Question 1

0 / 2 pts
Which network environment is suitable for a Media Access Control (MAC)
address spoofing attack?

within the cloud

Correct Answer

inside an internal network

You Answered

between an organization network and ISP

on a WAN connection

Refer to curriculum topic: 4.2.1

Media Access Control (MAC) address spoofing attacks are used when threat
actors have access to the internal network. Threat actors alter the MAC address
of their host to match the known MAC address of a target host.

Question 2
0 / 2 pts
A threat actor uses a program to launch an attack by sending a flood of UDP
packets to a server on the network. The program sweeps through all of the known
ports trying to find closed ports. It causes the server to reply with an ICMP port
unreachable message and is similar to a DoS attack. Which two programs could be
used by the threat actor to launch the attack? (Choose two.)
You Answered

WireShark

You Answered

Smurf

Correct Answer

Low Orbit Ion Cannon

Correct Answer

UDP Unicorn

ping

Refer to curriculum topic: 4.2.2

A threat actor can use a tool like UDP Unicorn or Low Orbit Ion Cannon to send a
flood of UDP packets to launch a UDP flood attack that causes all the resources
on a network to become consumed. These types of programs will sweep through
all the known ports trying to find closed ports. This causes the server to reply with
an ICMP port unreachable message. Because of the many closed ports on the
server, there is so much traffic on the segment that almost all the bandwidth gets
used. The end result is very similar to a DoS attack.

Question 3
0.5 / 2 pts
After host A receives a web page from server B, host A terminates the connection
with server B. Match each option to its correct step in the normal termination
proccess for a TCP connection.
You Answered
Host A sends an ACK to server B.

Correct Answer
Step 4
Correct!
Server B sends a FIN to host A.

You Answered
Host A sends a FIN to server B.

Correct Answer
Step 1
You Answered
Server B sends an ACK to host A.

Correct Answer
Step 2
Refer to curriculum topic: 4.2.2

Question 4
2 / 2 pts
Which customized IEEE 802.15.4 wireless topology can contain a large amount of
full function devices and a small amount of reduced function devices?

star

Correct!

cluster-tree

hub-and-spoke

mesh

Refer to curriculum topic: 4.1.2

The cluster-tree topology contains mainly full function devices (FFDs). Any of
these FFDs can act as a coordinator and provide synchronization services to
other devices and coordinators. A reduced function device (RFD) may connect to
a cluster-tree network as a leaf node at the end of a branch.

Question 5
0 / 2 pts
Which basic security service protects against alteration of data while it is in
transit?
You Answered

replay protection
Correct Answer

message integrity

access control

message confidentiality

Refer to curriculum topic: 4.1.2

802.15.4 operates at the OSI physical and data link layers. There are four basic
security services performed at the data link layer:
• Access control - prevents unauthorized devices from joining the network
• Message integrity - protects against alteration of data while it is in transit
• Message confidentiality - prevents threat actors from reading the transmitted
data
• Replay protection - prevents threat actors from successfully capturing
legitimate messages and sending them out on the network at a later time

Question 6
0 / 2 pts
A threat actor uses non-blind spoofing to launch an attack. What are two
objectives for the attack? (Choose two.)

overwhelming web servers

Correct!

predicting TCP sequence-numbers

You Answered

flooding the network with maliciously formatted packets

depleting the batteries of IP-based IoT devices

Correct Answer
determining the state of a firewall

Refer to curriculum topic: 4.2.1

IP address spoofing attacks occur when a threat actor creates packets with false
source IP address information. With non-blind spoofing, the threat actor can see
the traffic that is being sent between the host and the target. Reasons for non-
blind spoofing include determining the state of a firewall, TCP sequence-number
prediction, or hijacking an authorized session.

Question 7
0 / 2 pts
Which parameter is used to identify applications when a user sends a service
request to a remote server?

