Free CompTIA PenTest+ PT0-002: 07 Cloud & IoT Security – Anki Cards

Ref:đź“•CompTIA PenTest+ PT0-002 Cert Guide (Certification Guide) 2nd Edition

PenTest+ (PT0-002) Chapter 07. Cloud, Mobile, and IoT Security

1 / 91

What is sandbox analysis in mobile device security?

2 / 91

Which mobile penetration testing tool would be used specifically for security research and reverse engineering purposes?

3 / 91

Which method is known to be used by attackers to bypass digital rights management (DRM) on games and music, and is a type of privilege escalation?

4 / 91

Which of the following methods is NOT a way to detect a cloud account takeover attack?

5 / 91

What is the function of Software Development kits (SDKs) and Cloud Development Kits (CDKs)?

6 / 91

What is a major security concern regarding IoT devices due to their limited compute resources?

7 / 91

What type of attacks are frequently used for credential harvesting?

8 / 91

What is a crucial vulnerability if compromised in an Intelligent Platform Management Interface (IPMI) IoT implementation?

9 / 91

What is a risk associated with running containers with root privileges?

10 / 91

What kind of information is typically exfiltrated through side-channel attacks?

11 / 91

Which of the following is NOT a characteristic of cloud computing according to the National Institute of Standards and Technology (NIST)?

12 / 91

What is the Credential Harvester Attack Method in the context of cyber security?

13 / 91

What is an objection biometric bypass attack in the context of mobile device vulnerabilities?

14 / 91

What is a common vulnerability in VM repositories?

15 / 91

What is the kube-bench tool used for?

16 / 91

What are the essential characteristics of cloud computing according to NIST?

17 / 91

Which tool is commonly used to test mobile applications and how they communicate with web services and APIs?

18 / 91

What is the main goal of certificate pinning in mobile app security?

19 / 91

What is one of the most prevalent vulnerabilities affecting mobile devices?

20 / 91

Which tool is used to test and develop APIs as part of mobile device security testing?

21 / 91

What is a hyperjacking attack in the context of virtual machines?

22 / 91

Which tool is used for performing security research and testing of iOS applications?

23 / 91

What is one of the common ways that attackers perform credential harvesting?

24 / 91

Which of the following actions could potentially allow an attacker to gain access to sensitive data and resources through the misuse of a federated identity environment?

25 / 91

Which of the following best describes horizontal privilege escalation?

26 / 91

What complexities are involved in designing and securing IoT systems?

27 / 91

Which of the following statements about mobile device security and vulnerabilities is incorrect?

28 / 91

What tool can be used to probe an application’s interaction with web services and APIs, especially mobile apps?

29 / 91

Which of the following is a method through which a cloud account takeover can be detected?

30 / 91

What are potential consequences if an attacker manipulates a cloud-based Identity and Access Management (IAM) solution in an IaaS or PaaS environment?

31 / 91

Which of the following methods cannot be used to detect a cloud account takeover?

32 / 91

What does VM escape vulnerability allow an attacker to do?

33 / 91

What is the main function of Anchore’s Grype?

34 / 91

Which of the following represents a best practice in mobile device security?

35 / 91

Which of the following identity management systems are often misconfigured, leading to potential attacks in a cloud environment?

36 / 91

What are the security layers that apply to containerized workloads?

37 / 91

What are the challenges associated with managing and orchestrating IIoT systems?

38 / 91

Which of the following techniques is used by attackers to compromise the mobile device operating system like Android or iOS?

39 / 91

Why does the management and orchestration of IoT systems introduce additional complexity?

40 / 91

Which of the following is NOT a method for detecting a cloud account takeover?

41 / 91

Which of the following is not an example of common IoT security vulnerabilities?

42 / 91

What is the primary use of the tool ’needle’ in mobile penetration testing?

43 / 91

Which of the following is a suitable countermeasure to vertical privilege escalation?

44 / 91

What is a challenge in managing and orchestrating IoT systems?

45 / 91

What are some of the essential characteristics of cloud computing according to NIST?

46 / 91

Which of the following is a common misconfiguration of IoT devices and cloud-based solutions?

47 / 91

What is the primary goal of a credential harvesting attack?

48 / 91

Which of the following modules in an IPMI subsystem has direct access to the system’s motherboard and other hardware, and if compromised, can potentially allow someone to monitor, reboot, and even install implants in the system?

49 / 91

According to the National Institute of Standards and Technology (NIST), what are some essential characteristics of cloud computing?

50 / 91

What function does Dagda serve in securing containers?

51 / 91

Which of the following tools is specifically used for testing the security of iOS applications?

52 / 91

Which of the following is a common IoT and Cloud-based system misconfiguration that can lead to exposure or data breaches?

53 / 91

Which tool is designed specifically to check the security posture of Kubernetes clusters?

