A vehicle verifies the digital signature of an update after download but before activation. However, the update is stored unprotected in vehicle memory. Which requirement is not fully satisfied?

7.3.4.7 – Maintaining integrity within the vehicle

7.3.4.6 – Integrity and authenticity verification

7.3.4.3 – Necessary conditions

An update fails, and the vehicle enters a reduced-performance mode that allows safe driving to a workshop. According to ISO 24089, this is:

Compliant because safety is preserved

Non-compliant because rollback was not performed

Non-compliant because functionality was reduced

Compliant only if performed by infrastructure

Module 3 - Exercise 7

Authored by . .

Information Technology (IT)

Professional Development

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An OEM plans an OTA update for a braking ECU. The update itself is safe, but during installation, the ECU is temporarily unavailable for 5 seconds. Which ISO 24089 requirement is most directly applicable?

Managing cybersecurity risks of software update operations

Managing functional safety risks of software update operations

Managing compatibility of software update packages

Communicating software update campaign information

Answer explanation

Explanations:
A ❌ Cybersecurity is not the issue here.
B ✅ Correct — 7.3.1.1 explicitly covers risks introduced by the update operation itself.
C ❌ Compatibility does not address temporary loss of function.
D ❌ Communication does not mitigate safety impact.
🔑 Learning point:
Even a perfect software update can be unsafe if the update process is not controlled.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A vehicle allows users to start a software update manually via the infotainment system. Several users start updates while driving, despite warnings. Which risk category is ISO 24089 primarily addressing?

Cybersecurity attack

Unintended functionality

Reasonable and foreseeable misuse

Supplier process non-conformance

Answer explanation

Explanations:
A ❌ No attacker involved.
B ❌ The function behaves as designed.
C ✅ Correct — exactly matches 7.3.1.2 and ISO 21448 intent.
D ❌ Not a process issue.
🔑 Learning point:
ISO 24089 assumes users will do unsafe things — and requires mitigation.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

During an update campaign, an attacker modifies vehicle configuration data so that an update intended for ECU A is applied to ECU B. Which Clause 7 requirement is violated?

7.3.4.8 – Compatibility check

7.3.1.3 – Cybersecurity risk management

7.3.3.1 – Communication

7.3.4.1 – Distribution method support

Answer explanation

Explanations:
A ❌ Compatibility is a check, not the root issue.
B ✅ Correct — unauthorized modification of configuration data is explicitly a cybersecurity risk.
C ❌ Communication is unrelated.
D ❌ Distribution method is irrelevant.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A supplier argues that ECU identification should be handled only by the backend, not by the vehicle. According to ISO 24089, which statement is correct?

The vehicle must identify ECUs locally

Only the infrastructure may identify ECUs

Either the vehicle, the infrastructure, or both may perform this function

ECU identification is optional for wired updates

Answer explanation

Explanations:
A ❌ Not mandated.
B ❌ Also not mandated.
C ✅ Correct — explicitly allowed by 7.3.2 notes.
D ❌ Identification is required regardless of update method.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An OEM collects user consent once at vehicle purchase via contract. No in-vehicle confirmation is requested for later OTA updates. Is this compliant with ISO 24089?

No, consent must be requested for every update

No, consent must be obtained in-vehicle

Yes, if general confirmation was obtained at the beginning

Yes, but only for non-safety updates

Answer explanation

Explanations:
A ❌ ISO explicitly allows general confirmation.
B ❌ Multiple mechanisms are allowed.
C ✅ Correct — exactly aligned with NOTE 1 of 7.3.3.2.
D ❌ ISO does not distinguish here.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A vehicle receives a software update package while driving, but installation and activation are postponed until parked. Which ISO concept does this demonstrate?

Compatibility checking

Arbitration of access

Step-dependent necessary conditions

Failure handling

Answer explanation

Explanations:
A ❌ Compatibility is not the issue.
B ❌ No simultaneous access conflict.
C ✅ Correct — receipt vs installation have different conditions.
D ❌ No failure occurred.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A vehicle receives an OTA update request via cellular and a diagnostic update request via a wired tool at the same time. What is the primary ISO concern?

Network congestion

Update campaign prioritization

Maintaining a safe vehicle state

User experience consistency

Answer explanation

Explanations:
A ❌ Performance is not the objective.
B ❌ Priority is secondary.
C ✅ Correct — explicit intent of arbitration.
D ❌ UX is irrelevant.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Information Technology (IT)

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

35 questions

World War Two 8th G

Quiz

•

6th Grade - Professio...

