My Story Partners Podcasts Blog Resources Contact CISSP Training Program
Academy Login

Weekly CISSP Practice

Exam Questions

Week 36 - Question 1

Which of the following is NOT an Internet of Things (IoT) security concern?

A. Device Authenticity
B. Data Privacy
C. Quantum Computing
D. Network Security

Answer: C

Explanation:

A. Device Authenticity

Device authenticity ensures that the device connecting to your network is exactly what it claims to be and hasn't been replaced by a rogue "imposter" device.  

  •  The IoT Problem: Many IoT devices use hardcoded credentials or lack the ability to store unique digital certificates.  This makes it easier for an attacker to spoof a device to gain entry to the network. 

  • The Solution: Implementing 802.1X or using Manufacturer Usage Descriptions (MUD) to verify the identity and intended behavior of the device.

B. Data Privacy

IoT devices (smart cameras, medical sensors, thermostats) are designed to collect massive amounts of real-world data, much of it sensitive.  

  • The Concern: If the data is not encrypted at rest on the device or in transit to the cloud, it violates the Confidentiality pillar of the CIA Triad.

  • Regulatory Risk: For healthcare IoT, this falls under HIPAA; for consumer IoT in Europe, it falls under GDPR.

C. Quantum Computing

Quantum computing involves using the principles of quantum mechanics to perform calculations that are impossible for classical computers.  

  •  Why it's the Answer: While quantum computing is a massive threat to all current cryptography (it could potentially break RSA and ECC), it is a future, systemic risk to the entire field of information security.  It is not an "IoT-specific" concern. 

  • The Context: IoT devices struggle with basic security (like default passwords and lack of patching) today.  Worrying about a quantum computer attacking a smart lightbulb is out of scope for standard IoT threat models. 

D. Network Security

IoT devices are often "headless" (no screen/keyboard) and connect via various protocols like Wi-Fi, Bluetooth, Zigbee, or Z-Wave.  

  •  The Risk: Most IoT devices have limited "stack" protection, making them vulnerable to being hijacked and turned into botnets (like the famous Mirai botnet) to launch massive DDoS attacks.  

  • The Strategy: The primary network control for IoT is Micro-segmentation—placing IoT devices on their own isolated VLAN so that if they are compromised, the attacker cannot "pivot" to the corporate servers or sensitive databases.

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam? 

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.   

Check out channel