1. What is the biggest security challenge in IoT devices?
π A) Strong encryption
π B) Lack of standard security protocols
π C) Limited internet connectivity
π D) Excessive processing power
β
Answer: B) Lack of standard security protocols
π‘ Explanation: Many IoT devices lack standardized security protocols, making them vulnerable to attacks such as unauthorized access, weak authentication, and unpatched vulnerabilities.
2. Which of the following best describes an IoT botnet?
π A) A network of IoT devices used for communication
π B) A set of compromised IoT devices controlled remotely
π C) A cluster of IoT gateways managing data flow
π D) A cloud service used to manage IoT devices
β
Answer: B) A set of compromised IoT devices controlled remotely
π‘ Explanation: Attackers infect IoT devices with malware and form a botnet to perform DDoS attacks, credential stuffing, or spam distribution.
3. What is a common vulnerability in IoT devices?
π A) Complex user interfaces
π B) Hardcoded default credentials
π C) Large storage capacity
π D) High power consumption
β
Answer: B) Hardcoded default credentials
π‘ Explanation: Many IoT devices come with default usernames and passwords, which users often fail to change, making them easy targets for attackers.
4. Which IoT communication protocol is most secure?
π A) MQTT without authentication
π B) HTTP over plain text
π C) TLS-encrypted MQTT
π D) Telnet
β
Answer: C) TLS-encrypted MQTT
π‘ Explanation: Message Queuing Telemetry Transport (MQTT) is a common IoT protocol, and using TLS encryption ensures secure communication, preventing eavesdropping and data tampering.
5. What is the Mirai botnet known for?
π A) Infecting mobile devices
π B) Targeting industrial control systems
π C) Exploiting IoT devices for DDoS attacks
π D) Spreading ransomware
β
Answer: C) Exploiting IoT devices for DDoS attacks
π‘ Explanation: The Mirai botnet infected IoT devices using default credentials and launched massive DDoS attacks against websites and infrastructure.
6. How can manufacturers improve IoT security?
π A) Hardcoding passwords into firmware
π B) Providing regular security patches and updates
π C) Removing authentication entirely
π D) Allowing unrestricted remote access
β
Answer: B) Providing regular security patches and updates
π‘ Explanation: Regular updates fix vulnerabilities and prevent attackers from exploiting outdated firmware.
7. Why is weak encryption a risk in IoT security?
π A) It reduces device performance
π B) It can be easily cracked by attackers
π C) It slows down network communication
π D) It prevents data from being stored
β
Answer: B) It can be easily cracked by attackers
π‘ Explanation: Weak encryption allows attackers to intercept and decrypt sensitive data, leading to security breaches.
8. Which IoT device is most commonly targeted by attackers?
π A) Smart refrigerators
π B) Smart thermostats
π C) Networked security cameras
π D) Bluetooth speakers
β
Answer: C) Networked security cameras
π‘ Explanation: Security cameras are often left with default credentials and exposed to the internet, making them prime targets for hackers.
9. What is a secure method for authenticating IoT devices?
π A) Using default login credentials
π B) Hardcoding API keys
π C) Implementing multi-factor authentication (MFA)
π D) Using plain text passwords
β
Answer: C) Implementing multi-factor authentication (MFA)
π‘ Explanation: MFA provides an additional layer of security, ensuring that even if a password is compromised, the device remains protected.
10. Why is firmware security important in IoT?
π A) It increases device performance
π B) It prevents unauthorized device access
π C) It speeds up software updates
π D) It reduces power consumption
β
Answer: B) It prevents unauthorized device access
π‘ Explanation: Secure firmware prevents attackers from injecting malicious code or exploiting vulnerabilities in outdated software.
11. What is the purpose of an IoT gateway?
π A) To control device temperature
π B) To bridge communication between IoT devices and networks
π C) To store encryption keys
π D) To act as a backup power source
β
Answer: B) To bridge communication between IoT devices and networks
π‘ Explanation: IoT gateways provide a secure interface between devices and networks, often filtering malicious traffic and managing data securely.
12. What is edge computing in IoT security?
π A) Cloud-based storage for IoT
π B) Processing data closer to the device rather than in the cloud
π C) A wireless communication protocol
π D) A type of attack on IoT devices
β
Answer: B) Processing data closer to the device rather than in the cloud
π‘ Explanation: Edge computing improves security by reducing the risk of data interception and exposure by keeping processing closer to the device.
13. What type of attack involves controlling multiple IoT devices to overwhelm a target?
π A) SQL Injection
π B) DDoS Attack
π C) Phishing
π D) Man-in-the-Middle Attack
β
Answer: B) DDoS Attack
π‘ Explanation: Distributed Denial of Service (DDoS) attacks involve compromised IoT devices flooding a network to make it unavailable.
14. What is an example of a weak security practice in IoT?
π A) Encrypting all data in transit
π B) Using default admin credentials
π C) Applying security patches regularly
π D) Implementing device authentication
β
Answer: B) Using default admin credentials
π‘ Explanation: Default credentials are easily guessable, allowing attackers to gain unauthorized access to IoT devices.
15. What is a common risk of cloud-connected IoT devices?
π A) Increased battery life
π B) Increased latency
π C) Data breaches and unauthorized access
π D) Reduced data availability
β
Answer: C) Data breaches and unauthorized access
π‘ Explanation: Cloud-connected devices transmit sensitive data, making them targets for hackers looking to intercept or manipulate data.
16. What is the role of a Security Operations Center (SOC) in IoT security?
π A) Monitoring and responding to security threats in IoT networks
π B) Manufacturing IoT devices
π C) Providing cloud storage for IoT data
π D) Controlling IoT device hardware
β
Answer: A) Monitoring and responding to security threats in IoT networks
π‘ Explanation: A SOC continuously monitors IoT environments to detect and mitigate cyber threats, preventing security breaches.
17. What attack method is commonly used to exploit IoT devices for cryptocurrency mining?
π A) Phishing
π B) Ransomware
π C) Cryptojacking
π D) SQL Injection
β
Answer: C) Cryptojacking
π‘ Explanation: Attackers infect IoT devices with malware that mines cryptocurrency, leading to resource exhaustion and degraded device performance.
18. Which is an example of insecure IoT data transmission?
π A) Using TLS 1.2 for encryption
π B) Sending data over HTTP instead of HTTPS
π C) Implementing secure socket layer (SSL) connections
π D) Using encrypted VPN tunnels
β
Answer: B) Sending data over HTTP instead of HTTPS
π‘ Explanation: HTTP transmits data unencrypted, allowing attackers to intercept and modify sensitive IoT communications.
19. Why is physical security important for IoT devices?
π A) Prevents theft and unauthorized access to device hardware
π B) Improves device speed
π C) Reduces battery consumption
π D) Ensures faster firmware updates
β
Answer: A) Prevents theft and unauthorized access to device hardware
π‘ Explanation: Attackers can physically access IoT devices to tamper with firmware, extract sensitive data, or gain remote access.
20. What is an example of an IoT device that can be used in an attack?
π A) Smart light bulbs
π B) IP security cameras
π C) Smart door locks
π D) All of the above
β
Answer: D) All of the above
π‘ Explanation: Any poorly secured IoT device can be exploited for botnets, unauthorized access, or network infiltration.
21. What is a Zero Trust model in IoT security?
π A) Allowing only internal traffic in IoT networks
π B) Eliminating encryption for better speed
π C) Assuming that every device is a potential threat
π D) Trusting devices within a local network automatically
β
Answer: C) Assuming that every device is a potential threat
π‘ Explanation: The Zero Trust model enforces strict authentication and continuous monitoring to prevent IoT attacks.
22. Why is over-the-air (OTA) firmware updating important for IoT security?
π A) Fixes security vulnerabilities remotely
π B) Increases battery life
π C) Improves device aesthetics
π D) Reduces power consumption
β
Answer: A) Fixes security vulnerabilities remotely
π‘ Explanation: OTA updates allow manufacturers to patch security flaws without requiring users to manually update devices.
23. What is side-channel analysis in IoT security?
π A) Analyzing network traffic for threats
π B) Extracting sensitive data using device emissions
π C) Strengthening IoT device firewalls
π D) Encrypting all IoT data
β
Answer: B) Extracting sensitive data using device emissions
π‘ Explanation: Side-channel attacks exploit power consumption, electromagnetic radiation, or timing information to infer data.
24. What does IoT device fingerprinting refer to?
π A) Physically marking IoT devices
π B) Identifying a device based on unique characteristics
π C) Using biometric authentication for IoT devices
π D) Assigning default passwords to devices
β
Answer: B) Identifying a device based on unique characteristics
π‘ Explanation: Fingerprinting analyzes network behavior, device type, and communication patterns to track IoT devices.
25. Which of the following is a secure approach to IoT device authentication?
π A) Using only static passwords
π B) Implementing certificate-based authentication
π C) Allowing anonymous access
π D) Disabling authentication for fast access
β
Answer: B) Implementing certificate-based authentication
π‘ Explanation: Digital certificates ensure secure device authentication, preventing unauthorized access.
26. What is a honeypot in IoT security?
π A) A fake system set up to trap hackers
π B) A software tool that encrypts IoT communications
π C) A type of firewall rule
π D) A cloud storage method
β
Answer: A) A fake system set up to trap hackers
π‘ Explanation: Honeypots mimic vulnerable IoT devices to analyze attacker behavior and improve defenses.
27. What is the primary goal of network segmentation in IoT security?
π A) Reducing data latency
π B) Isolating critical systems from compromised devices
π C) Improving network speed
π D) Preventing over-the-air updates
β
Answer: B) Isolating critical systems from compromised devices
π‘ Explanation: Network segmentation prevents attackers from moving laterally after compromising an IoT device.