7 questions

DOL REC: Solutions & Solubility Curves

Quiz

•

Professional Development

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

Module 3 - Exercise 7

An OEM plans an OTA update for a braking ECU. The update itself is safe, but during installation, the ECU is temporarily unavailable for 5 seconds. Which ISO 24089 requirement is most directly applicable?

A vehicle allows users to start a software update manually via the infotainment system. Several users start updates while driving, despite warnings. Which risk category is ISO 24089 primarily addressing?

Explanations:
A ❌ No attacker involved.
B ❌ The function behaves as designed.
C ✅ Correct — exactly matches 7.3.1.2 and ISO 21448 intent.
D ❌ Not a process issue.
🔑 Learning point:
ISO 24089 assumes users will do unsafe things — and requires mitigation.

During an update campaign, an attacker modifies vehicle configuration data so that an update intended for ECU A is applied to ECU B. Which Clause 7 requirement is violated?

Explanations:
A ❌ Compatibility is a check, not the root issue.
B ✅ Correct — unauthorized modification of configuration data is explicitly a cybersecurity risk.
C ❌ Communication is unrelated.
D ❌ Distribution method is irrelevant.

A supplier argues that ECU identification should be handled only by the backend, not by the vehicle. According to ISO 24089, which statement is correct?

Explanations:
A ❌ Not mandated.
B ❌ Also not mandated.
C ✅ Correct — explicitly allowed by 7.3.2 notes.
D ❌ Identification is required regardless of update method.

An OEM collects user consent once at vehicle purchase via contract. No in-vehicle confirmation is requested for later OTA updates. Is this compliant with ISO 24089?

Explanations:
A ❌ ISO explicitly allows general confirmation.
B ❌ Multiple mechanisms are allowed.
C ✅ Correct — exactly aligned with NOTE 1 of 7.3.3.2.
D ❌ ISO does not distinguish here.

A vehicle receives a software update package while driving, but installation and activation are postponed until parked. Which ISO concept does this demonstrate?

Explanations:
A ❌ Compatibility is not the issue.
B ❌ No simultaneous access conflict.
C ✅ Correct — receipt vs installation have different conditions.
D ❌ No failure occurred.

A vehicle receives an OTA update request via cellular and a diagnostic update request via a wired tool at the same time. What is the primary ISO concern?

Explanations:
A ❌ Performance is not the objective.
B ❌ Priority is secondary.
C ✅ Correct — explicit intent of arbitration.
D ❌ UX is irrelevant.

A vehicle verifies the digital signature of an update after download but before activation. However, the update is stored unprotected in vehicle memory. Which requirement is not fully satisfied?

Explanations:
A ❌ Signature verification satisfies 7.3.4.6.
B ✅ Correct — integrity must be preserved within the vehicle.
C ❌ Compatibility is unrelated.
D ❌ Conditions are unrelated.

During an update, vehicle startup is disabled until completion. Which ISO objective does this support?

Explanations:
A ❌ No confirmation involved.
B ✅ Correct — directly matches ISO example.
C ❌ Compatibility is unrelated.
D ❌ Safety, not cybersecurity.

An update fails, and the vehicle enters a reduced-performance mode that allows safe driving to a workshop. According to ISO 24089, this is:

Explanations:
A ❌ Rollback is not required.
B ❌ Reduced functionality is explicitly allowed.
C ✅ Correct — safety has priority over performance.
D ❌ Responsibility may lie in vehicle or skilled person.

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Module 3 - Exercise 7

An OEM plans an OTA update for a braking ECU. The update itself is safe, but during installation, the ECU is temporarily unavailable for 5 seconds. Which ISO 24089 requirement is most directly applicable?

A vehicle allows users to start a software update manually via the infotainment system. Several users start updates while driving, despite warnings. Which risk category is ISO 24089 primarily addressing?

Explanations:A ❌ No attacker involved.B ❌ The function behaves as designed.C ✅ Correct — exactly matches 7.3.1.2 and ISO 21448 intent.D ❌ Not a process issue.🔑 Learning point:ISO 24089 assumes users will do unsafe things — and requires mitigation.

During an update campaign, an attacker modifies vehicle configuration data so that an update intended for ECU A is applied to ECU B. Which Clause 7 requirement is violated?

