7. Cloud, Mobile, and IoT Security

Ref:📕CompTIA PenTest+ PT0-002 Cert Guide (Certification Guide) 2nd Edition

Press the Start button to begin the practice test.

PenTest+ (PT0-002) Chapter 07. Cloud, Mobile, and IoT Security

1 / 91

What is a common vulnerability in VM repositories?

A. Attackers cannot access VMs as they’re completely isolated

B. Attackers inject a rogue hypervisor beneath the original hypervisor

C. Hypervisors running on top of other operating systems are inherently vulnerable

D. Attackers upload fake VMs with malicious software and backdoors

2 / 91

Which of the following modules in an IPMI subsystem has direct access to the system’s motherboard and other hardware, and if compromised, can potentially allow someone to monitor, reboot, and even install implants in the system?

A. Satellite Controller

B. System Interface

C. Intelligent Platform Management Bus/Bridge

D. Baseboard Management Controller (BMC)

3 / 91

What function does Dagda serve in securing containers?

A. Assesses the security posture of Kubernetes clusters

B. Detects vulnerabilities, Trojans, backdoors, and malware in Docker images and containers

C. Provides threat detection for Kubernetes

D. Performs a security assessment of Kubernetes clusters based on the CIS Kubernetes Benchmark

4 / 91

What is an objection biometric bypass attack in the context of mobile device vulnerabilities?

A. It is a technique used by attackers to issue certificates to impostors.

B. It is a means of bypassing local authentication in iOS and Android devices.

C. It is a technique to analyze the compiled mobile app to extract information about its source code.

D. It refers to leveraging known vulnerabilities in dependencies of a mobile application.

5 / 91

What is a hyperjacking attack in the context of virtual machines?

A. It is an attack where a fake hypervisor is installed to manage the entire virtual environment

B. It is a vulnerability that allows attackers to access the hardware of the host system

C. It is an attack where a malicious software is uploaded to the VM repositories

D. It is a vulnerability that allows one VM to access resources and data from another VM

6 / 91

Which testing platform yields access to various exploits that can be used against Android platforms?

A. APK Studio

B. Postman

C. Objection

D. Drozer

7 / 91

What is a directto-origin (D2O) attack?

A. A technique used by attackers to reveal the original network or IP address behind a content delivery network (CDN) or large proxy.

B. An attack launched by botnets comprising numerous compromised devices.

C. A single-packet vulnerability in network equipment used in cloud environments.

D. A volumetric distributed denial-of-service (DDoS) attack identified by key metrics such as bits per second and packets per second.

8 / 91

Which of the following methods cannot be used to detect a cloud account takeover?

A. Observing login location

B. Detecting failed login attempts

C. Looking out for malicious OAuth, SAML, or OpenID Connect connections

D. Checking for normal file sharing and downloading

9 / 91

What is the main goal of certificate pinning in mobile app security?

A. To enforce acceptance of any certificate signed by a trusted certificate authority (CA)

B. To associate a mobile app with a specific digital certificate of a server and only establish connections to the known server

C. To allow a mobile app to store sensitive data securely in the server

D. To provide a mechanism for the mobile app to communicate with the underlying operating system

10 / 91

Which of the following is not listed as an essential characteristic of cloud computing according to the National Institute of Standards and Technology (NIST)?

A. On-demand self-service

B. Broad network access

C. Resource pooling

D. Distributed storage

11 / 91

What is sandbox analysis in mobile device security?

A. Technique used by attacker to spam users with unwanted emails

B. Method to manipulate business logic flaws in mobile applications

C. Process of bypassing passcode vulnerabilities and biometrics integrations

D. An attacker’s technique to potentially bypass access control mechanisms

12 / 91

What are the challenges associated with managing and orchestrating IIoT systems?

A. Disparate hardware and software

B. The use of up-to-date technologies

C. Exclusively single-vendor reliance

D. Simple integration to back-end business applications

13 / 91

Why is it risky to have default credentials and insecure default configurations in IoT devices?

A. They may attract more users.

B. They can be easily found via Shodan.io searches.

C. They increase the speed of device setup.

D. They reduce costs.

14 / 91

Which of the following best describes horizontal privilege escalation?

