Bluetooth & Zigbee Security - Wireless Protocol Threats

1. What type of attack exploits the pairing process in Bluetooth to gain unauthorized access?

A) BlueSnarfing
B) BlueBugging
C) BlueJacking
D) Evil Twin

✅ Answer: B) BlueBugging
📖 Explanation: BlueBugging exploits vulnerabilities in the Bluetooth pairing process, allowing an attacker to remotely access a device, send messages, or eavesdrop on conversations.

2. Which Zigbee security mode provides the highest level of security?

A) Standard Security Mode
B) High-Security Mode
C) Commercial Security Mode
D) Centralized Security Mode

✅ Answer: D) Centralized Security Mode
📖 Explanation: Zigbee Centralized Security Mode enforces strict authentication and encryption policies through a trusted centralized coordinator, ensuring better security.

3. What is the primary encryption algorithm used in Bluetooth Secure Simple Pairing (SSP)?

A) AES-128
B) RSA-2048
C) ECDH (Elliptic Curve Diffie-Hellman)
D) Blowfish

✅ Answer: C) ECDH (Elliptic Curve Diffie-Hellman)
📖 Explanation: SSP in Bluetooth uses ECDH for secure key exchange, making it resistant to passive eavesdropping and MITM attacks.

4. What vulnerability allows attackers to eavesdrop on Bluetooth communications?

A) BlueBorne
B) BlueSnarfing
C) BlueJacking
D) ZigBee Rebinding

✅ Answer: A) BlueBorne
📖 Explanation: BlueBorne is a Bluetooth vulnerability that allows remote code execution and eavesdropping on devices without requiring pairing.

5. In Zigbee networks, what type of attack involves injecting malicious packets to disrupt network communication?

A) Jamming Attack
B) Evil Twin Attack
C) BlueJacking
D) Replay Attack

✅ Answer: A) Jamming Attack
📖 Explanation: Jamming attacks interfere with Zigbee’s wireless signals, making communication unreliable or completely blocking data transmission.

6. Which of the following is a Bluetooth authentication vulnerability where devices can be forced to pair without user consent?

A) BlueSnarfing
B) BlueBugging
C) KNOB (Key Negotiation of Bluetooth)
D) MITM Injection

✅ Answer: C) KNOB (Key Negotiation of Bluetooth)
📖 Explanation: The KNOB attack forces Bluetooth devices to downgrade their encryption key strength, making them vulnerable to decryption.

7. What security mechanism does Zigbee use for encryption?

A) AES-128
B) RSA-2048
C) DES
D) Blowfish

✅ Answer: A) AES-128
📖 Explanation: Zigbee uses AES-128 encryption to protect data, but improper key management can still make the network vulnerable.

8. What type of attack involves sending unsolicited messages over Bluetooth to a victim’s device?

A) BlueJacking
B) BlueSnarfing
C) Evil Twin Attack
D) Key Exchange Spoofing

✅ Answer: A) BlueJacking
📖 Explanation: BlueJacking is the act of sending spam messages to nearby Bluetooth devices, typically without harmful intent.

9. How does an attacker perform a “Zigbee Rebinding” attack?

A) By jamming Zigbee signals
B) By forcing a device to rejoin a rogue network
C) By modifying the encryption key exchange process
D) By injecting malware into Zigbee-enabled devices

✅ Answer: B) By forcing a device to rejoin a rogue network
📖 Explanation: Zigbee Rebinding forces devices to connect to an attacker-controlled network by impersonating a trusted controller.

10. What is the default security flaw in many Zigbee devices?

A) Weak AES-128 keys
B) Hardcoded encryption keys
C) No encryption in place
D) Open authentication

✅ Answer: B) Hardcoded encryption keys
📖 Explanation: Many Zigbee devices use hardcoded encryption keys, making them vulnerable to key extraction and replay attacks.

11. Which attack targets Bluetooth’s legacy PIN-based authentication?

A) Brute Force Attack
B) BlueSnarfing
C) BlueSmacking
D) MITM Attack

✅ Answer: A) Brute Force Attack
📖 Explanation: Since older Bluetooth devices use short PINs, attackers can brute-force them to gain unauthorized access.

12. Which type of Bluetooth vulnerability enables full control over a victim’s device?

A) BlueBorne
B) BlueSnarfing
C) BlueBugging
D) BlueJacking

✅ Answer: C) BlueBugging
📖 Explanation: BlueBugging allows attackers to gain remote control over a victim’s phone, including making calls and sending messages.

13. What is the primary frequency range of Zigbee networks?

A) 2.4 GHz
B) 5 GHz
C) 900 MHz
D) 6 GHz

✅ Answer: A) 2.4 GHz
📖 Explanation: Zigbee operates mainly on 2.4 GHz, making it vulnerable to Wi-Fi interference and jamming attacks.

14. What is a major risk of using Bluetooth in public areas?

A) Open pairing requests
B) High data transfer speeds
C) Insecure data storage
D) MAC address spoofing

✅ Answer: A) Open pairing requests
📖 Explanation: Open Bluetooth pairing can lead to unauthorized connections, BlueJacking, and MITM attacks in public areas.

15. How does an Evil Twin Attack compromise Zigbee networks?

A) By creating a fake Zigbee coordinator
B) By eavesdropping on encrypted traffic
C) By injecting malicious code
D) By brute-forcing network keys

✅ Answer: A) By creating a fake Zigbee coordinator
📖 Explanation: Evil Twin Attacks involve setting up fake coordinators to capture traffic and inject false commands.

16. What attack method forces Bluetooth devices to reauthenticate repeatedly?

A) Pairing Bypass Attack
B) Bluetooth Battery Drain Attack
C) BlueBugging
D) Key Injection

✅ Answer: B) Bluetooth Battery Drain Attack
📖 Explanation: Attackers can force continuous reauthentication, leading to battery exhaustion in Bluetooth devices.

17. How can Bluetooth users mitigate BlueSnarfing attacks?

A) Enable device visibility
B) Disable Bluetooth when not in use
C) Use an open pairing mode
D) Connect to all available Bluetooth devices

✅ Answer: B) Disable Bluetooth when not in use
📖 Explanation: Disabling Bluetooth when not in use prevents unauthorized pairing and data theft.

18. Which Bluetooth security feature prevents unauthorized eavesdropping?

A) Frequency hopping
B) Open authentication
C) Default PIN-based security
D) Hardcoded encryption

✅ Answer: A) Frequency hopping
📖 Explanation: Bluetooth uses Adaptive Frequency Hopping (AFH) to prevent MITM attacks and eavesdropping.

19. What type of attack exploits Bluetooth vulnerabilities to install malware or spyware on a device?

A) BlueJacking
B) BlueSnarfing
C) Bluesploit
D) BlueBorne

✅ Answer: D) BlueBorne
📖 Explanation: BlueBorne allows attackers to gain full control over Bluetooth-enabled devices by exploiting unpatched vulnerabilities, often leading to remote code execution.

20. In Zigbee networks, what is the primary risk of using the default trust center key?

A) Increased power consumption
B) Susceptibility to deauthentication attacks
C) Unauthorized network access
D) RF interference

✅ Answer: C) Unauthorized network access
📖 Explanation: Zigbee devices often use a default Trust Center Link Key, which, if not changed, allows attackers to easily join and control the network.

21. Which Bluetooth attack involves brute-forcing a Bluetooth device’s MAC address to establish a connection?

A) Bluetooth Spoofing
B) Bluetooth Sniffing
C) MAC Address Guessing Attack
D) BlueJacking

✅ Answer: C) MAC Address Guessing Attack
📖 Explanation: Some Bluetooth devices allow pairing based on MAC addresses, making them susceptible to brute-force MAC address guessing.

22. What is the main vulnerability of Zigbee’s Over-the-Air (OTA) firmware update process?

A) Unauthenticated updates
B) Low-power consumption
C) Fast data transmission
D) No encryption

✅ Answer: A) Unauthenticated updates
📖 Explanation: Zigbee OTA updates are sometimes not properly authenticated, allowing attackers to inject malicious firmware.

23. What Bluetooth attack takes advantage of weak encryption key negotiations?

A) BlueBorne
B) BlueSnarfing
C) KNOB Attack
D) BlueBugging

✅ Answer: C) KNOB Attack
📖 Explanation: KNOB (Key Negotiation of Bluetooth) Attack forces Bluetooth devices to downgrade encryption keys, making them easier to crack.

24. In Zigbee networks, how can an attacker perform a “replay attack”?

A) By intercepting and resending authentication packets
B) By jamming the network
C) By launching brute-force attacks
D) By deactivating AES encryption

✅ Answer: A) By intercepting and resending authentication packets
📖 Explanation: Zigbee is vulnerable to replay attacks if nonce values are reused, allowing attackers to resend old packets to gain access.

25. What is a Bluetooth Pairing Spoofing Attack**?

A) An attacker impersonates a trusted device during pairing
B) A denial-of-service attack on Bluetooth signals
C) Exploiting Bluetooth protocol flaws to alter data
D) Encrypting Bluetooth data with weak keys

✅ Answer: A) An attacker impersonates a trusted device during pairing
📖 Explanation: Pairing Spoofing occurs when an attacker pretends to be a legitimate device and tricks users into pairing with a rogue device.

26. What security measure can prevent BlueSnarfing?

A) Enabling device visibility
B) Using a weak PIN
C) Keeping Bluetooth in hidden mode
D) Accepting all Bluetooth pairing requests

✅ Answer: C) Keeping Bluetooth in hidden mode
📖 Explanation: BlueSnarfing relies on discovering devices. Setting Bluetooth to hidden mode reduces the attack surface.

27. What is the primary goal of a Bluetooth Impersonation Attack (BIAS)?

A) Deny Bluetooth access to other users
B) Eavesdrop on Bluetooth communications
C) Downgrade Bluetooth encryption strength
D) Bypass authentication and re-establish a connection as a trusted device

✅ Answer: D) Bypass authentication and re-establish a connection as a trusted device
📖 Explanation: BIAS (Bluetooth Impersonation AttackS) allow attackers to bypass authentication and connect as a previously paired trusted device.

28. How does an Evil Twin Attack compromise Bluetooth security?

A) It tricks devices into connecting to a rogue Bluetooth access point
B) It floods Bluetooth devices with connection requests
C) It exploits vulnerabilities in Bluetooth file transfer protocols
D) It disables Bluetooth encryption

✅ Answer: A) It tricks devices into connecting to a rogue Bluetooth access point
📖 Explanation: Evil Twin Attacks involve setting up a fake Bluetooth access point, which unsuspecting users connect to, leading to data interception.