28. What is an IoT kill switch used for?
π A) Disabling compromised devices remotely
π B) Increasing battery life
π C) Boosting IoT communication speed
π D) Connecting IoT devices to 5G
β
Answer: A) Disabling compromised devices remotely
π‘ Explanation: A kill switch allows organizations to remotely shut down infected or rogue IoT devices to prevent cyberattacks.
29. Why should IoT devices avoid using static IP addresses?
π A) Static IPs are harder to remember
π B) Dynamic IPs prevent easy tracking by attackers
π C) Static IPs make devices consume more power
π D) Static IPs increase Wi-Fi range
β
Answer: B) Dynamic IPs prevent easy tracking by attackers
π‘ Explanation: Attackers can identify and target static IP addresses, making IoT devices vulnerable to attacks.
30. What security measure prevents IoT eavesdropping attacks?
π A) Strong encryption (TLS/SSL)
π B) Using default passwords
π C) Allowing open Wi-Fi connections
π D) Sending data in plain text
β
Answer: A) Strong encryption (TLS/SSL)
π‘ Explanation: TLS/SSL encryption ensures that data remains confidential and cannot be intercepted by attackers.
31. What is the risk of using Universal Plug and Play (UPnP) in IoT devices?
π A) It makes IoT devices unresponsive
π B) It allows automatic device discovery, which can be exploited by attackers
π C) It improves IoT encryption security
π D) It prevents IoT devices from connecting to a network
β
Answer: B) It allows automatic device discovery, which can be exploited by attackers
π‘ Explanation: UPnP allows devices to connect without authentication, making them susceptible to unauthorized access and attacks.
32. Why should IoT devices avoid using hardcoded encryption keys?
π A) Hardcoded keys make data transmission faster
π B) Attackers can extract and reuse them to decrypt sensitive information
π C) Hardcoded keys prevent device resets
π D) Hardcoded keys improve battery life
β
Answer: B) Attackers can extract and reuse them to decrypt sensitive information
π‘ Explanation: Hardcoded keys cannot be changed easily, meaning if an attacker discovers them, all devices using that key become vulnerable.
33. Which type of malware specifically targets IoT devices for unauthorized control?
π A) Trojan Horse
π B) Ransomware
π C) IoT Botnet Malware
π D) Spyware
β
Answer: C) IoT Botnet Malware
π‘ Explanation: IoT botnet malware infects connected devices to create large botnets used in DDoS attacks and other cyber threats.
34. What type of attack involves an attacker pretending to be a legitimate IoT device?
π A) Man-in-the-Middle (MitM) attack
π B) Device Spoofing
π C) ARP Poisoning
π D) SQL Injection
β
Answer: B) Device Spoofing
π‘ Explanation: In device spoofing, attackers disguise a malicious device as a trusted IoT device to gain unauthorized access.
35. Why is role-based access control (RBAC) important for IoT security?
π A) It ensures only authorized users can perform specific actions
π B) It makes IoT devices faster
π C) It allows users to bypass authentication
π D) It prevents firmware updates
β
Answer: A) It ensures only authorized users can perform specific actions
π‘ Explanation: RBAC enforces strict permissions so users/devices only access what is necessary, reducing security risks.
36. Which attack exploits weak authentication in IoT devices by guessing login credentials?
π A) Phishing
π B) Brute Force Attack
π C) Cross-Site Scripting (XSS)
π D) SQL Injection
β
Answer: B) Brute Force Attack
π‘ Explanation: In brute force attacks, hackers systematically guess login credentials until they gain access to an IoT device.
37. What does the principle of “Least Privilege” mean in IoT security?
π A) Users should have only the minimum access required to perform their job
π B) IoT devices should be publicly accessible
π C) Devices should never be updated
π D) Default passwords should always be used
β
Answer: A) Users should have only the minimum access required to perform their job
π‘ Explanation: Least Privilege minimizes risks by ensuring users and devices only have the permissions they absolutely need.
38. Which attack involves attackers injecting malicious firmware into an IoT device?
π A) Phishing
π B) Rogue Firmware Injection
π C) SQL Injection
π D) Session Hijacking
β
Answer: B) Rogue Firmware Injection
π‘ Explanation: Rogue firmware injection allows attackers to install malicious software, leading to unauthorized control and data theft.
39. What is a common risk when using third-party IoT applications?
π A) Increased device speed
π B) Potential security vulnerabilities due to weak coding practices
π C) Improved encryption security
π D) Reduced power consumption
β
Answer: B) Potential security vulnerabilities due to weak coding practices
π‘ Explanation: Third-party IoT apps may not follow best security practices, making devices susceptible to attacks.
40. What security measure helps prevent replay attacks on IoT devices?
π A) Using the same encryption key for all devices
π B) Implementing timestamp-based authentication
π C) Disabling firewalls
π D) Storing plaintext passwords
β
Answer: B) Implementing timestamp-based authentication
π‘ Explanation: Replay attacks involve intercepting and reusing valid authentication messages, which can be prevented using timestamp-based tokens.
41. What risk arises from IoT devices collecting excessive user data?
π A) Decreased battery performance
π B) Increased risk of privacy breaches
π C) Improved device performance
π D) Faster network speeds
β
Answer: B) Increased risk of privacy breaches
π‘ Explanation: Collecting more data than necessary makes IoT devices a bigger target for cybercriminals.
42. What does an IoT access control list (ACL) do?
π A) Defines which devices and users can access specific resources
π B) Stores passwords for all IoT devices
π C) Speeds up IoT communication
π D) Encrypts all device data
β
Answer: A) Defines which devices and users can access specific resources
π‘ Explanation: ACLs restrict access based on IP addresses, user roles, or device types, enhancing security.
43. What is the purpose of Transport Layer Security (TLS) in IoT?
π A) Encrypts communications between IoT devices
π B) Increases power efficiency
π C) Disables network firewalls
π D) Reduces network latency
β
Answer: A) Encrypts communications between IoT devices
π‘ Explanation: TLS ensures secure communication, preventing eavesdropping and data manipulation.
44. What is a common security risk of Bluetooth-enabled IoT devices?
π A) Faster battery drainage
π B) Bluetooth sniffing and unauthorized access
π C) Reduced Wi-Fi speed
π D) Limited range
β
Answer: B) Bluetooth sniffing and unauthorized access
π‘ Explanation: Attackers can intercept unencrypted Bluetooth communications to steal data or take control of IoT devices.
45. What IoT security best practice prevents unauthorized software execution?
π A) Code signing
π B) Disabling encryption
π C) Enabling anonymous access
π D) Hardcoding passwords
β
Answer: A) Code signing
π‘ Explanation: Code signing ensures firmware/software authenticity, preventing execution of malicious or tampered code.
46. What type of attack occurs when an attacker jams IoT device signals?
π A) Replay attack
π B) Signal Jamming Attack
π C) Cross-Site Request Forgery (CSRF)
π D) XML External Entity (XXE) Injection
β
Answer: B) Signal Jamming Attack
π‘ Explanation: Attackers use radio interference to disrupt IoT device communication, causing denial-of-service.
47. Which of the following is an IoT security risk in smart home systems?
π A) Default passwords on smart devices
π B) Limited battery life
π C) Increased internet speed
π D) Faster device performance
β
Answer: A) Default passwords on smart devices
π‘ Explanation: Unchanged default passwords allow hackers to easily access and control smart home devices.
48. What is the purpose of an IoT intrusion detection system (IDS)?
π A) To increase device speed
π B) To monitor IoT traffic for malicious activities
π C) To disable authentication on IoT devices
π D) To encrypt IoT firmware
β
Answer: B) To monitor IoT traffic for malicious activities
π‘ Explanation: An IoT IDS detects suspicious behavior and alerts administrators about potential security threats.
49. What type of attack involves an attacker sending excessive network traffic to overload an IoT device?
π A) Eavesdropping attack
π B) Brute force attack
π C) Denial-of-Service (DoS) attack
π D) SQL injection
β
Answer: C) Denial-of-Service (DoS) attack
π‘ Explanation: DoS attacks flood IoT devices with traffic, causing them to crash or become unresponsive.
50. What is a common risk associated with IoT supply chain security?
π A) Unverified hardware or firmware modifications
π B) Faster device performance
π C) Reduced data collection
π D) Improved wireless range
β
Answer: A) Unverified hardware or firmware modifications
π‘ Explanation: Attackers may insert malicious hardware or firmware during manufacturing or distribution, compromising security.
51. What IoT security measure ensures a device’s software is genuine and has not been altered?
π A) Device mirroring
π B) Secure boot
π C) Open Wi-Fi access
π D) Using default passwords
β
Answer: B) Secure boot
π‘ Explanation: Secure boot verifies firmware integrity during startup, preventing unauthorized modifications or malware infections.
52. What type of attack exploits the ability of IoT devices to connect to multiple networks?
π A) Phishing
π B) Rogue Access Point Attack
π C) Stack Overflow Attack
π D) SSL Stripping
β
Answer: B) Rogue Access Point Attack
π‘ Explanation: Attackers set up a fake Wi-Fi network that IoT devices connect to, allowing them to intercept and manipulate data.
53. Which protocol is designed to securely manage IoT devices remotely?
π A) HTTP
π B) MQTT with TLS
π C) Telnet
π D) UDP
β
Answer: B) MQTT with TLS
π‘ Explanation: MQTT with TLS encryption ensures secure remote management of IoT devices, preventing unauthorized access.
54. What is an example of a side-channel attack on an IoT device?
π A) Attacking network firewalls
π B) Analyzing power consumption to extract cryptographic keys
π C) Sending malware through email
π D) Blocking IoT updates
β
Answer: B) Analyzing power consumption to extract cryptographic keys
π‘ Explanation: Side-channel attacks exploit physical characteristics of a device, like power usage or electromagnetic emissions, to extract sensitive data.
