Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

Questions 4

An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?

Options:

A.

Make pairing between nodes very easy so that troubleshooting is reduced.

B.

Encrypt data transmission between nodes at the physical/logical layers.

C.

Prevent nodes from being rejected to keep the value of the network as high as possible.

D.

Allow implicit trust of all gateways since they are the link to the internet.

Buy Now
Questions 5

Which of the following is the BEST encryption standard to implement for securing bulk data?

Options:

A.

Triple Data Encryption Standard (3DES)

B.

Advanced Encryption Standard (AES)

C.

Rivest Cipher 4 (RC4)

D.

Elliptic curve cryptography (ECC)

Buy Now
Questions 6

A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?

Options:

A.

The administrator's machine

B.

The database server

C.

The Key Distribution Center (KDC)

D.

The IoT endpoint

Buy Now
Questions 7

Accompany collects and stores sensitive data from thousands of IoT devices. The company's IoT security administrator is concerned about attacks that compromise confidentiality. Which of the following attacks is the security administrator concerned about? (Choose two.)

Options:

A.

Salami

B.

Aggregation

C.

Data diddling

D.

Denial of Service (DoS)

E.

Inference

Buy Now
Questions 8

Which of the following attacks would most likely be used to discover users, printers, and other objects within a network?

Options:

A.

Distributed Denial of Service (DDoS)

B.

SYN flood

C.

LDAP Injection

D.

Denial of Service (DoS)

Buy Now
Questions 9

If a site administrator wants to improve the secure access to a cloud portal, which of the following would be the BEST countermeasure to implement?

Options:

A.

Require frequent password changes

B.

Mandate multi-factor authentication (MFA)

C.

Utilize role-based access control (RBAC)

D.

Require separation of duties

Buy Now
Questions 10

In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

Options:

A.

Type 1 authentication

B.

Type 2 authentication

C.

Two-factor authentication

D.

Biometric authentication

Buy Now
Questions 11

Which of the following techniques protects the confidentiality of the information stored in databases?

Options:

A.

Hashing

B.

Archiving

C.

Monitoring

D.

Encryption

Buy Now
Questions 12

In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?

Options:

A.

Client to server traffic must use Hypertext Transmission Protocol (HTTP)

B.

The server must be vulnerable to malformed Uniform Resource Locator (URL) injection

C.

The server must be using a deprecated version of Transport Layer Security (TLS)

D.

The web server's X.509 certificate must be compromised

Buy Now
Questions 13

Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?

Options:

A.

Malformed URL injection

B.

Buffer overflow

C.

SSL certificate hijacking

D.

Session replay

Buy Now
Questions 14

You made an online purchase of a smart watch from a software as a service (SaaS) vendor, and filled out an extensive profile that will help you track several fitness variables. The vendor will provide you with customized health insights based on your profile. With which of the following regulations should the company be compliant? (Choose three.)

Options:

A.

Gramm-Leach-Bliley Act (GLBA)

B.

Payment Card Industry Data Security Standard (PCI-DSS)

C.

Federal Information Security Management Act (FISMA)

D.

Sarbanes-Oxley (SOX)

E.

Health Insurance Portability and Accountability Act (HIPAA)

F.

Family Educational Rights and Privacy Act (FERPA)

G.

Federal Energy Regulatory Commission (FERC)

Buy Now
Questions 15

An IoT manufacturer wants to ensure that their web-enabled cameras are secured against brute force password attacks. Which of the following technologies or protocols could they implement?

Options:

A.

URL filtering policies

B.

Account lockout policies

C.

Software encryption

D.

Buffer overflow prevention

Buy Now
Questions 16

An IoT security architect needs to secure data in motion. Which of the following is a common vulnerability used to exploit unsecure data in motion?

Options:

A.

External flash access

B.

Misconfigured Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

C.

Databases and datastores

D.

Lack of memory space isolation

Buy Now
Questions 17

A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

Options:

A.

Unvalidated redirect or forwarding

B.

Insecure HTTP session management

C.

Unsecure direct object references

D.

