Internet of Things Security - IOT Security Multiple Choice Questions (MCQs) with Correct Answers | APDaga Tech

byAkshay Daga (APDaga) -
0
Internet of Things Security - IOT Security Multiple Choice Questions (MCQs) with Correct Answers | APDaga Tech
These are some simple Multiple Choice Questions (MCQs) on the topic of Internet of Things (IOT) with the correct solution with it.

You can have a look through it just to check/verify your theory knowledge in IOT domain. 

Check out the FREE Internet of Things (IOT) Tutorials here with hands-on experiments on Arduino, NodeMCU & Raspberry Pi boards.
[ With SourceCode ready to download for free ]


Recommended Internet of Things (IOT) Courses:
  1. Udemy: Complete Guide to Build IOT Things from Scratch to Market
  2. LinkedIn: IoT Foundations: Fundamentals
  3. edX: Introduction to the Internet of Things (IoT)
  4. edureka: IoT Certification Training on Azure
  5. Coursera: An Introduction to Programming the Internet of Things (IOT) Specialization
  6. Eduonix: Internet Of Things (IOT) Bundle

    1. _________ is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.
      • a. Cross-site scoring scripting
      • b. Cross-site request forgery
      • c. Two-factor authentication
      • d. Cross-site scripting


    2. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later displays it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.
      • a. Cross-site scripting
      • b. Cross-site scoring scripting
      • c. Cross-site request forgery
      • d. Two-factor authentication


    3. AES uses a 128 bit block size and a key size of __________ bits.
      • a. 128 or 192
      • b. 128 or 256
      • c. 128, 192, or 256
      • d. 128, 192, or 256


    4. All of following are biometric techniques except
      • a. Badge
      • b. Retina
      • c. Face
      • d. Palm print


    5. An encryption scheme is unconditionally secure if the ciphertext generated does not contain enough information to determine uniquely the corresponding plaintext, no matter how much cipher text is available.
      • a. True
      • b. False


      Check-out our free tutorials on IOT (Internet of Things):



    6. Even with two-factor authentication, users may still be vulnerable to_____________attacks.
      • a. Scripting
      • b. Cross attack
      • c. Man-in-the-middle
      • d. Radiant


    7. Example of a good password is
      • a. name of a partner or spouse
      • b. word related to a job or hobby
      • c. words contains multiple random digits
      • d. name of a child or pet


    8. The DES algorithm has a key length of
      • a. 64 Bits
      • b. 128 Bits
      • c. 16 Bits
      • d. 32 Bits


    9. If the sender and receiver use different keys, the system is referred to as conventional cipher system.
      • a. True
      • b. False


    10. In asymmetric key cryptography, the private key is kept by
      • a. Receiver
      • b. sender and receiver
      • c. Sender
      • d. all the connected devices to the network


    11. In cryptography, what is cipher?
      • a. none of the mentioned
      • b. encrypted message
      • c. both algorithm for performing encryption and decryption and encrypted message
      • d. algorithm for performing encryption and decryption


    12. In dealing with the risk, which response is done by buying insurance
      • a. Risk acceptance
      • b. Risk mitigation
      • c. Risk transfer
      • d. Risk avoidance


    13. In DREAD methodology of risk analysis in threat analysis, how is the Risk score for each threat is calculated
      • a. Risk score = (Reproducibility + Exploitability + Discoverability) * (Damage potential + Affected users)
      • b. Risk score = (Reproducibility * Exploitability * Discoverability) / (Damage potential * Affected users)
      • c. Risk score = (Reproducibility + Exploitability + Discoverability) / (Damage potential + Affected users)
      • d. Risk score = (Reproducibility * Exploitability - Discoverability) ^ (Damage potential + Affected users)


    14. In threat modeling, what methodology used to perform risk analysis
      • a. DREAD
      • b. OWASP
      • c. STRIDE
      • d. DAR