TCP sequence number

Correct Answer

destination port number

source port number

You Answered

server IP address

Refer to curriculum topic: 4.2.2

In TCP/IP transmissions, the protocols at the transport layer of both the OSI and
TCP/IP model use port addressing to enable multiple conversations to be tracked
and connected with the correct applications. The destination port number in the
packets sent by the source device identifies the requested application.

Question 8
0 / 2 pts
What are two of the most common wireless technologies used in home
automation and home security applications? (Choose two.)

near field communication

You Answered

IEEE 802.15.4

Correct!

Wi-Fi

Correct Answer

Bluetooth

cellular

Refer to curriculum topic: 4.1.2

Bluetooth and Wi-Fi both use radio waves to transmit data and are commonly
used in IoT home applications. Bluetooth is used in wireless personal-area
networks and Wi-Fi is used in wireless local-area networks.

Question 9
0 / 2 pts
Which attack commonly includes the use of botnet and handler systems?
You Answered

ICMP attack

Correct Answer

DDoS attack

DoS attack

address spoofing attack

Refer to curriculum topic: 4.2.1

A DDoS attack is similar in intent to a DoS attack, except that a DDoS attack is
larger because it originates from multiple and coordinated sources. DDoS attacks
commonly include a botnet, handler systems, and zombie computers.

Question 10
0 / 2 pts
Which two application layer protocols use UDP? (Choose two.)
Correct Answer

DHCP

You Answered

HTTP

Correct!

TFTP

FTP

HTTPS

Refer to curriculum topic: 4.2.2

Application layer protocols TFTP and DHCP use UDP as the transport layer
protocol. HTTP, HTTPS, and FTP use TCP as the transport layer protocol.

Question 11
0 / 2 pts
Which devices scan and infect more targets during the process of a DDoS attack?

CnC servers

You Answered

botmasters
web servers

Correct Answer

zombies

Refer to curriculum topic: 4.2.1

In DDoS attack scenarios, zombies, or infected hosts, continue to scan and infect
targets with the intent of creating more zombies. The command-and-control
(CnC) server communicates with zombies using a covert channel. When ready,
the threat actor (botmaster) uses the CnC servers to instruct the botnet of
zombies to launch a DDoS attack on a specific target.

Question 12
0 / 2 pts
Which IoT wireless option is commonly used by devices that require a low power
wide-area network connection and do not use a fixed power supply?

ZigBee

Correct Answer

LoRaWAN

thread

You Answered

cellular

Refer to curriculum topic: 4.1.2

LoRaWAN is a specification for low power wide-area network connection. Unlike
cellular, LoRaWAN devices do not require a fixed power supply.

Question 13
0 / 2 pts
In which type of scenario would an IoT gateway not be required to convert traffic
to Wi-Fi or wired ethernet?
when smart objects forward data within a star topology

when smart objects forward data within a mesh network

You Answered

when smart objects forward data within a hub-and-spoke topology

Correct Answer

when smart objects forward data using TCP/IP protocols

Refer to curriculum topic: 4.1.1

Smart objects and things can communicate directly with the cloud or data center
(IP capable) if they have their own IPv6 protocol stacks and messaging protocols.
Being IP capable allows the things to send through the IP network without
requiring translation into IP by an IoT gateway.

Question 14
0 / 2 pts
Which attack involves threat actors positioning themselves between a source and
destination with the intent of transparently monitoring, capturing, and controlling
the communication?

ICMP attack

Correct Answer

man-in-the-middle attack

DoS attack

You Answered

SYN flood attack

Refer to curriculum topic: 4.2.1

The man-in-the-middle attack is a common IP-related attack where threat actors
position themselves between a source and destination to transparently monitor,
capture, and control the communication.

Question 15
0 / 2 pts
Which two types of attacks are typically carried out by using ICMP messages?
(Choose two.)
You Answered

password gathering

Correct!

reconnaissance

Correct Answer

DoS

opening back doors

relaying spam

Refer to curriculum topic: 4.2.1

Threat actors use ICMP messages for reconnaissance and scanning attacks. ICMP
messages are also used by threat actors to launch DoS attacks.