Unhandled malformed URLs

Buy Now
Questions 18

An IoT developer needs to ensure that user passwords for a smartphone app are stored securely. Which of the following methods should the developer use to meet this requirement?

Options:

A.

Encrypt all stored passwords using 256-bit Advanced Encryption Standard (AES-256)

B.

Encrypt all stored passwords using 128-bit Twofish

C.

Hash all passwords using Message Digest 5 (MD5)

D.

Store all passwords in read-only memory

Buy Now
Questions 19

You work for a business-to-consumer (B2C) IoT device company. Your organization wishes to publish an annual report showing statistics related to the volume and variety of sensor data it collects. Which of the following should your organization do prior to using this information?

Options:

A.

Confirm the devices they've sold are turned on

B.

Ensure all sensors are running the latest software

C.

Require customers to sign a subscription license

D.

Remove any customer-specific data

Buy Now
Questions 20

A manufacturer wants to ensure that approved software is delivered securely and can be verified prior to installation on its IoT devices. Which of the following technologies allows the manufacturer to meet this requirement?

Options:

A.

Advanced Encryption Standard (AES)

B.

Public Key Infrastructure (PKI)

C.

Generic Routing Encapsulation (GRE)

D.

Internet Protocol Security (IPsec)

Buy Now
Questions 21

Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

Options:

A.

Secure Hypertext Transfer Protocol (HTTPS)

B.

Public Key Infrastructure (PKI)

C.

Next-Generation Firewall (NGFW)

D.

Hash-based Message Authentication Code (HMAC)

Buy Now
Questions 22

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

Options:

A.

Require the use of Password Authentication Protocol (PAP)

B.

Create a separate management virtual LAN (VLAN)

C.

Ensure that all IoT management servers are running antivirus software

D.

Implement 802.1X for authentication

E.

Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1

F.

Only allow outbound traffic from the management LAN

G.

Ensure that all administrators access the management server at specific times

Buy Now
Questions 23

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

Options:

A.

Encryption

B.

Obfuscation

C.

Hashing

D.

Fuzzing

Buy Now
Questions 24

A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

Options:

A.

Role-Based Access Control (RBAC)

B.

Password Authentication Protocol (PAP)

C.

Remote Authentication Dial-In User Service (RADIUS)

D.

Border Gateway Protocol (BGP)

Buy Now
Questions 25

Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

Options:

A.

Temporal Key Integrity Protocol (TKIP)

B.

Elliptic curve cryptography (ECC)

C.

Advanced Encryption Standard (AES)

D.

Triple Data Encryption Standard (3DES)

Buy Now
Questions 26

An IoT device which allows unprotected shell access via console ports is most vulnerable to which of the following risks?

Options:

A.

Directory harvesting

B.

Rainbow table attacks

C.

Malware installation

D.

Buffer overflow

Buy Now
Questions 27

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

Options:

A.

Your login attempt was unsuccessful

B.

Invalid password

C.

That user does not exist

D.

The username and/or password are incorrect

E.

Incorrect email/password combination

Buy Now
Questions 28

A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the following has most likely been misconfigured or disabled?

Options:

A.

Secure Shell (SSH)

B.

Internet Protocol Security (IPSec)

C.

Telnet

D.

Virtual private network (VPN)

Buy Now
Questions 29

A hacker wants to record a live session between a user and a host in hopes that parts of the datastream can be used to spoof the session. Which of the following attacks is this person attempting?

Options:

A.

Fuzzing

B.

Session replay

C.

Bit flipping

D.

Reverse shell

Buy Now
Questions 30

Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

Options:

A.

Smurf

B.

Ping of death

C.

Cross-Site Scripting (XSS)

D.

Man-in-the-middle (MITM)

E.

SQL Injection (SQLi)

Buy Now
Exam Code: ITS-110
Exam Name: Certified Internet of Things Security Practitioner (CIoTSP)
Last Update: Nov 27, 2024
Questions: 100

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now ITS-110 testing engine

PDF (Q&A)

$36.75  $104.99
buy now ITS-110 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 04 Dec 2024