Recent Posts

Internet of Things Security - IOT Security Multiple Choice Questions (MCQs) with Correct Answers

These are some simple Multiple Choice Questions (MCQs) on the topic of Internet of Things (IOT) with the correct solution with it.

You can have a look through it just to check/verify your theory knowledge in IOT domain. 

Check out the FREE Internet of Things (IOT) Tutorials here with hands-on experiments on Arduino, NodeMCU & Raspberry Pi boards.
[ With SourceCode ready to download for free ]




    1. _________ is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.
      • a. Cross-site scoring scripting
      • b. Cross-site request forgery
      • c. Two-factor authentication
      • d. Cross-site scripting



    2. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later displays it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.
      • a. Cross-site scripting
      • b. Cross-site scoring scripting
      • c. Cross-site request forgery
      • d. Two-factor authentication



    3. AES uses a 128 bit block size and a key size of __________ bits.
      • a. 128 or 192
      • b. 128 or 256
      • c. 128, 192, or 256
      • d. 128, 192, or 256



    4. All of following are biometric techniques except
      • a. Badge
      • b. Retina
      • c. Face
      • d. Palm print



    5. An encryption scheme is unconditionally secure if the ciphertext generated does not contain enough information to determine uniquely the corresponding plaintext, no matter how much cipher text is available.
      • a. True
      • b. False



      Check-out our free tutorials on IOT (Internet of Things):




    6. Even with two-factor authentication, users may still be vulnerable to_____________attacks.
      • a. Scripting
      • b. Cross attack
      • c. Man-in-the-middle
      • d. Radiant



    7. Example of a good password is
      • a. name of a partner or spouse
      • b. word related to a job or hobby
      • c. words contains multiple random digits
      • d. name of a child or pet



    8. The DES algorithm has a key length of
      • a. 64 Bits
      • b. 128 Bits
      • c. 16 Bits
      • d. 32 Bits



    9. If the sender and receiver use different keys, the system is referred to as conventional cipher system.
      • a. True
      • b. False



    10. In asymmetric key cryptography, the private key is kept by
      • a. Receiver
      • b. sender and receiver
      • c. Sender
      • d. all the connected devices to the network



    11. In cryptography, what is cipher?
      • a. none of the mentioned
      • b. encrypted message
      • c. both algorithm for performing encryption and decryption and encrypted message
      • d. algorithm for performing encryption and decryption



    12. In dealing with the risk, which response is done by buying insurance
      • a. Risk acceptance
      • b. Risk mitigation
      • c. Risk transfer
      • d. Risk avoidance



    13. In DREAD methodology of risk analysis in threat analysis, how is the Risk score for each threat is calculated
      • a. Risk score = (Reproducibility + Exploitability + Discoverability) * (Damage potential + Affected users)
      • b. Risk score = (Reproducibility * Exploitability * Discoverability) / (Damage potential * Affected users)
      • c. Risk score = (Reproducibility + Exploitability + Discoverability) / (Damage potential + Affected users)
      • d. Risk score = (Reproducibility * Exploitability - Discoverability) ^ (Damage potential + Affected users)



    14. In threat modeling, what methodology used to perform risk analysis
      • a. DREAD
      • b. OWASP
      • c. STRIDE
      • d. DAR



    15. Many applications use _________________, where two independent factors are used to identify a user.
      • a. Cross-site request forgery
      • b. Cross-site scoring scripting
      • c. Two-factor authentication
      • d. Cross-site scripting



    16. Most devastating loss to a company is
      • a. Loss of printouts
      • b. Loss of data
      • c. Loss of Hardware
      • d. Loss of software



    17. Out of the following which is not element of threat modelling
      • a. Asset
      • b. Vulnerability
      • c. Threat
      • d. Time



    18. Process of identifying any individual
      • a. Auditing
      • b. Authorisation
      • c. Authentication
      • d. Accounting



    19. Process of keeping track of users activity -
      • a. Authentication
      • b. Authoring
      • c. Authorisation
      • d. Accounting



    20. Process that prevents someone from denying that she accessed resource
      • a. Accounting
      • b. Non-repudiation
      • c. Sniffing
      • d. Authorisation



    21. Secret words or numbers used for protection of devices is called
      • a. Biometrics data
      • b. Private words
      • c. Backup
      • d. Passwords



    22. Security protection for personal computers includes
      • a. Internal components
      • b. Software
      • c. All of these
      • d. Locks and cables



    23. The most common form of authentication
      • a. Password
      • b. Smart cards
      • c. PIN
      • d. Digital certificates



    24. The process of converting data into a format that can not be read by another user
      • a. Registering
      • b. Locking
      • c. Encryption
      • d. Keying



    25. The process of identifying assets and threats in an organisation is known as
      • a. Threat Modeling
      • b. Security Auditing
      • c. Security Planning
      • d. Firewalling



    26. The process of indentifying a person before giving an access?
      • a. Authentication
      • b. Encryption
      • c. Auditing
      • d. Access control



    27. True or false: It's important that the data stored on IoT drives is encrypted
      • a. False
      • b. True



    28. What concept determines what resources users can access after they log on?
      • a. Auditing
      • b. Defense in depth
      • c. Authentication
      • d. Access control



    29. What do you call the scope that hacker can use to break into a system
      • a. Attack surface
      • b. Defense in depth
      • c. Principle of least privilege
      • d. Risk mitigation



    30. What do you call the security discipline that requires that a user is given no more privileges necessary to perform his or her job?
      • a. Defense in Depth
      • b. Risk transfer
      • c. Principle of least privilege
      • d. Reduction of attack surface