29. What is a Zigbee Beacon Spoofing Attack?

A) Sending fake beacons to disrupt network operations
B) Flooding the network with authentication requests
C) Jamming Zigbee signals
D) Exploiting firmware vulnerabilities

✅ Answer: A) Sending fake beacons to disrupt network operations
📖 Explanation: Attackers can spoof Zigbee beacons, tricking devices into believing they are connected to a legitimate network.

30. How does a Bluetooth Long-Term Key (LTK) attack work?

A) By cracking encryption keys stored on a device
B) By intercepting and modifying Bluetooth signals
C) By exploiting firmware vulnerabilities
D) By injecting malware into Bluetooth devices

✅ Answer: A) By cracking encryption keys stored on a device
📖 Explanation: Attackers target the Long-Term Key (LTK) used in Bluetooth’s LE Secure Connections, enabling decryption of encrypted data.

31. Which Bluetooth vulnerability affects older devices using simple pairing?

A) CVE-2017-1000250
B) CVE-2018-5383
C) CVE-2020-0022
D) CVE-2019-12345

✅ Answer: B) CVE-2018-5383
📖 Explanation: This CVE exposes a weakness in Bluetooth Secure Simple Pairing (SSP), making it vulnerable to MITM attacks.

32. What’s the best way to secure Zigbee networks against unauthorized access?

A) Use strong network keys and enable device authentication
B) Keep Zigbee devices on an open network
C) Disable encryption
D) Rely on factory default settings

✅ Answer: A) Use strong network keys and enable device authentication
📖 Explanation: Strong encryption keys and authentication prevent unauthorized devices from joining the Zigbee network.

33. What is a Bluetooth Whitelist?

A) A list of trusted devices allowed to connect
B) A list of devices blocked from connecting
C) A record of past Bluetooth attacks
D) A feature to boost Bluetooth signal strength

✅ Answer: A) A list of trusted devices allowed to connect
📖 Explanation: Bluetooth Whitelisting allows only approved devices to pair, reducing the risk of unauthorized connections.

34. What is the primary weakness of Bluetooth Low Energy (BLE) authentication?

A) It uses weak passwords
B) It lacks encryption
C) It does not authenticate devices during advertisement scanning
D) It allows multiple concurrent connections

✅ Answer: C) It does not authenticate devices during advertisement scanning
📖 Explanation: BLE devices often trust advertisement packets without authentication, making them vulnerable to spoofing attacks.

35. How can an attacker exploit a Bluetooth device using an “HCI fuzzing” attack?

A) By sending malformed Bluetooth packets to crash the device
B) By brute-forcing the encryption key
C) By hijacking the pairing process
D) By intercepting Bluetooth signals

✅ Answer: A) By sending malformed Bluetooth packets to crash the device
📖 Explanation: HCI fuzzing involves sending corrupt or malformed packets to a device’s Host Controller Interface (HCI), potentially causing crashes or exploits.

36. What is the main security concern with using Zigbee for smart home devices?

A) High power consumption
B) Limited range
C) Vulnerability to key extraction attacks
D) Complex installation

✅ Answer: C) Vulnerability to key extraction attacks
📖 Explanation: Zigbee devices often store encryption keys insecurely, making them susceptible to key extraction attacks, leading to unauthorized access.

37. What type of Bluetooth attack allows an attacker to decrypt and forge messages by predicting encryption keys?

A) Key Injection Attack
B) Cipher Block Chaining Attack
C) Crackle Attack
D) Replay Attack

✅ Answer: C) Crackle Attack
📖 Explanation: Crackle Attack targets legacy Bluetooth encryption, predicting random number seeds to break encryption.

38. What attack takes advantage of the lack of replay protection in Zigbee security?

A) MITM Attack
B) Zigbee Rebinding Attack
C) Replay Attack
D) BlueBorne Attack

✅ Answer: C) Replay Attack
📖 Explanation: Replay Attacks occur when an attacker captures Zigbee packets and replays them to falsely authenticate a device.

39. How does a Bluetooth “Denial-of-Service” (DoS) attack work?

A) By overloading a device with pairing requests
B) By injecting malware into Bluetooth firmware
C) By spoofing a trusted Bluetooth device
D) By modifying Bluetooth’s MAC address

✅ Answer: A) By overloading a device with pairing requests
📖 Explanation: Attackers can repeatedly send bogus pairing requests or malformed packets, causing Bluetooth devices to crash or become unresponsive.

40. What Bluetooth feature helps mitigate MITM attacks?

A) Just Works pairing mode
B) Out-of-Band (OOB) pairing
C) Default PIN authentication
D) Open mode connection

✅ Answer: B) Out-of-Band (OOB) pairing
📖 Explanation: OOB pairing uses external communication channels (e.g., NFC or QR codes) to prevent MITM attacks during pairing.

41. How can attackers exploit Zigbee key transport vulnerabilities?

A) By sniffing encryption keys over-the-air
B) By jamming Zigbee signals
C) By modifying Zigbee beacon frames
D) By brute-forcing Zigbee commands

✅ Answer: A) By sniffing encryption keys over-the-air
📖 Explanation: If encryption keys are transmitted in plaintext, attackers can capture and reuse them to join Zigbee networks.

42. What type of Bluetooth attack is performed by brute-forcing link keys?

A) BlueDump Attack
B) BlueSmacking Attack
C) Bluetooth Hijacking
D) Pairing Downgrade Attack

✅ Answer: A) BlueDump Attack
📖 Explanation: The BlueDump Attack involves brute-forcing Bluetooth link keys, allowing attackers to decrypt Bluetooth traffic.

43. Which protocol is commonly targeted in Zigbee spoofing attacks?

A) Network Layer
B) Application Layer
C) MAC Layer
D) Transport Layer

✅ Answer: C) MAC Layer
📖 Explanation: Attackers can spoof MAC addresses of Zigbee devices to gain unauthorized access and impersonate trusted devices.

44. What Bluetooth security mechanism helps prevent unauthorized connections?

A) LE Secure Connections
B) Just Works pairing
C) Default passkey pairing
D) Open authentication

✅ Answer: A) LE Secure Connections
📖 Explanation: LE Secure Connections uses Elliptic Curve Diffie-Hellman (ECDH) for strong encryption, reducing risks of MITM attacks.

45. What type of attack exploits Bluetooth “L2CAP fragmentation”?

A) Buffer Overflow Attack
B) Key Exchange Attack
C) Packet Sniffing Attack
D) Firmware Injection

✅ Answer: A) Buffer Overflow Attack
📖 Explanation: L2CAP fragmentation can be abused to cause buffer overflows, potentially allowing remote code execution.

46. What is the primary purpose of the Trust Center in a Zigbee network?

A) Manages encryption and authentication
B) Controls power consumption
C) Optimizes bandwidth usage
D) Increases Zigbee device range

✅ Answer: A) Manages encryption and authentication
📖 Explanation: The Zigbee Trust Center is responsible for key management, authentication, and encryption to secure the network.

47. Which Bluetooth attack involves modifying data while in transit?

A) Relay Attack
B) MITM Attack
C) Jamming Attack
D) BlueJacking

✅ Answer: B) MITM Attack
📖 Explanation: MITM (Man-in-the-Middle) Attacks occur when an attacker intercepts and modifies Bluetooth communication without the user’s knowledge.

48. Why is Zigbee jamming difficult to detect?

A) It does not alter network traffic
B) It modifies encryption keys
C) It impersonates trusted devices
D) It hijacks network authentication

✅ Answer: A) It does not alter network traffic
📖 Explanation: Jamming floods the Zigbee frequency range with noise, making communication unreliable, but it does not modify network traffic.

49. What Bluetooth attack allows an attacker to control another device without authorization?

A) BlueSnarfing
B) BlueBugging
C) Evil Twin Attack
D) BlueJacking

✅ Answer: B) BlueBugging
📖 Explanation: BlueBugging enables attackers to gain remote control over Bluetooth devices, allowing them to send messages, make calls, or access files.

50. How can users mitigate Zigbee replay attacks?

A) Use nonces and sequence numbers
B) Disable encryption
C) Keep devices in pairing mode
D) Set devices to open-access mode

✅ Answer: A) Use nonces and sequence numbers
📖 Explanation: Nonces and sequence numbers ensure that old Zigbee packets cannot be replayed, preventing unauthorized access.

51. What is the primary risk of Bluetooth Classic (BR/EDR) when compared to Bluetooth Low Energy (BLE)?

A) Higher power consumption
B) Lack of encryption support
C) Vulnerable to BlueSnarfing
D) Only works in short-range environments

✅ Answer: C) Vulnerable to BlueSnarfing
📖 Explanation: Bluetooth Classic (BR/EDR) is more vulnerable to BlueSnarfing, an attack where unauthorized data can be retrieved from a device.

52. What makes Zigbee networks particularly vulnerable to key reuse attacks?

A) Devices often use pre-configured encryption keys
B) Zigbee lacks an encryption mechanism
C) Zigbee networks operate on public frequencies
D) Zigbee does not support authentication

✅ Answer: A) Devices often use pre-configured encryption keys
📖 Explanation: Some Zigbee implementations use default, pre-configured keys, which can be extracted and reused by attackers to infiltrate networks.

53. How does a Bluetooth “passive eavesdropping” attack work?

A) By capturing Bluetooth packets without actively engaging in communication
B) By brute-forcing device PIN codes
C) By injecting malicious Bluetooth commands
D) By launching a denial-of-service attack

✅ Answer: A) By capturing Bluetooth packets without actively engaging in communication
📖 Explanation: Passive eavesdropping occurs when an attacker silently listens to unencrypted Bluetooth traffic without modifying or injecting any packets.

54. What attack involves modifying Zigbee packets in transit?

A) BlueSmacking
B) MITM Attack
C) Evil Twin Attack
D) Zigbee Spoofing

✅ Answer: B) MITM Attack
📖 Explanation: A Man-in-the-Middle (MITM) Attack involves intercepting and modifying Zigbee traffic before it reaches its intended recipient.

55. Which Bluetooth security flaw allows attackers to force devices to pair without user interaction?

A) BlueSmacking
B) Bluetooth Impersonation Attack (BIAS)
C) L2CAP Injection
D) Replay Attack

✅ Answer: B) Bluetooth Impersonation Attack (BIAS)
📖 Explanation: BIAS allows attackers to bypass authentication and pair with Bluetooth devices as a previously trusted connection.