Question 1
2 / 2 pts
Which network environment is suitable for a Media Access Control (MAC)
address spoofing attack?

between an organization network and ISP

Correct!

inside an internal network

within the cloud

on a WAN connection

Refer to curriculum topic: 4.2.1

Media Access Control (MAC) address spoofing attacks are used when threat
actors have access to the internal network. Threat actors alter the MAC address
of their host to match the known MAC address of a target host.

Question 2
0 / 2 pts
Which type of IoT wireless deployment would allow smart objects to be deployed
over a very large area?
Correct Answer

mesh topology

You Answered

star topology

IP capable topology

hub-and-spoke topology

Refer to curriculum topic: 4.1.1

The wireless mesh topology allows smart objects to connect with other smart
objects to eventually reach an IoT gateway. This allows the smart objects to be
deployed over a much larger area than would otherwise be possible if each node
were required to communicate directly with the IoT gateway.

Question 3
2 / 2 pts
Which parameter is used to identify applications when a user sends a service
request to a remote server?
source port number

server IP address

Correct!

destination port number

TCP sequence number

Refer to curriculum topic: 4.2.2

In TCP/IP transmissions, the protocols at the transport layer of both the OSI and
TCP/IP model use port addressing to enable multiple conversations to be tracked
and connected with the correct applications. The destination port number in the
packets sent by the source device identifies the requested application.

Question 4
2 / 2 pts
When does the level of trust and reliability of data change during communication
between IoT systems?
Correct!

when data is generated by a device inside a trusted network and travels to an

untrusted network

when data is generated by a device inside a trusted network and stays within the
network

when data is generated by a device within a DMZ and stays within the DMZ

when data is generated by a device inside an untrusted network and stays in an

untrusted network

Refer to curriculum topic: 4.3.1

When referring to security, crossing a trust boundary means that the level of trust
and reliability of data has changed. As data moves from a trusted network to an
untrusted network, the security of the data changes.

Question 5
0 / 2 pts
Which OWASP communication layer vulnerability should be researched when
securing the IoT network traffic attack surface?

replay attack

Correct Answer

protocol fuzzing

unencrypted services

You Answered

injection

Refer to curriculum topic: 4.1.1

When securing the IoT network traffic attack surface, the following
vulnerabilities should be taken into account:

 LAN traffic
 LAN to internet traffic
 short range
 nonstandard protocols
 wireless
 packet manipulation (protocol fuzzing)

Question 6
2 / 2 pts
Which devices scan and infect more targets during the process of a DDoS attack?

web servers

botmasters
CnC servers

Correct!

zombies

Refer to curriculum topic: 4.2.1

In DDoS attack scenarios, zombies, or infected hosts, continue to scan and infect
targets with the intent of creating more zombies. The command-and-control
(CnC) server communicates with zombies using a covert channel. When ready,
the threat actor (botmaster) uses the CnC servers to instruct the botnet of
zombies to launch a DDoS attack on a specific target.

Question 7
1.5 / 2 pts
After host A receives a web page from server B, host A terminates the connection
with server B. Match each option to its correct step in the normal termination
proccess for a TCP connection.
Correct!
Host A sends an ACK to server B.

Correct!
Server B sends a FIN to host A.

Correct!
Host A sends a FIN to server B.

You Answered
Server B sends an ACK to host A.

Correct Answer
Step 2
Refer to curriculum topic: 4.2.2
Question 8
0 / 2 pts
Which two OWASP communication layer vulnerabilities should be researched
when securing the IoT device network services attack surface? (Choose two.)