    31. What is data at rest ?
      • a. Data that is not actively traversing a network
      • b. Data stored on a device
      • c. Both a and b
      • d. Data that is taking a nap



    32. What is data encryption standard (DES)?
      • a. none of the mentioned
      • b. bit cipher
      • c. block cipher
      • d. stream cipher



    33. What is Defense in Depth
      • a. An approach
      • b. A security solution
      • c. A battle tactic
      • d. All of the Above



    34. What is needed to highly secure a system?
      • a. Lot of time
      • b. More money
      • c. System update
      • d. Disabled administrator account



    35. What is the best way to protect against social engineering?
      • a. Employee awareness
      • b. Risk mitigation
      • c. Stronger authentication
      • d. Strong encryption



    36. What is the first line of defence when setting up a network?
      • a. Physically secure a network
      • b. Configure an authentication
      • c. Configure encryption
      • d. Configure an ACL



    37. What is used to provide protection when one line of defense is breached?
      • a. Defense in depth
      • b. Attack surface
      • c. Principle of least privilege
      • d. Risk mitigation



    38. What kind of electronic document contains a public key?
      • a. PIN
      • b. Digital certificate
      • c. PAN
      • d. Biometrics



    39. What method used by hacker relies on trusting nature of the person being attacked?
      • a. Social engineering
      • b. Principle of least privilege
      • c. Attack surface
      • d. Risk avoidance



    40. What security threats do employee-owned devices pose by storing corporate data and accessing corporate networks?
      • a. Making infrastructure vulnerable to malware
      • b. All of the above
      • c. Potential for noncompliance
      • d. Data loss



    41. What technology is not used to implement confidentiality?
      • a. Encryption
      • b. Auditing
      • c. Access control
      • d. Authentication



    42. What type of attack tries to guess password by trying common words
      • a. Dictionary attack
      • b. Brute force attack
      • c. Man in the middle attack
      • d. Smurf attack



    43. What type of authentication method identifies and recognises people based o physical traits such as finger prints?
      • a. WEP
      • b. Digital certificates
      • c. Biometrics
      • d. RADIUS



    44. Which of the following are not assets in a typical IoT System
      • a. IoT Device
      • b. Gateway
      • c. None of them
      • d. Application
      • e. Sensor Data



    45. Which of the following is not a correct way to secure communication layer
      • a. Cloud initiated communication
      • b. TLS/SSL
      • c. IPS(Intrusion Prevention System)
      • d. Firewalls



    46. Which of the following is not a response when dealing with a risk?
      • a. Mitigation
      • b. Avoidance
      • c. Transfer
      • d. Patching



    47. Which of the following is not a type of cloud deployment
      • a. Private
      • b. Public
      • c. Hybrid
      • d. Social



    48. Which of the following is not a type or source of threat
      • a. Operational threat
      • b. Cultural threat
      • c. Technical threat
      • d. Social threat



    49. Which of the following is not the component of IoT Endpoint
      • a. Sensor
      • b. Gateway
      • c. Communication Module
      • d. MCU



    50. Which of the following is not the part of basic services offered by cloud
      • a. PaaS
      • b. SaaS
      • c. IaaS
      • d. LaaS



    51. Which of the following is not the part of IoT Ecosystem
      • a. Edge Device
      • b. Public cloud
      • c. None of them
      • d. Mobile App
      • e. Router



    52. Which of the following is threat to IoT Device
      • a. Virus
      • b. All of the above
      • c. People
      • d. Natural Disaster
      • e. Spoofing



    53. Which of the following makes sure that data is not changed when it not supposed to be?
      • a. Integrity
      • b. Availability
      • c. Confidentiality
      • d. Accounting



    54. Which of the following terms indicates that information is to be read only by those people for whom it is intended?
      • a. Availability
      • b. Accounting
      • c. Integrity
      • d. Confidentiality



    55. Which one is not part of CIA Triad
      • a. Authorisation
      • b. Authenticity
      • c. Integrity
      • d. Confidentiality



    56. Which one is not the component of IoT Security Architecture
      • a. None of them
      • b. Secure Device
      • c. Secure Lifecycle Management
      • d. Secure Communication
      • e. Secure Cloud



    57. Which one of this is not threat modelling methodology
      • a. NANO
      • b. STRIDE
      • c. OCTAVE
      • d. PASTA



    58. Which tool can be used for Threat Modeling
      • a. Netbeans
      • b. Spyder
      • c. TMT 2016
      • d. Eclipse



    59. Why threat modelling is not performed
      • a. Secure Application building
      • b. Performing data analytics
      • c. Achieving Defense in Depth
      • d. To save time, revenue and reputation of a company



    60. You are asked to develop application from scratch, when will you start performing threat modeling of the application
      • a. During requirements collection phase
      • b. At the design stage
      • c. At the beginning of the testing phase


    --------------------------------------------------------------------------------
    Click here to see solutions for all Machine Learning Coursera Assignments.
    &
    Click here to see more codes for Raspberry Pi 3 and similar Family.
    &
    Click here to see more codes for NodeMCU ESP8266 and similar Family.
    &
    Click here to see more codes for Arduino Mega (ATMega 2560) and similar Family.
    Feel free to ask doubts in the comment section. I will try my best to answer it.
    If you find this helpful by any mean like, comment and share the post.
    This is the simplest way to encourage me to keep doing such work.
    Thanks & Regards,
    -Akshay P Daga

    No comments