56. How can attackers perform a Zigbee beacon flood attack?

A) By sending a massive number of fake beacon frames
B) By forcing Zigbee devices to use weak encryption
C) By injecting malware into Zigbee firmware
D) By spoofing MAC addresses

✅ Answer: A) By sending a massive number of fake beacon frames
📖 Explanation: Beacon flood attacks overwhelm Zigbee networks with fake beacons, causing congestion and performance issues.

57. What is the best mitigation against Bluetooth MAC address tracking?

A) Using MAC address randomization
B) Disabling encryption
C) Keeping Bluetooth always on
D) Allowing open Bluetooth pairing

✅ Answer: A) Using MAC address randomization
📖 Explanation: Many modern devices use MAC address randomization to prevent tracking attacks over Bluetooth.

58. Why is Zigbee mesh networking a security risk?

A) Devices automatically trust new nodes
B) Zigbee does not support encryption
C) Zigbee mesh nodes cannot communicate with each other
D) Mesh networks prevent data transmission

✅ Answer: A) Devices automatically trust new nodes
📖 Explanation: In some Zigbee configurations, new nodes can be added to the network without strict authentication, making it vulnerable to unauthorized access.

59. How does a Bluetooth replay attack work?

A) By capturing and resending previously authenticated packets
B) By intercepting Bluetooth advertisements
C) By brute-forcing encryption keys
D) By modifying Bluetooth signal strength

✅ Answer: A) By capturing and resending previously authenticated packets
📖 Explanation: Replay attacks occur when an attacker replays captured authentication packets to establish unauthorized connections.

60. What is the main goal of a Bluetooth key negotiation attack?

A) To force a device to use a weaker encryption key
B) To completely disable Bluetooth functionality
C) To send malware to connected devices
D) To track Bluetooth MAC addresses

✅ Answer: A) To force a device to use a weaker encryption key
📖 Explanation: Some key negotiation attacks (such as KNOB) force Bluetooth devices to use a lower encryption key length, making it easier to crack.

61. What type of attack can disrupt Bluetooth devices by flooding them with connection requests?

A) BlueStumbling
B) BlueSmacking
C) Bluetooth Denial-of-Service (DoS)
D) Zigbee Packet Injection

✅ Answer: C) Bluetooth Denial-of-Service (DoS)
📖 Explanation: Attackers can flood a Bluetooth device with continuous pairing or connection requests, making it unusable.

62. Which attack exploits the “Just Works” pairing mode in Bluetooth?

A) MITM Attack
B) Evil Twin Attack
C) Bluesniff Attack
D) BlueBorne

✅ Answer: A) MITM Attack
📖 Explanation: Just Works pairing mode does not authenticate devices properly, making it vulnerable to MITM attacks.

63. What is the primary security risk of Zigbee devices with weak pre-shared keys?

A) They can be easily brute-forced
B) They consume more power
C) They cannot communicate over long distances
D) They require manual updates

✅ Answer: A) They can be easily brute-forced
📖 Explanation: Weak pre-shared keys in Zigbee devices can be brute-forced, allowing attackers to join the network.

64. How does an attacker exploit Bluetooth Pairing Mode Downgrade?

A) By forcing devices to pair using older, weaker security protocols
B) By jamming Bluetooth signals
C) By tracking Bluetooth device locations
D) By overloading the Bluetooth controller

✅ Answer: A) By forcing devices to pair using older, weaker security protocols
📖 Explanation: Downgrade attacks force devices to use older pairing methods, which are more vulnerable to brute-force attacks.

65. Which of the following is a Zigbee jamming mitigation technique?

A) Frequency hopping
B) Open-access authentication
C) Increasing the power output
D) Using factory default keys

✅ Answer: A) Frequency hopping
📖 Explanation: Frequency hopping helps mitigate jamming attacks by switching communication channels dynamically.

66. What is a major security flaw in Bluetooth Headsets?

A) Some allow unauthorized device pairing
B) They use excessive battery power
C) They operate on a limited range
D) They are not compatible with Zigbee

✅ Answer: A) Some allow unauthorized device pairing
📖 Explanation: Many Bluetooth headsets do not require user confirmation for pairing, allowing attackers to connect and eavesdrop.

67. What attack allows an attacker to modify Zigbee routing tables?

A) Zigbee Spoofing
B) BlueSmacking
C) Routing Manipulation Attack
D) MITM Attack

✅ Answer: C) Routing Manipulation Attack
📖 Explanation: In Routing Manipulation Attacks, attackers alter Zigbee routing tables to misroute packets or drop communication.

68. What type of attack allows an attacker to send malicious Zigbee commands to a victim’s device?

A) BlueJacking
B) Zigbee Command Injection
C) Bluetooth Spoofing
D) Key Exchange Manipulation

✅ Answer: B) Zigbee Command Injection
📖 Explanation: Command injection attacks allow attackers to send unauthorized Zigbee commands, potentially altering device behavior.

69. What is the biggest security flaw in Bluetooth Classic (BR/EDR) Secure Simple Pairing (SSP)?

A) It relies on weak PIN authentication
B) It does not use encryption
C) It is vulnerable to MITM attacks if Numeric Comparison is not used
D) It requires constant authentication

✅ Answer: C) It is vulnerable to MITM attacks if Numeric Comparison is not used
📖 Explanation: Bluetooth SSP can be vulnerable to MITM attacks if the Numeric Comparison method is not used, as other methods may not verify identities securely.

70. What Bluetooth vulnerability allows attackers to force a device to repeatedly authenticate, draining its battery?

A) Battery Exhaustion Attack
B) BlueBorne Attack
C) L2CAP Flood Attack
D) Key Negotiation Attack

✅ Answer: A) Battery Exhaustion Attack
📖 Explanation: Attackers can force a device to continuously authenticate or process excessive connection requests, leading to battery drain.

71. Why is Bluetooth Low Energy (BLE) more vulnerable to spoofing attacks?

A) It has a simpler authentication mechanism
B) It does not support encryption
C) It has limited range
D) It uses excessive power

✅ Answer: A) It has a simpler authentication mechanism
📖 Explanation: BLE uses simpler authentication, often relying on just works pairing, making it easier to spoof trusted devices.

72. How can Zigbee network key leaks be prevented?

A) Use key encryption during transmission
B) Keep devices in pairing mode
C) Disable encryption entirely
D) Store keys in plaintext

✅ Answer: A) Use key encryption during transmission
📖 Explanation: Encrypting Zigbee keys during transmission prevents attackers from sniffing and extracting keys from the air.

73. Which Bluetooth vulnerability allows attackers to inject malicious code through firmware updates?

A) Firmware Downgrade Attack
B) L2CAP Fragmentation Attack
C) Bluetooth Spoofing Attack
D) BlueSnarfing

✅ Answer: A) Firmware Downgrade Attack
📖 Explanation: Attackers downgrade firmware to a less secure version and then inject malicious code, compromising the device.

74. How does a Zigbee Frame Counter Attack work?

A) By resetting the frame counter to replay old packets
B) By modifying the encryption key
C) By overloading the Zigbee coordinator
D) By brute-forcing the MAC address

✅ Answer: A) By resetting the frame counter to replay old packets
📖 Explanation: Zigbee uses a frame counter to prevent replay attacks, but if reset, attackers can replay old authenticated packets.

75. What is a Bluetooth Stacking Attack?

A) Exploiting vulnerabilities in the Bluetooth stack
B) Overloading Bluetooth devices with data
C) Downgrading encryption keys
D) Modifying pairing requests

✅ Answer: A) Exploiting vulnerabilities in the Bluetooth stack
📖 Explanation: Bluetooth stack exploits take advantage of bugs in the Bluetooth software stack, often leading to remote code execution.

76. Why is Zigbee frequently used in IoT devices despite security concerns?

A) It has a low power requirement and supports mesh networking
B) It is more secure than Wi-Fi
C) It does not require authentication
D) It is open to all device connections

✅ Answer: A) It has a low power requirement and supports mesh networking
📖 Explanation: Zigbee is energy-efficient and supports large mesh networks, making it ideal for IoT, despite security concerns.

77. What Bluetooth attack targets the L2CAP layer by flooding it with fragmented packets?

A) BlueSmacking
B) BlueSnarfing
C) BlueBorne
D) MAC Address Hijacking

✅ Answer: A) BlueSmacking
📖 Explanation: BlueSmacking is a Denial-of-Service (DoS) attack that floods the L2CAP layer with fragmented packets, crashing the device.

78. What is the risk of Zigbee devices using a default Trust Center Link Key?

A) Unauthorized devices can join the network
B) Higher power consumption
C) Limited range of communication
D) Increased latency

✅ Answer: A) Unauthorized devices can join the network
📖 Explanation: Many Zigbee devices use a default Trust Center Link Key, which attackers can extract and use to join the network without authorization.

79. How does a Bluetooth device scanning attack work?

A) Attackers collect device information using active scans
B) Attackers spoof Bluetooth pairing requests
C) Attackers jam Bluetooth connections
D) Attackers modify Bluetooth firmware

✅ Answer: A) Attackers collect device information using active scans
📖 Explanation: Attackers use Bluetooth scanning to discover device names, MAC addresses, and supported profiles, which can be used for further attacks.

80. What is the best defense against Zigbee jamming attacks?

A) Implementing frequency hopping
B) Using default security keys
C) Increasing signal strength
D) Allowing open connections

✅ Answer: A) Implementing frequency hopping
📖 Explanation: Frequency hopping helps mitigate jamming attacks by dynamically switching communication channels, making it harder for attackers to disrupt signals.

81. What is a major weakness of Bluetooth “Just Works” pairing mode?

A) It does not require user confirmation
B) It requires high power consumption
C) It does not support data encryption
D) It only works at close range

✅ Answer: A) It does not require user confirmation
📖 Explanation: Just Works pairing does not verify identities, making it vulnerable to MITM (Man-in-the-Middle) attacks.

82. What is the risk of Zigbee networks that rely on pre-configured encryption keys?

A) They can be brute-forced or extracted
B) They increase network congestion
C) They limit the number of connected devices
D) They consume excessive battery power

✅ Answer: A) They can be brute-forced or extracted
📖 Explanation: Pre-configured Zigbee keys are often stored insecurely, making them easy to extract and reuse by attackers.

83. Which type of Bluetooth attack exploits weak PIN authentication?

A) BlueSmacking
B) Bluetooth Brute-Force Attack
C) Replay Attack
D) Routing Manipulation Attack

✅ Answer: B) Bluetooth Brute-Force Attack
📖 Explanation: Attackers can brute-force weak PINs, allowing unauthorized access to Bluetooth connections.

