Mobile, IOT and OT Hacking for Certified Ethical Hacker (CEH)

Sample Practice Questions

1. Question 1

   What is the primary purpose of using Zigbee in IoT devices, and how can it be exploited by an attacker?
   1. A. Zigbee is used for high-speed data connectivity; attackers can exploit it using Wi-Fi jamming.
   2. B. Zigbee is used for power efficiency in IoT devices; attackers can exploit it via replay attacks.
   3. C. Zigbee is used in low-power wireless communication; attackers may exploit it by intercepting and decrypting data.
   4. D. Zigbee is used for device encryption; attackers can exploit it by brute forcing keys.
   Explanation

   The correct answer is: C. Zigbee is used in low-power wireless communication; attackers may exploit it by intercepting and decrypting data..

   Zigbee is a low-power, short-range wireless protocol used in IoT (sensors, smart home, etc.). It is not for high-speed data (A) or --device encryption-- as a primary purpose (D). If Zigbee networks use weak or default keys, or keys are recovered (e.g., from a device or capture), an attacker can intercept traffic and decrypt it, or inject traffic. So the purpose is low-power wireless communication, and a realistic exploitation is intercepting and decrypting data (C). Replay (B) is possible but the option also misstates --power efficiency-- as the main purpose; --low-power wireless communication-- is more accurate. Wi-Fi jamming (A) targets Wi-Fi, not Zigbee. The best answer is C.

2. Question 2

   While assessing a mobile application, you discover that it stores sensitive data in plain text on the device. Which type of vulnerability does this represent?
   1. A. Insecure Data Storage
   2. B. Insecure Communication
   3. C. Improper Session Handling
   4. D. Code Injection
   Explanation

   The correct answer is: A. Insecure Data Storage.

   Insecure Data Storage (OWASP Mobile Top 10) means sensitive data (passwords, tokens, PII) is stored on the device in plaintext or with weak protection (e.g., in shared preferences, SQLite, or files) so that anyone with device or backup access can read it. The scenario--sensitive data stored in plain text on the device--is exactly Insecure Data Storage (A). Insecure Communication (B) is about unprotected or poorly protected data in transit. Improper Session Handling (C) is about session timeouts, logout, token storage, etc. Code Injection (D) is about injecting and executing code. Storing sensitive data in plain text on the device is Insecure Data Storage.

3. Question 3

   While analyzing an iOS application, you find that it uses deprecated cryptographic algorithms for securing data. What is the most immediate consequence of this issue?
   1. A. The app may not function on all iOS versions.
   2. B. The app may suffer from performance degradation.
   3. C. The app's data may be vulnerable to decryption.
   4. D. The app will not pass App Store reviews.
   Explanation

   The correct answer is: C. The app's data may be vulnerable to decryption..

   Deprecated cryptographic algorithms (e.g., MD5, SHA-1 for security, DES, RC4) are no longer considered secure: they have known attacks or weak key lengths, so data protected with them may be decrypted by an attacker who obtains the ciphertext (and possibly the key). The most immediate consequence is that the app--s data may be vulnerable to decryption (C). Compatibility (A) and performance (B) are secondary. App Store review (D) may eventually reject weak crypto but is not the --most immediate-- technical consequence. The direct security consequence is vulnerability to decryption.

4. Question 4

   During a penetration test, you discover that an IoT camera is vulnerable to a buffer overflow. What is the most likely consequence of exploiting this vulnerability?
   1. A. The camera will physically overheat and become damaged.
   2. B. You can execute arbitrary code on the camera.
   3. C. The camera's firmware will be automatically updated.
   4. D. The camera will stop recording temporarily.
   Explanation

   The correct answer is: B. You can execute arbitrary code on the camera..

   A buffer overflow allows input to overwrite memory (e.g., return address or function pointers). By crafting the input, an attacker can redirect execution to injected shellcode or existing code and run arbitrary code on the device. So the most likely consequence of exploiting a buffer overflow on an IoT camera is arbitrary code execution on the camera (B). Overheating (A), automatic firmware update (C), and temporary stop recording (D) are not typical outcomes of a buffer overflow exploit. The standard result of a successful buffer overflow exploit is arbitrary code execution.

5. Question 5

   Which of the following tools would be most effective in identifying vulnerabilities in IoT devices during a security assessment?
   1. A. Wireshark
   2. B. Shodan
   3. C. Nmap
   4. D. Metasploit
   Explanation

   The correct answer is: B. Shodan.

   Shodan is a search engine for internet-connected devices. You search by IP, port, product, version, or keyword and get lists of devices (including many IoT devices) with open ports, banners, and sometimes version or default credentials. It is very effective for discovering and identifying exposed IoT devices and their potential weaknesses (e.g., default ports, old firmware) during reconnaissance. Wireshark (A) captures traffic; it does not --identify vulnerabilities-- in the sense of discovering exposed devices. Nmap (C) scans targets you already have; it does not replace Shodan for finding IoT devices on the internet. Metasploit (D) is for exploitation. For identifying (discovering and assessing) vulnerabilities in IoT devices at scale, Shodan is the most effective tool among the options.

Other Certified Ethical Hacker (CEH) domains

• Cloud Computing (10 questions)
• Cryptography (14 questions)
• Information Security and Ethical Hacking Overview (33 questions)
• Network and Perimeter Hacking (47 questions)
• Reconnaissance Techniques (24 questions)
• System Hacking Phases (14 questions)
• Web Application Hacking (44 questions)
• Wireless Network Hacking (27 questions)