0
0
IOT Protocolsdevops~20 mins

MQTT over TLS (MQTTS) in IOT Protocols - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
MQTTS Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
1:30remaining
Output of MQTT client connection command with TLS
What is the output when running this command to connect an MQTT client over TLS to a broker with a valid CA certificate?
IOT Protocols
mosquitto_sub -h test.mosquitto.org -p 8883 --cafile /etc/ssl/certs/ca-certificates.crt -t 'test/topic'
AConnected to test.mosquitto.org with TLS, waiting for messages on 'test/topic'
BError: Connection refused - no TLS support on port 8883
CSyntax error: unknown option '--cafile'
DConnection timed out: broker not reachable
Attempts:
2 left
💡 Hint
Check if the port 8883 is the standard port for MQTT over TLS and if the CA file is correctly specified.
Configuration
intermediate
2:00remaining
Correct TLS configuration snippet for Mosquitto broker
Which configuration snippet correctly enables TLS on a Mosquitto broker listening on port 8883?
A
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
require_certificate false
B
listener 1883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
C
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
require_certificate true
D
listener 8883
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
allow_anonymous true
Attempts:
2 left
💡 Hint
TLS requires the broker to have server certificate and key. CA file is needed when requiring client certificates, which is optional but more secure.
Troubleshoot
advanced
1:30remaining
Troubleshooting MQTT TLS connection failure
A client fails to connect to an MQTT broker over TLS with the error 'TLS handshake failed'. What is the most likely cause?
AThe broker's TLS certificate is expired or invalid
BThe broker is running without TLS support enabled
CThe client did not specify the topic to subscribe to
DThe client is using the wrong port number (e.g., 1883 instead of 8883)
Attempts:
2 left
💡 Hint
TLS handshake errors usually relate to certificate problems or mismatched TLS settings.
🔀 Workflow
advanced
2:30remaining
Steps to enable MQTT over TLS on a new broker
What is the correct order of steps to enable MQTT over TLS on a new Mosquitto broker?
A2,1,3,4
B3,1,2,4
C1,3,2,4
D1,2,3,4
Attempts:
2 left
💡 Hint
Certificates must be created before configuring the broker to use them.
Best Practice
expert
2:00remaining
Best practice for MQTT client certificate usage in MQTTS
Which practice is best for securing MQTT clients connecting over TLS with client certificates?
ADisable client certificate verification to avoid connection issues
BUse a unique client certificate per device and revoke compromised certificates promptly
CUse a single client certificate shared by all devices for simplicity
DUse self-signed certificates on clients without CA verification
Attempts:
2 left
💡 Hint
Security improves when each device has its own certificate and compromised ones can be revoked.