55. What is an IoT endpoint?
π A) The cloud storage used for IoT data
π B) Any connected IoT device that communicates over a network
π C) A type of malware targeting IoT systems
π D) A firewall that protects IoT networks
β
Answer: B) Any connected IoT device that communicates over a network
π‘ Explanation: An IoT endpoint refers to any smart device that collects, processes, or transmits data within an IoT ecosystem.
56. What does IoT firmware hardening involve?
π A) Making firmware files smaller
π B) Applying security best practices to prevent vulnerabilities
π C) Removing authentication checks
π D) Allowing remote access without credentials
β
Answer: B) Applying security best practices to prevent vulnerabilities
π‘ Explanation: Firmware hardening involves removing unnecessary services, enabling secure updates, and protecting code execution.
57. Which encryption method is considered best practice for IoT device communication?
π A) DES
π B) AES-256
π C) ROT13
π D) MD5
β
Answer: B) AES-256
π‘ Explanation: AES-256 encryption provides strong data security and is widely used to protect IoT communications.
58. What is a key security risk of public IoT networks?
π A) Increased battery life
π B) Data interception and unauthorized access
π C) Improved device performance
π D) Faster cloud communication
β
Answer: B) Data interception and unauthorized access
π‘ Explanation: Public networks lack proper security controls, making IoT devices susceptible to eavesdropping and attacks.
59. What attack manipulates device time settings to bypass security controls?
π A) Time Synchronization Attack
π B) Brute Force Attack
π C) Dictionary Attack
π D) Network Flooding
β
Answer: A) Time Synchronization Attack
π‘ Explanation: Time-based authentication systems can be bypassed by manipulating device time settings.
60. What is the risk of using deprecated encryption algorithms in IoT?
π A) They reduce power consumption
π B) They can be easily cracked by attackers
π C) They improve device speed
π D) They increase storage capacity
β
Answer: B) They can be easily cracked by attackers
π‘ Explanation: Older encryption algorithms (like DES and MD5) are vulnerable to brute force attacks, making them unsafe for IoT security.
61. What is a secure alternative to password-based authentication in IoT?
π A) API tokens with expiration
π B) Using simple numeric PINs
π C) Disabling authentication
π D) Using a single password for all devices
β
Answer: A) API tokens with expiration
π‘ Explanation: Expiring API tokens enhance security by ensuring authentication is temporary and less susceptible to theft.
62. What is the primary goal of IoT device monitoring?
π A) Identifying security threats in real time
π B) Increasing device battery life
π C) Reducing device manufacturing costs
π D) Boosting internet speed
β
Answer: A) Identifying security threats in real time
π‘ Explanation: Continuous monitoring helps detect anomalies, prevent attacks, and ensure device security.
63. What security feature prevents attackers from tampering with IoT device logs?
π A) Logging to a remote, secure server
π B) Storing logs locally without encryption
π C) Deleting logs after 24 hours
π D) Allowing user modifications to logs
β
Answer: A) Logging to a remote, secure server
π‘ Explanation: Remote logging ensures logs are protected from local tampering or deletion by attackers.
64. What is a common characteristic of botnet-infected IoT devices?
π A) Unusual network traffic
π B) Increased battery life
π C) Reduced data storage
π D) Slower internet connections
β
Answer: A) Unusual network traffic
π‘ Explanation: Compromised IoT devices in botnets show high network activity as they participate in DDoS attacks or other cyber threats.
65. What is the function of an IoT security gateway?
π A) To store all IoT device credentials
π B) To act as an intermediary that filters malicious traffic before reaching IoT devices
π C) To allow unrestricted communication between IoT devices
π D) To disable device encryption for faster performance
β
Answer: B) To act as an intermediary that filters malicious traffic before reaching IoT devices
π‘ Explanation: IoT security gateways monitor and filter incoming/outgoing traffic, preventing malware and unauthorized access.
66. What is an example of an IoT denial-of-sleep attack?
π A) Forcing IoT devices to remain active, draining battery life
π B) Preventing firmware updates
π C) Blocking IoT devices from connecting to cloud services
π D) Using multiple IoT devices to launch a DDoS attack
β
Answer: A) Forcing IoT devices to remain active, draining battery life
π‘ Explanation: Denial-of-sleep attacks prevent IoT devices from entering low-power sleep mode, rapidly depleting battery life.
67. What does data integrity mean in IoT security?
π A) Ensuring that data remains unaltered during transmission or storage
π B) Allowing users to modify data anytime
π C) Increasing the speed of IoT data transmission
π D) Storing IoT data without encryption
β
Answer: A) Ensuring that data remains unaltered during transmission or storage
π‘ Explanation: Data integrity ensures that data is not tampered with by attackers during transmission or storage.
68. What is a major risk of allowing remote access to IoT devices?
π A) Increased energy consumption
π B) Devices becoming vulnerable to unauthorized control
π C) Slower internet speeds
π D) Reduced storage capacity
β
Answer: B) Devices becoming vulnerable to unauthorized control
π‘ Explanation: If remote access is not properly secured, attackers can gain control of IoT devices and misuse them.
69. What is a key principle of IoT security-by-design?
π A) Embedding security measures at the earliest stage of IoT device development
π B) Adding security patches after product release
π C) Using the same encryption for all IoT devices
π D) Hardcoding usernames and passwords
β
Answer: A) Embedding security measures at the earliest stage of IoT device development
π‘ Explanation: Security-by-design ensures that IoT devices are built with strong security from the ground up, reducing future vulnerabilities.
70. What type of attack manipulates IoT sensor data to create false readings?
π A) Sensor Spoofing Attack
π B) Dictionary Attack
π C) DDoS Attack
π D) Memory Corruption Attack
β
Answer: A) Sensor Spoofing Attack
π‘ Explanation: Attackers manipulate sensor readings to cause malfunctions, misinformation, or security breaches in IoT systems.
71. What is a significant risk of IoT wearables (e.g., smartwatches, fitness trackers)?
π A) High power consumption
π B) Exposure of sensitive personal data if compromised
π C) Limited battery life
π D) Slow processing speed
β
Answer: B) Exposure of sensitive personal data if compromised
π‘ Explanation: IoT wearables collect sensitive health and location data, making them prime targets for attackers.
72. Why should IoT device logs be stored securely?
π A) To reduce log file size
π B) To prevent attackers from deleting or modifying forensic evidence
π C) To disable security monitoring
π D) To improve device boot speed
β
Answer: B) To prevent attackers from deleting or modifying forensic evidence
π‘ Explanation: Secure logging ensures that security events cannot be erased or manipulated, helping with forensic investigations.
73. What IoT security risk does improper API implementation cause?
π A) Unauthorized data access and control
π B) Increased battery efficiency
π C) Faster cloud synchronization
π D) Improved device encryption
β
Answer: A) Unauthorized data access and control
π‘ Explanation: Weak API security can lead to data breaches and unauthorized device control by attackers.
74. What security feature can prevent unauthorized firmware modifications?
π A) Secure Boot and Code Signing
π B) Open-source encryption
π C) Disabling authentication
π D) Using weak password policies
β
Answer: A) Secure Boot and Code Signing
π‘ Explanation: Secure boot and code signing ensure that only trusted, verified firmware is executed on IoT devices.
75. How can IoT manufacturers reduce supply chain security risks?
π A) Conducting security audits of suppliers and third-party vendors
π B) Using pre-built firmware from unverified sources
π C) Allowing default credentials to remain unchanged
π D) Disabling encryption to improve speed
β
Answer: A) Conducting security audits of suppliers and third-party vendors
π‘ Explanation: Verifying the security of supply chain partners helps prevent hardware backdoors and malicious firmware modifications.
76. What is a risk of IoT-enabled industrial control systems (ICS)?
π A) Vulnerability to cyber-physical attacks that disrupt operations
π B) Reduced power consumption
π C) Faster network speeds
π D) Improved data storage capacity
β
Answer: A) Vulnerability to cyber-physical attacks that disrupt operations
π‘ Explanation: Industrial IoT (IIoT) systems are vulnerable to attacks that can cause real-world disruptions in manufacturing, energy, and critical infrastructure.
77. What is an effective way to prevent brute-force attacks on IoT devices?
π A) Enforcing account lockouts after multiple failed login attempts
π B) Using common passwords across all devices
π C) Disabling encryption
π D) Allowing open network access
β
Answer: A) Enforcing account lockouts after multiple failed login attempts
π‘ Explanation: Locking accounts after repeated failed login attempts makes brute-force attacks ineffective.
78. Why is physical tamper detection important for IoT security?
π A) It prevents attackers from physically modifying devices to extract sensitive data
π B) It improves device performance
π C) It increases device speed
π D) It enhances wireless range
β
Answer: A) It prevents attackers from physically modifying devices to extract sensitive data
π‘ Explanation: Tamper-resistant hardware protects firmware, encryption keys, and sensitive information from physical attacks.
79. What is an IoT-based ransomware attack?
π A) Encrypting IoT device data and demanding payment for access restoration
π B) Launching a DoS attack on IoT devices
π C) Manipulating IoT time settings
π D) Disabling remote device access
β
Answer: A) Encrypting IoT device data and demanding payment for access restoration
π‘ Explanation: IoT ransomware locks devices or encrypts their data, forcing victims to pay attackers to regain access.
80. What is a common risk of IoT smart meters used in energy grids?
π A) Tampering with readings to manipulate billing and energy distribution
π B) Increased network speed
π C) Better data storage
π D) Reduced power consumption
β
Answer: A) Tampering with readings to manipulate billing and energy distribution
π‘ Explanation: Attackers can alter smart meter data, leading to fraudulent energy usage or grid instability.
