New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CertNexus ITS-110 Dumps Questions Answers

Page: 1 / 8
Total 100 questions

Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

Question 1

Passwords should be stored…

Options:

A.

For no more than 30 days.

B.

Only in cleartext.

C.

As a hash value.

D.

Inside a digital certificate.

Buy Now
Question 2

Which of the following attacks utilizes Media Access Control (MAC) address spoofing?

Options:

A.

Network Address Translation (NAT)

B.

Man-in-the-middle (MITM)

C.

Network device fuzzing

D.

Unsecured network ports

Question 3

In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

Options:

A.

Type 1 authentication

B.

Type 2 authentication

C.

Two-factor authentication

D.

Biometric authentication

Question 4

A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?

Options:

A.

Cross-Site Request Forgery (CSRF)

B.

SQL Injection (SQLi)

C.

Cross-Site Scripting (XSS)

D.

LDAP Injection

Question 5

An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

Options:

A.

Encrypt all locally stored data

B.

Ensure all firmware updates have been applied

C.

Change default passwords

D.

Implement URL filtering

Question 6

The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs? (Choose three.)

Options:

A.

Internet Protocol Security (IPSec)

B.

Enhanced Interior Gateway Routing Protocol (EIGRP)

C.

Password Authentication Protocol (PAP)

D.

Challenge Handshake Authentication Protocol (CHAP)

E.

Simple Network Management Protocol (SNMP)

F.

Layer 2 Tunneling Protocol (L2TP)

G.

Interior Gateway Routing Protocol (IGRP)

Question 7

You work for a business-to-consumer (B2C) IoT device company. Your organization wishes to publish an annual report showing statistics related to the volume and variety of sensor data it collects. Which of the following should your organization do prior to using this information?

Options:

A.

Confirm the devices they've sold are turned on

B.

Ensure all sensors are running the latest software

C.

Require customers to sign a subscription license

D.

Remove any customer-specific data

Question 8

Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

Options:

A.

Temporal Key Integrity Protocol (TKIP)

B.

Elliptic curve cryptography (ECC)

C.

Advanced Encryption Standard (AES)

D.

Triple Data Encryption Standard (3DES)

Question 9

A user grants an IoT manufacturer consent to store personally identifiable information (PII). According to the General Data Protection Regulation (GDPR), when is an organization required to delete this data?

Options:

A.

Within ninety days after collection, unless required for a legal proceeding

B.

Within thirty days of a user's written request

C.

Within seven days of being transferred to secure, long-term storage

D.

Within sixty days after collection, unless encrypted

Question 10

Which of the following attacks relies on the trust that a website has for a user's browser?

Options:

A.

Phishing

B.

SQL Injection (SQLi)

C.

Cross-Site Scripting (XSS)

D.

Cross-Site Request Forgery (CSRF)

Question 11

A DevOps engineer wants to provide secure network services to an IoT/cloud solution. Which of the following countermeasures should be implemented to mitigate network attacks that can render a network useless?

Options:

A.

Network firewall

B.

Denial of Service (DoS)/Distributed Denial of Service (DDoS) mitigation

C.

Web application firewall (WAF)

D.

Deep Packet Inspection (DPI)

Question 12

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

Options:

A.

Media Access Control (MAC) spoofing

B.

Buffer overflow

C.

Packet injection

D.

GPS spoofing

Question 13

An IoT system administrator discovers that end users are able to access administrative features on the company's IoT management portal. Which of the following actions should the administrator take to address this issue?

Options:

A.

Implement password complexity policies

B.

Implement granular role-based access

C.

Implement account lockout policies

D.

Implement digitally signed firmware updates

Question 14

An Agile Scrum Master working on IoT solutions needs to get software released for a new IoT product. Since bugs could be found after deployment, which of the following should be part of the overall solution?

Options:

A.

A money back guarantee, no questions asked

B.

Over-the-Air (OTA) software updates

C.

A lifetime transferable warranty

D.

Free firmware updates if the product is sent back to the manufacturer

Question 15

Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

Options:

A.

Secure Hypertext Transfer Protocol (HTTPS)

B.

Public Key Infrastructure (PKI)

C.

Next-Generation Firewall (NGFW)

D.

Hash-based Message Authentication Code (HMAC)

Question 16

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

Options:

A.

Sarbanes-Oxley (SOX)

B.

