1 CoAP implements the REST architecture and mainly uses TCP.

2 In CoAP the security level "Pre-Shared Key" uses asymmetric keys that are shared in-band.

3 In HbbTV an attacker can inject a malicious URL into the HbbTV URL in the AIT section of the stream and retransmit it.

4 XMPP has no default support for end-to-end encryption.

1 MQTT is a peer-to-peer protocol, so clients communicate with each other directly.

2 MQTT retained messages are stored by the broker and are transmitted to clients connecting.

3 MQTT Will messages are stored by the broker and are transmitted to clients connecting, while retained messages are sent when a client unexpectedly disconnects.

4 MQTT supports password authentication.

1 If an attacker can successfully perform ARP spoofing, it is possible to eavesdrop the connection between two clients.

2 If you want to restrict access to a service running on a server, you block it on the OUTPUT chain of the firewall.

3 You can use the firewall to completely ban clients that performed the wrong requests too often.

4 It is possible to track connections to the TOR network because the IPs of TOR entry nodes are publicly known.

1 TLS encrypts the whole HTTP request, including the domain name of the target server.

2 The cipher suites used are negotiated in the TLS handshake.

3 -

4 -

1 It is a reasonable assumption that developers write bug free code.

2 Browser code (Firefox UI) should never have to convert arbitrary strings to code.

3 Browser code (Firefox UI) should never have to load remote JS.

4 The privileged pages of Firefox (about-preferences) use CSP to mitigate code injection.

1 Data snooping does not affect the classification performance of unseen data.

2 Data snooping leads to unrealistic metrics in performance evaluation.

3 It is a best practice to train using the whole data set.

4 Data snooping happens when training with test data.