Common Technical Interview Questions and Answers Update on October 30, 2021

Exam Question 61

Which of the following is not an authentication method for IoT devices?

A. Two-factor authentication
B. Trusted execution environment
C. Endpoint trust response
D. Hardware root of trust
Correct Answer:
C. Endpoint trust response
Answer Description:
IT admins have many IoT authentication methods to choose from, including two-factor authentication (2FA), trusted execution environment (TEE), hardware root of trust (RoT) and Trusted Platform Module (TPM). In 2FA, devices request two factors to confirm the identity of the device, such as biometrics or a Bluetooth beacon. Hardware RoT has a separate computing engine to manage devices’ cryptographic processors. TEE uses higher level encryption to isolate authentication data from the IoT device’s main processor. TPM is a device chip that stores unique hardware encryption keys, which software can’t access.

Exam Question 62

_________ is an IoT threat defined by its collection of hijacked devices used to launch massive attacks on networks.

A. IoT ransomware
B. IoT malware
C. Shadow IoT
D. IoT botnet
Correct Answer:
D. IoT botnet
Answer Description:
IoT botnet orchestrators have increasingly targeted IoT devices because of their weak security configurations and the massive number of devices in use. IoT devices don’t have the same standards for security built in and IT administrators can more easily overlook device patches and updates. Attackers might use malware to co-opt devices into the botnet and then use DDoS attacks on a target.

Exam Question 63

Which IoT security threat is defined as an attack where multiple compromised OSes target a server, website or network to overwhelm a network with traffic, causing it to slow down or crash and deny service to legitimate users or systems?

A. Ransomware
B. Distributed denial of service (DDoS)
C. Malware
D. Man in the middle
Correct Answer:
B. Distributed denial of service (DDoS)
Answer Description:
IT admins must prepare for more security challenges than these four, but DDoS attacks can cause major downtime to essential services. Many IoT botnets, such as the well-known Mirai botnet, use DDoS attacks to overload a network with traffic. IT admins can prevent a DDoS attack from spreading through the use of intrusion prevention and detection systems and other basic security practices, such as changing default passwords.

Exam Question 64

Trusted Platform Modules make certificate-based security or digital signing processes more secure; however, the disadvantage organizations must consider is:

A. They control the host system they are embedded on.
B. They don’t offer secure booting of IoT devices.
C. They make device maintenance more difficult.
D. They can’t be used with firewalls.
Correct Answer:
B. They don’t offer secure booting of IoT devices.
Answer Description:
Organizations use TPMs — specialized chips embedded in devices � to store artifacts, such as passwords, certificates or encryption keys, for hardware authentication. TPMs don’t protect the IoT device if an attacker gets access to an early boot code. TPMs do make device maintenance easier because they verify installed updates and that the device functions properly, and they must be used with other security measures, such as firewalls. They also don’t control anything on the device they are embedded on.

Exam Question 65

Which of the following is not a best practice to ensure IoT devices are physically secure?

A. Deploy only authenticated devices.
B. Put it in a tamper-resistant case.
C. Camouflage the device.
D. Disable the device when tampered with.
Correct Answer:
C. Camouflage the device.
Answer Description:
When it comes to IoT device security, major cyberthreats, such as an IoT botnet, likely come first to the IT professional’s mind. But IT admins must also consider devices’ physical security. Hackers can open up an IoT device to access inner components as an entry point to the rest of a network. Physical security measures can include simple measures, such as removing any stickers with default passwords on the device or placing the device in a tamper-resistant case.

Exam Question 66

What is the primary function of Virtual Extensible LAN (VXLAN)?

A. Manages firewall rules and troubleshoots connectivity issues
B. Provides segregation of traffic, and routes traffic across a specific network path
C. Enables containers to communicate with each other
D. Transmits overlay packets and routes tables
Correct Answer:
B. Provides segregation of traffic, and routes traffic across a specific network path

Exam Question 67

In a modern data center networking architecture that supports hybrid cloud, which network layer is used to transmit VXLAN packets or other overlay packets?

A. Overlay network
B. SD-WAN
C. Underlay network
D. MPLS
Correct Answer:
C. Underlay network

Exam Question 68

How does SD-WAN architecture differ from traditional networking architecture?

A. It uses flow tables created by an SDN controller rather than routing tables at edge routers
B. It relies only on IP addresses rather than abstracted networks
C. It routes tables with a core router instead of an edge router
D. It depends on a three-tiered, hierarchically designed network architecture
Correct Answer:
A. It uses flow tables created by an SDN controller rather than routing tables at edge routers

Exam Question 69

Which is not a benefit of microsegmentation?

A. Supports fast, flexible and granular security configurations
B. Eliminates the need to hairpin traffic
C. Ties security policies to the network hardware rather than the workload
D. Eradicates need to manually configure firewall rules on individual hardware devices
Correct Answer:
C. Ties security policies to the network hardware rather than the workload

Exam Question 70

How many available IDs can be assigned to a VXLAN at any given time?

A. 4,096
B. 160,000
C. 1 million
D. 16 million
Correct Answer:
D. 16 million