[HIoT] Hacking Iot Certification Exam Guide
Question 1. **What layer of the IoT architecture primarily consists of sensors and actuators that
gather physical data?**
A) Network layer
B) Application layer
C) Perception layer
D) Cloud layer
Answer: C
Explanation: The perception layer is responsible for interfacing with the physical environment
through sensors and actuators, converting analog signals into digital data for further processing.
Question 2. **Which of the following best describes the main difference between an embedded
system and a general‑purpose computer?**
A) Embedded systems have unlimited power supply.
B) General‑purpose computers lack networking capabilities.
C) Embedded systems operate under strict constraints of power, memory, and processing.
D) General‑purpose computers cannot run real‑time operating systems.
Answer: C
Explanation: Embedded devices are designed for specific tasks and thus must work within
limited resources, unlike general‑purpose PCs that have abundant CPU, RAM, and storage.
Question 3. **In the OWASP IoT Top 10, which entry focuses on insecure network services that
expose devices to remote attacks?**
A) Insecure Firmware
B) Weak, Default, or Hard‑Coded Passwords
C) Insecure Network Services
D) Lack of Physical Hardening
Answer: C
, [HIoT] Hacking Iot Certification Exam Guide
Explanation: “Insecure Network Services” refers to services (e.g., Telnet, HTTP) running on the
device without proper authentication or encryption, making them attack vectors.
Question 4. **When performing a hardware analysis, which tool is most suitable for measuring
voltage levels on a PCB trace?**
A) Logic Analyzer
B) Multimeter
C) Bus Pirate
D) JTAG debugger
Answer: B
Explanation: A multimeter can accurately measure DC voltage, continuity, and resistance on PCB
traces, essential for confirming power rails and signal levels.
Question 5. **Which UART pin is responsible for transmitting data from the device to a host
computer?**
A) VCC
B) GND
C) TX
D) RX
Answer: C
Explanation: The TX (Transmit) pin sends serial data out of the device; the host’s RX pin receives
it.
Question 6. **During JTAG debugging, what is the primary purpose of the TDI signal?**
A) Test Data In – carries data from the debugger into the target.
B) Test Clock – synchronizes data transfer.
C) Test Reset – resets the TAP controller.
, [HIoT] Hacking Iot Certification Exam Guide
D) Test Data Out – carries data from the target to the debugger.
Answer: A
Explanation: TDI (Test Data In) shifts data from the debugging tool into the device’s scan chain
for programming or inspection.
Question 7. **Which protocol is commonly used for communication between a microcontroller
and an external EEPROM on a PCB?**
A) HTTP
B) I2C
C) MQTT
D) CoAP
Answer: B
Explanation: I2C (Inter‑Integrated Circuit) is a serial bus designed for low‑speed communication
between chips like microcontrollers and EEPROMs.
Question 8. **What is the main advantage of using a logic analyzer over a simple oscilloscope
when analyzing SPI traffic?**
A) Ability to capture analog waveforms.
B) Automatic protocol decoding and multi‑channel timing correlation.
C) Higher voltage rating.
D) Built‑in power supply measurement.
Answer: B
Explanation: Logic analyzers can decode digital protocols (SPI, I2C, UART) across several
channels simultaneously, providing human‑readable data streams.
Question 9. **Which file system is most frequently encountered on Linux‑based IoT firmware
images?**
A) NTFS
, [HIoT] Hacking Iot Certification Exam Guide
B) FAT32
C) SquashFS
D) HFS+
Answer: C
Explanation: SquashFS is a read‑only compressed file system widely used in embedded Linux
images to reduce storage footprint.
Question 10. **When extracting firmware via a “chip‑off” method, what is the first physical
step?**
A) Connect the device to Wi‑Fi and download OTA update.
B) Desolder the flash memory chip from the PCB.
C) Use JTAG to dump memory.
D) Run binwalk on the device’s web interface.
Answer: B
Explanation: Chip‑off extraction involves physically removing (desoldering) the flash memory
chip to read its contents with a programmer.
Question 11. **Which utility can be used to list printable strings inside a binary firmware
image?**
A) dd
B) strings
C) chmod
D) ping
Answer: B
Explanation: The `strings` command scans a binary for sequences of printable characters, often
revealing hard‑coded credentials or URLs.
