EC-Council Certified Security Analyst (ECSA v10) — Question 9
A penetration tester at Trinity Ltd. is performing IoT device testing. As part of this process, he is checking the IoT devices for open ports using port scanners such as Nmap. After identifying the open ports, he started using automated tools to check each open port for any exploitable vulnerabilities.
Identify the IoT security issues the penetration tester is trying to uncover?
Answer options
- A. Insecure software/firmware
- B. Lack of transport encryption
- C. Insecure network services
- D. Insufficient security configurability
Correct answer: D
Explanation
The correct answer, D, refers to the lack of options for configuring security settings on IoT devices, which can lead to vulnerabilities. Options A, B, and C address different aspects of IoT security but do not specifically relate to the configurability issue that the tester is focused on uncovering.