84. How does a Zigbee identity spoofing attack work?

A) An attacker pretends to be a legitimate device
B) An attacker modifies the routing table
C) An attacker floods the network with beacon frames
D) An attacker disables encryption

✅ Answer: A) An attacker pretends to be a legitimate device
📖 Explanation: In identity spoofing, attackers impersonate trusted devices to gain access and inject malicious commands.

85. What is the Bluetooth “Session Hijacking” attack?

A) Stealing an ongoing Bluetooth connection
B) Flooding a device with pairing requests
C) Manipulating Bluetooth firmware
D) Downgrading Bluetooth encryption

✅ Answer: A) Stealing an ongoing Bluetooth connection
📖 Explanation: Session Hijacking allows an attacker to take over an active Bluetooth session, intercepting data or injecting commands.

86. What makes Zigbee networks vulnerable to “Replay Attacks”?

A) Lack of unique session tokens
B) Use of hardcoded encryption keys
C) No support for secure pairing
D) Slow data transmission rates

✅ Answer: A) Lack of unique session tokens
📖 Explanation: If a Zigbee device does not use unique session tokens (nonces), attackers can capture and replay old authentication packets.

87. What is a Bluetooth “MAC Cloning” attack?

A) Spoofing the MAC address of a trusted device
B) Jamming the MAC address of a Bluetooth device
C) Overloading a device with Bluetooth requests
D) Exploiting Bluetooth frequency hopping

✅ Answer: A) Spoofing the MAC address of a trusted device
📖 Explanation: Attackers can clone the MAC address of a trusted device to bypass security restrictions.

88. How can Zigbee devices be protected against unauthorized firmware updates?

A) Implementing cryptographic signing
B) Disabling over-the-air updates
C) Allowing all devices to update freely
D) Using factory default credentials

✅ Answer: A) Implementing cryptographic signing
📖 Explanation: Cryptographic signatures ensure that only authorized firmware updates can be installed, preventing malware injection.

89. What is the Bluetooth “HCI Command Injection” attack?

A) Exploiting vulnerabilities in the Host Controller Interface
B) Modifying Bluetooth advertising packets
C) Injecting rogue access points
D) Using frequency hopping to evade detection

✅ Answer: A) Exploiting vulnerabilities in the Host Controller Interface
📖 Explanation: HCI Command Injection exploits flaws in the Bluetooth stack, allowing attackers to execute unauthorized commands.

90. How do attackers perform a Zigbee “Beacon Spoofing” attack?

A) By sending fake beacons to trick devices into connecting
B) By jamming the Zigbee network
C) By reducing the signal strength of legitimate beacons
D) By injecting malicious scripts into Zigbee controllers

✅ Answer: A) By sending fake beacons to trick devices into connecting
📖 Explanation: Attackers send fake Zigbee beacons, tricking devices into connecting to rogue networks.

91. What is the best method to prevent Bluetooth pairing attacks?

A) Use passkey authentication or Numeric Comparison
B) Disable encryption
C) Keep Bluetooth always in discoverable mode
D) Accept all pairing requests

✅ Answer: A) Use passkey authentication or Numeric Comparison
📖 Explanation: Passkey authentication and Numeric Comparison ensure that both devices verify each other, reducing MITM risks.

92. What is a major flaw in Bluetooth’s legacy encryption methods?

A) They use short encryption keys
B) They require complex authentication
C) They do not support pairing
D) They use excessive battery power

✅ Answer: A) They use short encryption keys
📖 Explanation: Older Bluetooth encryption methods use short keys, making them easier to brute-force.

93. How can Zigbee mesh networks be secured?

A) Enforcing strict authentication and key rotation
B) Allowing open device pairing
C) Using factory default encryption keys
D) Relying on built-in security without updates

✅ Answer: A) Enforcing strict authentication and key rotation
📖 Explanation: Authentication and key rotation prevent unauthorized access and replay attacks in Zigbee networks.

94. What is a Bluetooth “Fingerprinting” attack?

A) Tracking devices based on unique Bluetooth signals
B) Modifying Bluetooth packets
C) Overloading devices with connection requests
D) Injecting rogue firmware updates

✅ Answer: A) Tracking devices based on unique Bluetooth signals
📖 Explanation: Attackers can fingerprint Bluetooth devices based on signal characteristics, even with MAC address randomization.

95. What is the main risk of using Bluetooth in public spaces?

A) BlueSnarfing and unauthorized data access
B) Higher power consumption
C) Increased latency
D) Bluetooth networks cannot function in public spaces

✅ Answer: A) BlueSnarfing and unauthorized data access
📖 Explanation: Public Bluetooth connections can be targeted for BlueSnarfing, MITM attacks, and unauthorized pairing.

96. How do attackers exploit Zigbee’s lack of authentication in some implementations?

A) By adding rogue devices to the network
B) By brute-forcing Zigbee encryption keys
C) By jamming all Zigbee signals
D) By modifying the Zigbee frequency

✅ Answer: A) By adding rogue devices to the network
📖 Explanation: Some Zigbee implementations do not require strict authentication, allowing attackers to join networks using rogue devices.

97. What makes Bluetooth pairing downgrade attacks effective?

A) Some devices accept weak pairing modes
B) Bluetooth always encrypts data
C) Only new devices are vulnerable
D) Pairing requests cannot be manipulated

✅ Answer: A) Some devices accept weak pairing modes
📖 Explanation: Some Bluetooth devices allow older, weaker pairing modes, making them vulnerable to downgrade attacks.

98. How can Zigbee firmware tampering be prevented?

A) Using secure boot and signed firmware
B) Allowing all firmware updates
C) Disabling network encryption
D) Using weak passwords

✅ Answer: A) Using secure boot and signed firmware
📖 Explanation: Secure boot and signed firmware ensure that only trusted updates can be installed on Zigbee devices.

99. What Bluetooth vulnerability allows attackers to inject arbitrary code via memory corruption?

A) BlueFrag
B) BlueJacking
C) BlueBorne
D) BlueSnarfing

✅ Answer: A) BlueFrag
📖 Explanation: BlueFrag is a memory corruption vulnerability that allows attackers to inject and execute arbitrary code on a Bluetooth-enabled device.

100. Which feature in Zigbee is designed to prevent unauthorized network access?

A) Trust Center Authentication
B) Open Node Association
C) MAC Address Whitelisting
D) Frequency Jamming

✅ Answer: A) Trust Center Authentication
📖 Explanation: Trust Center Authentication ensures that only authorized devices can join a Zigbee network.

101. What Bluetooth attack takes advantage of weak key exchange mechanisms?

A) Key Negotiation of Bluetooth (KNOB) Attack
B) Bluetooth MAC Spoofing
C) Bluetooth Signal Amplification Attack
D) Bluetooth Channel Interference

✅ Answer: A) Key Negotiation of Bluetooth (KNOB) Attack
📖 Explanation: KNOB attacks force Bluetooth devices to use weak encryption keys, making them vulnerable to brute-force attacks.

102. Why is Zigbee vulnerable to key reuse attacks?

A) Some manufacturers use default encryption keys
B) Zigbee does not support encryption
C) Zigbee keys are generated dynamically for each session
D) Zigbee uses RSA encryption

✅ Answer: A) Some manufacturers use default encryption keys
📖 Explanation: Many Zigbee devices use pre-configured encryption keys, making them susceptible to key reuse attacks.

103. What is the best way to prevent unauthorized Bluetooth connections?

A) Enable device visibility only when necessary
B) Keep Bluetooth always on
C) Accept all pairing requests
D) Use factory default PIN codes

✅ Answer: A) Enable device visibility only when necessary
📖 Explanation: Keeping Bluetooth hidden prevents unauthorized pairing attempts.

104. How does a Zigbee channel-hopping attack work?

A) An attacker continuously changes communication channels to avoid detection
B) An attacker brute-forces network keys
C) An attacker uses multiple antennas to amplify the Zigbee signal
D) An attacker disables encryption

✅ Answer: A) An attacker continuously changes communication channels to avoid detection
📖 Explanation: Channel-hopping attacks allow attackers to evade intrusion detection systems (IDS) by frequently changing channels.

105. What Bluetooth vulnerability allows attackers to bypass authentication and reconnect as a trusted device?

A) Bluetooth Impersonation AttackS (BIAS)
B) BlueBugging
C) Evil Twin Attack
D) MAC Address Brute-Forcing

✅ Answer: A) Bluetooth Impersonation AttackS (BIAS)
📖 Explanation: BIAS attacks allow attackers to bypass authentication and impersonate a previously paired device.

106. What is the primary risk of Zigbee’s “Open Trust Center” mode?

A) Any device can join the network without authentication
B) It increases power consumption
C) It prevents data transmission
D) It limits the number of connected devices

✅ Answer: A) Any device can join the network without authentication
📖 Explanation: In Open Trust Center mode, Zigbee networks do not verify devices, making them susceptible to unauthorized access.

107. How can attackers perform a Bluetooth “Packet Sniffing” attack?

A) By capturing unencrypted Bluetooth packets in transit
B) By jamming Bluetooth signals
C) By brute-forcing pairing requests
D) By injecting malicious firmware updates

✅ Answer: A) By capturing unencrypted Bluetooth packets in transit
📖 Explanation: Bluetooth packet sniffing allows attackers to capture and analyze unencrypted data sent over Bluetooth connections.

108. What security feature in Bluetooth LE prevents passive eavesdropping?

A) LE Secure Connections
B) Just Works pairing
C) Default PIN pairing
D) Open Authentication

✅ Answer: A) LE Secure Connections
📖 Explanation: LE Secure Connections uses Elliptic Curve Diffie-Hellman (ECDH) encryption, making passive eavesdropping attacks difficult.

109. How can Zigbee jamming attacks be mitigated?

A) Using frequency hopping techniques
B) Increasing the Zigbee power output
C) Disabling encryption
D) Allowing all devices to join the network

✅ Answer: A) Using frequency hopping techniques
📖 Explanation: Frequency hopping helps mitigate jamming attacks by dynamically switching communication channels.

110. What Bluetooth attack involves sending repeated service discovery requests to crash a device?

A) Bluetooth Service Discovery Flood (BTSDF) Attack
B) BlueBugging
C) BlueSmacking
D) MAC Address Hijacking

✅ Answer: A) Bluetooth Service Discovery Flood (BTSDF) Attack
📖 Explanation: Attackers send continuous service discovery requests, causing denial-of-service (DoS) on Bluetooth devices.

