Question 111: Which of the following is not an example of an XSS attack?
A. Stored XSS
B. DNS XSS
C. Reflected XSS
D. DOM-based XSS
Correct Answer: B. DNS XSS
There are three types of XSS attacks: stored, reflected and DOM-based. DNS XSS is not a type of attack.
Question 112: Which vulnerabilities may be missed by manual code reviews but picked up by automated pen testing tools?
A. Logic flaws
B. Authorization issues
C. Encryption misconfigurations
D. All of the above
Correct Answer: D. All of the above
Logic flaws, authorization issues and encryption misconfigurations are often not detected without the use of automated pen testing tools.
Question 113: Which application security testing method is considered most costly?
A. Static application security testing (SAST)
B. Dynamic application security testing (DAST)
C. Mobile application security testing (MAST)
D. All of the above
Correct Answer: B. Dynamic application security testing (DAST)
DAST is done after an application is out of the production phase and already in use. Because DAST runs at this later stage, fixing discovered vulnerabilities is considered more costly.
Question 114: What is the most common buffer overflow attack?
A. Heap-based buffer overflow attack
B. Stack-based buffer overflow attack
C. Integer buffer overflow attack
D. Unicode buffer overflow attack
Correct Answer: B. Stack-based buffer overflow attack
Stack-based buffer overflow attacks are the most common type of buffer overflow attack. They exploit an app’s memory space, which stores user input, also known as a stack.
Question 115: IoT edge computing is processing raw data at the boundaries of the network, as far away from the points of data creation as possible.
Correct Answer: B. False
IoT edge computing is processing data where it is created or as close as possible, which, in this case, is at the edge of a network. In the case of IoT deployments, the data can be processed on the devices themselves or on edge gateways. IT pros may also come across the term fog computing and still debate whether it is the same thing as edge computing. Some pros distinguish fog computing as taking place in processing areas such as gateways, not at the machines creating the data nor in the cloud. Tied to this definition of fog computing, IT pros would define edge computing more narrowly as data processing that takes place directly on the machines creating the data.
Question 116: Which of the following is a challenge of IoT edge computing?
A. Increased security risks
B. Inconsistent industry standards and regulations
C. Lack of support for new devices
D. All of the above
Correct Answer: D. All of the above
IoT deployments typically spread beyond traditional IT infrastructure, which creates more entry points for a cyberattack. The lack of IoT standards not only makes management of IoT devices on the edge more difficult for administrators, it also make them vulnerable. When IoT developers design devices with different communication protocols or even operating systems, administrators will have trouble applying updates across the board. In addition to the spread of IoT devices, the number of IoT devices is also growing, making it even more vital that administrators have a way to keep track of all devices. Without knowing what devices are in use and how much data is collected and transmitted, edge computing can cause security risks and create latency issues. Although security can open more opportunities for malicious acts, there are also aspects of edge computing that make it more secure than sending and keeping data in a centralized cloud.
Question 117: Which issue couldn’t IoT edge computing help solve?
A. Bandwidth issues
B. Complex connectivity issues
C. Legacy-system bridge issues
D. Data sovereignty compliance issues
Correct Answer: B. Complex connectivity issues
IoT edge computing resolves many problems by keeping and processing the data from IoT devices at the edge where it is created. The expansion of the edge with the proliferation of IoT devices has created more complex networks and connectivity issues that organizations will likely continue to scale. Cutting out the distance of data transfers to the cloud or data center for processing lowers latency and cuts out the power and bandwidth needed to transmit. In turn, lower bandwidth cuts the costs in finances, opportunity costs and storage of frequent small IoT application updates. Edge data processing also addresses any data sovereignty compliance issues by preventing data from being stolen during transit, including transfers between different countries. Organizations that combine legacy systems with IoT deployments must contend with the non-IP or ethernet connections of IoT devices. IoT edge computing fixes this issue by translating between old and new.
Question 118: One application of IoT edge computing is using sensors, real-time data analytics and data operations to run a self-driving car.
Correct Answer: A. True
Self-driving cars require real-time data analytics at the edge because even the milliseconds it takes to transmit data to the cloud is too much latency when lives are at stake. Cars with IoT edge computing combined with AI will make immediate decisions where the data is created. It is also impossible to simultaneously transmit data from millions of cars back to a data center to track vehicles and process decisions with immediacy. Edge computing also applies in use cases with IoT sensors such as identifying and analyzing production errors more quickly in manufacturing plants, conserving resources by monitoring water consumption and reducing latency for real-time applications such as online multiplayer games.
Question 119: What connects IoT devices to the cloud in order to aggregate data, translate between protocols and process data before sending it on?
A. IoT sensors
B. IoT standards
C. IoT gateways
D. IoT processors
Correct Answer: C. IoT gateways
IoT gateways, which can be interchangeable with the term edge gateways, manage and connect IoT devices to the cloud. Despite their name, they serve a greater role than simply allowing data back and forth. IoT devices use different protocols or have different energy requirements that don’t all support each other. Gateways ensure that all IoT devices can connect, translate data to a standard protocol and maintain security. Gateways also help bridge operations and IT perspectives on IoT deployments. Operations professionals require the data gets transferred from its creation to where they can use it. Gateways assist the IT angle because they ensure security and support functionality. IoT gateways must be capable of withstanding the processing demands of IoT data.
Question 120: How will the edge change organizations’ relationship with the cloud?
A. The edge will send more data directly to the cloud
B. The edge will reduce the amount of data sent to the cloud, potentially saving organizations money
C. Organizations will use the cloud the same way and just add edge computing
D. None of the above
Correct Answer: B. The edge will reduce the amount of data sent to the cloud, potentially saving organizations money
Bringing data processing to the edge will reduce the data sent to centralized data processing in the cloud. The increase in IoT data pushes organizations to figure out how to use that data more economically in real-time and longer-term analysis. Organizations will spend less on cloud data storage when the data is processed at the edge without needing to connect to the cloud. Organizations that keep their data in a centralized cloud are also vulnerable to greater risk, such as data breaches. Edge computing encourages organizations to stop creating honeypots of sensitive data in the cloud.