81. What is a common risk of IoT-enabled medical devices?
π A) Unauthorized access leading to data breaches or device manipulation
π B) Extended battery life
π C) Reduced data processing speed
π D) Faster software updates
β
Answer: A) Unauthorized access leading to data breaches or device manipulation
π‘ Explanation: Unsecured medical IoT devices can be hacked to alter medical data, change dosages, or leak sensitive patient records.
82. What is the purpose of IoT threat modeling?
π A) Identifying potential security risks in IoT systems
π B) Improving device aesthetics
π C) Speeding up IoT device boot times
π D) Reducing cloud storage costs
β
Answer: A) Identifying potential security risks in IoT systems
π‘ Explanation: Threat modeling helps organizations analyze attack vectors, vulnerabilities, and countermeasures in IoT systems.
83. What type of IoT attack involves remotely hijacking a smart carβs controls?
π A) Remote Code Execution (RCE) Attack
π B) Drive-by Download Attack
π C) ARP Spoofing
π D) SQL Injection
β
Answer: A) Remote Code Execution (RCE) Attack
π‘ Explanation: RCE attacks exploit vulnerabilities in smart car systems to take control of vehicle functions like braking or acceleration.
84. Why should IoT devices avoid storing sensitive data locally?
π A) It increases device speed
π B) It prevents data loss in case of device theft or compromise
π C) It reduces power consumption
π D) It makes firmware updates unnecessary
β
Answer: B) It prevents data loss in case of device theft or compromise
π‘ Explanation: Storing data remotely or encrypting local data reduces the risk of data leaks if the device is stolen or hacked.
85. What is the main purpose of network access control (NAC) in IoT security?
π A) Restricting unauthorized IoT devices from connecting to the network
π B) Increasing network bandwidth
π C) Enhancing device processing power
π D) Improving IoT device aesthetics
β
Answer: A) Restricting unauthorized IoT devices from connecting to the network
π‘ Explanation: NAC ensures only authenticated and approved devices can access the IoT network, preventing unauthorized access.
86. What is the risk of IoT device cloning?
π A) Attackers create duplicate devices to bypass authentication and infiltrate networks
π B) It slows down device operations
π C) It improves wireless range
π D) It makes devices easier to update
β
Answer: A) Attackers create duplicate devices to bypass authentication and infiltrate networks
π‘ Explanation: Device cloning allows attackers to impersonate legitimate devices, leading to unauthorized access and data theft.
87. How does blockchain enhance IoT security?
π A) Provides a tamper-proof decentralized ledger for secure transactions
π B) Reduces IoT power consumption
π C) Makes device updates unnecessary
π D) Increases IoT network speed
β
Answer: A) Provides a tamper-proof decentralized ledger for secure transactions
π‘ Explanation: Blockchain technology enhances security by ensuring data integrity and preventing unauthorized modifications.
88. What is the risk of IoT-enabled security cameras?
π A) They can be hacked to spy on users or launch DDoS attacks
π B) They increase internet speed
π C) They consume more energy than other IoT devices
π D) They improve network bandwidth
β
Answer: A) They can be hacked to spy on users or launch DDoS attacks
π‘ Explanation: Poorly secured IoT cameras can be remotely accessed by attackers for espionage or botnet recruitment.
89. What security protocol is recommended for securing IoT Wi-Fi connections?
π A) WPA3
π B) WEP
π C) Open Wi-Fi
π D) HTTP
β
Answer: A) WPA3
π‘ Explanation: WPA3 encryption provides stronger security than older standards like WPA2 or WEP, protecting IoT devices from attacks.
90. What is a common security risk of smart door locks?
π A) Vulnerabilities allowing attackers to bypass authentication and unlock doors remotely
π B) Reduced battery life
π C) Increased device aesthetics
π D) Limited connectivity
β
Answer: A) Vulnerabilities allowing attackers to bypass authentication and unlock doors remotely
π‘ Explanation: Poorly secured smart locks can be hacked, allowing unauthorized access to homes and buildings.
91. What is an IoT honeypot used for?
π A) Attracting and analyzing cyber attackers to study their techniques
π B) Increasing IoT bandwidth
π C) Improving device aesthetics
π D) Preventing firmware updates
β
Answer: A) Attracting and analyzing cyber attackers to study their techniques
π‘ Explanation: Honeypots mimic vulnerable IoT devices to trap hackers and gather intelligence on their tactics.
92. What is an effective way to secure IoT firmware updates?
π A) Using digitally signed and encrypted updates
π B) Disabling firmware updates
π C) Downloading updates from unverified sources
π D) Allowing updates without authentication
β
Answer: A) Using digitally signed and encrypted updates
π‘ Explanation: Signed and encrypted firmware updates prevent attackers from injecting malicious code into IoT devices.
93. What is an IoT digital twin?
π A) A virtual replica of a physical IoT device used for monitoring and simulation
π B) A clone of an IoT device created by hackers
π C) An extra IoT device used for redundancy
π D) A backup encryption method
β
Answer: A) A virtual replica of a physical IoT device used for monitoring and simulation
π‘ Explanation: Digital twins allow real-time monitoring and predictive analysis of IoT devices without directly affecting operations.
94. What is the purpose of intrusion prevention systems (IPS) in IoT networks?
π A) Actively blocking detected threats before they cause harm
π B) Increasing IoT bandwidth
π C) Improving wireless signal strength
π D) Storing encryption keys
β
Answer: A) Actively blocking detected threats before they cause harm
π‘ Explanation: IPS detects and blocks malicious traffic, preventing IoT security breaches.
95. Why is network segmentation important for IoT security?
π A) It isolates critical devices from potential threats
π B) It increases IoT device battery life
π C) It improves Wi-Fi signal strength
π D) It speeds up device boot times
β
Answer: A) It isolates critical devices from potential threats
π‘ Explanation: Segmentation prevents attackers from moving laterally between IoT devices and critical systems.
96. What is the primary security concern with IoT edge computing?
π A) Increased latency in data transmission
π B) Risk of local device compromise due to decentralized processing
π C) Increased cloud storage costs
π D) Limited bandwidth availability
β
Answer: B) Risk of local device compromise due to decentralized processing
π‘ Explanation: Edge computing processes data locally, reducing reliance on cloud infrastructure but making edge devices a prime target for cyberattacks.
97. What is the primary function of a hardware security module (HSM) in IoT?
π A) To speed up IoT device communication
π B) To provide secure storage for cryptographic keys and sensitive data
π C) To reduce device manufacturing costs
π D) To allow anonymous access to IoT networks
β
Answer: B) To provide secure storage for cryptographic keys and sensitive data
π‘ Explanation: HSMs protect encryption keys and sensitive credentials, reducing the risk of data breaches and unauthorized access.
98. How does the lack of entropy impact IoT security?
π A) It makes encryption keys predictable and vulnerable to attacks
π B) It increases device processing speed
π C) It improves wireless communication
π D) It reduces battery consumption
β
Answer: A) It makes encryption keys predictable and vulnerable to attacks
π‘ Explanation: IoT devices often lack sufficient randomness (entropy), making their encryption keys easier to crack.
99. What is a common vulnerability in IoT-enabled smart cities?
π A) Poorly secured public infrastructure devices that can be remotely manipulated
π B) Increased street lighting efficiency
π C) Improved Wi-Fi coverage
π D) Faster emergency response times
β
Answer: A) Poorly secured public infrastructure devices that can be remotely manipulated
π‘ Explanation: Smart city IoT systems (traffic lights, CCTV, smart grids) can be hacked if not properly secured, leading to public safety risks.
100. What is an IoT deep packet inspection (DPI) tool used for?
π A) Analyzing IoT network traffic for threats and anomalies
π B) Increasing device processing speed
π C) Improving battery efficiency
π D) Disabling encryption for faster performance
β
Answer: A) Analyzing IoT network traffic for threats and anomalies
π‘ Explanation: DPI tools inspect network traffic at a granular level to detect malicious activity and prevent cyber threats.
101. What is an effective way to prevent IoT side-channel attacks?
π A) Using constant power consumption methods to prevent data leaks
π B) Increasing Wi-Fi signal strength
π C) Reducing IoT device storage capacity
π D) Disabling encryption
β
Answer: A) Using constant power consumption methods to prevent data leaks
π‘ Explanation: Side-channel attacks analyze power usage or electromagnetic emissions to extract secrets, and constant power draw techniques reduce this risk.
102. What is a primary risk of insecure IoT APIs?
π A) Attackers can manipulate device functionality or extract sensitive data
π B) Reduced device power consumption
π C) Improved software update speeds
π D) Increased data transmission rates
β
Answer: A) Attackers can manipulate device functionality or extract sensitive data
π‘ Explanation: Weak API security exposes IoT devices to unauthorized access, data leaks, and control manipulation.
103. What does device attestation help with in IoT security?
π A) Verifying the identity and integrity of an IoT device before allowing access
π B) Increasing battery life
π C) Allowing unverified firmware updates
π D) Disabling authentication mechanisms
β
Answer: A) Verifying the identity and integrity of an IoT device before allowing access
π‘ Explanation: Device attestation ensures that only trusted devices can connect to networks and services, reducing security risks.
104. Why is physical access control important for IoT data centers?
π A) Prevents unauthorized personnel from tampering with hardware and sensitive data
π B) Increases data storage capacity
π C) Speeds up network connectivity
π D) Reduces power consumption
β
Answer: A) Prevents unauthorized personnel from tampering with hardware and sensitive data
π‘ Explanation: Unauthorized physical access can lead to hardware tampering, data breaches, and compromised device security.
105. What security risk does IoT-based drone technology pose?
π A) Drones can be hijacked and used for malicious activities
π B) Drones increase signal strength in remote areas
π C) Drones consume less power than traditional IoT devices
π D) Drones improve supply chain security
β
Answer: A) Drones can be hijacked and used for malicious activities
π‘ Explanation: If drone IoT systems are not properly secured, attackers can take control, steal data, or use drones for surveillance.
