Ceh.v10 IoT Hacking Exam Questions
with Answers
Attack Area : Device memory - Answer-Vulnerability present it this competent are clear-
text credentials, third-party credentials and encryption keys
Attack Area : Ecosystem access control - Answer-Vulnerability present it this competent
are Implicit Trust between Components, Enrollment Security, Decommissioning System
and Lost Access Procedures
Attack Area : Device Firmware - Answer-Vulnerability present it this competent are
Hardcoded Credentials, Sensitive Information/URL Disclosure , Encryption Keys and
Firmware Version Display and/or Last Update Date
Attack Area : Device web interface - Answer-Vulnerability present it this competent are
SQL Injection, Cross-site Scripting, Cross-site Request Forge, Username Enumeration,
Weak Password, Account Lockout and Known Default Credentials
Attack Area : Device physical interfaces - Answer-Vulnerability present it this competent
are Firmware Extraction, User CLI (command-line interface), Admin CLI, Privilege
Escalation, Reset to Insecure State and Removal of Storage Media
Attack Area : Device Network Service - Answer-Vulnerability present it this competent
are Information Disclosure Firmware, Denial-of-Service, UPnP, Vulnerable UDP
Services, User and admin CLI, Injection and Unencrypted services and Poorly
implemented encryption
Attack Area : Administrative Interface - Answer-Vulnerability present it this competent
are SQL Injection, Cross-site Scripting and Cross-site Request Forgery, Username
Enumeration and Known Default Credentials , Weak Passwords and Account Lockout ,
Security/encryption and Logging options, Two-factor authentication and Inability to wipe
device
Attack Area : Local Data Storage - Answer-Vulnerability present it this competent are
Unencrypted Data , Data Encrypted with Discovered Keys and Lack of Data Integrity
Checks
Attack Area : Cloud Web Interface - Answer-Vulnerability present it this competent are
Transport Encryption, SQL Injection, Cross-site Scripting and Cross-site Request
Forgery, Username Enumeration and Known Default Credentials, Weak Passwords and
,Account Lockout , Insecure password recovery mechanism and Two-factor
authentication
Attack Area : Update Mechanism - Answer-Vulnerability present it this competent are
Update Sent without Encryption, Updates Not Signed, Update Verification, Malicious
Update, Missing Update Mechanism and No Manual Update Mechanism
Attack Area : Vendor Backend API's - Answer-Vulnerability present it this competent are
Inherent Trust of Cloud or Mobile Application, Weak Authentication and Weak Access
Controls.
Attack Areas of Mobile Application - Answer-Vulnerability present it this competent are
Implicitly Trusted by Device or Cloud, Username Enumeration, Account Lockout, Known
Default Credentials or Weak Passwords, Insecure Data Storage
Attack Area : Third-party Backend APIs - Answer-Vulnerability present it this competent
are Unencrypted PII Sent, Device Information Leaked and Location Leaked
Internet of Things (IoT) - Answer-Refers to the network of devices with an IP address
that have the capability of sensing, collecting and sending data using embedded
sensors, communication hardware and processors
Application + Network + Mobile + Cloud = ?
Components of IoT - Answer-o Sensing technology
o IoT Gateways
o Cloud Server/ Data Storage
o Remote Control using Mobile App
Components of IoT : Sensing Technology - Answer-Sensors embedded in the devices
sense a wide variety of information from their surroundings like temperature, gases,
location, working of some industrial machine as well as sensing health data of a patient.
Components of IoT : IoT Gateways - Answer-These are used to bridge the gap between
the IoT device (internal network) and the end user (external network) and thus allowing
them to connect and communicate with each other. The data collected by the sensors in
IoT devices send the collected data to the concerned user or cloud through this
Components of IoT : Remote Control using Mobile App - Answer-The end user uses
remote controls such as mobile phones, tabs, laptops, etc. installed with a mobile app to
monitor, control, retrieve data, and take a specific action on IoT devices from a remote
location.
Components of IoT : Cloud Server/Data Storage: - Answer-The collected data after
travelling through the gateway arrives at the cloud, where it is stored and undergoes
data analysis. The processed data is then transmitted to the user where he/she takes
certain action based on the information received by him/her.
, IoT Architecture - Answer-o Application Layer
o Middleware Layer
o Internet Layer
o Access Gateway Layer
o Edge Technology Layer
IoT Architecture : Edge Technology Layer - Answer-This layer consists of all the
hardware parts like sensors, RFID tags, readers or other soft sensors and the device
itself.
These entities are the primary part of the data sensors that are deployed in the field for
monitoring or sensing various phenomena. This layer plays an important part in data
collection, connecting devices within the network and with the server.
IoT Architecture : Access Gateway Layer - Answer-This layer helps to bridge the gap
between two end points like a device and a client. The very first data handling also
takes place in this layer. It carries out message routing, message identification and
subscribing.
IoT Architecture : Internet Layer - Answer-This is the crucial layer as it serves as the
main component in carrying out the communication between two end points such as
device-to-device, device-to-cloud, device-to-gateway and back-end data-sharing
IoT Architecture : Middleware Layer - Answer-This is one of the most critical layers that
operates in two-way mode. As the name suggests this layer sits in the middle of the
application layer and the hardware layer, thus behaving as an interface between these
two layers.
It is responsible for important functions such as data management, device management
and various issues like data analysis, data aggregation, data filtering, device information
discovery and access control.
IoT Architecture : Application Layer - Answer-This layer placed at the top of the stack, is
responsible for the delivery of services to the respective users from different sectors
like building, industrial, manufacturing, automobile, security, healthcare, etc.
Short-range Wireless Communication - Answer-o Bluetooth low energy
o Light-fidelity LiFi
o Near Field Communication
o QR Codes and Barcodes
o Radio Frequency Identification
o Thread
o Wifi
o Wifi Direct
o z-wave
