Question 5 - Palo Alto Networks Cybersecurity Practitioner Exam Questions [June 2026 Update]

Q: 5

What is a reason IoT devices are more susceptible to command-and-control (C2) attacks?

Options

Correct Answer:

Explanation

IoT devices are inherently designed to be always-on and connected to the internet to send and receive data. This constant connectivity and data sharing create a persistent pathway for attackers to establish command-and-control (C2) communications. Unlike traditional endpoints that may be powered off or disconnected, the fundamental purpose of an IoT device is to communicate over the network. Attackers exploit this intended functionality, using the same internet channels to deliver commands and exfiltrate data once a device is compromised, making it part of a botnet.

Why Incorrect

A. Decreased connection quality within a local area network would hinder, not help, an attacker's ability to maintain a stable C2 channel.

C. While mobility can increase the attack surface for some devices, many IoT devices are stationary (e.g., smart appliances, industrial sensors). Their internet connectivity is the more universal vulnerability.

D. Many IoT devices are connected to a constant power source. The more fundamental issue is that they often lack the processing power and memory for robust security, not just battery limitations.

---

References

1. Palo Alto Networks

"The Connected Enterprise: IoT Security for Dummies

2nd Edition" (2020).

Page 7

Chapter 1: "By their very nature

IoT devices are meant to be connected to the network... This constant connectivity makes them an attractive target for attackers who want to use them as a foothold into your network." This supports the idea that their intended function of being connected to share data is the primary reason for their susceptibility.

2. Palo Alto Networks

"2020 Unit 42 IoT Threat Report" (2020).

Page 4

"Key Findings": The report highlights that "the sheer volume of IoT devices... and their high rate of connectivity make them highly attractive targets for attackers." This directly links the high degree of internet connectivity (required for data sharing) to their vulnerability to attacks

including being co-opted into botnets managed by C2 servers.

3. Palo Alto Networks Education

"Palo Alto Networks Cybersecurity Survival Guide" (2020).

Chapter 6

"The Internet of Things": This chapter explains that IoT devices are "always on and always connected

" which is a primary reason they are targeted. This constant connection is the medium for data sharing and

consequently

the vector for C2 attacks.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE