Free CompTIA PenTest+ PT0-002: 07 Cloud & IoT Security – Anki Cards

Ref:📕CompTIA PenTest+ PT0-002 Cert Guide (Certification Guide) 2nd Edition

PenTest+ (PT0-002) Chapter 07. Cloud, Mobile, and IoT Security

1 / 91

What is one of the most prevalent vulnerabilities affecting mobile devices?

2 / 91

Which of the following is a method through which a cloud account takeover can be detected?

3 / 91

What is a challenge in managing and orchestrating IoT systems?

4 / 91

What is the objective of certificate pinning in mobile security?

5 / 91

What kind of information is typically exfiltrated through side-channel attacks?

6 / 91

What is the function of Software Development kits (SDKs) and Cloud Development Kits (CDKs)?

7 / 91

What is the primary use of the tool ’needle’ in mobile penetration testing?

8 / 91

Which of the following represents a best practice in mobile device security?

9 / 91

Which of the following misconfigurations often seen in IoT devices and cloud-based solutions can expose these systems to different attacks?

10 / 91

Which of the following actions could potentially allow an attacker to gain access to sensitive data and resources through the misuse of a federated identity environment?

11 / 91

What are metadata services in cloud computing primarily used for?

12 / 91

Why is it risky to have default credentials and insecure default configurations in IoT devices?

13 / 91

Which tool is used for performing security research and testing of iOS applications?

14 / 91

Which of the following identity management systems are often misconfigured, leading to potential attacks in a cloud environment?

15 / 91

What is the purpose of certificate pinning in mobile devices?

16 / 91

What are considered essential characteristics of cloud computing according to the National Institute of Standards and Technology (NIST)?

17 / 91

Which of the following tools is specifically used for testing the security of iOS applications?

18 / 91

Which of the following modules in an IPMI subsystem has direct access to the system’s motherboard and other hardware, and if compromised, can potentially allow someone to monitor, reboot, and even install implants in the system?

19 / 91

Which mobile penetration testing tool would be used specifically for security research and reverse engineering purposes?

20 / 91

What are the security layers that apply to containerized workloads?

21 / 91

Which of the following is a suitable countermeasure to vertical privilege escalation?

22 / 91

What type of attacks are frequently used for credential harvesting?

23 / 91

What is the main function of Anchore’s Grype?

24 / 91

Which of the following methods is NOT a way to detect a cloud account takeover attack?

25 / 91

Which of the following methods cannot be used to detect a cloud account takeover?

26 / 91

Which of the following is NOT a common misconfiguration in IoT devices and cloud-based solutions?

27 / 91

Which tool is used to test and develop APIs as part of mobile device security testing?

28 / 91

Which of the following is a common security vulnerability affecting IoT devices?

29 / 91

Which method is known to be used by attackers to bypass digital rights management (DRM) on games and music, and is a type of privilege escalation?

30 / 91

Which of the following is NOT a characteristic of cloud computing according to the National Institute of Standards and Technology (NIST)?

31 / 91

Which tool is commonly used to test mobile applications and how they communicate with web services and APIs?

32 / 91

What are the challenges associated with managing and orchestrating IIoT systems?

33 / 91

Which of the following describes a technique attackers use to compromise mobile device operating systems?

34 / 91

Which of the following is NOT a special consideration when trying to secure IoT implementations?

35 / 91

What is a hyperjacking attack in the context of virtual machines?

36 / 91

Which of the following are common security vulnerabilities affecting IoT implementations?

37 / 91

Which of the following is NOT a basic model of cloud computing?

38 / 91

Which of the following is a significant security concern with Internet of Things (IoT) devices?

39 / 91

What is a directto-origin (D2O) attack?

40 / 91

What is a major concern that may occur in IoT implementations due to the limited compute resources?

41 / 91

What is the main goal of certificate pinning in mobile app security?

42 / 91

Which of the following is a common IoT and Cloud-based system misconfiguration that can lead to exposure or data breaches?

43 / 91

Which of the following is NOT a phase in Bluetooth Low Energy (BLE)’s process to establish a connection?

44 / 91

Which of the following is a common misconfiguration of IoT devices and cloud-based solutions?

45 / 91

Which of the following techniques is used by attackers to compromise the mobile device operating system like Android or iOS?

46 / 91

Which of the following is not a way to detect account takeover attacks in the cloud?

47 / 91

What is a major security concern regarding IoT devices due to their limited compute resources?

48 / 91

What are potential consequences if an attacker manipulates a cloud-based Identity and Access Management (IAM) solution in an IaaS or PaaS environment?

49 / 91

What is sandbox analysis in mobile device security?

50 / 91

What is a crucial vulnerability if compromised in an Intelligent Platform Management Interface (IPMI) IoT implementation?

51 / 91

What is the purpose of certificate pinning in mobile applications?

52 / 91

What is the Credential Harvester Attack Method in the context of cyber security?

53 / 91

What does VM escape vulnerability allow an attacker to do?

