Recent Posts

Internet of Things Security - IOT Security Multiple Choice Questions (MCQs) with Correct Answers

These are some simple Multiple Choice Questions (MCQs) on the topic of Internet of Things (IOT) with the correct solution with it.

You can have a look through it just to check/verify your theory knowledge in IOT domain. 

Check out the FREE Internet of Things (IOT) Tutorials here with hands-on experiments on Arduino, NodeMCU & Raspberry Pi boards.
[ With SourceCode ready to download for free ]

    1. _________ is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.
      • a. Cross-site scoring scripting
      • b. Cross-site request forgery
      • c. Two-factor authentication
      • d. Cross-site scripting

    2. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later displays it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.
      • a. Cross-site scripting
      • b. Cross-site scoring scripting
      • c. Cross-site request forgery
      • d. Two-factor authentication

    3. AES uses a 128 bit block size and a key size of __________ bits.
      • a. 128 or 192
      • b. 128 or 256
      • c. 128, 192, or 256
      • d. 128, 192, or 256

    4. All of following are biometric techniques except
      • a. Badge
      • b. Retina
      • c. Face
      • d. Palm print

    5. An encryption scheme is unconditionally secure if the ciphertext generated does not contain enough information to determine uniquely the corresponding plaintext, no matter how much cipher text is available.
      • a. True
      • b. False

      Check-out our free tutorials on IOT (Internet of Things):

    6. Even with two-factor authentication, users may still be vulnerable to_____________attacks.
      • a. Scripting
      • b. Cross attack
      • c. Man-in-the-middle
      • d. Radiant

    7. Example of a good password is
      • a. name of a partner or spouse
      • b. word related to a job or hobby
      • c. words contains multiple random digits
      • d. name of a child or pet

    8. The DES algorithm has a key length of
      • a. 64 Bits
      • b. 128 Bits
      • c. 16 Bits
      • d. 32 Bits

    9. If the sender and receiver use different keys, the system is referred to as conventional cipher system.
      • a. True
      • b. False

    10. In asymmetric key cryptography, the private key is kept by
      • a. Receiver
      • b. sender and receiver
      • c. Sender
      • d. all the connected devices to the network

    11. In cryptography, what is cipher?
      • a. none of the mentioned
      • b. encrypted message
      • c. both algorithm for performing encryption and decryption and encrypted message
      • d. algorithm for performing encryption and decryption

    12. In dealing with the risk, which response is done by buying insurance
      • a. Risk acceptance
      • b. Risk mitigation
      • c. Risk transfer
      • d. Risk avoidance

    13. In DREAD methodology of risk analysis in threat analysis, how is the Risk score for each threat is calculated
      • a. Risk score = (Reproducibility + Exploitability + Discoverability) * (Damage potential + Affected users)
      • b. Risk score = (Reproducibility * Exploitability * Discoverability) / (Damage potential * Affected users)
      • c. Risk score = (Reproducibility + Exploitability + Discoverability) / (Damage potential + Affected users)
      • d. Risk score = (Reproducibility * Exploitability - Discoverability) ^ (Damage potential + Affected users)

    14. In threat modeling, what methodology used to perform risk analysis
      • a. DREAD
      • b. OWASP
      • c. STRIDE
      • d. DAR

    15. Many applications use _________________, where two independent factors are used to identify a user.
      • a. Cross-site request forgery
      • b. Cross-site scoring scripting
      • c. Two-factor authentication
      • d. Cross-site scripting

    16. Most devastating loss to a company is
      • a. Loss of printouts
      • b. Loss of data
      • c. Loss of Hardware
      • d. Loss of software

    17. Out of the following which is not element of threat modelling
      • a. Asset
      • b. Vulnerability
      • c. Threat
      • d. Time

    18. Process of identifying any individual
      • a. Auditing
      • b. Authorisation
      • c. Authentication
      • d. Accounting

    19. Process of keeping track of users activity -
      • a. Authentication
      • b. Authoring
      • c. Authorisation
      • d. Accounting

    20. Process that prevents someone from denying that she accessed resource
      • a. Accounting
      • b. Non-repudiation
      • c. Sniffing
      • d. Authorisation

    21. Secret words or numbers used for protection of devices is called
      • a. Biometrics data
      • b. Private words
      • c. Backup
      • d. Passwords

    22. Security protection for personal computers includes
      • a. Internal components
      • b. Software
      • c. All of these
      • d. Locks and cables

    23. The most common form of authentication
      • a. Password
      • b. Smart cards
      • c. PIN
      • d. Digital certificates

    24. The process of converting data into a format that can not be read by another user
      • a. Registering
      • b. Locking
      • c. Encryption
      • d. Keying

    25. The process of identifying assets and threats in an organisation is known as
      • a. Threat Modeling
      • b. Security Auditing
      • c. Security Planning
      • d. Firewalling

    26. The process of indentifying a person before giving an access?
      • a. Authentication
      • b. Encryption
      • c. Auditing
      • d. Access control

    27. True or false: It's important that the data stored on IoT drives is encrypted
      • a. False
      • b. True

    28. What concept determines what resources users can access after they log on?
      • a. Auditing
      • b. Defense in depth
      • c. Authentication
      • d. Access control

    29. What do you call the scope that hacker can use to break into a system
      • a. Attack surface
      • b. Defense in depth
      • c. Principle of least privilege
      • d. Risk mitigation

