KNX Secure KNX Basic: exam questions with worked answers
Practice questions from the KNX Secure block of the KNX Basic Certification certification. Detailed corrections, public sources, free to read without sign-up.
Questions for the "KNX Secure" topic
Q01
KNX Data Secure encrypts telegrams at the application layer (Group Object), whereas KNX IP Secure encrypts at the transport layer (between IP Routers).TrueFalse9. KNX Secure· Data Secure vs. IP Secure· MediumCorrect answerTrueLearning tipThe key distinction: Data Secure provides encryption and authentication at the application layer, end-to-end between devices, protecting the value of a Group Object regardless of the medium in between. IP Secure provides encryption at the IP transport layer, between IP Routers or via tunnelling, protecting the IP traffic but remaining transparent for the TP devices downstream. Both mechanisms can coexist in the same installation and are commonly deployed together.
Source: KNX Position Paper — KNX SecureQ02
The FDSK (Factory Default Setup Key) of a Secure device is a factory key, printed on the device as a QR code, that is used when the device is first integrated into ETS.TrueFalse9. KNX Secure· FDSK· HardCorrect answerTrueLearning tipThe FDSK is printed on the label of every KNX Secure device, often as a QR code that can be scanned. When the device is added to the project, ETS asks for the FDSK to authenticate the take-over. Once the device is in operation, ETS derives and uses runtime keys stored in the ETS keyring (a password-protected file). The FDSK itself must be kept safe — losing it makes later recovery of the device significantly more complex.
Source: KNX Support — Data SecureQ03
Activating Data Secure on a Group Address adds a per-telegram overhead (authentication and encryption) that reduces the usable application payload.TrueFalse9. KNX Secure· Data-Secure-Overhead· HardCorrect answerTrueLearning tipTrue. Each Data Secure telegram carries additional bytes for the sequence number, the MAC for authentication and the encryption envelope. Those bytes occupy room inside the standard telegram and therefore shorten the application payload that can be transported in a single frame. For long DPTs such as 14-character DPT 16 strings, this overhead can force fragmentation into multiple telegrams, which is an important sizing consideration for high-rate visualisations.