Question 1. **What layer of the IoT architecture primarily consists of sensors and actuators that
gather physical data?**
A) Network layer
B) Application layer
C) Perception layer
D) Cloud layer
Answer: C
Explanation: The perception layer is responsible for interfacing with the physical environment
through sensors and actuators, converting analog signals into digital data for further processing.
Question 2. **Which of the following best describes the main difference between an embedded
system and a general‑purpose computer?**
A) Embedded systems have unlimited power supply.
B) General‑purpose computers lack networking capabilities.
C) Embedded systems operate under strict constraints of power, memory, and processing.
D) General‑purpose computers cannot run real‑time operating systems.
Answer: C
Explanation: Embedded devices are designed for specific tasks and thus must work within
limited resources, unlike general‑purpose PCs that have abundant CPU, RAM, and storage.
Question 3. **In the OWASP IoT Top 10, which entry focuses on insecure network services that
expose devices to remote attacks?**
A) Insecure Firmware
B) Weak, Default, or Hard‑Coded Passwords
C) Insecure Network Services
D) Lack of Physical Hardening
Answer: C
, [HIoT] Hacking Iot Certification Exam Guide
Explanation: “Insecure Network Services” refers to services (e.g., Telnet, HTTP) running on the
device without proper authentication or encryption, making them attack vectors.
Question 4. **When performing a hardware analysis, which tool is most suitable for measuring
voltage levels on a PCB trace?**
A) Logic Analyzer
B) Multimeter
C) Bus Pirate
D) JTAG debugger
Answer: B
Explanation: A multimeter can accurately measure DC voltage, continuity, and resistance on PCB
traces, essential for confirming power rails and signal levels.
Question 5. **Which UART pin is responsible for transmitting data from the device to a host
computer?**
A) VCC
B) GND
C) TX
D) RX
Answer: C
Explanation: The TX (Transmit) pin sends serial data out of the device; the host’s RX pin receives
it.
Question 6. **During JTAG debugging, what is the primary purpose of the TDI signal?**
A) Test Data In – carries data from the debugger into the target.
B) Test Clock – synchronizes data transfer.
C) Test Reset – resets the TAP controller.
, [HIoT] Hacking Iot Certification Exam Guide
D) Test Data Out – carries data from the target to the debugger.
Answer: A
Explanation: TDI (Test Data In) shifts data from the debugging tool into the device’s scan chain
for programming or inspection.
Question 7. **Which protocol is commonly used for communication between a microcontroller
and an external EEPROM on a PCB?**
A) HTTP
B) I2C
C) MQTT
D) CoAP
Answer: B
Explanation: I2C (Inter‑Integrated Circuit) is a serial bus designed for low‑speed communication
between chips like microcontrollers and EEPROMs.
Question 8. **What is the main advantage of using a logic analyzer over a simple oscilloscope
when analyzing SPI traffic?**
A) Ability to capture analog waveforms.
B) Automatic protocol decoding and multi‑channel timing correlation.
C) Higher voltage rating.
D) Built‑in power supply measurement.
Answer: B
Explanation: Logic analyzers can decode digital protocols (SPI, I2C, UART) across several
channels simultaneously, providing human‑readable data streams.
Question 9. **Which file system is most frequently encountered on Linux‑based IoT firmware
images?**
A) NTFS
, [HIoT] Hacking Iot Certification Exam Guide
B) FAT32
C) SquashFS
D) HFS+
Answer: C
Explanation: SquashFS is a read‑only compressed file system widely used in embedded Linux
images to reduce storage footprint.
Question 10. **When extracting firmware via a “chip‑off” method, what is the first physical
step?**
A) Connect the device to Wi‑Fi and download OTA update.
B) Desolder the flash memory chip from the PCB.
C) Use JTAG to dump memory.
D) Run binwalk on the device’s web interface.
Answer: B
Explanation: Chip‑off extraction involves physically removing (desoldering) the flash memory
chip to read its contents with a programmer.
Question 11. **Which utility can be used to list printable strings inside a binary firmware
image?**
A) dd
B) strings
C) chmod
D) ping
Answer: B
Explanation: The `strings` command scans a binary for sequences of printable characters, often
revealing hard‑coded credentials or URLs.