A. A lower-privileged user accesses functions reserved for higher-privileged users

B. An attacker exploit a bug or design flaw in a software to gain access to protected resources

C. A user accesses functions or content reserved for other normal users

D. An attacker use a buffer overflow vulnerability to elevate privileges

15 / 91

Which of the following statements about mobile device security and vulnerabilities is incorrect?

A. Reverse engineering refers to the process of analyzing a mobile app to extract information about its source code

B. Spamming is a common attack against mobile users, usually presenting links that redirect to malicious sites to steal sensitive information or install malware

C. Sandboxing is a way for attackers to access resources on the mobile device without any restrictions

D. Patching fragmentation in Android devices is a challenge that may leave some devices vulnerable to known security issues

16 / 91

Which of the following is a unique security concern regarding Internet of Things (IoT) devices?

A. They always support all security features

B. Their protocols are immune to input validation vulnerabilities

C. They can be manipulated for sensitive data exfiltration

D. They are impervious to DoS attacks

17 / 91

Which tool is used for performing security research and testing of iOS applications?

A. APK Studio

B. Drozer

C. needle

D. Ettercap

18 / 91

What does Platform as a Service (PaaS) in cloud computing provide?

A. It provides infrastructure that you rent.

B. It provides everything except applications.

C. It provides a complete packaged solution.

D. It provides just the client organization on premises or at a dedicated area in a cloud provider.

19 / 91

What complexities are involved in designing and securing IoT systems?

A. Integration requirements and the growth of IoT beyond traditional IT support.

B. The use of modern technologies and integration with only a single vendor.

C. The lack of components that include sensors, gateways, network connectivity, applications, and cloud infrastructure.

D. The availability of single solution for deployment across all IoT scenarios.

20 / 91

What is the kube-bench tool used for?

A. It is a threat detection engine for Kubernetes.

B. It is a tool to scan Docker images for vulnerabilities.

C. It is a tool to perform a security assessment of Kubernetes clusters based on the CIS Kubernetes Benchmark.

D. It checks the security posture of Kubernetes clusters.

21 / 91

Which of the following is NOT a method for detecting a cloud account takeover?

A. Determining login location

B. Blocking failed login attempts

C. Noticing abnormal file sharing and downloading

D. Monitoring power consumption rates

22 / 91

Which of the following is NOT a common attack technique against mobile devices mentioned in the text?

A. Sandbox analysis

B. Using known vulnerable components

C. Cloud storage leaks

D. Reverse engineering

23 / 91

Which of the following actions could potentially allow an attacker to gain access to sensitive data and resources through the misuse of a federated identity environment?

A. Changing the expiration date on an expired SAML message

B. Rerouting the user to a different URL

C. Shifting the user to a less secure server

D. Disabling MFA for the user account

24 / 91

What is a risk associated with running containers with root privileges?

A. It leads to reduced functionality of the container.

B. The containers might be one vulnerability away from full compromise.

C. It prevents the container from interacting with the host operating system.

D. Root privileges are required for security assessments.

25 / 91

Which of the following is NOT a method of detecting cloud account takeover attacks mentioned in the text?

A. Tracking login location

B. Monitoring failed login attempts

C. Observing sudden drop in user activity

D. Checking for abnormal file sharing or downloading

26 / 91

What is the main function of Anchore’s Grype?

A. It performs a security assessment of Kubernetes clusters.

B. It checks the security posture of Kubernetes clusters.

C. It is a container vulnerability scanner.

D. It detects malicious code in Docker images on Docker Hub.

27 / 91

Which of the following is NOT a characteristic of cloud computing according to the National Institute of Standards and Technology (NIST)?

A. On-demand self-service

B. Broad network access

C. Modular architecture

D. Measured service

28 / 91

What kind of information is typically exfiltrated through side-channel attacks?

A. User’s browsing history

B. System logs

C. Credentials, cryptographic keys, and other sensitive information

D. Firewall configuration

29 / 91

Which of the following is not a way to detect account takeover attacks in the cloud?