    15. Many applications use _________________, where two independent factors are used to identify a user.
      • a. Cross-site request forgery
      • b. Cross-site scoring scripting
      • c. Two-factor authentication
      • d. Cross-site scripting


    16. Most devastating loss to a company is
      • a. Loss of printouts
      • b. Loss of data
      • c. Loss of Hardware
      • d. Loss of software


    17. Out of the following which is not element of threat modelling
      • a. Asset
      • b. Vulnerability
      • c. Threat
      • d. Time


    18. Process of identifying any individual
      • a. Auditing
      • b. Authorisation
      • c. Authentication
      • d. Accounting


    19. Process of keeping track of users activity -
      • a. Authentication
      • b. Authoring
      • c. Authorisation
      • d. Accounting


    20. Process that prevents someone from denying that she accessed resource
      • a. Accounting
      • b. Non-repudiation
      • c. Sniffing
      • d. Authorisation


    21. Secret words or numbers used for protection of devices is called
      • a. Biometrics data
      • b. Private words
      • c. Backup
      • d. Passwords


    22. Security protection for personal computers includes
      • a. Internal components
      • b. Software
      • c. All of these
      • d. Locks and cables


    23. The most common form of authentication
      • a. Password
      • b. Smart cards
      • c. PIN
      • d. Digital certificates


    24. The process of converting data into a format that can not be read by another user
      • a. Registering
      • b. Locking
      • c. Encryption
      • d. Keying


    25. The process of identifying assets and threats in an organisation is known as
      • a. Threat Modeling
      • b. Security Auditing
      • c. Security Planning
      • d. Firewalling


    26. The process of indentifying a person before giving an access?
      • a. Authentication
      • b. Encryption
      • c. Auditing
      • d. Access control


    27. True or false: It's important that the data stored on IoT drives is encrypted
      • a. False
      • b. True


    28. What concept determines what resources users can access after they log on?
      • a. Auditing
      • b. Defense in depth
      • c. Authentication
      • d. Access control


    29. What do you call the scope that hacker can use to break into a system
      • a. Attack surface
      • b. Defense in depth
      • c. Principle of least privilege
      • d. Risk mitigation


    30. What do you call the security discipline that requires that a user is given no more privileges necessary to perform his or her job?
      • a. Defense in Depth
      • b. Risk transfer
      • c. Principle of least privilege
      • d. Reduction of attack surface


    31. What is data at rest ?
      • a. Data that is not actively traversing a network
      • b. Data stored on a device
      • c. Both a and b
      • d. Data that is taking a nap


    32. What is data encryption standard (DES)?
      • a. none of the mentioned
      • b. bit cipher
      • c. block cipher
      • d. stream cipher


    33. What is Defense in Depth
      • a. An approach
      • b. A security solution
      • c. A battle tactic
      • d. All of the Above


    34. What is needed to highly secure a system?
      • a. Lot of time
      • b. More money
      • c. System update
      • d. Disabled administrator account


    35. What is the best way to protect against social engineering?
      • a. Employee awareness
      • b. Risk mitigation
      • c. Stronger authentication
      • d. Strong encryption


    36. What is the first line of defence when setting up a network?
      • a. Physically secure a network
      • b. Configure an authentication
      • c. Configure encryption
      • d. Configure an ACL


    37. What is used to provide protection when one line of defense is breached?
      • a. Defense in depth
      • b. Attack surface
      • c. Principle of least privilege
      • d. Risk mitigation


    38. What kind of electronic document contains a public key?
      • a. PIN
      • b. Digital certificate
      • c. PAN
      • d. Biometrics


    39. What method used by hacker relies on trusting nature of the person being attacked?
      • a. Social engineering
      • b. Principle of least privilege
      • c. Attack surface
      • d. Risk avoidance


    40. What security threats do employee-owned devices pose by storing corporate data and accessing corporate networks?
      • a. Making infrastructure vulnerable to malware
      • b. All of the above
      • c. Potential for noncompliance
      • d. Data loss