111. How can an attacker exploit Zigbee’s “Over-the-Air Key Transport” feature?

A) By intercepting encryption key transmissions
B) By brute-forcing the Zigbee MAC address
C) By increasing signal strength
D) By reducing power output

✅ Answer: A) By intercepting encryption key transmissions
📖 Explanation: If Zigbee keys are sent unencrypted, attackers can intercept and reuse them to gain access.

112. What is a Bluetooth “Sniff Mode Attack”?

A) Exploiting Bluetooth low-power modes to intercept data
B) Injecting rogue pairing requests
C) Overloading Bluetooth frequencies
D) Modifying Bluetooth encryption keys

✅ Answer: A) Exploiting Bluetooth low-power modes to intercept data
📖 Explanation: Sniff mode allows power-efficient communication, but attackers can use it to listen in on Bluetooth traffic.

113. Why is Zigbee’s “Distributed Security Mode” considered less secure?

A) It lacks centralized key management
B) It uses weaker encryption algorithms
C) It does not support mesh networking
D) It has a limited communication range

✅ Answer: A) It lacks centralized key management
📖 Explanation: Distributed Security Mode allows Zigbee devices to manage their own encryption keys, making the network more vulnerable to attacks.

114. How does a Bluetooth “Relay Attack” work?

A) By forwarding Bluetooth signals between two distant devices
B) By injecting rogue pairing requests
C) By modifying Bluetooth device firmware
D) By jamming Bluetooth signals

✅ Answer: A) By forwarding Bluetooth signals between two distant devices
📖 Explanation: In a relay attack, an attacker relays Bluetooth signals between two legitimate devices to trick them into communicating.

115. What is the primary risk of Bluetooth “LE Legacy Pairing”?

A) It uses a weak encryption method
B) It prevents device visibility
C) It only supports short-range communication
D) It disables authentication

✅ Answer: A) It uses a weak encryption method
📖 Explanation: LE Legacy Pairing uses Temporary Key (TK) encryption, which is susceptible to passive eavesdropping and MITM attacks.

116. What type of attack allows attackers to hijack a Zigbee network by injecting false routing information?

A) Routing Table Poisoning
B) Zigbee Replay Attack
C) MAC Address Spoofing
D) Frequency Jamming

✅ Answer: A) Routing Table Poisoning
📖 Explanation: Routing Table Poisoning allows an attacker to manipulate the Zigbee routing process, redirecting traffic to malicious nodes.

117. What is the main purpose of “Bluetooth Privacy Mode”?

A) To randomize the device’s MAC address
B) To disable pairing requests
C) To increase data transmission speed
D) To disable encryption

✅ Answer: A) To randomize the device’s MAC address
📖 Explanation: Bluetooth Privacy Mode randomizes the MAC address to prevent tracking and unauthorized identification.

118. How can attackers exploit Zigbee’s “Permit Joining” feature?

A) By continuously allowing unauthorized devices to connect
B) By forcing devices to deauthenticate
C) By modifying the signal frequency
D) By jamming the control channel

✅ Answer: A) By continuously allowing unauthorized devices to connect
📖 Explanation: If a Zigbee network is left in “Permit Joining” mode, attackers can easily add rogue devices to gain unauthorized access.

119. What attack targets the Bluetooth “Long-Term Key (LTK)” to decrypt encrypted sessions?

A) LTK Cracking Attack
B) BlueJacking
C) Key Exchange Manipulation
D) Bluetooth Eavesdropping

✅ Answer: A) LTK Cracking Attack
📖 Explanation: LTK Cracking involves breaking the Long-Term Key (LTK) to decrypt and manipulate encrypted Bluetooth traffic.

120. How can attackers manipulate Zigbee device states remotely?

A) By injecting malicious control commands
B) By brute-forcing the MAC address
C) By overloading the network with packets
D) By forcing Zigbee devices to downgrade their firmware

✅ Answer: A) By injecting malicious control commands
📖 Explanation: Attackers can inject unauthorized Zigbee commands to manipulate device states, such as turning off lights or unlocking doors.

121. What Bluetooth attack allows an attacker to block legitimate Bluetooth communications?

A) Bluetooth Jamming Attack
B) Evil Twin Attack
C) Bluetooth Fingerprinting Attack
D) Pairing Spoofing Attack

✅ Answer: A) Bluetooth Jamming Attack
📖 Explanation: Bluetooth jamming involves flooding the frequency with interference signals, making communication unstable or impossible.

122. What Zigbee feature can help prevent unauthorized device enrollment?

A) Pre-shared key authentication
B) Open Trust Center mode
C) Default passkey authentication
D) Allowing all devices to join the network

✅ Answer: A) Pre-shared key authentication
📖 Explanation: Pre-shared key authentication ensures that only devices with the correct key can join the network.

123. What is a Bluetooth “Backdoor Attack”?

A) Exploiting security flaws to gain persistent access to a device
B) Overloading Bluetooth connections with spam requests
C) Injecting rogue encryption keys
D) Disabling Bluetooth pairing

✅ Answer: A) Exploiting security flaws to gain persistent access to a device
📖 Explanation: Backdoor attacks allow attackers to maintain persistent access to a Bluetooth device without user consent.

124. How does a Zigbee “Replay Attack” work?

A) By capturing and resending previously recorded packets
B) By modifying the frequency hopping sequence
C) By injecting rogue authentication requests
D) By modifying the device’s encryption keys

✅ Answer: A) By capturing and resending previously recorded packets
📖 Explanation: Replay attacks involve capturing valid Zigbee packets and replaying them to execute unauthorized actions.

125. What Bluetooth attack exploits devices that automatically accept pairing requests?

A) Bluetooth Auto-Pairing Exploit
B) Key Injection Attack
C) BlueSmacking
D) Evil Twin Attack

✅ Answer: A) Bluetooth Auto-Pairing Exploit
📖 Explanation: Some Bluetooth devices automatically accept pairing requests, allowing attackers to connect without user confirmation.

126. How can Zigbee networks mitigate “Man-in-the-Middle” (MITM) attacks?

A) By enabling encrypted key exchange
B) By allowing open authentication
C) By using a static encryption key
D) By increasing transmission power

✅ Answer: A) By enabling encrypted key exchange
📖 Explanation: Encrypted key exchange prevents MITM attackers from intercepting and modifying Zigbee communication.

127. What is a Bluetooth “Pairing Downgrade Attack”?

A) Forcing devices to use weaker pairing protocols
B) Disabling Bluetooth authentication
C) Spoofing a trusted device during pairing
D) Injecting unauthorized firmware updates

✅ Answer: A) Forcing devices to use weaker pairing protocols
📖 Explanation: Downgrade attacks force devices to use older, less secure pairing methods, making them vulnerable to MITM attacks.

128. How can Zigbee network encryption be bypassed?

A) By exploiting default encryption keys
B) By increasing signal strength
C) By modifying network topology
D) By reducing power consumption

✅ Answer: A) By exploiting default encryption keys
📖 Explanation: Some Zigbee networks use default encryption keys, which attackers can extract and use to decrypt network traffic.

129. What is a Bluetooth “Phantom Device Attack”?

A) Creating a fake Bluetooth device to trick users into connecting
B) Overloading Bluetooth devices with malicious packets
C) Disrupting the Bluetooth pairing process
D) Downgrading Bluetooth security modes

✅ Answer: A) Creating a fake Bluetooth device to trick users into connecting
📖 Explanation: In a Phantom Device Attack, attackers set up a rogue Bluetooth device to trick users into pairing with a malicious entity.

130. How can users prevent unauthorized Bluetooth tracking?

A) Enable MAC address randomization
B) Keep Bluetooth always visible
C) Accept all pairing requests
D) Disable encryption

✅ Answer: A) Enable MAC address randomization
📖 Explanation: MAC address randomization prevents attackers from tracking Bluetooth devices using their unique identifiers.

131. What is the primary goal of a Bluetooth “Evil Twin” attack?

A) To set up a rogue Bluetooth device that mimics a trusted one
B) To flood Bluetooth signals with interference
C) To brute-force Bluetooth encryption keys
D) To downgrade Bluetooth security settings

✅ Answer: A) To set up a rogue Bluetooth device that mimics a trusted one
📖 Explanation: In an Evil Twin attack, attackers create fake Bluetooth devices to trick users into connecting, allowing data interception.

132. How does a Zigbee “MAC Spoofing” attack work?

A) Attackers change their MAC address to impersonate a trusted device
B) Attackers force devices to use weak encryption
C) Attackers inject rogue commands into the Zigbee network
D) Attackers disable encryption keys

✅ Answer: A) Attackers change their MAC address to impersonate a trusted device
📖 Explanation: In MAC Spoofing, attackers change their MAC address to appear as a trusted device, enabling unauthorized network access.

133. What is the best way to mitigate Bluetooth “Eavesdropping” attacks?

A) Use Bluetooth encryption
B) Keep Bluetooth in discoverable mode
C) Accept all pairing requests
D) Disable frequency hopping

✅ Answer: A) Use Bluetooth encryption
📖 Explanation: Enabling Bluetooth encryption ensures that data is transmitted securely, preventing attackers from intercepting communications.

134. How can attackers perform a “Zigbee Man-in-the-Middle” (MITM) attack?

A) By intercepting communication between Zigbee devices
B) By overloading the Zigbee coordinator with traffic
C) By using excessive transmission power
D) By reducing the Zigbee network range

✅ Answer: A) By intercepting communication between Zigbee devices
📖 Explanation: In a MITM attack, attackers intercept and manipulate Zigbee communications to gain unauthorized control.

135. What is the impact of a Bluetooth “Denial-of-Service” (DoS) attack?

A) It prevents Bluetooth devices from communicating
B) It extracts Bluetooth encryption keys
C) It allows attackers to eavesdrop on Bluetooth signals
D) It forces Bluetooth devices to pair with rogue networks

✅ Answer: A) It prevents Bluetooth devices from communicating
📖 Explanation: DoS attacks disrupt Bluetooth by flooding it with requests, causing devices to disconnect or become unresponsive.

136. How does a Zigbee “Beacon Flooding” attack affect networks?

A) It causes congestion by overwhelming the network with fake beacon frames
B) It forces Zigbee devices to switch frequency channels
C) It modifies the encryption keys of Zigbee devices
D) It blocks device firmware updates

✅ Answer: A) It causes congestion by overwhelming the network with fake beacon frames
📖 Explanation: Beacon flooding overwhelms Zigbee networks, causing delays, dropped connections, or denial-of-service.