A. Login location

B. Failed login attempts

C. Checking frequency of emails sent from an account

D. Malicious OAuth, SAML, or OpenID Connect connections

30 / 91

Which of the following is NOT a common misconfiguration of an IoT device or cloud-based solution?

A. Default/blank username/password

B. Network isolation

C. Lack of user input sanitization

D. Error messages and debug handling

31 / 91

Which of the following are common security vulnerabilities affecting IoT implementations?

A. Secure defaults and data leakage

B. Encryption-only communication

C. Hard-coded configurations and outdated firmware/hardware

D. Firmware updates and secure update mechanisms

32 / 91

What is the nature of the hyperjacking vulnerability in the context of hypervisors?

A. It allows a VM to access data from another VM on the same system.

B. It involves the installation of a malicious or fake hypervisor that controls the entire virtual environment.

C. It exploits the repositories of VMs to install malicious VMs.

D. It exclusively affects Type 1 or bare-metal hypervisors.

33 / 91

What does VM escape vulnerability allow an attacker to do?

A. Run malicious software on the hypervisor

B. Control the hypervisor using hyperjacking

C. Upload fake or impersonated VMs with malicious software and backdoors

D. Escape the VM and get access to other virtual machines on the system or to the hypervisor

34 / 91

Which of the following describes a technique attackers use to compromise mobile device operating systems?

A. Sandbox analysis

B. Reverse engineering

C. Spamming

D. Certificate pinning

35 / 91

What is the primary use of the tool ’needle’ in mobile penetration testing?

A. To test and develop APIs

B. To perform on-path attacks

C. To test the security of iOS applications

D. To decompile Android application package (APK) files

36 / 91

Which of the following is NOT a phase in Bluetooth Low Energy (BLE)’s process to establish a connection?

A. Pairing feature exchange

B. Short-term key generation

C. Transport-specific key distribution

D. Long-term key storage

37 / 91

What is the objective of certificate pinning in mobile security?

A. To enable the app to accept any certificate signed by a trusted certificate authority.

B. To force the mobile app to store the server certificate and establish connections only to a known server.

C. To allow mobile applications to run as root.

D. To release all access permissions needed by the application.

38 / 91

What are some of the essential characteristics of cloud computing according to NIST?

A. Unlimited storage capacity, Broad network access, Resource pooling, Rapid elasticity, Measured service

B. On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service

C. On-demand self-service, Wide spectrum access, Resource pooling, Immediate elasticity, Regulated service

D. On-point self-service, Broad network access, Resource excavation, Rapid elasticity, Measured service

39 / 91

What are some common misconfigurations in IoT devices and cloud-based solutions that lead to data theft?

A. Default/blank username/password and network exposure

B. Lack of user input sanitization and underlying software vulnerabilities

C. Error messages and debug handling

D. All of the above

40 / 91

How might an attacker leverage a misconfigured federated authentication protocol?

A. By manipulating single sign-on settings

B. By replaying a SAML message to create multiple sessions

C. By accessing overly permissive AWS S3 buckets

D. By using stolen credentials or known vulnerabilities to compromise cloud-based applications

41 / 91

Which of the following is not an example of common IoT security vulnerabilities?

A. Encryption support on every device

B. Insecure defaults

C. Hard-coded configurations

D. Outdated firmware/hardware

42 / 91

What is the purpose of certificate pinning in mobile devices?

A. To allow mobile apps to accept any certificate signed by a trusted certificate authority

B. To associate a mobile app with a specific digital certificate of a server

C. To increase the attack surface by increasing trust in external CAs

D. To allow attackers to freely manipulate the mobile device operating system

43 / 91

What does a misconfigured federated authentication setup potentially enable an attacker to do?

A. Launch a DDoS attack on the cloud infrastructure

B. Create multiple sessions using replayed SAML messages

C. Gain access to the physical servers running the cloud instances

D. Infect the cloud environment with ransomware

44 / 91

What is one of the common ways that attackers perform credential harvesting?

A. Using phishing and spear phishing emails

B. By borrowing the device of the user

C. By directly asking the user for their credentials

D. By subscribing to the same cloud service as the user

45 / 91

Which of the following techniques is used by attackers to compromise the mobile device operating system like Android or iOS?