XBee

Correct Answer

information disclosure

You Answered

non-standard protocols

Correct!

vulnerable UDP services

Zigbee

Refer to curriculum topic: 4.1.1

When the IoT device network services attack surface is being secured, the
following vulnerabilities should be taken into account:

 Information disclosure
 Injection
 Denial of service
 Unencrypted services
 Poorly implemented encryption
 Test/development services
 Vulnerable UDP services
 Replay attack
 Lack of payload verification
 Lack of message integrity check

Question 9
0 / 2 pts
A threat actor uses a program to launch an attack by sending a flood of UDP
packets to a server on the network. The program sweeps through all of the known
ports trying to find closed ports. It causes the server to reply with an ICMP port
unreachable message and is similar to a DoS attack. Which two programs could be
used by the threat actor to launch the attack? (Choose two.)
Correct Answer

UDP Unicorn

ping

WireShark

You Answered

Smurf

Correct!

Low Orbit Ion Cannon

Refer to curriculum topic: 4.2.2

A threat actor can use a tool like UDP Unicorn or Low Orbit Ion Cannon to send a
flood of UDP packets to launch a UDP flood attack that causes all the resources
on a network to become consumed. These types of programs will sweep through
all the known ports trying to find closed ports. This causes the server to reply with
an ICMP port unreachable message. Because of the many closed ports on the
server, there is so much traffic on the segment that almost all the bandwidth gets
used. The end result is very similar to a DoS attack.

Question 10
0 / 2 pts
A threat actor uses non-blind spoofing to launch an attack. What are two
objectives for the attack? (Choose two.)
You Answered

depleting the batteries of IP-based IoT devices

Correct!

predicting TCP sequence-numbers

flooding the network with maliciously formatted packets

overwhelming web servers

Correct Answer

determining the state of a firewall

Refer to curriculum topic: 4.2.1

IP address spoofing attacks occur when a threat actor creates packets with false
source IP address information. With non-blind spoofing, the threat actor can see
the traffic that is being sent between the host and the target. Reasons for non-
blind spoofing include determining the state of a firewall, TCP sequence-number
prediction, or hijacking an authorized session.

Question 11
0 / 2 pts
Which two techniques are used in a smurf attack? (Choose two.)
You Answered

botnets

You Answered

resource exhaustion

Correct Answer

amplification

Correct Answer

reflection

session hijacking
Refer to curriculum topic: 4.2.1
A smurf attack uses amplification and reflection techniques to overwhelm a
targeted host. The threat actor forwards ICMP echo request messages that
contain the source IP address of the victim to a large number of hosts. These hosts
all reply to the spoofed IP address of the victim with the intent of overwhelming
it.

Question 12
2 / 2 pts
Which customized IEEE 802.15.4 wireless topology can contain a large amount of
full function devices and a small amount of reduced function devices?

star

mesh

Correct!

cluster-tree

hub-and-spoke

Refer to curriculum topic: 4.1.2

The cluster-tree topology contains mainly full function devices (FFDs). Any of
these FFDs can act as a coordinator and provide synchronization services to
other devices and coordinators. A reduced function device (RFD) may connect to
a cluster-tree network as a leaf node at the end of a branch.

Question 13
2 / 2 pts
Why would an engineer only use very short-range radios to allow sensor data to
travel from node to node until the data reaches the IoT gateway?

increased bandwidth

Correct!

power constraints
channel requirements

high availability

Refer to curriculum topic: 4.1.1

IoT devices may have power constraints that may only permit the use of very
short-range radios. IoT wireless protocols may use a topology that allows sensor
data to travel from node to node until the data reaches the gateway.

Question 14
0 / 2 pts
Which IoT wireless option is commonly used by devices that require a low power
wide-area network connection and do not use a fixed power supply?

thread

Correct Answer

LoRaWAN

You Answered

ZigBee

cellular

Refer to curriculum topic: 4.1.2

LoRaWAN is a specification for low power wide-area network connection. Unlike
cellular, LoRaWAN devices do not require a fixed power supply.

Question 15
0 / 2 pts
Which two types of attacks are typically carried out by using ICMP messages?
(Choose two.)

relaying spam
Correct Answer

DoS

opening back doors

Correct!

reconnaissance

You Answered

password gathering

Refer to curriculum topic: 4.2.1

Threat actors use ICMP messages for reconnaissance and scanning attacks. ICMP
messages are also used by threat actors to launch DoS attacks.