General Data Protection Regulation (GDPR)

C.

Electronic Identification Authentication and Trust Services (elDAS)

D.

Database Service on Alternative Methods (DB-ALM)

Question 17

A hacker enters credentials into a web login page and observes the server's responses. Which of the following attacks is the hacker attempting?

Options:

A.

Account enumeration

B.

Directory traversal

C.

Buffer overflow

D.

Spear phishing

Question 18

An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)

Options:

A.

Block all inbound packets with an internal source IP address

B.

Block all inbound packets originating from service ports

C.

Enable unused Transmission Control Protocol (TCP) service ports in order to create a honeypot

D.

Block the use of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) through his perimeter firewall

E.

Require the use of X.509 digital certificates for all incoming requests

Question 19

A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?

Options:

A.

Asymmetric encryption standards

B.

Symmetric encryption standards

C.

Elliptic curve cryptography (ECC)

D.

Diffie-Hellman (DH) algorithm

Question 20

An IoT system administrator wants to mitigate the risk of rainbow table attacks. Which of the following methods or technologies can the administrator implement in order to address this concern?

Options:

A.

Enable account lockout

B.

Enable account database encryption

C.

Require frequent password changes

D.

Require complex passwords

Question 21

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

Options:

A.

Require the use of Password Authentication Protocol (PAP)

B.

Create a separate management virtual LAN (VLAN)

C.

Ensure that all IoT management servers are running antivirus software

D.

Implement 802.1X for authentication

E.

Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1

F.

Only allow outbound traffic from the management LAN

G.

Ensure that all administrators access the management server at specific times

Question 22

A hacker was able to generate a trusted certificate that spoofs an IoT-enabled security camera's management portal. Which of the following is the most likely cause of this exploit?

Options:

A.

Bootloader code is stored in unsecure flash memory

B.

The portal's certificate is stored in unsecure flash memory

C.

X.509 private keys are stored in unsecure flash memory

D.

Firmware is loaded from flash using unsecure object references

Question 23

You made an online purchase of a smart watch from a software as a service (SaaS) vendor, and filled out an extensive profile that will help you track several fitness variables. The vendor will provide you with customized health insights based on your profile. With which of the following regulations should the company be compliant? (Choose three.)

Options:

A.

Gramm-Leach-Bliley Act (GLBA)

B.

Payment Card Industry Data Security Standard (PCI-DSS)

C.

Federal Information Security Management Act (FISMA)

D.

Sarbanes-Oxley (SOX)

E.

Health Insurance Portability and Accountability Act (HIPAA)

F.

Family Educational Rights and Privacy Act (FERPA)

G.

Federal Energy Regulatory Commission (FERC)

Question 24

Which of the following tools or techniques is used by software developers to maintain code, but also used by hackers to maintain control of a compromised system?

Options:

A.

Disassembler

B.

Backdoor

C.

Debugger

D.

Stack pointer

Question 25

A DevOps engineer wants to further secure the login mechanism to a website from IoT gateways. Which of the following is the BEST method the engineer should implement?

Options:

A.

Require that passwords contain alphanumeric characters

B.

Require two-factor or multifactor authentication

C.

Require that passwords cannot include special characters

D.

Require that passwords be changed periodically

Question 26

Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:

“Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!"

Which of the following types of attacks could this be?

Options:

A.

Phishing

B.

Spear phishing

C.

Whaling

D.

Vishing

Question 27

A network administrator is looking to implement best practices for the organization's password policy. Which of the following elements should the administrator include?

Options:

A.

Maximum length restriction

B.

Password history checks

C.

No use of special characters

D.

No password expiration

Question 28

Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?

Options:

A.

Discretionary access control (DAC)

B.

Role-based access control (RBAC)

C.

Mandatory access control (MAC)

D.

Access control list (ACL)

Question 29

An IoT security practitioner should be aware of which common misconception regarding data in motion?

Options:

A.

That transmitted data is point-to-point and therefore a third party does not exist.

B.

The assumption that all data is encrypted properly and cannot be exploited.

C.

That data can change instantly so old data is of no value.

D.

The assumption that network protocols automatically encrypt data on the fly.

Question 30

A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?

Options:

A.

Privilege escalation

B.

Transmission control protocol (TCP) flooding

C.

Application fuzzing

D.

Birthday attack

Page: 1 / 8
Total 100 questions