Module 6 Quiz Copy
Quiz Summary
0 of 10 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 10 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 10
1. Question
Which of the following is described below?
“Embedded software that contains a minimal operating system and related programs to control the IoT device”
CorrectIncorrect -
Question 2 of 10
2. Question
Which of the following is a TCP/UDP vulnerability?
CorrectIncorrect -
Question 3 of 10
3. Question
Match each of the following local application vulnerabilities to its description.
Sort elements
- The threat actor is able to find valid usernames by interacting with the authentication mechanism of the application
- The threat actor attempts to authenticate which causes the account to be locked after multiple failed attempts.
- The threat actor uses default passwords that have not been changed, or sets account passwords that they choose.
- The threat actor gains access in an easier manner when only one form of authentication is required.
-
Username enumeration
-
Account lockout:
-
Weak passwords
-
Lack of multi-factor authentication:
CorrectIncorrect -
Question 4 of 10
4. Question
Match each of the following cloud application vulnerabilities to its description.
Sort elements
- the threat actor sends a command, along with other data, to the interpreter. This is often performed on SQL, NoSQL (sometimes referred to as “not only SQL”), Lightweight Directory Access Protocol (LDAP), and the OS. The extra data sent by the threat actor can trick the interpreter into executing commands and access data without authorization. An injection attack will only work on an application that is vulnerable to the attack.
- Incorrectly configured or old XML processors will evaluate the external references to entities that are in eXtensible Markup Language (XML) documents. Using these external entities can disclose files and file shares, perform port scanning and code execution, or even launch a DoS attack.
- Application Programming Interfaces (APIs) and web applications do not protect data correctly. They may not encrypt data, or correctly exchange it with browsers. A threat actor may use this data to perform identity theft and commit fraud.
-
Injection
-
XML external entities (XXE)
-
Sensitive data exposure
CorrectIncorrect -
Question 5 of 10
5. Question
Which of the following is a vulnerability assessment type?
I. White Box
II. Grey Box
III. Black Box
CorrectIncorrect -
Question 6 of 10
6. Question
Which of the following is described below:
The process of making something more secure. In this case, it is the IoT system with its different devices and layers.
CorrectIncorrect -
Question 7 of 10
7. Question
Which of the following is described below?
A standardized protocol that allows the users of the internet to authenticate and authorize themselves without revealing their passwords.
CorrectIncorrect -
Question 8 of 10
8. Question
Match each of the following terminologies to its correct definition.
Sort elements
- The mechanism that is used to ensure data confidentiality
- Applying an algorithm to data that will make it unreadable to those who are not authorized to see the information.
-
Encryption
-
Encrypting
CorrectIncorrect -
Question 9 of 10
9. Question
MQTT can be secured by securing the broker or the clients based on their capabilities.
Which of the following is a way to protect the messages?
I. TLS encryption
II. Payload encryption
CorrectIncorrect -
Question 10 of 10
10. Question
Which of the following can be used to secure CoAP?
CorrectIncorrect