    30. What do you call the security discipline that requires that a user is given no more privileges necessary to perform his or her job?
      • a. Defense in Depth
      • b. Risk transfer
      • c. Principle of least privilege
      • d. Reduction of attack surface

    31. What is data at rest ?
      • a. Data that is not actively traversing a network
      • b. Data stored on a device
      • c. Both a and b
      • d. Data that is taking a nap

    32. What is data encryption standard (DES)?
      • a. none of the mentioned
      • b. bit cipher
      • c. block cipher
      • d. stream cipher

    33. What is Defense in Depth
      • a. An approach
      • b. A security solution
      • c. A battle tactic
      • d. All of the Above

    34. What is needed to highly secure a system?
      • a. Lot of time
      • b. More money
      • c. System update
      • d. Disabled administrator account

    35. What is the best way to protect against social engineering?
      • a. Employee awareness
      • b. Risk mitigation
      • c. Stronger authentication
      • d. Strong encryption

    36. What is the first line of defence when setting up a network?
      • a. Physically secure a network
      • b. Configure an authentication
      • c. Configure encryption
      • d. Configure an ACL

    37. What is used to provide protection when one line of defense is breached?
      • a. Defense in depth
      • b. Attack surface
      • c. Principle of least privilege
      • d. Risk mitigation

    38. What kind of electronic document contains a public key?
      • a. PIN
      • b. Digital certificate
      • c. PAN
      • d. Biometrics

    39. What method used by hacker relies on trusting nature of the person being attacked?
      • a. Social engineering
      • b. Principle of least privilege
      • c. Attack surface
      • d. Risk avoidance

    40. What security threats do employee-owned devices pose by storing corporate data and accessing corporate networks?
      • a. Making infrastructure vulnerable to malware
      • b. All of the above
      • c. Potential for noncompliance
      • d. Data loss

    41. What technology is not used to implement confidentiality?
      • a. Encryption
      • b. Auditing
      • c. Access control
      • d. Authentication

    42. What type of attack tries to guess password by trying common words
      • a. Dictionary attack
      • b. Brute force attack
      • c. Man in the middle attack
      • d. Smurf attack

    43. What type of authentication method identifies and recognises people based o physical traits such as finger prints?
      • a. WEP
      • b. Digital certificates
      • c. Biometrics
      • d. RADIUS

    44. Which of the following are not assets in a typical IoT System
      • a. IoT Device
      • b. Gateway
      • c. None of them
      • d. Application
      • e. Sensor Data

    45. Which of the following is not a correct way to secure communication layer
      • a. Cloud initiated communication
      • b. TLS/SSL
      • c. IPS(Intrusion Prevention System)
      • d. Firewalls

    46. Which of the following is not a response when dealing with a risk?
      • a. Mitigation
      • b. Avoidance
      • c. Transfer
      • d. Patching

    47. Which of the following is not a type of cloud deployment
      • a. Private
      • b. Public
      • c. Hybrid
      • d. Social

    48. Which of the following is not a type or source of threat
      • a. Operational threat
      • b. Cultural threat
      • c. Technical threat
      • d. Social threat

    49. Which of the following is not the component of IoT Endpoint
      • a. Sensor
      • b. Gateway
      • c. Communication Module
      • d. MCU

    50. Which of the following is not the part of basic services offered by cloud
      • a. PaaS
      • b. SaaS
      • c. IaaS
      • d. LaaS

    51. Which of the following is not the part of IoT Ecosystem
      • a. Edge Device
      • b. Public cloud
      • c. None of them
      • d. Mobile App
      • e. Router

    52. Which of the following is threat to IoT Device
      • a. Virus
      • b. All of the above
      • c. People
      • d. Natural Disaster
      • e. Spoofing

    53. Which of the following makes sure that data is not changed when it not supposed to be?
      • a. Integrity
      • b. Availability
      • c. Confidentiality
      • d. Accounting

    54. Which of the following terms indicates that information is to be read only by those people for whom it is intended?
      • a. Availability
      • b. Accounting
      • c. Integrity
      • d. Confidentiality

    55. Which one is not part of CIA Triad
      • a. Authorisation
      • b. Authenticity
      • c. Integrity
      • d. Confidentiality

    56. Which one is not the component of IoT Security Architecture
      • a. None of them
      • b. Secure Device
      • c. Secure Lifecycle Management
      • d. Secure Communication
      • e. Secure Cloud

    57. Which one of this is not threat modelling methodology
      • a. NANO
      • b. STRIDE
      • c. OCTAVE
      • d. PASTA

    58. Which tool can be used for Threat Modeling
      • a. Netbeans
      • b. Spyder
      • c. TMT 2016
      • d. Eclipse

    59. Why threat modelling is not performed
      • a. Secure Application building
      • b. Performing data analytics
      • c. Achieving Defense in Depth
      • d. To save time, revenue and reputation of a company

    60. You are asked to develop application from scratch, when will you start performing threat modeling of the application
      • a. During requirements collection phase
      • b. At the design stage
      • c. At the beginning of the testing phase

    Click here to see solutions for all Machine Learning Coursera Assignments.
    Click here to see more codes for Raspberry Pi 3 and similar Family.
    Click here to see more codes for NodeMCU ESP8266 and similar Family.
    Click here to see more codes for Arduino Mega (ATMega 2560) and similar Family.
    Feel free to ask doubts in the comment section. I will try my best to answer it.
    If you find this helpful by any mean like, comment and share the post.
    This is the simplest way to encourage me to keep doing such work.
    Thanks & Regards,
    -Akshay P Daga

    No comments