Question 1
2 / 2 pts
Which type of IoT wireless deployment would allow smart objects to be deployed
over a very large area?

star topology

Correct!

mesh topology

IP capable topology

hub-and-spoke topology

Refer to curriculum topic: 4.1.1

The wireless mesh topology allows smart objects to connect with other smart
objects to eventually reach an IoT gateway. This allows the smart objects to be
deployed over a much larger area than would otherwise be possible if each node
were required to communicate directly with the IoT gateway.
Question 2
2 / 2 pts
Which attack commonly includes the use of botnet and handler systems?
Correct!

DDoS attack

DoS attack

ICMP attack

address spoofing attack

Refer to curriculum topic: 4.2.1

A DDoS attack is similar in intent to a DoS attack, except that a DDoS attack is
larger because it originates from multiple and coordinated sources. DDoS attacks
commonly include a botnet, handler systems, and zombie computers.

Question 3
2 / 2 pts
Which two techniques are used in a smurf attack? (Choose two.)
Correct!

reflection

Correct!

amplification

resource exhaustion

session hijacking
botnets

Refer to curriculum topic: 4.2.1

A smurf attack uses amplification and reflection techniques to overwhelm a
targeted host. The threat actor forwards ICMP echo request messages that
contain the source IP address of the victim to a large number of hosts. These hosts
all reply to the spoofed IP address of the victim with the intent of overwhelming
it.

Question 4
2 / 2 pts
Which attack involves threat actors positioning themselves between a source and
destination with the intent of transparently monitoring, capturing, and controlling
the communication?
Correct!

man-in-the-middle attack

DoS attack

SYN flood attack

ICMP attack

Refer to curriculum topic: 4.2.1

The man-in-the-middle attack is a common IP-related attack where threat actors
position themselves between a source and destination to transparently monitor,
capture, and control the communication.

Question 5
0 / 2 pts
When does the level of trust and reliability of data change during communication
between IoT systems?
You Answered

when data is generated by a device inside a trusted network and stays within the
network
when data is generated by a device within a DMZ and stays within the DMZ

Correct Answer

when data is generated by a device inside a trusted network and travels to an

untrusted network

when data is generated by a device inside an untrusted network and stays in an

untrusted network

Refer to curriculum topic: 4.3.1

When referring to security, crossing a trust boundary means that the level of trust
and reliability of data has changed. As data moves from a trusted network to an
untrusted network, the security of the data changes.

Question 6
2 / 2 pts
Why would an engineer only use very short-range radios to allow sensor data to
travel from node to node until the data reaches the IoT gateway?

high availability

channel requirements

increased bandwidth

Correct!

power constraints

Refer to curriculum topic: 4.1.1

IoT devices may have power constraints that may only permit the use of very
short-range radios. IoT wireless protocols may use a topology that allows sensor
data to travel from node to node until the data reaches the gateway.
Question 7
2 / 2 pts
What are two of the most common wireless technologies used in home
automation and home security applications? (Choose two.)
Correct!

Wi-Fi

Correct!

Bluetooth

IEEE 802.15.4

near field communication

cellular

Refer to curriculum topic: 4.1.2

Bluetooth and Wi-Fi both use radio waves to transmit data and are commonly
used in IoT home applications. Bluetooth is used in wireless personal-area
networks and Wi-Fi is used in wireless local-area networks.

Question 8
2 / 2 pts
Which two types of attacks are typically carried out by using ICMP messages?
(Choose two.)
Correct!

reconnaissance

opening back doors

password gathering
Correct!

DoS

relaying spam

Refer to curriculum topic: 4.2.1

Threat actors use ICMP messages for reconnaissance and scanning attacks. ICMP
messages are also used by threat actors to launch DoS attacks.