137. What is a Bluetooth “Address Resolution Protocol (ARP) Poisoning” attack?

A) An attacker modifies ARP tables to redirect Bluetooth traffic
B) An attacker forces Bluetooth devices to use weaker encryption
C) An attacker brute-forces Bluetooth MAC addresses
D) An attacker blocks Bluetooth pairing requests

✅ Answer: A) An attacker modifies ARP tables to redirect Bluetooth traffic
📖 Explanation: ARP poisoning allows attackers to redirect traffic, enabling MITM attacks on Bluetooth devices.

138. How does a Zigbee “Channel Overlapping” attack work?

A) By causing interference with overlapping frequency bands
B) By forcing Zigbee devices to switch encryption keys
C) By disabling Zigbee mesh networking
D) By modifying device firmware remotely

✅ Answer: A) By causing interference with overlapping frequency bands
📖 Explanation: Zigbee operates in the 2.4GHz range, making it prone to interference from Wi-Fi and other wireless technologies.

139. What is a Bluetooth “Whisper Attack”?

A) An attacker sends hidden commands over Bluetooth Low Energy (BLE)
B) An attacker brute-forces Bluetooth passkeys
C) An attacker modifies Bluetooth device firmware
D) An attacker overloads the Bluetooth frequency

✅ Answer: A) An attacker sends hidden commands over Bluetooth Low Energy (BLE)
📖 Explanation: Whisper Attacks exploit BLE vulnerabilities to send unauthorized commands to connected devices.

140. How does a Zigbee “Trust Center Attack” work?

A) Attackers compromise the network’s trust center to gain full control
B) Attackers flood the network with pairing requests
C) Attackers modify the network’s encryption algorithm
D) Attackers inject false Zigbee beacons

✅ Answer: A) Attackers compromise the network’s trust center to gain full control
📖 Explanation: The Trust Center manages security keys, and if compromised, attackers can decrypt all Zigbee traffic and control devices.

141. What security feature in Bluetooth helps mitigate MITM attacks?

A) Out-of-Band (OOB) authentication
B) Keeping Bluetooth in discoverable mode
C) Accepting all pairing requests
D) Using a default PIN

✅ Answer: A) Out-of-Band (OOB) authentication
📖 Explanation: OOB authentication uses NFC or QR codes to securely exchange pairing keys, reducing MITM risks.

142. What is the primary function of a Zigbee “Coordinator”?

A) To manage network security and encryption
B) To amplify Zigbee signals
C) To prevent frequency jamming
D) To disable unauthorized devices

✅ Answer: A) To manage network security and encryption
📖 Explanation: The Zigbee Coordinator is responsible for network setup, security enforcement, and encryption key management.

143. What is a Bluetooth “Reconnaissance Attack”?

A) Collecting information about Bluetooth devices for further attacks
B) Blocking Bluetooth devices from communicating
C) Spoofing a trusted Bluetooth device
D) Modifying Bluetooth encryption settings

✅ Answer: A) Collecting information about Bluetooth devices for further attacks
📖 Explanation: Attackers scan for Bluetooth devices, gathering device names, MAC addresses, and supported services for future exploits.

144. How can attackers perform a Zigbee “Fake Device Injection” attack?

A) By adding rogue devices to the network without authentication
B) By brute-forcing encryption keys
C) By modifying the Zigbee routing table
D) By jamming Zigbee channels

✅ Answer: A) By adding rogue devices to the network without authentication
📖 Explanation: If authentication is weak, attackers can add fake Zigbee devices to manipulate network operations.

145. What is the best way to prevent unauthorized Bluetooth connections?

A) Use Bluetooth whitelisting
B) Disable all encryption
C) Keep Bluetooth always in discoverable mode
D) Accept all pairing requests

✅ Answer: A) Use Bluetooth whitelisting
📖 Explanation: Whitelisting Bluetooth devices ensures that only approved devices can connect.

146. What is the main risk of Bluetooth devices that use a static passkey for pairing?

A) They are vulnerable to brute-force attacks
B) They consume excessive power
C) They cannot connect to multiple devices
D) They do not support encryption

✅ Answer: A) They are vulnerable to brute-force attacks
📖 Explanation: Static passkeys make Bluetooth devices susceptible to brute-force attacks, allowing attackers to guess the pairing key.

147. What technique can be used to prevent Zigbee “Replay Attacks”?

A) Using unique sequence numbers for each packet
B) Disabling encryption
C) Allowing all devices to join the network
D) Using pre-configured static encryption keys

✅ Answer: A) Using unique sequence numbers for each packet
📖 Explanation: Unique sequence numbers (nonces) ensure that previously captured packets cannot be replayed by an attacker.

148. How does a Bluetooth “Device Cloning” attack work?

A) By duplicating a device’s MAC address and pretending to be the original
B) By jamming all Bluetooth connections in range
C) By forcing a device to downgrade its encryption settings
D) By sending excessive pairing requests to crash the device

✅ Answer: A) By duplicating a device’s MAC address and pretending to be the original
📖 Explanation: Device cloning involves copying a legitimate device’s MAC address to gain unauthorized access.

149. How do attackers exploit Zigbee “Device Binding” vulnerabilities?

A) By hijacking the communication link between two devices
B) By jamming all Zigbee signals
C) By brute-forcing the Zigbee encryption key
D) By modifying the Zigbee frequency channels

✅ Answer: A) By hijacking the communication link between two devices
📖 Explanation: Device Binding links Zigbee devices for automation; attackers can hijack these bindings to inject malicious commands.

150. What is the impact of a Bluetooth “Packet Injection” attack?

A) Attackers can insert malicious data into Bluetooth communication
B) Attackers can disable encryption permanently
C) Attackers can increase Bluetooth transmission speed
D) Attackers can force devices to overheat

✅ Answer: A) Attackers can insert malicious data into Bluetooth communication
📖 Explanation: Packet Injection allows attackers to insert commands or modify Bluetooth data in transit, leading to exploits.

151. How can Zigbee “Routing Attacks” affect the network?

A) They redirect traffic to malicious nodes
B) They decrease power consumption
C) They increase encryption strength
D) They limit the number of connected devices

✅ Answer: A) They redirect traffic to malicious nodes
📖 Explanation: Attackers manipulate Zigbee routing to reroute traffic through compromised nodes, enabling eavesdropping and interception.

152. What is a Bluetooth “Sniffing Attack”?

A) Intercepting Bluetooth communication between devices
B) Disabling Bluetooth device encryption
C) Blocking Bluetooth pairing requests
D) Overloading a Bluetooth network with noise

✅ Answer: A) Intercepting Bluetooth communication between devices
📖 Explanation: Sniffing attacks allow attackers to capture and analyze unencrypted Bluetooth data, leading to information theft.

153. What makes Zigbee “Key Extraction Attacks” dangerous?

A) They allow attackers to decrypt all network traffic
B) They increase Zigbee latency
C) They decrease Zigbee power efficiency
D) They prevent Zigbee devices from pairing

✅ Answer: A) They allow attackers to decrypt all network traffic
📖 Explanation: If an attacker extracts the Zigbee encryption key, they can decrypt, modify, or control network communications.

154. What is the best method to prevent Bluetooth “Relay Attacks”?

A) Use short-range authentication techniques
B) Keep Bluetooth always on
C) Use factory default encryption keys
D) Allow all devices to pair automatically

✅ Answer: A) Use short-range authentication techniques
📖 Explanation: Short-range authentication methods (e.g., NFC-based pairing) help ensure that devices are physically close before pairing.

155. How do attackers exploit Zigbee’s “Open Trust Center” mode?

A) By joining the network without authentication
B) By brute-forcing the MAC address
C) By jamming the Zigbee frequency
D) By modifying the Zigbee beacon frames

✅ Answer: A) By joining the network without authentication
📖 Explanation: In Open Trust Center mode, Zigbee devices do not require authentication, allowing attackers to connect freely.

156. What is a Bluetooth “Connection Hijacking” attack?

A) An attacker takes control of an existing Bluetooth connection
B) An attacker floods a Bluetooth device with pairing requests
C) An attacker disables Bluetooth encryption
D) An attacker modifies the Bluetooth MAC address

✅ Answer: A) An attacker takes control of an existing Bluetooth connection
📖 Explanation: Connection hijacking enables attackers to take over an active Bluetooth session, intercepting or modifying data.

157. How does a Zigbee “Beacon Spoofing” attack work?

A) Attackers send fake beacons to trick devices into connecting
B) Attackers force devices to downgrade their firmware
C) Attackers increase network range artificially
D) Attackers modify the Zigbee encryption algorithm

✅ Answer: A) Attackers send fake beacons to trick devices into connecting
📖 Explanation: Beacon Spoofing creates fake Zigbee beacons, leading devices to connect to unauthorized networks.

158. What is the main defense against Bluetooth “Session Hijacking” attacks?

A) Use mutual authentication during reconnections
B) Keep Bluetooth always in discoverable mode
C) Disable all encryption
D) Accept all pairing requests

✅ Answer: A) Use mutual authentication during reconnections
📖 Explanation: Mutual authentication ensures that both Bluetooth devices verify each other before reconnecting.

159. What makes Zigbee “Firmware Downgrade” attacks dangerous?

A) They allow attackers to install old, vulnerable firmware versions
B) They increase Zigbee power consumption
C) They disable Zigbee mesh networking
D) They disrupt Zigbee device pairing

✅ Answer: A) They allow attackers to install old, vulnerable firmware versions
📖 Explanation: Attackers can downgrade firmware to a less secure version, enabling older exploitable vulnerabilities.

160. What is a Bluetooth “Unauthorized Command Execution” attack?

A) Sending malicious commands to a paired device
B) Disabling all Bluetooth encryption
C) Jamming Bluetooth frequencies
D) Increasing Bluetooth signal strength artificially

✅ Answer: A) Sending malicious commands to a paired device
📖 Explanation: Attackers can execute unauthorized commands if they gain control over a paired Bluetooth device.

161. What is the primary risk of using Bluetooth “Numeric Comparison” pairing without user verification?

A) Vulnerable to Man-in-the-Middle (MITM) attacks
B) Higher power consumption
C) Inability to connect with multiple devices
D) No encryption is applied

✅ Answer: A) Vulnerable to Man-in-the-Middle (MITM) attacks
📖 Explanation: If users do not verify the displayed numbers during Numeric Comparison, an attacker can intercept and modify the connection.

