Chapter 77 · Quiz

Hardening Targets — Quiz

10-question assessment covering all nine hardening target types, key controls, segmentation strategies, SCADA isolation, RTOS characteristics, IoT default credential risks, and cloud management protection.

Question 1 of 6
A company deploys 200 IoT temperature sensors in its manufacturing facility. The sensors are placed on the corporate network alongside workstations and servers. Six months later, an attacker compromises one sensor via a known default password and uses it to scan and attack internal database servers. Which hardening control, if in place, would have most directly limited the attacker's ability to reach the database servers from the compromised sensor?
Question 2 of 6
An attacker gains access to the laptop used by a cloud administrator. The laptop has stored AWS CLI credentials and an active AWS Console session with administrator rights. The attacker creates a new IAM administrator account, exfiltrates data, and deletes backup buckets. Which cloud hardening control would have most directly limited the damage by preventing the attacker from creating a new administrator account?
Question 3 of 6
A security administrator is hardening a SCADA system that controls a water treatment facility's chemical dosing process. The administrator asks what the primary network security requirement is. Which answer is correct?
Question 4 of 6
A Real-Time Operating System (RTOS) is used to control an industrial robot arm in a manufacturing facility. A network engineer proposes connecting the RTOS to the corporate network for centralized monitoring. Why is this a security and operational concern?
Question 5 of 6
A company installs 20 new managed network switches. The IT contractor configures VLANs and routing but does not change the default management credentials. Which hardening principle was violated, and what is the immediate risk?
Question 6 of 6
An organization uses smartphones for field sales staff. The IT team wants to separate the company's CRM application and email from employees' personal apps, so that if a personal app is malicious, it cannot access corporate data. Which mobile hardening technique addresses this requirement?

Matching

Match each hardening scenario to the target type it best describes.

1. A smart thermostat controlling HVAC for an office building. It ships with a default password of "admin" printed in the product manual. The manufacturer releases security patches infrequently, and the device should be placed on its own isolated VLAN.
2. The control system for a regional power distribution grid. It monitors and controls circuit breakers across 50 substations. It must be on its own isolated network with no internet access because compromise could cause power outages affecting thousands of customers.
3. An operating system controlling anti-lock braking in an automobile. It must respond to wheel sensor data within 5 milliseconds. Any timing delay causes a safety failure. It runs only the services required for braking control and is isolated from all other vehicle networks.
4. A purpose-built industrial sensor with firmware permanently written at manufacture. It performs one function — measuring temperature in a chemical reactor — and has no mechanism to receive firmware updates after deployment. It is placed on an isolated segment with a firewall in front.
A. Embedded system
B. SCADA / ICS
C. RTOS
D. IoT