Explanations:A ❌ Compatibility is a check, not the root issue.B ✅ Correct — unauthorized modification of configuration data is explicitly a cybersecurity risk.C ❌ Communication is unrelated.D ❌ Distribution method is irrelevant.

A supplier argues that ECU identification should be handled only by the backend, not by the vehicle. According to ISO 24089, which statement is correct?

Explanations:A ❌ Not mandated.B ❌ Also not mandated.C ✅ Correct — explicitly allowed by 7.3.2 notes.D ❌ Identification is required regardless of update method.

An OEM collects user consent once at vehicle purchase via contract. No in-vehicle confirmation is requested for later OTA updates. Is this compliant with ISO 24089?

Explanations:A ❌ ISO explicitly allows general confirmation.B ❌ Multiple mechanisms are allowed.C ✅ Correct — exactly aligned with NOTE 1 of 7.3.3.2.D ❌ ISO does not distinguish here.

A vehicle receives a software update package while driving, but installation and activation are postponed until parked. Which ISO concept does this demonstrate?

Explanations:A ❌ Compatibility is not the issue.B ❌ No simultaneous access conflict.C ✅ Correct — receipt vs installation have different conditions.D ❌ No failure occurred.

A vehicle receives an OTA update request via cellular and a diagnostic update request via a wired tool at the same time. What is the primary ISO concern?

Explanations:A ❌ Performance is not the objective.B ❌ Priority is secondary.C ✅ Correct — explicit intent of arbitration.D ❌ UX is irrelevant.

A vehicle verifies the digital signature of an update after download but before activation. However, the update is stored unprotected in vehicle memory. Which requirement is not fully satisfied?

Explanations:A ❌ Signature verification satisfies 7.3.4.6.B ✅ Correct — integrity must be preserved within the vehicle.C ❌ Compatibility is unrelated.D ❌ Conditions are unrelated.

During an update, vehicle startup is disabled until completion. Which ISO objective does this support?

Explanations:A ❌ No confirmation involved.B ✅ Correct — directly matches ISO example.C ❌ Compatibility is unrelated.D ❌ Safety, not cybersecurity.

An update fails, and the vehicle enters a reduced-performance mode that allows safe driving to a workshop. According to ISO 24089, this is:

Explanations:A ❌ Rollback is not required.B ❌ Reduced functionality is explicitly allowed.C ✅ Correct — safety has priority over performance.D ❌ Responsibility may lie in vehicle or skilled person.

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Explanations:
A ❌ No attacker involved.
B ❌ The function behaves as designed.
C ✅ Correct — exactly matches 7.3.1.2 and ISO 21448 intent.
D ❌ Not a process issue.
🔑 Learning point:
ISO 24089 assumes users will do unsafe things — and requires mitigation.

Explanations:
A ❌ Compatibility is a check, not the root issue.
B ✅ Correct — unauthorized modification of configuration data is explicitly a cybersecurity risk.
C ❌ Communication is unrelated.
D ❌ Distribution method is irrelevant.

Explanations:
A ❌ Not mandated.
B ❌ Also not mandated.
C ✅ Correct — explicitly allowed by 7.3.2 notes.
D ❌ Identification is required regardless of update method.

Explanations:
A ❌ ISO explicitly allows general confirmation.
B ❌ Multiple mechanisms are allowed.
C ✅ Correct — exactly aligned with NOTE 1 of 7.3.3.2.
D ❌ ISO does not distinguish here.

Explanations:
A ❌ Compatibility is not the issue.
B ❌ No simultaneous access conflict.
C ✅ Correct — receipt vs installation have different conditions.
D ❌ No failure occurred.

Explanations:
A ❌ Performance is not the objective.
B ❌ Priority is secondary.
C ✅ Correct — explicit intent of arbitration.
D ❌ UX is irrelevant.

Explanations:
A ❌ Signature verification satisfies 7.3.4.6.
B ✅ Correct — integrity must be preserved within the vehicle.
C ❌ Compatibility is unrelated.
D ❌ Conditions are unrelated.

Explanations:
A ❌ No confirmation involved.
B ✅ Correct — directly matches ISO example.
C ❌ Compatibility is unrelated.
D ❌ Safety, not cybersecurity.

Explanations:
A ❌ Rollback is not required.
B ❌ Reduced functionality is explicitly allowed.
C ✅ Correct — safety has priority over performance.
D ❌ Responsibility may lie in vehicle or skilled person.