Question 9
2 / 2 pts
Which devices scan and infect more targets during the process of a DDoS attack?
Correct!

zombies

CnC servers

botmasters

web servers

Refer to curriculum topic: 4.2.1

In DDoS attack scenarios, zombies, or infected hosts, continue to scan and infect
targets with the intent of creating more zombies. The command-and-control
(CnC) server communicates with zombies using a covert channel. When ready,
the threat actor (botmaster) uses the CnC servers to instruct the botnet of
zombies to launch a DDoS attack on a specific target.

Question 10
2 / 2 pts
Which two OWASP communication layer vulnerabilities should be researched
when securing the IoT device network services attack surface? (Choose two.)

XBee
Correct!

vulnerable UDP services

Zigbee

non-standard protocols

Correct!

information disclosure

Refer to curriculum topic: 4.1.1

When the IoT device network services attack surface is being secured, the
following vulnerabilities should be taken into account:

 Information disclosure
 Injection
 Denial of service
 Unencrypted services
 Poorly implemented encryption
 Test/development services
 Vulnerable UDP services
 Replay attack
 Lack of payload verification
 Lack of message integrity check

Question 11
2 / 2 pts
Which basic security service protects against alteration of data while it is in
transit?

access control

Correct!

message integrity
message confidentiality

replay protection

Refer to curriculum topic: 4.1.2

802.15.4 operates at the OSI physical and data link layers. There are four basic
security services performed at the data link layer:
• Access control - prevents unauthorized devices from joining the network
• Message integrity - protects against alteration of data while it is in transit
• Message confidentiality - prevents threat actors from reading the transmitted
data
• Replay protection - prevents threat actors from successfully capturing
legitimate messages and sending them out on the network at a later time

Question 12
0 / 2 pts
Which type of IoT wireless network would interconnect audio devices and smart
watches to a cell phone that serves as an IoT gateway?
You Answered

wireless field-area network

wireless home-area network

wireless body-area network

Correct Answer

wireless personal-area network

Refer to curriculum topic: 4.1.1

The wireless personal-area network commonly uses Bluetooth to interconnect
personal fitness trackers, smart watches, and audio devices to a cell phone that
serves as an IoT gateway.

Question 13
0 / 2 pts
A threat actor uses a program to launch an attack by sending a flood of UDP
packets to a server on the network. The program sweeps through all of the known
ports trying to find closed ports. It causes the server to reply with an ICMP port
unreachable message and is similar to a DoS attack. Which two programs could be
used by the threat actor to launch the attack? (Choose two.)

ping

Correct Answer

Low Orbit Ion Cannon

Correct!

UDP Unicorn

You Answered

Smurf

WireShark

Refer to curriculum topic: 4.2.2

A threat actor can use a tool like UDP Unicorn or Low Orbit Ion Cannon to send a
flood of UDP packets to launch a UDP flood attack that causes all the resources
on a network to become consumed. These types of programs will sweep through
all the known ports trying to find closed ports. This causes the server to reply with
an ICMP port unreachable message. Because of the many closed ports on the
server, there is so much traffic on the segment that almost all the bandwidth gets
used. The end result is very similar to a DoS attack.

Question 14
0 / 2 pts
Which two application layer protocols use UDP? (Choose two.)

HTTPS

Correct!

DHCP
You Answered

HTTP

Correct Answer

TFTP

FTP

Refer to curriculum topic: 4.2.2

Application layer protocols TFTP and DHCP use UDP as the transport layer
protocol. HTTP, HTTPS, and FTP use TCP as the transport layer protocol.

Question 15
2 / 2 pts
In which type of scenario would an IoT gateway not be required to convert traffic
to Wi-Fi or wired ethernet?

when smart objects forward data within a mesh network

Correct!

when smart objects forward data using TCP/IP protocols

when smart objects forward data within a hub-and-spoke topology

when smart objects forward data within a star topology

Refer to curriculum topic: 4.1.1

Smart objects and things can communicate directly with the cloud or data center
(IP capable) if they have their own IPv6 protocol stacks and messaging protocols.
Being IP capable allows the things to send through the IP network without
requiring translation into IP by an IoT gateway.