106. What is a security risk associated with IoT biometric authentication?
π A) Biometric data, once stolen, cannot be changed like passwords
π B) Biometric authentication reduces device processing speed
π C) It increases encryption complexity
π D) It prevents firmware updates
β
Answer: A) Biometric data, once stolen, cannot be changed like passwords
π‘ Explanation: Unlike passwords, compromised biometric data (fingerprints, facial recognition) cannot be reset, making stolen credentials permanent security risks.
107. Why is IoT botnet detection challenging?
π A) IoT devices often have limited logging and security monitoring capabilities
π B) Botnets improve IoT network speeds
π C) Most IoT devices have built-in antivirus
π D) Botnets help devices consume less power
β
Answer: A) IoT devices often have limited logging and security monitoring capabilities
π‘ Explanation: IoT devices lack extensive security features, making it difficult to detect malware infections and botnet activity.
108. How does multi-factor authentication (MFA) improve IoT security?
π A) Requires additional verification beyond just a password
π B) Reduces encryption overhead
π C) Allows anonymous access
π D) Improves data transmission speeds
β
Answer: A) Requires additional verification beyond just a password
π‘ Explanation: MFA enhances security by adding an extra authentication layer, reducing the risk of unauthorized access.
109. What is a common issue with IoT remote access services?
π A) They can be exploited if improperly configured, leading to unauthorized access
π B) They increase device battery life
π C) They improve IoT bandwidth
π D) They prevent DDoS attacks
β
Answer: A) They can be exploited if improperly configured, leading to unauthorized access
π‘ Explanation: Exposed remote access services (such as Telnet, SSH, or RDP) can be abused by attackers if not secured properly.
110. What does IoT forensics focus on?
π A) Investigating and analyzing security incidents involving IoT devices
π B) Increasing device battery efficiency
π C) Enhancing IoT device signal strength
π D) Reducing the cost of IoT cloud storage
β
Answer: A) Investigating and analyzing security incidents involving IoT devices
π‘ Explanation: IoT forensics involves recovering evidence from compromised devices, analyzing attack methods, and preventing future breaches.
111. What is the role of AI in enhancing IoT security?
π A) Detecting anomalies and suspicious behavior in real time
π B) Reducing power consumption in IoT devices
π C) Disabling encryption to improve performance
π D) Improving internet speed
β
Answer: A) Detecting anomalies and suspicious behavior in real time
π‘ Explanation: AI-based security systems analyze patterns and detect anomalies that indicate potential cyber threats in IoT networks.
112. What is an example of IoT physical layer security?
π A) Preventing unauthorized access to device firmware
π B) Encrypting network traffic
π C) Implementing tamper-resistant hardware
π D) Using default usernames and passwords
β
Answer: C) Implementing tamper-resistant hardware
π‘ Explanation: Physical security measures like tamper detection prevent attackers from modifying or extracting sensitive data from IoT devices.
113. How can IoT devices be protected against replay attacks?
π A) Using timestamp-based authentication mechanisms
π B) Allowing unauthenticated access
π C) Storing passwords in plaintext
π D) Reducing device encryption
β
Answer: A) Using timestamp-based authentication mechanisms
π‘ Explanation: Timestamp-based authentication ensures that intercepted authentication requests cannot be reused by attackers.
114. What is the primary security risk of IoT wearables used in corporate environments?
π A) They can be used as entry points for network breaches
π B) They improve employee productivity
π C) They reduce network bandwidth
π D) They increase battery efficiency
β
Answer: A) They can be used as entry points for network breaches
π‘ Explanation: Unsecured wearables connected to corporate networks can be exploited to gain unauthorized access to sensitive business data.
115. What is IoT data exfiltration?
π A) Unauthorized transfer of sensitive data from IoT devices
π B) Deleting stored data from IoT devices
π C) Compressing IoT data to save storage space
π D) Encrypting IoT data for protection
β
Answer: A) Unauthorized transfer of sensitive data from IoT devices
π‘ Explanation: Attackers use various techniques (malware, unauthorized API access) to extract sensitive information from IoT devices.
116. What does device lifecycle management in IoT security involve?
π A) Managing security updates from deployment to decommissioning
π B) Reducing the device size for portability
π C) Increasing the device’s internet speed
π D) Disabling device encryption after installation
β
Answer: A) Managing security updates from deployment to decommissioning
π‘ Explanation: Lifecycle management ensures that IoT devices receive security updates and are properly decommissioned to prevent security risks.
117. What is an example of insecure IoT network segmentation?
π A) Placing IoT devices and critical infrastructure on the same network
π B) Using VLANs to separate IoT devices from sensitive systems
π C) Encrypting all network traffic
π D) Using firewalls to monitor traffic
β
Answer: A) Placing IoT devices and critical infrastructure on the same network
π‘ Explanation: Poor network segmentation allows compromised IoT devices to act as entry points for lateral movement into critical systems.
118. What is the risk of using IoT devices with unsupported firmware?
π A) Devices will not receive security updates, making them vulnerable to attacks
π B) Devices will consume more power
π C) Devices will operate at a slower speed
π D) Devices will have reduced storage
β
Answer: A) Devices will not receive security updates, making them vulnerable to attacks
π‘ Explanation: Unsupported firmware lacks security patches, leaving devices open to exploitation by attackers.
119. What is a key concern of IoT-based industrial control systems (ICS)?
π A) Cyber-physical attacks that disrupt critical infrastructure
π B) Increased manufacturing efficiency
π C) Reduced data processing speed
π D) Enhanced system automation
β
Answer: A) Cyber-physical attacks that disrupt critical infrastructure
π‘ Explanation: ICS IoT devices control physical processes, and attacks on these systems can lead to equipment damage, power grid failures, or safety hazards.
120. Why should IoT devices use ephemeral encryption keys?
π A) They reduce the impact of key compromise by frequently changing
π B) They speed up encryption processing
π C) They increase device storage
π D) They enhance battery efficiency
β
Answer: A) They reduce the impact of key compromise by frequently changing
π‘ Explanation: Ephemeral encryption keys change frequently, limiting an attacker’s ability to decrypt data if a key is compromised.
121. What is the danger of excessive permissions in IoT applications?
π A) Attackers can exploit overprivileged applications to escalate privileges
π B) Applications run faster
π C) IoT devices consume less power
π D) IoT devices improve network speed
β
Answer: A) Attackers can exploit overprivileged applications to escalate privileges
π‘ Explanation: Granting excessive permissions increases the attack surface, allowing attackers to exploit vulnerable applications for privilege escalation.
122. What is a primary risk of IoT-enabled smart TVs?
π A) Unauthorized tracking and data collection
π B) Improved screen resolution
π C) Increased power efficiency
π D) Faster internet browsing
β
Answer: A) Unauthorized tracking and data collection
π‘ Explanation: Smart TVs collect viewing habits and other data, which can be misused or leaked if not properly secured.
123. What type of cyberattack involves inserting malicious software into IoT firmware?
π A) Firmware Injection Attack
π B) Denial-of-Service Attack
π C) Phishing Attack
π D) Cross-Site Scripting
β
Answer: A) Firmware Injection Attack
π‘ Explanation: Attackers modify IoT firmware to embed malware, create backdoors, or disable security protections.
124. How does IoT security logging help in cyber incident response?
π A) It provides detailed logs for forensic investigation and threat detection
π B) It reduces storage usage
π C) It disables security monitoring
π D) It speeds up internet access
β
Answer: A) It provides detailed logs for forensic investigation and threat detection
π‘ Explanation: Logging records security events and anomalies, helping detect breaches and investigate cyber incidents.
125. Why is IoT endpoint detection and response (EDR) important?
π A) It provides real-time monitoring and automated threat response for IoT devices
π B) It increases IoT power consumption
π C) It disables device encryption
π D) It reduces device speed
β
Answer: A) It provides real-time monitoring and automated threat response for IoT devices
π‘ Explanation: IoT EDR continuously monitors for threats, preventing cyberattacks in real time.
126. What is a common method attackers use to exploit IoT cloud integrations?
π A) API exploitation to gain unauthorized access
π B) Increasing device storage
π C) Reducing device network speed
π D) Encrypting IoT logs
β
Answer: A) API exploitation to gain unauthorized access
π‘ Explanation: Weak API security in cloud-integrated IoT devices can allow attackers to extract data, manipulate device functionality, or gain unauthorized access.
127. What is an IoT honeynet?
π A) A network of honeypots designed to detect and analyze IoT-based cyber threats
π B) A secure VPN for IoT devices
π C) A physical security layer for IoT devices
π D) A method for optimizing IoT network speed
β
Answer: A) A network of honeypots designed to detect and analyze IoT-based cyber threats
π‘ Explanation: IoT honeynets consist of multiple honeypots to lure attackers and collect data on real-world cyberattack tactics.
128. What type of encryption should be avoided in IoT devices due to its vulnerabilities?
π A) DES (Data Encryption Standard)
π B) AES-256
π C) TLS 1.3
π D) ChaCha20
β
Answer: A) DES (Data Encryption Standard)
π‘ Explanation: DES is considered weak and can be easily cracked by modern computing power, making it unsuitable for IoT security.
129. How can IoT manufacturers prevent hardware trojans in their devices?
π A) Implement strict supply chain security and conduct hardware integrity checks
π B) Allow third-party modifications to firmware
π C) Remove encryption to speed up processes
π D) Use a single vendor for all components
β
Answer: A) Implement strict supply chain security and conduct hardware integrity checks
π‘ Explanation: Hardware trojans can be inserted during manufacturing, so ensuring secure supply chains and component verification is crucial.
