Matt Walker End of Chapter 8 Flashcards
1.Which of the following is the best choice for performing a Bluebugging attack?
A. PhoneSnoop
B. BBProxy
C. btCrawler
D. Blooover
1.
D. Blooover is designed for Bluebugging. BBProxy and PhoneSnoop are both Blackberry tools, and btCrawler is a discovery option.
2.Operations promotes the use of mobile devices in the enterprise. Security disagrees, noting multiple risks involved in adding mobile devices to the network. Which of the following actions provides some protections against the risks security is concerned about?
A. Implement WPA.
B. Add MAC filtering to all WAPs.
C. Implement MDM.
D.Ensure all WAPs are from a single vendor.
2.
C. Mobile Device Management won’t mitigate all the risks associated with unending use of mobile devices on your network—but at least it’s something.
3.You wish to gain administrative privileges over your Android device. Which of the following tools is the best option for rooting the device?
A. Pangu
B. SuperOneClick
C. Cydia
D. evasi0n7
3.
B. SuperOneClick is designed for rooting Android. The others are jailbreaking iOS options.
4.Which of the following jailbreaking techniques will leave the phone in a jailbroken state even after a reboot?
A. Tethered
B. Untethered
C. Semi-tethered
D. Rooted
4.
B. If untethered jailbreaking has been performed, the device is in a jailbroken state forever, with or without connection to another device.
5.A mobile device communication session using SSL fails, and data is available for viewing by an attacker. Which OWASP Top 10 Mobile Vulnerability category has been made available for exploit?
A. M3 – Insecure Communication
B. M4 – Insufficient Authentication
C. M5 – Insufficient Cryptography
D. M10 – Extraneous Functionality
5.
A. Even though SSL refers to cryptography in communications, almost every time you see SSL or TLS, M3 is your answer.
6.Which of the following is an iOS jailbreaking type that cannot be patched by Apple, as the failure is within the hardware itself, and provides admin-level access after successful completion?
A. iBoot
B. Userland
C. Untethered
D. BootROM
6.
D. BootROM deals with hardware and provides admin privileges. The remaining answers either don’t provide admin access, have patch availability, or, in the case of untethered, aren’t applicable.
7.Which IoT communication model makes use of a component adding a collective before sending data to the cloud, which adds a measure of security control to the application?
A. Device to device
B. Device to cloud
C. Device to gateway
D. Device to security
7.
C. The IoT gateway provides a collective area that allows for at least some measure of security controls.
8.Which OWASP Top 10 IoT Vulnerability category deals with poorly protected passwords?
A. I1 – Insecure Web Interface
B. I2 – Insufficient Authentication/Authorization
C. I8 – Insufficient Security Configurability
D. I9 – Insecure Software/Firmware
8.
B. I2 – Insufficient Authentication is the clear answer here.
9.An attacker leverages a vulnerability within Bluetooth on an IoT device and successfully shuts down the air conditioning to the data center floor. Which of the following best describes the attack type used?
A. HVAC
B. BlueAir
C. Rolling code
D. BlueBorne
9.
A. An HVAC IoT device attack is exactly what’s being described here. Rolling code isn’t applicable, BlueBorne isn’t the best choice, and BlueAir doesn’t exist.
10.In which phase of the IoT hacking methodology would the Shodan search engine most likely be used?
A. Vulnerability scanning
B. Information gathering
C. Launching attacks
D. Gaining access
10.
B. Shodan is, after all, a search engine. While it may be useful in other areas, it’s clearly an information-gathering tool.
11.Which of the following tools is the best choice for sniffing IoT traffic?
A. Firmalyzer
B. beSTORM
C. Foren6
D. Shodan
11.
C. Foren6 is the only IoT traffic sniffer listed.