A. Spamming

B. Sandbox analysis

C. Reverse engineering

D. Biometrics integration

46 / 91

Which of the following is NOT a common misconfiguration in IoT devices and cloud-based solutions?

A. Default/blank username/password

B. Network exposure

C. Strong password encryption

D. Error messages and debug handling

47 / 91

Which of the following tools is specifically used for testing the security of iOS applications?

A. Burp Suite

B. Drozer

C. Needle

D. Android SDK tools

48 / 91

Which tool is commonly used to test the security of iOS applications?

A. Drozer

B. Mobile Security Framework (MobSF)

C. needle

D. Burp Suite

49 / 91

Which of the following is a significant security concern with Internet of Things (IoT) devices?

A. They have limited computational resources which can limit security features.

B. They are immune to DoS attacks.

C. Their protocols have no risk of data corruption.

D. They are unable to be manipulated for data exfiltration.

50 / 91

Which of the following tools can be used for performing mobile security research and testing the security posture of mobile devices?

A. Drozer

B. Bettercap

C. Frida

D. All of the above

51 / 91

What are metadata services in cloud computing primarily used for?

A. To securely store hard-coded credentials

B. To facilitate temporary access to services like databases

C. To enable the launch of EC2 instances on AWS

D. To allow software developers to hard-code credentials into applications

52 / 91

Which of the following is a suitable countermeasure to vertical privilege escalation?

A. Encourage users to always lock their computer or log off when not physically at their desk.

B. Employ User Account Control (UAC) or a similar access control system.

C. Enable multiple users to access another user’s email.

D. Allow attackers to bypass digital rights management (DRM) on games and music.

53 / 91

Which tool is designed specifically to check the security posture of Kubernetes clusters?

A. kube-bench

B. Falco

C. kube-hunter

D. Dagda

54 / 91

Which of the following is a common IoT and Cloud-based system misconfiguration that can lead to exposure or data breaches?

A. Cryptocurrency mining on the device

B. Integration of voice control capabilities

C. Default or blank username and password

D. Incorporation of GPS based services

55 / 91

Which of the following is NOT a basic model of cloud computing?

A. Infrastructure as a service (IaaS)

B. Platform as a service (PaaS)

C. Software as a service (SaaS)

D. Security as a service (SECaaS)

56 / 91

Which of the following represents a best practice in mobile device security?

A. Saving as much user data as possible in a mobile device’s local storage

B. Allowing mobile applications to run as root

C. Using the same server certificate for all mobile applications

D. Saving as little sensitive data as possible in a mobile device’s local storage

57 / 91

What are the essential characteristics of cloud computing according to NIST?

A. Virtual power, rent infrastructure, virtual disk

B. All phases of SDLC, APIs, Web portals

C. On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service

D. Distributed storage, Scalability, Resource pooling, Access from any location, Measured service, Automated management

58 / 91

Which of the following is a common security vulnerability affecting IoT devices?

A. Using latest firmware/hardware

B. Secure default configurations

C. Encryption supported communication and data storage

D. Unsupported secure update mechanism

59 / 91

Which of the following methods is NOT a way to detect a cloud account takeover attack?

A. Tracking login location

B. Monitoring for failed login attempts

C. Observing malicious connections through OAuth, SAML, or OpenID Connect

D. Checking for sudden removal of large number of files

60 / 91

Why does the management and orchestration of IoT systems introduce additional complexity?

A. Because of the use of legacy technologies

B. Due to the large size of the IoT market

C. Because most IoT security efforts do not focus on the entire system

D. Many IoT environments span a range of components that include sensors, gateways, network connectivity, applications, and cloud infrastructure

61 / 91

What is the primary goal of a credential harvesting attack?

A. To spread malware across a network

B. To gather and steal valid usernames, passwords, tokens, PINs, and other types of credentials

C. To cause a denial of service attack

D. To expose sensitive information publicly

62 / 91

Which tool is commonly used to test mobile applications and how they communicate with web services and APIs?

A. Android SDK tools

B. Burp Suite

C. Drozer

D. needle

63 / 91

What is one of the most prevalent vulnerabilities affecting mobile devices?