54 / 91

What is one of the common ways that attackers perform credential harvesting?

55 / 91

Which of the following techniques do attackers typically use to compromise the mobile device operating system and root or jailbreak mobile devices?

56 / 91

What are some common misconfigurations in IoT devices and cloud-based solutions that lead to data theft?

57 / 91

What function does Dagda serve in securing containers?

58 / 91

Which of the following statements about mobile device security and vulnerabilities is incorrect?

59 / 91

What is the kube-bench tool used for?

60 / 91

What is the primary goal of a credential harvesting attack?

61 / 91

What complexities are involved in designing and securing IoT systems?

62 / 91

According to the National Institute of Standards and Technology (NIST), what are some essential characteristics of cloud computing?

63 / 91

Which of the following tools can be used for performing mobile security research and testing the security posture of mobile devices?

64 / 91

What is a common vulnerability in VM repositories?

65 / 91

Which of the following is NOT a method for detecting a cloud account takeover?

66 / 91

Which tool is commonly used to test the security of iOS applications?

67 / 91

Which testing platform yields access to various exploits that can be used against Android platforms?

68 / 91

Which of the following is a unique security concern regarding Internet of Things (IoT) devices?

69 / 91

Which tool is designed specifically to check the security posture of Kubernetes clusters?

70 / 91

What is a key threat to cloud services involving denial of service attacks?

71 / 91

What does a cloud malware injection attack involve?

72 / 91

How might an attacker leverage a misconfigured federated authentication protocol?

73 / 91

Which of the following are common security vulnerabilities in IoT devices?

74 / 91

Which of the following best describes horizontal privilege escalation?

75 / 91

Which of the following is NOT a common misconfiguration of an IoT device or cloud-based solution?

76 / 91

What is an objection biometric bypass attack in the context of mobile device vulnerabilities?

77 / 91

Which of the following is NOT a common attack technique against mobile devices mentioned in the text?

78 / 91

What are the essential characteristics of cloud computing according to NIST?

79 / 91

What does a misconfigured federated authentication setup potentially enable an attacker to do?

80 / 91

Which of the following is not an example of common IoT security vulnerabilities?

81 / 91

Why does the management and orchestration of IoT systems introduce additional complexity?

82 / 91

What are some of the essential characteristics of cloud computing according to NIST?

83 / 91

What is the primary function of SDKs (Software Development Kits)?

84 / 91

What is a risk associated with running containers with root privileges?

85 / 91

What does Platform as a Service (PaaS) in cloud computing provide?

86 / 91

Which of the following tools is not an open-source container vulnerability scanner?

87 / 91

What is the nature of the hyperjacking vulnerability in the context of hypervisors?

88 / 91

Which of the following is NOT a method of detecting cloud account takeover attacks mentioned in the text?

89 / 91

Which of the following is not listed as an essential characteristic of cloud computing according to the National Institute of Standards and Technology (NIST)?

90 / 91

Which tool is commonly used to test mobile applications and determine how they communicate with web services and APIs?

91 / 91

What tool can be used to probe an application’s interaction with web services and APIs, especially mobile apps?

Your score is

Share the Post:

Download Your FREE CompTIA PenTest+(PT0-002) Anki Deck!

Email issues? [ [email protected] ]

Share the Post:

Expand your expertise in cloud, mobile, and IoT security with our CompTIA PenTest+ Chapter 07 practice questions.

This chapter focuses on the unique security challenges associated with these technologies.
Strengthen your skills with our Free Anki decks.
For more details, visit CompTIA’s official resources.

Once you’re confident, advance to Chapter 08: Performing Post-Exploitation Techniques to continue your journey in mastering penetration testing.

Related Posts

RSS  
  • WGU Master’s Degree Rankings 2026 | I Asked 3 AIs 300 Times to Find the Best One
    Table of Contents Which WGU Master’s Degree Is Actually Worth It? If you’re considering a master’s degree from WGU and can’t figure out which program to choose — cybersecurity, software engineering, AI/ML, data analytics — you’re not alone. The options are overwhelming, and most comparisons online are either outdated or purely opinion-based. So here’s a […]
  • How I Made $1.3 Million in Cybersecurity (With Exact Revenue Numbers)
    Table of Contents If you’re stuck at $50K–$100K and wondering, “How the hell do people make seven figures?” this is for you.I’m Josh Madakor. In 2025, I made $1.3 million in cybersecurity. Not from a corporate job. Not from VC funding. And definitely not from selling a bullshit course.In this article, I’ll break down everything: […]
  • The Best Laptops for Cyber Security in 2026: Stop Over-Analyzing, Start Building
    Table of Contents Let’s be real: most people think that to get into cyber security, you need to be a “super elite hacker” running 10 different virtual machines on a glowing, heavy-duty gaming laptop. Spoiler alert: That’s just not how the industry works. I’ve spent years in roles ranging from Senior Analyst to Security Engineer, […]