    41. What technology is not used to implement confidentiality?
      • a. Encryption
      • b. Auditing
      • c. Access control
      • d. Authentication


    42. What type of attack tries to guess password by trying common words
      • a. Dictionary attack
      • b. Brute force attack
      • c. Man in the middle attack
      • d. Smurf attack


    43. What type of authentication method identifies and recognises people based o physical traits such as finger prints?
      • a. WEP
      • b. Digital certificates
      • c. Biometrics
      • d. RADIUS


    44. Which of the following are not assets in a typical IoT System
      • a. IoT Device
      • b. Gateway
      • c. None of them
      • d. Application
      • e. Sensor Data


    45. Which of the following is not a correct way to secure communication layer
      • a. Cloud initiated communication
      • b. TLS/SSL
      • c. IPS(Intrusion Prevention System)
      • d. Firewalls


    46. Which of the following is not a response when dealing with a risk?
      • a. Mitigation
      • b. Avoidance
      • c. Transfer
      • d. Patching


    47. Which of the following is not a type of cloud deployment
      • a. Private
      • b. Public
      • c. Hybrid
      • d. Social


    48. Which of the following is not a type or source of threat
      • a. Operational threat
      • b. Cultural threat
      • c. Technical threat
      • d. Social threat


    49. Which of the following is not the component of IoT Endpoint
      • a. Sensor
      • b. Gateway
      • c. Communication Module
      • d. MCU


    50. Which of the following is not the part of basic services offered by cloud
      • a. PaaS
      • b. SaaS
      • c. IaaS
      • d. LaaS


    51. Which of the following is not the part of IoT Ecosystem
      • a. Edge Device
      • b. Public cloud
      • c. None of them
      • d. Mobile App
      • e. Router


    52. Which of the following is threat to IoT Device
      • a. Virus
      • b. All of the above
      • c. People
      • d. Natural Disaster
      • e. Spoofing


    53. Which of the following makes sure that data is not changed when it not supposed to be?
      • a. Integrity
      • b. Availability
      • c. Confidentiality
      • d. Accounting


    54. Which of the following terms indicates that information is to be read only by those people for whom it is intended?
      • a. Availability
      • b. Accounting
      • c. Integrity
      • d. Confidentiality


    55. Which one is not part of CIA Triad
      • a. Authorisation
      • b. Authenticity
      • c. Integrity
      • d. Confidentiality


    56. Which one is not the component of IoT Security Architecture
      • a. None of them
      • b. Secure Device
      • c. Secure Lifecycle Management
      • d. Secure Communication
      • e. Secure Cloud


    57. Which one of this is not threat modelling methodology
      • a. NANO
      • b. STRIDE
      • c. OCTAVE
      • d. PASTA


    58. Which tool can be used for Threat Modeling
      • a. Netbeans
      • b. Spyder
      • c. TMT 2016
      • d. Eclipse


    59. Why threat modelling is not performed
      • a. Secure Application building
      • b. Performing data analytics
      • c. Achieving Defense in Depth
      • d. To save time, revenue and reputation of a company


    60. You are asked to develop application from scratch, when will you start performing threat modeling of the application
      • a. During requirements collection phase
      • b. At the design stage
      • c. At the beginning of the testing phase

    --------------------------------------------------------------------------------
    Click here to see solutions for all Machine Learning Coursera Assignments.
    &
    Click here to see more codes for Raspberry Pi 3 and similar Family.
    &
    Click here to see more codes for NodeMCU ESP8266 and similar Family.
    &
    Click here to see more codes for Arduino Mega (ATMega 2560) and similar Family.
    Feel free to ask doubts in the comment section. I will try my best to answer it.
    If you find this helpful by any mean like, comment and share the post.
    This is the simplest way to encourage me to keep doing such work.
    Thanks & Regards,
    -Akshay P Daga
    Tags:
    Post a Comment (0)
    Previous Post Next Post