162. How can attackers perform a Zigbee “Association Spoofing” attack?

A) By tricking devices into associating with a rogue network
B) By forcing devices to downgrade encryption
C) By modifying the MAC address of a Zigbee device
D) By increasing transmission power

✅ Answer: A) By tricking devices into associating with a rogue network
📖 Explanation: Association Spoofing makes devices connect to an attacker-controlled Zigbee network, allowing manipulation.

163. What Bluetooth attack involves continuously forcing a device to reconnect, draining its battery?

A) Reconnection Flood Attack
B) BlueJacking
C) Bluetooth Evil Twin Attack
D) MAC Spoofing

✅ Answer: A) Reconnection Flood Attack
📖 Explanation: Attackers force a Bluetooth device to repeatedly reconnect, draining its battery and disrupting communication.

164. Why are Zigbee “Broadcast Storm” attacks dangerous?

A) They flood the network with excessive messages, causing denial-of-service (DoS)
B) They force Zigbee devices to use lower encryption levels
C) They expose encryption keys stored in Zigbee nodes
D) They increase Zigbee device range artificially

✅ Answer: A) They flood the network with excessive messages, causing denial-of-service (DoS)
📖 Explanation: Broadcast Storms overload Zigbee networks, slowing or crashing devices by sending large volumes of broadcast messages.

165. How does a Bluetooth “MAC Address Tracking” attack work?

A) Attackers track devices based on their unique Bluetooth MAC address
B) Attackers modify Bluetooth frequency settings
C) Attackers inject malicious firmware into Bluetooth chips
D) Attackers block all pairing attempts

✅ Answer: A) Attackers track devices based on their unique Bluetooth MAC address
📖 Explanation: MAC Address Tracking allows attackers to identify and track Bluetooth devices, even across different networks.

166. What is a Zigbee “Key Injection” attack?

A) Injecting malicious encryption keys to take control of devices
B) Overloading the Zigbee control channel
C) Increasing the power output of Zigbee signals
D) Modifying firmware updates

✅ Answer: A) Injecting malicious encryption keys to take control of devices
📖 Explanation: Attackers can inject rogue encryption keys into a Zigbee network, allowing them to decrypt and control communication.

167. What is the main goal of a Bluetooth “Phishing Attack”?

A) To trick users into connecting to a malicious Bluetooth device
B) To brute-force Bluetooth pairing codes
C) To modify Bluetooth signal frequency
D) To jam Bluetooth signals

✅ Answer: A) To trick users into connecting to a malicious Bluetooth device
📖 Explanation: Bluetooth Phishing attacks mimic trusted devices, tricking users into sharing credentials or allowing unauthorized pairing.

168. How do attackers exploit Zigbee “Over-the-Air (OTA) Firmware Updates”?

A) By injecting malicious firmware updates into Zigbee devices
B) By brute-forcing Zigbee encryption keys
C) By jamming all Zigbee signals in range
D) By modifying the network’s trust center

✅ Answer: A) By injecting malicious firmware updates into Zigbee devices
📖 Explanation: Attackers exploit insecure OTA updates to inject rogue firmware, leading to malware installation and unauthorized control.

169. What is a Bluetooth “Brute-Force Pairing Attack”?

A) Repeatedly guessing Bluetooth PIN codes until access is granted
B) Blocking Bluetooth pairing requests
C) Overloading a Bluetooth network with traffic
D) Encrypting all Bluetooth packets with a weak key

✅ Answer: A) Repeatedly guessing Bluetooth PIN codes until access is granted
📖 Explanation: Brute-force pairing attacks involve repeatedly trying different PIN codes to gain unauthorized access to a Bluetooth device.

170. How does a Zigbee “Beacon Jamming” attack disrupt the network?

A) By blocking Zigbee beacons, preventing devices from syncing
B) By brute-forcing the Zigbee pairing process
C) By modifying Zigbee encryption keys
D) By injecting rogue Zigbee routing updates

✅ Answer: A) By blocking Zigbee beacons, preventing devices from syncing
📖 Explanation: Beacon Jamming disrupts Zigbee networks by blocking synchronization signals, causing devices to lose connectivity.

171. What is a Bluetooth “Auto-Connect Exploit”?

A) When a device automatically connects to an attacker-controlled Bluetooth device
B) When Bluetooth devices pair without encryption
C) When attackers force devices to downgrade their security settings
D) When Bluetooth pairing requests are blocked

✅ Answer: A) When a device automatically connects to an attacker-controlled Bluetooth device
📖 Explanation: Some Bluetooth devices automatically reconnect to known devices, allowing attackers to impersonate trusted connections and exploit them.

172. How does a Zigbee “Evil Node Injection” attack work?

A) Attackers introduce rogue nodes to intercept and manipulate network traffic
B) Attackers force devices to use a different frequency band
C) Attackers jam Zigbee channels to prevent communication
D) Attackers modify Zigbee firmware remotely

✅ Answer: A) Attackers introduce rogue nodes to intercept and manipulate network traffic
📖 Explanation: In this attack, a rogue Zigbee device joins the network and eavesdrops, manipulates, or redirects traffic.

173. What Bluetooth feature is targeted in a “Downgrade Attack”?

A) Encryption strength and pairing security
B) Device range and battery consumption
C) Frequency hopping algorithm
D) Bluetooth firmware updates

✅ Answer: A) Encryption strength and pairing security
📖 Explanation: Downgrade attacks force Bluetooth devices to use weaker encryption or insecure pairing methods, making them vulnerable.

174. How does a Zigbee “Frame Spoofing Attack” work?

A) Attackers modify Zigbee packets to send false data to devices
B) Attackers jam the Zigbee frequency
C) Attackers disable Zigbee encryption
D) Attackers force Zigbee devices to update their firmware

✅ Answer: A) Attackers modify Zigbee packets to send false data to devices
📖 Explanation: Frame Spoofing allows attackers to modify data packets, causing devices to execute unintended commands.

175. What is a Bluetooth “Whispering Attack”?

A) Sending hidden commands to a device via Bluetooth Low Energy (BLE)
B) Flooding a Bluetooth device with connection requests
C) Overheating a Bluetooth-enabled device
D) Blocking Bluetooth frequency bands

✅ Answer: A) Sending hidden commands to a device via Bluetooth Low Energy (BLE)
📖 Explanation: Whispering Attacks exploit BLE vulnerabilities to send stealth commands, often used in unauthorized control.

176. Why are Zigbee “Hardcoded Keys” a security risk?

A) They allow attackers to decrypt Zigbee traffic if extracted
B) They prevent Zigbee devices from updating firmware
C) They cause excessive Zigbee network congestion
D) They increase battery drain in Zigbee devices

✅ Answer: A) They allow attackers to decrypt Zigbee traffic if extracted
📖 Explanation: If an attacker extracts hardcoded encryption keys, they can decrypt network traffic and gain unauthorized control.

177. How does a Bluetooth “Forced Pairing Attack” work?

A) Attackers force a device to accept an unauthorized pairing request
B) Attackers disable Bluetooth encryption remotely
C) Attackers jam all nearby Bluetooth devices
D) Attackers inject malicious firmware into a Bluetooth device

✅ Answer: A) Attackers force a device to accept an unauthorized pairing request
📖 Explanation: In this attack, an attacker tricks a device into pairing, potentially granting unauthorized access.

178. What is the impact of a Zigbee “Replay Attack”?

A) Attackers can reuse captured commands to control devices
B) Attackers can completely disable Zigbee encryption
C) Attackers can force devices to drain their battery
D) Attackers can increase the transmission range of Zigbee signals

✅ Answer: A) Attackers can reuse captured commands to control devices
📖 Explanation: Replay attacks allow attackers to resend intercepted Zigbee packets, executing unauthorized actions like unlocking doors.

179. How can a Bluetooth “Address Harvesting Attack” be used in further exploits?

A) Attackers collect device MAC addresses to track or spoof them
B) Attackers disable Bluetooth encryption permanently
C) Attackers modify Bluetooth firmware updates
D) Attackers jam Bluetooth signals across all frequencies

✅ Answer: A) Attackers collect device MAC addresses to track or spoof them
📖 Explanation: Address harvesting enables tracking of devices or spoofing a trusted device’s MAC address to bypass authentication.

180. How do attackers perform a Zigbee “False Data Injection” attack?

A) By inserting fake sensor readings or control commands into the network
B) By increasing Zigbee network latency
C) By forcing Zigbee devices into pairing mode
D) By modifying Zigbee encryption keys dynamically

✅ Answer: A) By inserting fake sensor readings or control commands into the network
📖 Explanation: False Data Injection allows attackers to send fake readings (e.g., false alarms, incorrect temperature readings) or unauthorized commands.

181. What is a Bluetooth “Dual Role Exploit”?

A) When a device operates as both a master and a slave, leading to potential security issues
B) When Bluetooth devices switch frequencies dynamically
C) When attackers use two Bluetooth devices to intercept communications
D) When a Bluetooth device is forced to connect to two networks simultaneously

✅ Answer: A) When a device operates as both a master and a slave, leading to potential security issues
📖 Explanation: Some Bluetooth devices can act as both a master and a slave, making them susceptible to attacks that exploit role-switching weaknesses.

182. How does a Zigbee “Neighbor Table Poisoning” attack work?

A) Attackers modify the list of trusted devices in the network to reroute traffic
B) Attackers force Zigbee devices to use weak encryption
C) Attackers jam Zigbee signals to block device communication
D) Attackers inject malicious firmware updates

✅ Answer: A) Attackers modify the list of trusted devices in the network to reroute traffic
📖 Explanation: Neighbor Table Poisoning allows attackers to modify routing tables, forcing Zigbee traffic through a malicious node.

183. What is a Bluetooth “Headset Hijack” attack?

A) Attackers force a Bluetooth headset to accept rogue commands
B) Attackers disable Bluetooth encryption
C) Attackers track Bluetooth headset users
D) Attackers jam Bluetooth signals in a specific frequency range

✅ Answer: A) Attackers force a Bluetooth headset to accept rogue commands
📖 Explanation: Headset Hijack allows an attacker to remotely control a Bluetooth headset, enabling eavesdropping or unauthorized commands.

184. How do attackers exploit Zigbee “Cluster Key Leakage”?

A) By extracting encryption keys used for communication within Zigbee clusters
B) By flooding the Zigbee network with malicious beacon frames
C) By jamming the control channel to disrupt device pairing
D) By forcing devices to reconnect repeatedly

✅ Answer: A) By extracting encryption keys used for communication within Zigbee clusters
📖 Explanation: Cluster Key Leakage allows attackers to decrypt messages and manipulate communication between Zigbee nodes.