54 / 91

Which of the following is NOT a special consideration when trying to secure IoT implementations?

55 / 91

What is a directto-origin (D2O) attack?

56 / 91

What does Platform as a Service (PaaS) in cloud computing provide?

57 / 91

What does a cloud malware injection attack involve?

58 / 91

What are considered essential characteristics of cloud computing according to the National Institute of Standards and Technology (NIST)?

59 / 91

What are some common misconfigurations in IoT devices and cloud-based solutions that lead to data theft?

60 / 91

Which testing platform yields access to various exploits that can be used against Android platforms?

61 / 91

What is the primary function of SDKs (Software Development Kits)?

62 / 91

Which tool is commonly used to test the security of iOS applications?

63 / 91

Which of the following is a unique security concern regarding Internet of Things (IoT) devices?

64 / 91

Which of the following is NOT a common misconfiguration in IoT devices and cloud-based solutions?

65 / 91

What does a misconfigured federated authentication setup potentially enable an attacker to do?

66 / 91

Which of the following misconfigurations often seen in IoT devices and cloud-based solutions can expose these systems to different attacks?

67 / 91

What is a key threat to cloud services involving denial of service attacks?

68 / 91

Which of the following tools can be used for performing mobile security research and testing the security posture of mobile devices?

69 / 91

What is the purpose of certificate pinning in mobile applications?

70 / 91

Which of the following is a common security vulnerability affecting IoT devices?

71 / 91

Which of the following techniques do attackers typically use to compromise the mobile device operating system and root or jailbreak mobile devices?

72 / 91

What is the nature of the hyperjacking vulnerability in the context of hypervisors?

73 / 91

Which of the following is a significant security concern with Internet of Things (IoT) devices?

74 / 91

Which tool is commonly used to test mobile applications and determine how they communicate with web services and APIs?

75 / 91

Which of the following tools is not an open-source container vulnerability scanner?

76 / 91

What is a major concern that may occur in IoT implementations due to the limited compute resources?

77 / 91

Which of the following are common security vulnerabilities affecting IoT implementations?

78 / 91

Which of the following is NOT a basic model of cloud computing?

79 / 91

Which of the following are common security vulnerabilities in IoT devices?

80 / 91

Which of the following is NOT a method of detecting cloud account takeover attacks mentioned in the text?

81 / 91

Which of the following is NOT a common misconfiguration of an IoT device or cloud-based solution?

82 / 91

Why is it risky to have default credentials and insecure default configurations in IoT devices?

83 / 91

What is the purpose of certificate pinning in mobile devices?

84 / 91

Which of the following is NOT a phase in Bluetooth Low Energy (BLE)’s process to establish a connection?

85 / 91

What are metadata services in cloud computing primarily used for?

86 / 91

What is the objective of certificate pinning in mobile security?

87 / 91

Which of the following is not listed as an essential characteristic of cloud computing according to the National Institute of Standards and Technology (NIST)?

88 / 91

Which of the following is not a way to detect account takeover attacks in the cloud?

89 / 91

Which of the following describes a technique attackers use to compromise mobile device operating systems?

90 / 91

How might an attacker leverage a misconfigured federated authentication protocol?

91 / 91

Which of the following is NOT a common attack technique against mobile devices mentioned in the text?

Your score is

Share the Post:
Previous slide
Next slide

Fill up to receive the FREE CompTIA PenTest+ deck!

* indicates required
Share the Post:

Expand your expertise in cloud, mobile, and IoT security with our CompTIA PenTest+ Chapter 07 practice questions.

This chapter focuses on the unique security challenges associated with these technologies.
Strengthen your skills with our Free Anki decks.
For more details, visit CompTIA’s official resources.

Once you’re confident, advance to Chapter 08: Performing Post-Exploitation Techniques to continue your journey in mastering penetration testing.

Related Posts

RSS  
  • Discover How to Work Remotely and Travel!
    Have you ever dreamed about working from beautiful places like Thailand or Japan, but weren’t sure if it’s possible? I’m here to share my adventures and some tips on how to make working remotely while exploring the world a reality.  Who Am I? My name is Josh, and I’m all about creating helpful content on […]
  • Why Contract Work in IT Can Be a Good Start for Your Career
    Hey buddies! Are you curious about what it’s like to work in IT and cyber security? Well, you’re in luck because today we’re diving into the world of contract work and how it might just be the jumpstart your career needed! Getting Into the World of Contract Work in IT Josh, an expert in IT […]
  • Is Cyber Security a Career That Will Last Forever?
    Hey everyone! Have you ever wondered if choosing a career in cyber security is a good idea for the long haul? Well, let’s dive into this topic with the help of Josh Maor’s insights, and find out why cyber security might just be one of the smartest career choices out there. What Is Cyber Security? […]