ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A hospital deploys Bluetooth Low Energy (BLE) data loggers in medicine refrigerators. Because the sensors have no display or keypad, technicians pair to them with smartphones using the Bluetooth "Just Works" association model. Which Bluetooth-specific threat should the security team consider most critical to mitigate during this pairing process?
A Bluebugging exploit that leverages AT commands to place rogue voice calls from paired phones
An active attacker who relays the unauthenticated "Just Works" key exchange to establish a man-in-the-middle position between the smartphone and the sensor
A Bluejacking campaign that pushes unsolicited contact cards to technicians' smartphones
A Bluesmack denial-of-service flood that overwhelms the sensors with oversized L2CAP ping packets
The "Just Works" association model provides encryption but no authentication, so an attacker who actively relays the unauthenticated pairing messages can position themselves between the smartphone and the sensor. By creating separate link keys with each device, the attacker establishes two encrypted links and gains the ability to decrypt, inject, or alter temperature data-a classic man-in-the-middle (MITM) relay attack. Bluesmack is limited to denial-of-service, Bluejacking only sends nuisance messages, and Bluebugging targets phones' modem commands; none of these exploits the pairing weakness as directly as an active MITM relay.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the 'Just Works' association model in Bluetooth?
Open an interactive chat with Bash
What is a Bluetooth man-in-the-middle (MITM) attack?
Open an interactive chat with Bash
What measures can help prevent MITM attacks in Bluetooth 'Just Works' pairing?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .