiple failed attempts.
 Lack of multifactor authentication – It is easier for a threat actor to gain
access when only one form of authentication is required.
 Insecure 3rd party components – As vulnerabilities are discovered, they
often become patched. When components such as Secure Shell (ssh),
BusyBox, or web servers are not kept up to date, the threat actor might
expose these vulnerabilities and gain access.

Question 5
0 / 2 pts
What is a commonly exposed mobile application vulnerability?
You Answered
malware

user enumeration

Correct Answer

insecure data storage

SQL injections

Refer to curriculum topic: 5.1.1

Threat actors can gain access and control mobile devices through compromised
mobile applications, even though both Android and iOS are relatively secure.
Some of the most widely exposed vulnerabilities are as follows:

 Insecure communication – The communication technology and channel

must be secured. When there is weak negotiation, poor handshake
practices, and the use of incorrect versions of SSL, the communication is
not secure.
 Insecure data storage – Many applications have access to data storage
areas of mobile devices, even though they may not need it. Data storage
must be secured and applications must be tested to ensure there is no
data leakage.
 Insecure authentication –A session must be managed properly to ensure
that it is performed securely. Users must be identified when necessary,
and their identity must be maintained securely.
 Improper platform usage – Mobile apps use features built into the
platforms such as TouchID, Keychain, and Android intents. Should these
security controls be misused, access to the device and other apps can be
compromised.
 Insufficient cryptography – The cryptography used to encrypt sensitive
data must be sufficient and must be applied when necessary.

Question 6
0 / 2 pts
What is a characteristic of the Constrained Application Protocol (CoAP)?

It is designed to connect servers together.

It uses the TCP protocol.

You Answered

It is an inefficient messaging protocol.

Correct Answer

It is a document transfer protocol.

Refer to curriculum topic: 5.1.3

CoAP (Constrained Application Protocol) is a document transfer protocol that
utilizes the User Datagram Protocol (UDP).

Question 7
0 / 2 pts
Which attack involves a compromise of data that occurs between two end points?

username enumeration

Correct Answer

man-in-the-middle attack

You Answered

denial-of-service

extraction of security parameters

Refer to curriculum topic: 5.1.1

Threat actors frequently attempt to access devices over the internet through
communication protocols. Some of the most popular remote exploits are as
follows:

 Man-In-the-middle attack (MITM) – The threat actor gets between

devices in the system and intercepts all of the data being transmitted. This
information could simply be collected or modified for a specific purpose
and delivered to its original destination.
  Eavesdropping attack – When devices are being installed, the threat actor
can intercept data such as security keys that are used by constrained
devices to establish communications once they are up and running.
 SQL injection (SQLi) – Threat actors uses a flaw in the Structured Query
Language (SQL) application that allows them to have access to modify the
data or gain administrative privileges.
 Routing attack – A threat actor could either place a rogue routing device
on the network or modify routing packets to manipulate routers to send
all packets to the chosen destination of the threat actor. The threat actor
could then drop specific packets, known as selective forwarding, or drop
all packets, known as a sinkhole attack.

Question 8
2 / 2 pts
Which popular exploit used by threat actors fills the communications channel so
that the targeted device responds to requests late or not at all?

eavesdropping attack

Correct!

DoS

phishing

routing attack

Refer to curriculum topic: 5.1.1

Some of the most popular local exploits targeted by threat actors are as follows:

 Firmware Replacement – Updates and patches to devices are usually done

remotely. If the process is not secure, threat actors could intercept the
update and install their own malicious update. They could have full
control over the device and begin attacking other devices in the system.
 Cloning – By creating a duplicate device, both in physical form and the
software and firmware running on that device, the threat actor could
replace a legitimate device. When the device is up and running, the threat
actor could then steal information, or compromise additional devices.
 Denial of Service (DoS) – The threat actor could launch a DoS attack to fill
the communications channel causing devices to respond to requests late,
or not at all. Depending on the devices, this could cause a lot of damage.
  Extraction of Security Parameters – When a device is not protected
properly, the threat actor may be able to extract security parameters
from it such as authentication information or security keys.

Question 9
0 / 2 pts
What is a characteristic of the constrained application protocol (CoAP)?
You Answered

It is primarily designed to collect data from many devices and deliver that data to
the IT infrastructure.

Correct Answer

It allows for efficient sensor and node communication without requiring a

centralized control mechanism.

It is mostly used for multiple clients where live data is the only data.

It supports the last will and testament option.

Refer to curriculum topic: 5.1.3

CoAP uses a client-server model that allows for efficient sensor and node
communication. CoAP is a lightweight protocol that uses UDP (but can use TCP)
and is mainly used for M2M communication.

Question 10
0 / 2 pts
What is a characteristic of the message queueing telemetry transport (MQTT)
protocol?
You Answered

MQTT uses the User Datagram Protocol.

It is designed to connect servers together.

Correct Answer
The MQTT protocol requires a message broker.

It is mainly used for instant messaging.

Refer to curriculum topic: 5.1.3

MQTT requires a message broker that manages communication between
publisher and subscriber clients.

Question 11
2 / 2 pts
How does UPnP assist a user to easily set up network-enabled devices?

It forces the devices to use UDP for all connections because of its lower overhead.

It allows users to deploy enterprise-level networks easily and efficiently.

It allows for the detection of all devices without user intervention.

Correct!

It automatically configures communication between UPnP-enabled devices.

Refer to curriculum topic: 5.1.3

UPnP (universal plug and play) will enable all UPnP devices to communicate with
each other easily. It is used mainly in residential setups as the multicast nature of
the UPnP consumes too many resources on networks for it to be efficiently
deployed in an enterprise network.

Question 12
0 / 2 pts
For which type of devices is the use of DDS (data distribution service) in M2M
connections well suited?
You Answered

for devices that require subscription of data on a server referred to as a broker

for devices where live data is not the only data and which use a client-server
model

for devices that require a collection of data for centralized storage and filtration

Correct Answer

for devices that measure real-time data in microseconds that need to be filtered
and delivered efficiently

Refer to curriculum topic: 5.1.3

Devices that measure real-time data in microseconds are good candidates for
DDS (data distribution service). DDS will filter the data and send the required
data efficiently to endpoints requiring it. DDS is the protocol of choice when
dealing with applications that require speed and reliability.

Question 13
2 / 2 pts
True or False?
On some home routers, to compromise the security on the router, a Flash applet
can be used to change the DNS server settings with an UPnP request.
Correct!

true

false

Refer to curriculum topic: 5.1.3

On some home routers, security can be compromised by running a Flash applet
which can change the DNS server settings when an UPnP request is made. This
could be used to redirect legitimate traffic to malevolent websites.

Question 14
2 / 2 pts
A client wants to deploy MQTT on a large enterprise network and is worried
about the security of MQTT. The client wants all messages encrypted, including
all messages between the broker and clients. What could the client do to achieve
this goal?
Use unique client IDs for each client.

Use client certificates.

Invoke SSL encryption.

Correct!

Apply payload encryption.

Refer to curriculum topic: 5.2.1

Payload encryption works at the application layer and provides end to end
encryption, protecting all messages between the client and the broker.

Question 15
2 / 2 pts
What is the safest way to prevent an XXE attack?

Use hardened passwords with a minimum of 12 characters.

Correct!

Disable XML external entity and DTD processing in the application.

Use Pass phrases instead of a password.

Use SSL encryption on all traffic between the server and external clients.

Refer to curriculum topic: 5.2.1

An XXE attack can be prevented by disabling XML external entity and DTD
processing in the application.