130. Why is over-the-air (OTA) update security critical for IoT devices?
π A) Attackers can hijack insecure OTA updates to inject malicious firmware
π B) OTA updates increase power consumption
π C) OTA updates reduce IoT device network speed
π D) OTA updates disable encryption
β
Answer: A) Attackers can hijack insecure OTA updates to inject malicious firmware
π‘ Explanation: Unsecured OTA updates can be intercepted by attackers to deliver malware or backdoored firmware to IoT devices.
131. What is the primary goal of an IoT penetration test?
π A) Identifying vulnerabilities and security gaps in IoT devices and networks
π B) Speeding up IoT network traffic
π C) Reducing IoT power consumption
π D) Disabling encryption for faster response times
β
Answer: A) Identifying vulnerabilities and security gaps in IoT devices and networks
π‘ Explanation: Penetration testing simulates attacks on IoT systems to uncover security weaknesses before real attackers do.
132. What is a common risk of voice-controlled IoT devices?
π A) Voice commands can be intercepted or manipulated using adversarial attacks
π B) Voice recognition improves device efficiency
π C) Voice control reduces energy consumption
π D) Voice-based IoT devices are immune to cyberattacks
β
Answer: A) Voice commands can be intercepted or manipulated using adversarial attacks
π‘ Explanation: Attackers can use specially crafted audio signals to manipulate voice-controlled IoT devices, triggering unauthorized actions.
133. What does IoT network behavior analysis focus on?
π A) Detecting unusual device communication patterns that indicate threats
π B) Reducing bandwidth consumption
π C) Increasing device storage
π D) Disabling security monitoring
β
Answer: A) Detecting unusual device communication patterns that indicate threats
π‘ Explanation: Analyzing network behavior helps detect anomalies such as botnet infections, unauthorized access, or compromised devices.
134. What risk does an exposed IoT MQTT broker present?
π A) Attackers can intercept and manipulate IoT messages
π B) It increases device processing speed
π C) It enhances IoT network efficiency
π D) It prevents unauthorized access
β
Answer: A) Attackers can intercept and manipulate IoT messages
π‘ Explanation: MQTT brokers manage IoT device communication, and if not secured properly, attackers can steal or modify IoT data in transit.
135. How does blockchain improve IoT security?
π A) By providing a decentralized and immutable record of device transactions
π B) By increasing IoT device processing speed
π C) By disabling authentication for faster access
π D) By encrypting all IoT network traffic
β
Answer: A) By providing a decentralized and immutable record of device transactions
π‘ Explanation: Blockchain ensures integrity in IoT transactions, preventing data tampering and unauthorized modifications.
136. What is the risk of hardcoding credentials in IoT firmware?
π A) Credentials can be extracted and used by attackers to gain access
π B) It enhances encryption efficiency
π C) It speeds up authentication
π D) It reduces storage requirements
β
Answer: A) Credentials can be extracted and used by attackers to gain access
π‘ Explanation: Hardcoded credentials in firmware make IoT devices vulnerable to attacks since they cannot be easily changed or updated.
137. What security risk is associated with insecure bootloaders in IoT?
π A) Attackers can load malicious firmware, bypassing security protections
π B) It reduces network speed
π C) It increases device battery consumption
π D) It enhances system logging
β
Answer: A) Attackers can load malicious firmware, bypassing security protections
π‘ Explanation: An insecure bootloader allows unauthorized firmware to be installed, leading to potential malware infections.
138. What is the role of secure enclaves in IoT security?
π A) Providing isolated, protected environments for sensitive operations
π B) Increasing IoT device network speed
π C) Reducing power consumption
π D) Disabling authentication
β
Answer: A) Providing isolated, protected environments for sensitive operations
π‘ Explanation: Secure enclaves protect critical computations and encryption keys from unauthorized access and tampering.
139. What is a critical security challenge in IoT device identity management?
π A) Ensuring unique, verifiable identities for every connected device
π B) Reducing device weight
π C) Increasing network speed
π D) Improving device storage
β
Answer: A) Ensuring unique, verifiable identities for every connected device
π‘ Explanation: Proper identity management ensures only authenticated devices can interact with IoT networks, preventing unauthorized access.
140. Why should IoT devices limit data retention?
π A) To reduce the risk of data breaches and regulatory non-compliance
π B) To improve device processing speed
π C) To reduce battery consumption
π D) To increase storage capacity
β
Answer: A) To reduce the risk of data breaches and regulatory non-compliance
π‘ Explanation: Storing only necessary data minimizes the impact of potential breaches and ensures compliance with privacy laws like GDPR and CCPA.
141. What is the main security risk of IoT-enabled home automation systems?
π A) They can be remotely controlled by attackers if improperly secured
π B) They increase home energy consumption
π C) They reduce wireless range
π D) They improve internet speed
β
Answer: A) They can be remotely controlled by attackers if improperly secured
π‘ Explanation: IoT-enabled smart home devices (like locks, lights, and thermostats) can be exploited if weak authentication is used, leading to unauthorized control.
142. How does IoT device sandboxing enhance security?
π A) By isolating application processes to prevent malware spread
π B) By reducing data storage
π C) By increasing device processing speed
π D) By disabling encryption
β
Answer: A) By isolating application processes to prevent malware spread
π‘ Explanation: Sandboxing ensures that IoT applications operate in isolated environments, preventing malware from compromising the entire system.
143. What is a risk of using outdated IoT communication protocols?
π A) Increased exposure to known vulnerabilities and exploits
π B) Improved wireless signal strength
π C) Enhanced encryption security
π D) Reduced device processing time
β
Answer: A) Increased exposure to known vulnerabilities and exploits
π‘ Explanation: Older communication protocols (like SSL and WEP) have known vulnerabilities that attackers can easily exploit to compromise IoT devices.
144. What does an IoT access control policy define?
π A) Which users and devices can access IoT systems and what actions they can perform
π B) How fast IoT devices can communicate
π C) How much power IoT devices consume
π D) The maximum number of IoT devices that can be connected
β
Answer: A) Which users and devices can access IoT systems and what actions they can perform
π‘ Explanation: Access control policies define rules and permissions, ensuring that only authorized entities can access IoT resources.
145. Why is DHCP security important for IoT networks?
π A) To prevent unauthorized devices from obtaining IP addresses
π B) To increase device battery life
π C) To reduce firmware update frequency
π D) To speed up device boot times
β
Answer: A) To prevent unauthorized devices from obtaining IP addresses
π‘ Explanation: Compromised DHCP servers can assign malicious IP configurations to IoT devices, leading to Man-in-the-Middle (MitM) attacks.
146. What is a primary concern with IoT integration in healthcare environments?
π A) Patient data security and unauthorized access to medical devices
π B) Increased energy consumption
π C) Limited device connectivity
π D) Reduced data storage requirements
β
Answer: A) Patient data security and unauthorized access to medical devices
π‘ Explanation: IoT medical devices (like pacemakers and insulin pumps) must be secured to prevent life-threatening cyberattacks and data leaks.
147. What is an IoT Secure Element (SE)?
π A) A hardware-based security module for storing sensitive data securely
π B) A method to disable device authentication
π C) A wireless communication protocol
π D) A type of cloud storage
β
Answer: A) A hardware-based security module for storing sensitive data securely
π‘ Explanation: Secure Elements (SE) provide tamper-resistant storage for sensitive data such as encryption keys and authentication credentials.
148. What security risk does Bluetooth Low Energy (BLE) pose in IoT?
π A) Unauthorized data interception through Bluetooth sniffing attacks
π B) Reduced battery life
π C) Increased wireless interference
π D) Decreased encryption complexity
β
Answer: A) Unauthorized data interception through Bluetooth sniffing attacks
π‘ Explanation: BLE connections can be intercepted by attackers if proper encryption and pairing security measures are not enforced.
149. What role does Zero Trust Architecture (ZTA) play in IoT security?
π A) Enforces continuous verification of all devices and users, even within the network
π B) Reduces network encryption
π C) Increases IoT processing speed
π D) Disables firewalls to improve performance
β
Answer: A) Enforces continuous verification of all devices and users, even within the network
π‘ Explanation: Zero Trust Architecture ensures that no device or user is automatically trusted, reducing the risk of insider threats and lateral movement in IoT networks.
150. Why should IoT devices use whitelisting instead of blacklisting?
π A) Whitelisting allows only approved applications and connections, reducing attack surfaces
π B) It prevents software updates
π C) It increases power consumption
π D) It allows attackers to bypass encryption
β
Answer: A) Whitelisting allows only approved applications and connections, reducing attack surfaces
π‘ Explanation: Whitelisting ensures that only trusted applications, devices, and network traffic are allowed, blocking unauthorized connections by default.
151. What is the risk of using an IoT device with an open serial/debug interface (e.g., UART, JTAG)?
π A) Attackers can directly manipulate device firmware and gain root access
π B) Increased device energy consumption
π C) Improved internet speed
π D) Reduced need for encryption
β
Answer: A) Attackers can directly manipulate device firmware and gain root access
π‘ Explanation: Unprotected debug interfaces allow attackers to modify firmware, extract sensitive data, or bypass authentication controls.
152. What is an effective mitigation strategy for IoT supply chain attacks?
π A) Conducting regular security audits of manufacturers and suppliers
π B) Disabling encryption to reduce processing overhead
π C) Using only proprietary hardware with no security reviews
π D) Allowing all devices unrestricted network access
β
Answer: A) Conducting regular security audits of manufacturers and suppliers
π‘ Explanation: Supply chain security ensures that components and firmware are free from backdoors, malware, and unauthorized modifications.
153. How does Transport Layer Security (TLS) protect IoT communications?
π A) Encrypting data in transit to prevent interception and tampering
π B) Increasing IoT device speed
π C) Disabling authentication for faster connections
π D) Reducing power consumption
β
Answer: A) Encrypting data in transit to prevent interception and tampering
π‘ Explanation: TLS encrypts communication channels between IoT devices, servers, and cloud services, preventing eavesdropping and MitM attacks.
