WGU D337 Objective Assessment | Internet of
Things (IoT) and Infrastructure Question Bank |
Questions and Verified Answers | 100% Correct |
Updated 2026/2027.
QUESTION
Which type of malware creates a network of remotely controlled IoT de- vices unknown to the
owners? A) Macro
B) Cross-site scripting
C) Embedded software exploitation
D) Botnet
Answer:
D
QUESTION
What enables IoT devices to be infected by the Mirai malware?
A) Default passwords
B) Plaintext communication
C) Stolen certificates
D) Cloud storage
Answer:
A
QUESTION
A company develops a small tracker to be used in parcels to track progress via Global
Positioning System (GPS). Testing reveals that the tracker has a Joint Test Action Group (JTAG)
port on the circuit board that can be used to overwrite the firmware on the tracker and provide
false location data.
,Which two Internet of Things Security Foundation (IoTSF) Best Practice Guide- lines (BPGs)
should this company follow in its design process to ensure security from these forms of attack?
Choose 2 answers.
1. Device secure boot
2. Credential management
3. Physical security
4. Application security
A) 1, 3
B) 1, 2
C) 2, 3
D) 3, 4
Answer:
A
QUESTION
A company developed an IoT smart photo frame that allows users to upload photos to their
device using a web browser. Testing revealed that users can upload files onto the root filesystem.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure filesystem permissions are set correctly? A)
Device secure boot
B) Physical security
C) Secure operating system
D) Application security
Answer:
C
QUESTION
A company uses IoT devices to capture data in the field and transmit it for central processing.
The company plans to follow the Internet of Things Security Foundation's (IoTSF) Best Practice
Guidelines (BPGs) to ensure that personal data is protected.
Which IoTSF guideline should this company use? A) Device secure boot
B) Physical security
,C) Securing software updates
D) Application security
Answer: D
QUESTION
A company develops an IoT-based security system. The system uses prox- imity sensors that
communicate with a central gateway using a 433 MHZ radio signal. Testing reveals that the
traffic can be sniffed with a software-defined radio, and an attacker could spoof the proximity
sensor by copying the au- thentication details from the radio traffic.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure the security of the radio data?
A) Device secure boot
B) Physical security
C) Network connections
D) Application security
Answer:
C
QUESTION
A company is developing a smart speaker. The company wants to review industry standards on
device boot and operating system security to improve security in its devices.
Which two resources should this company evaluate? Choose 2 answers.
1. Code of Practice
2. Best Practice Guidelines
3. Human-in-the-loop
4. Internet of Bodies
A) 1, 2
B) 1, 3
C) 3, 4
D) 2, 4
Answer:
, A
QUESTION
Malware has infected several IoT devices in a company. These devices were using default
configurations.
What should the company do to prevent the malware from being installed?
A) Alter the port the devices use to communicate
B) Scan for unusual packets being sent to the devices
C) Change the devices' usernames and passwords
D) Install a firewall limiting communication to the devices
Answer:
C
QUESTION
A company hosts a database in a public cloud. Multiple IoT devices are compromised and used
to generate a high volume of requests targeting the database to affect its availability.
Which type of attack is this? A) Cross-site scripting
B) Distributed denial of service (DDoS)
C) Spear phishing
D) Structured Query Language (SQL) injection
Answer:
B
QUESTION
Which blockchain feature in an IoT application ensures that a transaction is tamperproof once it
is validated? A) Decentralization
B) Immutability C) Auditability D) Resilience
Answer:
B
Things (IoT) and Infrastructure Question Bank |
Questions and Verified Answers | 100% Correct |
Updated 2026/2027.
QUESTION
Which type of malware creates a network of remotely controlled IoT de- vices unknown to the
owners? A) Macro
B) Cross-site scripting
C) Embedded software exploitation
D) Botnet
Answer:
D
QUESTION
What enables IoT devices to be infected by the Mirai malware?
A) Default passwords
B) Plaintext communication
C) Stolen certificates
D) Cloud storage
Answer:
A
QUESTION
A company develops a small tracker to be used in parcels to track progress via Global
Positioning System (GPS). Testing reveals that the tracker has a Joint Test Action Group (JTAG)
port on the circuit board that can be used to overwrite the firmware on the tracker and provide
false location data.
,Which two Internet of Things Security Foundation (IoTSF) Best Practice Guide- lines (BPGs)
should this company follow in its design process to ensure security from these forms of attack?
Choose 2 answers.
1. Device secure boot
2. Credential management
3. Physical security
4. Application security
A) 1, 3
B) 1, 2
C) 2, 3
D) 3, 4
Answer:
A
QUESTION
A company developed an IoT smart photo frame that allows users to upload photos to their
device using a web browser. Testing revealed that users can upload files onto the root filesystem.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure filesystem permissions are set correctly? A)
Device secure boot
B) Physical security
C) Secure operating system
D) Application security
Answer:
C
QUESTION
A company uses IoT devices to capture data in the field and transmit it for central processing.
The company plans to follow the Internet of Things Security Foundation's (IoTSF) Best Practice
Guidelines (BPGs) to ensure that personal data is protected.
Which IoTSF guideline should this company use? A) Device secure boot
B) Physical security
,C) Securing software updates
D) Application security
Answer: D
QUESTION
A company develops an IoT-based security system. The system uses prox- imity sensors that
communicate with a central gateway using a 433 MHZ radio signal. Testing reveals that the
traffic can be sniffed with a software-defined radio, and an attacker could spoof the proximity
sensor by copying the au- thentication details from the radio traffic.
Which Internet of Things Security Foundation (IoTSF) Best Practice Guideline (BPG) should
this company follow in its design process to ensure the security of the radio data?
A) Device secure boot
B) Physical security
C) Network connections
D) Application security
Answer:
C
QUESTION
A company is developing a smart speaker. The company wants to review industry standards on
device boot and operating system security to improve security in its devices.
Which two resources should this company evaluate? Choose 2 answers.
1. Code of Practice
2. Best Practice Guidelines
3. Human-in-the-loop
4. Internet of Bodies
A) 1, 2
B) 1, 3
C) 3, 4
D) 2, 4
Answer:
, A
QUESTION
Malware has infected several IoT devices in a company. These devices were using default
configurations.
What should the company do to prevent the malware from being installed?
A) Alter the port the devices use to communicate
B) Scan for unusual packets being sent to the devices
C) Change the devices' usernames and passwords
D) Install a firewall limiting communication to the devices
Answer:
C
QUESTION
A company hosts a database in a public cloud. Multiple IoT devices are compromised and used
to generate a high volume of requests targeting the database to affect its availability.
Which type of attack is this? A) Cross-site scripting
B) Distributed denial of service (DDoS)
C) Spear phishing
D) Structured Query Language (SQL) injection
Answer:
B
QUESTION
Which blockchain feature in an IoT application ensures that a transaction is tamperproof once it
is validated? A) Decentralization
B) Immutability C) Auditability D) Resilience
Answer:
B
