Computer Hacking Forensic Investigator (CHFI v10) — Question 380

Which OWASP IoT vulnerability talks about security flaws such as lack of firmware validation, lack of secure delivery, and lack of anti-rollback mechanisms on IoT devices?

Answer options

• A. Insecure default settings
• B. Use of insecure or outdated components
• C. Lack of secure update mechanism
• D. Insecure data transfer and storage

Correct answer: C

Explanation

The correct answer is C, as it specifically refers to the absence of a secure method for updating firmware, which is critical for IoT device security. Options A and B address different security concerns, such as default settings and component vulnerabilities, while D focuses on data handling rather than the update process.