154. What security measure can prevent botnets from infecting IoT devices?
π A) Enforcing strong password policies and disabling default credentials
π B) Reducing encryption levels
π C) Disabling logging
π D) Allowing all incoming network traffic
β
Answer: A) Enforcing strong password policies and disabling default credentials
π‘ Explanation: Weak credentials and unchanged default passwords are the primary methods attackers use to infect IoT devices with botnets.
155. Why is physical device tampering a significant security concern in IoT?
π A) Attackers can extract firmware, credentials, or manipulate device functionality
π B) It slows down data transmission
π C) It increases device temperature
π D) It reduces battery life
β
Answer: A) Attackers can extract firmware, credentials, or manipulate device functionality
π‘ Explanation: If an IoT device is physically accessed, attackers can extract sensitive data or install malicious firmware, leading to security breaches.
156. How does a side-channel attack compromise IoT security?
π A) By analyzing physical properties like power consumption and electromagnetic emissions
π B) By using brute force to crack passwords
π C) By modifying firewall configurations
π D) By blocking software updates
β
Answer: A) By analyzing physical properties like power consumption and electromagnetic emissions
π‘ Explanation: Side-channel attacks extract sensitive information by monitoring power usage, electromagnetic leaks, or timing variations during device operations.
157. What is a key risk of IoT smart grid systems?
π A) Cyber-physical attacks can manipulate power distribution and grid stability
π B) They reduce overall power efficiency
π C) They improve encryption performance
π D) They increase latency in industrial operations
β
Answer: A) Cyber-physical attacks can manipulate power distribution and grid stability
π‘ Explanation: Hackers targeting smart grids can disrupt power distribution, cause outages, and even manipulate billing data.
158. Why should IoT devices use unique cryptographic keys instead of shared ones?
π A) To prevent attackers from compromising multiple devices if a single key is leaked
π B) To increase device speed
π C) To improve battery life
π D) To make debugging easier
β
Answer: A) To prevent attackers from compromising multiple devices if a single key is leaked
π‘ Explanation: Using the same encryption key across multiple devices means if one device is breached, all others are vulnerable.
159. What is an effective mitigation for IoT denial-of-service (DoS) attacks?
π A) Implementing rate limiting and anomaly detection mechanisms
π B) Reducing the number of connected devices
π C) Removing device firewalls
π D) Disabling authentication to speed up processing
β
Answer: A) Implementing rate limiting and anomaly detection mechanisms
π‘ Explanation: Rate limiting and anomaly detection prevent excessive requests from overwhelming IoT devices, reducing the impact of DoS attacks.
160. What is a primary risk of IoT device exposure on public networks?
π A) Attackers can remotely access and control the device
π B) The device consumes more bandwidth
π C) The device automatically updates its firmware
π D) The deviceβs battery drains faster
β
Answer: A) Attackers can remotely access and control the device
π‘ Explanation: Exposing IoT devices on public networks without proper authentication allows attackers to exploit them for malicious purposes.
161. How can organizations detect compromised IoT devices in their networks?
π A) By monitoring network traffic for unusual activity
π B) By reducing encryption levels
π C) By disabling logging features
π D) By allowing all devices to communicate freely
β
Answer: A) By monitoring network traffic for unusual activity
π‘ Explanation: Anomalies such as increased traffic, communication with unknown IPs, or unexpected data transmissions indicate potential IoT compromise.
162. What is the main security risk associated with IoT remote access?
π A) Unauthorized attackers can gain control over devices if access is not secured
π B) It reduces device speed
π C) It increases power consumption
π D) It prevents DoS attacks
β
Answer: A) Unauthorized attackers can gain control over devices if access is not secured
π‘ Explanation: Weak remote access security (e.g., default passwords, no MFA) allows hackers to take over IoT devices remotely.
163. What is a common weakness in IoT cloud storage security?
π A) Inadequate encryption of stored data
π B) Increased data storage capacity
π C) Faster data retrieval
π D) Reduced power consumption
β
Answer: A) Inadequate encryption of stored data
π‘ Explanation: If IoT cloud storage is not encrypted properly, attackers who gain access to it can steal sensitive data.
164. Why should IoT devices avoid excessive data collection?
π A) To reduce privacy risks and limit the impact of data breaches
π B) To improve wireless network speed
π C) To enhance device battery life
π D) To reduce firmware update frequency
β
Answer: A) To reduce privacy risks and limit the impact of data breaches
π‘ Explanation: Collecting only necessary data minimizes security and privacy risks if a breach occurs.
165. What is a security challenge of IoT biometric authentication?
π A) Biometric data, once compromised, cannot be changed
π B) Biometric authentication slows down IoT operations
π C) Biometrics improve encryption complexity
π D) Biometrics prevent software updates
β
Answer: A) Biometric data, once compromised, cannot be changed
π‘ Explanation: Unlike passwords, biometric data cannot be reset, making compromised biometric information a permanent security risk.
166. What is an effective way to prevent rogue IoT devices from connecting to a network?
π A) Implementing MAC address filtering and access control lists (ACLs)
π B) Increasing wireless transmission power
π C) Reducing encryption strength
π D) Allowing open network access
β
Answer: A) Implementing MAC address filtering and access control lists (ACLs)
π‘ Explanation: MAC address filtering and ACLs ensure only authorized IoT devices can connect to the network, blocking rogue devices.
167. Why is firmware rollback protection important for IoT security?
π A) It prevents attackers from downgrading devices to vulnerable firmware versions
π B) It increases IoT device speed
π C) It reduces encryption processing time
π D) It allows firmware updates to be disabled
β
Answer: A) It prevents attackers from downgrading devices to vulnerable firmware versions
π‘ Explanation: Attackers may try to install an older, vulnerable version of firmware, so rollback protection ensures only newer, secure versions are used.
168. What type of malware is commonly used to infect IoT devices and create botnets?
π A) Mirai-like botnet malware
π B) Ransomware
π C) Keyloggers
π D) Spyware
β
Answer: A) Mirai-like botnet malware
π‘ Explanation: Mirai and similar botnet malware exploit weak credentials and vulnerabilities in IoT devices to launch large-scale cyberattacks.
169. Why is mutual authentication important in IoT security?
π A) It ensures both the IoT device and the server verify each other’s identity before communication
π B) It increases battery consumption
π C) It reduces firmware update speed
π D) It prevents device overheating
β
Answer: A) It ensures both the IoT device and the server verify each other’s identity before communication
π‘ Explanation: Mutual authentication prevents attackers from impersonating either the IoT device or the server, reducing MITM attacks.
170. What is the risk of using static passwords in IoT devices?
π A) They are easy for attackers to guess or reuse from breached databases
π B) They improve device processing speed
π C) They reduce network congestion
π D) They increase battery efficiency
β
Answer: A) They are easy for attackers to guess or reuse from breached databases
π‘ Explanation: Static passwords are a major security weakness in IoT devices since they can be guessed, reused, or stolen in credential leaks.
171. What is a security risk of IoT edge devices?
π A) They can be compromised and manipulated to process malicious data locally
π B) They consume less power
π C) They enhance cloud processing efficiency
π D) They prevent data breaches
β
Answer: A) They can be compromised and manipulated to process malicious data locally
π‘ Explanation: IoT edge devices process data locally, making them a target for attacks that manipulate data before it reaches the cloud.
172. Why should IoT devices avoid using deprecated cryptographic algorithms?
π A) They are vulnerable to modern brute force and cryptanalysis attacks
π B) They reduce power consumption
π C) They improve network bandwidth
π D) They speed up encryption processing
β
Answer: A) They are vulnerable to modern brute force and cryptanalysis attacks
π‘ Explanation: Outdated encryption algorithms (e.g., SHA-1, MD5) can be easily cracked, making IoT devices susceptible to data breaches.
173. What security benefit does containerization provide for IoT applications?
π A) It isolates processes, preventing malware from affecting the entire system
π B) It increases IoT device power consumption
π C) It disables encryption
π D) It enhances the physical security of devices
β
Answer: A) It isolates processes, preventing malware from affecting the entire system
π‘ Explanation: Containerization ensures that malicious software or vulnerabilities in one process do not spread to the entire IoT device.
174. What type of attack involves intercepting and modifying IoT device communications?
π A) Man-in-the-Middle (MitM) attack
π B) Phishing attack
π C) SQL Injection attack
π D) Dictionary attack
β
Answer: A) Man-in-the-Middle (MitM) attack
π‘ Explanation: MitM attacks occur when an attacker intercepts and alters communication between an IoT device and its server, leading to data manipulation or eavesdropping.
175. What is an example of an insecure IoT firmware update mechanism?
π A) Unauthenticated firmware updates downloaded over HTTP
π B) Digitally signed and encrypted firmware updates
π C) Using a secure boot mechanism
π D) Requiring two-factor authentication for updates
β
Answer: A) Unauthenticated firmware updates downloaded over HTTP
π‘ Explanation: Firmware updates should always be authenticated, encrypted, and delivered over secure channels (e.g., HTTPS) to prevent tampering.
176. What is a major security risk of using IoT devices in industrial environments?
π A) Attackers can disrupt operations by compromising industrial control systems (ICS)
π B) IoT devices increase data processing speed
π C) IoT devices improve employee productivity
π D) IoT devices consume more power than traditional industrial devices
β
Answer: A) Attackers can disrupt operations by compromising industrial control systems (ICS)
π‘ Explanation: If attackers gain control of IoT devices in industrial environments, they can manipulate operations, cause equipment failure, or disrupt critical infrastructure.