A. Proper use of the keychain APIs

B. Secure usage of biometric integrations

C. Insecure storage on mobile devices

D. Excessive use of local storage

64 / 91

Which of the following misconfigurations often seen in IoT devices and cloud-based solutions can expose these systems to different attacks?

A. Default/blank username/password

B. Constantly updated password

C. Restricted network exposure

D. Strict user input sanitization

65 / 91

What does a cloud malware injection attack involve?

A. The attacker injects malware into the cloud vendor’s server

B. A security flaw automatically installs malware in the cloud infrastructure

C. The attacker creates a malicious application and injects it into a SaaS, PaaS, or IaaS environment

D. A malicious application is automatically generated by the cloud infrastructure

66 / 91

Which of the following tools is not an open-source container vulnerability scanner?

A. Falco

B. Anchore’s Grype

C. Clair

D. Dagda

67 / 91

What type of attacks are frequently used for credential harvesting?

A. XML Injection Attack

B. Phishing and Spear Phishing Attacks

C. SQL Injection Attack

D. Distributed Denial of Service (DDoS) Attack

68 / 91

Which tool is used to test and develop APIs as part of mobile device security testing?

A. ApkX

B. Burp Suite

C. Postman

D. Needles

69 / 91

Which of the following is a method through which a cloud account takeover can be detected?

A. Analyzing earnings reports

B. Counting the number of user logins

C. Running a virus scan

D. Identifying Malicious OAuth, SAML, or OpenID Connect connections

70 / 91

Which of the following are common security vulnerabilities in IoT devices?

A. Hard-coded configurations

B. Frequent firmware updates

C. Strong default credentials

D. Encrypted data communication

71 / 91

What is a major concern that may occur in IoT implementations due to the limited compute resources?

A. The IoT devices may become easily damaged

B. The IoT devices may not support encryption

C. The IoT devices may not be able to store data

D. The IoT devices may run slowly

72 / 91

Which of the following is NOT a special consideration when trying to secure IoT implementations?

A. Fragile environment due to limited compute resources

B. Threat of DoS attacks

C. Susceptibility to input validation vulnerabilities and data corruption

D. High resilience against physical damage

73 / 91

What are potential consequences if an attacker manipulates a cloud-based Identity and Access Management (IAM) solution in an IaaS or PaaS environment?

A. It could lead to loss of data integrity

B. It may prevent proper functioning of the application

C. The use of two-factor authentication could be compromised

D. It could be catastrophic for the cloud consumer

74 / 91

What is the Credential Harvester Attack Method in the context of cyber security?

A. An attack that involves spreading harmful software through email attachments

B. A technique to steal valid usernames, passwords, tokens, PINs, and any other types of credentials through infrastructure breaches

C. A method to gain control over a computer system by exploiting vulnerabilities in the system’s security

D. An approach to deny services to users by overwhelming the targeted system with excessive requests

75 / 91

What is the purpose of certificate pinning in mobile applications?

A. To force the mobile app to accept any certificate signed by a trusted certificate authority

B. To force the mobile app to store the server certificate or public key and subsequently establish connections only to the trusted/known server

C. To allow applications to run as root

D. To promote SMS phishing attacks

76 / 91

Which of the following is a common misconfiguration of IoT devices and cloud-based solutions?

A. Consistent software updates

B. Hardcoded/default credentials

C. Enabling firewall all the time

D. Regular password changes

77 / 91

What is a key threat to cloud services involving denial of service attacks?

A. Attackers use services like Exploit Database to compromise cloud security directly

B. Attackers use D2O attacks to reveal the origin network or IP address behind a CDN or large proxy

C. Attackers cause resource exhaustion by overwhelming cloud services with high volumes of data traffic

D. Attackers compromise the operating system to cause a complete shutdown of cloud services

78 / 91

What are the security layers that apply to containerized workloads?

A. The container image, The host operating system, Interaction between containers and the host operating system

B. Software inside the container, Security in runtime environment and orchestration platforms such as Kubernetes

C. Both A and B

D. Only A

79 / 91

Which method is known to be used by attackers to bypass digital rights management (DRM) on games and music, and is a type of privilege escalation?