185. What is a Bluetooth “Adaptive Frequency Collision Attack”?

A) An attack that deliberately causes interference on specific frequency hops
B) A method to increase Bluetooth range using frequency adjustments
C) A way to speed up Bluetooth pairing by modifying frequency hopping
D) A Bluetooth exploit that forces devices to stay on a single frequency

✅ Answer: A) An attack that deliberately causes interference on specific frequency hops
📖 Explanation: Adaptive Frequency Collision Attacks jam specific Bluetooth frequency hops, disrupting communication.

186. What is the impact of a Zigbee “Ghost Device Injection” attack?

A) Attackers create fake Zigbee devices to mislead legitimate nodes
B) Attackers disable Zigbee encryption
C) Attackers increase the power consumption of Zigbee devices
D) Attackers modify Zigbee routing tables

✅ Answer: A) Attackers create fake Zigbee devices to mislead legitimate nodes
📖 Explanation: Ghost Device Injection allows attackers to add fake devices into a Zigbee network, causing confusion and misrouting of signals.

187. How does a Bluetooth “Insecure Pairing Mode” attack work?

A) Attackers exploit weak pairing modes that lack authentication
B) Attackers force devices to stay in pairing mode indefinitely
C) Attackers jam Bluetooth devices to prevent pairing
D) Attackers inject malicious pairing requests

✅ Answer: A) Attackers exploit weak pairing modes that lack authentication
📖 Explanation: Some Bluetooth pairing modes, like Just Works, lack authentication, making them vulnerable to MITM attacks.

188. What is the primary risk of Zigbee “Default Trust Center Keys”?

A) Attackers can use well-known keys to join the network
B) They increase power consumption
C) They prevent firmware updates from executing properly
D) They limit the number of connected devices

✅ Answer: A) Attackers can use well-known keys to join the network
📖 Explanation: Many Zigbee networks use default Trust Center Keys, which, if not changed, allow attackers to easily infiltrate the network.

189. What is a Bluetooth “Long-Term Key (LTK) Downgrade” attack?

A) Forcing devices to use a weaker encryption key during reconnection
B) Brute-forcing Bluetooth MAC addresses
C) Overloading Bluetooth devices with fake pairing requests
D) Blocking Bluetooth signals in the 2.4 GHz range

✅ Answer: A) Forcing devices to use a weaker encryption key during reconnection
📖 Explanation: LTK Downgrade attacks force Bluetooth devices to use a lower encryption key strength, making data decryption easier.

190. How does a Zigbee “Sleep Deprivation Attack” affect IoT devices?

A) It forces low-power Zigbee devices to stay active, draining their battery
B) It disables Zigbee encryption temporarily
C) It forces devices to switch to an insecure frequency band
D) It increases Zigbee signal strength artificially

✅ Answer: A) It forces low-power Zigbee devices to stay active, draining their battery
📖 Explanation: Sleep Deprivation Attacks prevent Zigbee IoT devices from entering low-power sleep modes, causing excessive battery drain.

191. What is a Bluetooth “Credential Harvesting Attack”?

A) Attackers trick users into entering credentials over a malicious Bluetooth connection
B) Attackers modify Bluetooth pairing requests
C) Attackers force devices to downgrade encryption levels
D) Attackers block Bluetooth signals to prevent device communication

✅ Answer: A) Attackers trick users into entering credentials over a malicious Bluetooth connection
📖 Explanation: In a Credential Harvesting Attack, attackers set up a rogue Bluetooth device to mimic a trusted connection, tricking users into entering sensitive credentials.

192. How does a Zigbee “Signal Amplification Attack” work?

A) Attackers increase their transmission range to impersonate a legitimate Zigbee device
B) Attackers force Zigbee devices to switch to an insecure frequency
C) Attackers disable encryption on a Zigbee network
D) Attackers block Zigbee control signals

✅ Answer: A) Attackers increase their transmission range to impersonate a legitimate Zigbee device
📖 Explanation: Signal Amplification Attacks extend the range of a rogue Zigbee device, allowing attackers to spoof legitimate devices from a greater distance.

193. What is a Bluetooth “Zero-Click Attack”?

A) An attack that requires no user interaction to exploit a vulnerability
B) A method to force a Bluetooth device into discoverable mode
C) A brute-force attack against Bluetooth pairing codes
D) A denial-of-service attack against Bluetooth-enabled IoT devices

✅ Answer: A) An attack that requires no user interaction to exploit a vulnerability
📖 Explanation: Zero-Click Attacks exploit Bluetooth vulnerabilities without requiring any user interaction, making them highly dangerous.

194. What security risk is posed by Zigbee devices using “Default Link Keys”?

A) Attackers can decrypt Zigbee network traffic if they extract the default key
B) Devices consume more power than necessary
C) It limits the number of connections a device can support
D) It prevents firmware updates from executing properly

✅ Answer: A) Attackers can decrypt Zigbee network traffic if they extract the default key
📖 Explanation: Default Link Keys are often hardcoded into Zigbee devices, allowing attackers to extract and use them to decrypt communications.

195. How does a Bluetooth “Link Key Injection Attack” work?

A) Attackers insert a rogue link key to establish unauthorized connections
B) Attackers jam Bluetooth signals to disrupt communication
C) Attackers force devices to use weaker encryption methods
D) Attackers modify the Bluetooth pairing process

✅ Answer: A) Attackers insert a rogue link key to establish unauthorized connections
📖 Explanation: In a Link Key Injection Attack, attackers inject a malicious link key to gain unauthorized access to a Bluetooth device.

196. What makes Zigbee “Weak Key Exchange” a security vulnerability?

A) Attackers can intercept and brute-force encryption keys
B) It prevents devices from communicating over long distances
C) It consumes more power than necessary
D) It limits the number of devices in a Zigbee mesh network

✅ Answer: A) Attackers can intercept and brute-force encryption keys
📖 Explanation: If key exchange processes are weak, attackers can intercept and decrypt Zigbee traffic, leading to unauthorized control over devices.

197. What is the primary impact of a Bluetooth “MITM File Transfer Attack”?

A) Attackers can intercept and modify files transferred over Bluetooth
B) Attackers can prevent devices from pairing
C) Attackers can disable Bluetooth encryption
D) Attackers can modify the MAC address of a Bluetooth device

✅ Answer: A) Attackers can intercept and modify files transferred over Bluetooth
📖 Explanation: MITM File Transfer Attacks allow attackers to modify or steal files sent between Bluetooth devices.

198. How do attackers perform a Zigbee “Coordinator Takeover Attack”?

A) By compromising the Zigbee coordinator and gaining control over the network
B) By flooding the Zigbee network with authentication requests
C) By jamming Zigbee control channels
D) By forcing devices to switch to a less secure encryption protocol

✅ Answer: A) By compromising the Zigbee coordinator and gaining control over the network
📖 Explanation: Zigbee Coordinator Takeover allows attackers to control the entire network, issuing commands and modifying device behavior.

199. What is a Bluetooth “Data Leakage Attack”?

A) An attack where Bluetooth devices unknowingly transmit sensitive data
B) A brute-force attack against Bluetooth passkeys
C) A technique to disable Bluetooth encryption remotely
D) A way to force Bluetooth devices into pairing mode

✅ Answer: A) An attack where Bluetooth devices unknowingly transmit sensitive data
📖 Explanation: Data Leakage Attacks exploit poorly configured Bluetooth settings, causing devices to broadcast private information unintentionally.

200. What is the goal of a Zigbee “Device Exhaustion Attack”?

A) To overload the network by forcing multiple Zigbee devices to continuously communicate
B) To force devices to use default encryption keys
C) To brute-force device authentication credentials
D) To force a Zigbee network to switch frequencies

✅ Answer: A) To overload the network by forcing multiple Zigbee devices to continuously communicate
📖 Explanation: Device Exhaustion Attacks prevent normal operations by overloading Zigbee devices with excessive communication requests.

201. How do attackers perform a Bluetooth “Weak PIN Exploit”?

A) By brute-forcing short or predictable Bluetooth PINs to gain unauthorized access
B) By modifying the frequency hopping mechanism
C) By forcing devices to disable encryption temporarily
D) By jamming all Bluetooth signals in range

✅ Answer: A) By brute-forcing short or predictable Bluetooth PINs to gain unauthorized access
📖 Explanation: Weak PINs make it easy for attackers to brute-force Bluetooth pairings, leading to unauthorized access.

202. How does a Zigbee “Fake Device Propagation” attack work?

A) Attackers flood the Zigbee network with fake device join requests
B) Attackers modify Zigbee encryption keys
C) Attackers force devices to downgrade to an older firmware version
D) Attackers jam the Zigbee control frequency

✅ Answer: A) Attackers flood the Zigbee network with fake device join requests
📖 Explanation: Fake Device Propagation overwhelms Zigbee networks with bogus join requests, leading to network congestion and denial-of-service.

203. What is a Bluetooth “Paring Downgrade Attack”?

A) Forcing Bluetooth devices to use a less secure pairing method
B) Forcing devices to use a higher encryption level
C) Disabling Bluetooth discovery mode
D) Preventing Bluetooth devices from transmitting data

✅ Answer: A) Forcing Bluetooth devices to use a less secure pairing method
📖 Explanation: Pairing Downgrade Attacks make Bluetooth devices fall back to weaker authentication methods, making them easier to exploit.

204. What makes Zigbee “Unencrypted Payload Transmission” a security risk?

A) Attackers can intercept and modify unencrypted Zigbee messages
B) It prevents devices from connecting to the Zigbee mesh network
C) It forces devices to consume excessive power
D) It limits the range of Zigbee devices

✅ Answer: A) Attackers can intercept and modify unencrypted Zigbee messages
📖 Explanation: Unencrypted payloads expose Zigbee messages to eavesdropping and tampering, allowing attackers to manipulate device behavior.

205. What is a Bluetooth “Session Fixation Attack”?

A) Attackers force a device to reuse an existing session, allowing unauthorized access
B) Attackers jam Bluetooth devices to prevent pairing
C) Attackers modify Bluetooth encryption algorithms
D) Attackers brute-force Bluetooth passkeys

✅ Answer: A) Attackers force a device to reuse an existing session, allowing unauthorized access
📖 Explanation: Session Fixation Attacks exploit session persistence, allowing attackers to reuse an authenticated Bluetooth session for unauthorized access.

Bluetooth & Zigbee Security – Wireless Protocol Threats