177. What is an IoT rogue device attack?
π A) When an attacker introduces an unauthorized device into an IoT network
π B) When an IoT device overheats
π C) When IoT firmware updates fail
π D) When IoT devices operate on low battery
β
Answer: A) When an attacker introduces an unauthorized device into an IoT network
π‘ Explanation: A rogue IoT device can be used to collect data, launch attacks, or act as a pivot for lateral movement within the network.
178. How does federated identity management improve IoT security?
π A) It allows secure authentication across multiple IoT systems and services
π B) It reduces encryption complexity
π C) It prevents data transmission
π D) It disables firewall protections
β
Answer: A) It allows secure authentication across multiple IoT systems and services
π‘ Explanation: Federated identity management enables users and devices to authenticate across multiple networks securely, reducing authentication overhead and improving security.
179. What is the risk of long-lived IoT session tokens?
π A) They can be stolen and reused by attackers to maintain unauthorized access
π B) They improve network performance
π C) They reduce encryption overhead
π D) They prevent data leaks
β
Answer: A) They can be stolen and reused by attackers to maintain unauthorized access
π‘ Explanation: Short-lived session tokens with automatic expiration reduce the risk of attackers hijacking and reusing them indefinitely.
180. What is an effective way to prevent unauthorized IoT device enrollment?
π A) Implementing mutual authentication before device registration
π B) Allowing open network access for all IoT devices
π C) Disabling encryption during enrollment
π D) Using default administrator credentials
β
Answer: A) Implementing mutual authentication before device registration
π‘ Explanation: Mutual authentication ensures that only legitimate devices can be enrolled in the IoT network, preventing unauthorized access.
181. What is a common IoT vulnerability caused by improper certificate management?
π A) Expired or revoked certificates can lead to authentication failures
π B) Increased encryption speed
π C) Reduced power consumption
π D) Faster data transmission
β
Answer: A) Expired or revoked certificates can lead to authentication failures
π‘ Explanation: IoT devices using expired or revoked certificates may fail authentication, leaving them vulnerable to attacks or denial of service.
182. What is a risk of not implementing proper logging on IoT devices?
π A) Security incidents may go undetected, making forensic investigations difficult
π B) The device processes data faster
π C) The device consumes less energy
π D) Encryption becomes stronger
β
Answer: A) Security incidents may go undetected, making forensic investigations difficult
π‘ Explanation: Without proper logging, security breaches, unauthorized access, and malware infections may not be detected in time.
183. How does IoT network segmentation enhance security?
π A) By isolating IoT devices from critical systems to prevent lateral movement in an attack
π B) By reducing data storage
π C) By improving battery efficiency
π D) By speeding up Wi-Fi connections
β
Answer: A) By isolating IoT devices from critical systems to prevent lateral movement in an attack
π‘ Explanation: Network segmentation ensures that even if an IoT device is compromised, attackers cannot easily access critical infrastructure.
184. What is a key reason for enforcing strong authentication on IoT APIs?
π A) To prevent unauthorized access and data manipulation
π B) To increase device performance
π C) To reduce encryption overhead
π D) To improve IoT battery life
β
Answer: A) To prevent unauthorized access and data manipulation
π‘ Explanation: APIs are often targeted by attackers, so strong authentication ensures that only authorized applications and users can interact with IoT services.
185. What is an effective way to secure IoT firmware updates?
π A) Using digitally signed and encrypted updates delivered over secure channels
π B) Disabling firmware updates to prevent attacks
π C) Downloading updates from third-party sources
π D) Allowing anonymous access to update servers
β
Answer: A) Using digitally signed and encrypted updates delivered over secure channels
π‘ Explanation: Digitally signed updates ensure integrity, while encryption prevents attackers from modifying or injecting malicious firmware.
186. What is the main risk of hardcoded backdoor accounts in IoT devices?
π A) Attackers can exploit them for unauthorized access
π B) They increase device encryption strength
π C) They improve network speed
π D) They reduce power consumption
β
Answer: A) Attackers can exploit them for unauthorized access
π‘ Explanation: Hardcoded backdoor accounts provide a way for attackers to bypass authentication and gain control over IoT devices.
187. Why is monitoring DNS traffic important for IoT security?
π A) It helps detect malicious communications between compromised IoT devices and attacker-controlled servers
π B) It improves IoT device battery life
π C) It reduces the need for encryption
π D) It speeds up firmware updates
β
Answer: A) It helps detect malicious communications between compromised IoT devices and attacker-controlled servers
π‘ Explanation: Monitoring DNS requests can reveal if an IoT device is connecting to suspicious domains, indicating a possible malware infection.
188. How does default port usage impact IoT security?
π A) Attackers often scan for IoT devices using default ports, increasing the risk of unauthorized access
π B) It makes IoT networks more efficient
π C) It enhances encryption performance
π D) It reduces power consumption
β
Answer: A) Attackers often scan for IoT devices using default ports, increasing the risk of unauthorized access
π‘ Explanation: Using default ports makes IoT devices easier to discover and attack, so changing ports or using firewall rules can improve security.
189. What security risk arises from IoT devices using weak or no authentication on local network interfaces?
π A) Attackers can gain direct access to the deviceβs functions and settings
π B) It reduces IoT power consumption
π C) It speeds up wireless communication
π D) It improves data encryption
β
Answer: A) Attackers can gain direct access to the deviceβs functions and settings
π‘ Explanation: Without strong authentication, an attacker on the local network can directly manipulate the IoT device, change configurations, or install malware.
190. Why should IoT devices support regular security patches?
π A) To fix vulnerabilities that attackers might exploit
π B) To reduce network latency
π C) To prevent devices from overheating
π D) To improve device power efficiency
β
Answer: A) To fix vulnerabilities that attackers might exploit
π‘ Explanation: Regular security patches are essential to close vulnerabilities that could be exploited by attackers.
191. What is a potential risk of IoT devices using outdated SSL/TLS versions?
π A) Attackers can decrypt communications using known vulnerabilities
π B) It increases the deviceβs processing speed
π C) It enhances IoT data storage efficiency
π D) It reduces bandwidth consumption
β
Answer: A) Attackers can decrypt communications using known vulnerabilities
π‘ Explanation: Older versions of SSL/TLS have vulnerabilities (e.g., TLS 1.0, SSLv3) that allow attackers to break encryption and intercept data.
192. How does disabling unnecessary services on IoT devices improve security?
π A) It reduces the attack surface by limiting potential entry points for attackers
π B) It speeds up IoT data transmission
π C) It increases device battery efficiency
π D) It allows for faster processing
β
Answer: A) It reduces the attack surface by limiting potential entry points for attackers
π‘ Explanation: Disabling services that are not needed minimizes the number of ways an attacker can exploit a device.
193. What is a primary reason for enforcing strong password policies on IoT devices?
π A) To prevent brute force attacks and unauthorized access
π B) To reduce energy consumption
π C) To increase device speed
π D) To optimize firmware update processes
β
Answer: A) To prevent brute force attacks and unauthorized access
π‘ Explanation: Weak passwords can be easily guessed using brute force attacks, allowing attackers to take control of IoT devices.
194. How can IoT honeypots help improve cybersecurity?
π A) They attract attackers to study their tactics and improve defenses
π B) They increase device performance
π C) They speed up IoT communication
π D) They reduce device overheating
β
Answer: A) They attract attackers to study their tactics and improve defenses
π‘ Explanation: IoT honeypots act as decoys, collecting intelligence on cyber threats and attack methods used against IoT networks.
195. Why is network segmentation critical for securing IoT devices?
π A) It prevents compromised IoT devices from spreading attacks to critical systems
π B) It reduces data encryption overhead
π C) It increases IoT processing speed
π D) It prevents firmware updates
β
Answer: A) It prevents compromised IoT devices from spreading attacks to critical systems
π‘ Explanation: Proper segmentation ensures that an attacker who compromises one IoT device cannot easily move to more sensitive systems.
196. What is the primary risk of using public cloud storage for IoT data without encryption?
π A) Data can be intercepted and accessed by unauthorized users
π B) It speeds up data retrieval
π C) It reduces the cost of IoT operations
π D) It improves device battery life
β
Answer: A) Data can be intercepted and accessed by unauthorized users
π‘ Explanation: Without encryption, sensitive IoT data stored in public cloud services can be accessed if an attacker gains access to the cloud environment.
197. What is a risk of allowing IoT devices to communicate using unsecured Wi-Fi networks?
π A) Attackers can intercept and manipulate device communications
π B) It improves Wi-Fi signal strength
π C) It increases device battery life
π D) It speeds up firmware updates
β
Answer: A) Attackers can intercept and manipulate device communications
π‘ Explanation: Unsecured Wi-Fi networks expose IoT devices to eavesdropping, man-in-the-middle attacks, and data manipulation.
198. Why is it important to use access logs in IoT systems?
π A) They help detect unauthorized access attempts and security breaches
π B) They improve encryption efficiency
π C) They reduce device power consumption
π D) They increase IoT device lifespan
β
Answer: A) They help detect unauthorized access attempts and security breaches
π‘ Explanation: Logging access records helps organizations track user activity and respond quickly to potential security incidents.
199. What is a critical risk of IoT devices relying on weak identity management?
π A) Unauthorized users may gain control over IoT devices
π B) It speeds up device authentication
π C) It improves device connectivity
π D) It reduces energy consumption
β
Answer: A) Unauthorized users may gain control over IoT devices
π‘ Explanation: Without proper identity management, attackers can impersonate legitimate users and take control of IoT devices.
200. What is the role of AI in IoT threat detection?
π A) AI can analyze patterns and detect anomalies that indicate security threats
π B) AI disables IoT authentication features
π C) AI reduces IoT encryption complexity
π D) AI increases device power consumption
β
Answer: A) AI can analyze patterns and detect anomalies that indicate security threats
π‘ Explanation: AI-driven security systems can detect unusual network activity and identify potential threats in IoT environments faster than traditional security tools.