A. Network spoofing

B. Phishing

C. Trojan horse program

D. Jailbreaking

80 / 91

What is the function of Software Development kits (SDKs) and Cloud Development Kits (CDKs)?

A. They are used to exploit application-based vulnerabilities.

B. SDKs help with the creation of applications while CDKs assist in deploying applications in the cloud.

C. They are used to store application resources in the cloud.

D. SDKs and CDKs assist in identifying network vulnerabilities in cloud-hosted applications.

81 / 91

Which of the following techniques do attackers typically use to compromise the mobile device operating system and root or jailbreak mobile devices?

A. Reverse engineering

B. Sandbox analysis

C. Spamming

D. Certificate pinning

82 / 91

What are considered essential characteristics of cloud computing according to the National Institute of Standards and Technology (NIST)?

A. Rapid Elasticity, Automated Management, Broad Network Access

B. On-demand Self-service, Broad Network Access, Resource Pooling, Rapid Elasticity, Measured Service

C. Distributed Storage, Scalability, Access from Any location

D. Multicloud Environment, Privacy Control, Resource Exhaustion

83 / 91

Which mobile penetration testing tool would be used specifically for security research and reverse engineering purposes?

A. Burp Suite

B. Mobile Security Framework (MobSF)

C. needle

D. Frida

84 / 91

What is the primary function of SDKs (Software Development Kits)?

A. To deploy applications in the cloud and use the resources that the cloud provider offers

B. To provide a collection of tools and resources to help with the creation of applications

C. To specifically assist with application-based vulnerabilities

D. To replace Swagger and the OpenAPI Specification documents in API implementations

85 / 91

What is a major security concern regarding IoT devices due to their limited compute resources?

A. They are not able to connect to the internet

B. They cannot support encryption

C. They use too much power

D. They cannot run antivirus software

86 / 91

What tool can be used to probe an application’s interaction with web services and APIs, especially mobile apps?

A. Drozer

B. Burp Suite

C. APK Studio

D. Ettercap

87 / 91

Which of the following identity management systems are often misconfigured, leading to potential attacks in a cloud environment?

A. PPM solutions

B. Federated Authentication systems

C. Bug reporting tools

D. Automated testing tools

88 / 91

Which tool is commonly used to test mobile applications and determine how they communicate with web services and APIs?

A. Drozer

B. Burp Suite

C. Ettercap

D. APK Studio

89 / 91

What is a crucial vulnerability if compromised in an Intelligent Platform Management Interface (IPMI) IoT implementation?

A. The remote system

B. The system’s motherboard

C. The baseboard management controller (BMC)

D. The IPMB interface

90 / 91

What is a challenge in managing and orchestrating IoT systems?

A. They use a single integration requirement

B. Managing them requires a low level of skill

C. There is a single solution available on the market for all IoT scenarios

D. They use disparate hardware and software, and often include multiple vendors and integrators

91 / 91

According to the National Institute of Standards and Technology (NIST), what are some essential characteristics of cloud computing?

A. On-demand self-service, Automated management, Resource pooling

B. Broad network access, Rapid elasticity, Distributed storage

C. On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service

D. Resource pooling, Measured service, Access from any location

Your score is

Boost Your Skills with Free Anki Flashcards

Click the download button to get the CompTIA Pentest+ Anki deck.

Expand your expertise in cloud, mobile, and IoT security with our CompTIA PenTest+ Chapter 07 practice questions.

This chapter focuses on the unique security challenges associated with these technologies.
Strengthen your skills with our free Anki decks.
For more details, visit CompTIA’s official resources.

Once you’re confident, advance to Chapter 08: Performing Post-Exploitation Techniques to continue your journey in mastering penetration testing.

Press the Start button to begin the practice test.

Boost Your Skills with Free Anki Flashcards

Explore our other free practice tests:

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.

Press the Start button to begin the practice test.

Boost Your Skills with Free Anki Flashcards

Explore our other free practice tests:

Hands-onCybersecurity Training in a LIVE SOCwith Enterprise Security ToolsInternships Available.

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.