Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

Questions 4

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

Options:

A.

System administrator access

B.

Least privilege principle

C.

Guest account access

D.

Discretionary access control (DAC)

Buy Now
Questions 5

Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:

“Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!"

Which of the following types of attacks could this be?

Options:

A.

Phishing

B.

Spear phishing

C.

Whaling

D.

Vishing

Buy Now
Questions 6

An IoT developer discovers that clients frequently fall victim to phishing attacks. What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?

Options:

A.

Implement two-factor authentication (2FA)

B.

Enable Kerberos authentication

C.

Implement account lockout policies

D.

Implement Secure Lightweight Directory Access Protocol (LDAPS)

Buy Now
Questions 7

A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?

Options:

A.

Management

B.

Accounting

C.

Auditing

D.

Inventory

Buy Now
Questions 8

An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?

Options:

A.

Rivest Cipher 6 (RC6)

B.

Rijndael

C.

Diffie-Hellman (DH)

D.

Rivest-Shamir-Adleman (RSA)

Buy Now
Questions 9

A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?

Options:

A.

The administrator's machine

B.

The database server

C.

The Key Distribution Center (KDC)

D.

The IoT endpoint

Buy Now
Questions 10

An IoT security administrator is concerned that someone could physically connect to his network and scan for vulnerable devices. Which of the following solutions should he install to prevent this kind of attack?

Options:

A.

Media Access Control (MAC)

B.

Network Access Control (NAC)

C.

Host Intrusion Detection System (HIDS)

D.

Network Intrusion Detection System (NIDS)

Buy Now
Questions 11

A hacker wants to record a live session between a user and a host in hopes that parts of the datastream can be used to spoof the session. Which of the following attacks is this person attempting?

Options:

A.

Fuzzing

B.

Session replay

C.

Bit flipping

D.

Reverse shell

Buy Now
Questions 12

In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

Options:

A.

Type 1 authentication

B.

Type 2 authentication

C.

Two-factor authentication

D.

Biometric authentication

Buy Now
Questions 13

An IoT system administrator discovers that hackers are using rainbow tables to compromise user accounts on their cloud management portal. What should the administrator do in order to mitigate this risk?

Options:

A.

Implement robust password policies

B.

Implement certificates on all login pages

C.

Implement granular role-based access

D.

Implement URL filtering

Buy Now
Questions 14

An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?

Options:

A.

That private data can never be fully destroyed.

B.

The best practice to only collect critical data and nothing more.

C.

That data isn't valuable unless it's used as evidence for crime committed.

D.

That data is only valuable as perceived by the beholder.

Buy Now
Questions 15

An IoT developer wants to ensure all sensor to portal communications are as secure as possible and do not require any client-side configuration. Which of the following is the developer most likely to use?

Options:

A.

Virtual Private Networking (VPN)

B.

Public Key Infrastructure (PKI)

C.

IP Security (IPSec)

D.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Buy Now
Questions 16

A software developer for an IoT device company is creating software to enhance the capabilities of his company's security cameras. He wants the end users to be confidentthat the software they are downloading from his company's support site is legitimate. Which of the following tools or techniques should he utilize?

Options:

A.

Data validation

B.

Interrupt analyzer

C.

Digital certificate

D.

Pseudocode

Buy Now
Questions 17

An embedded developer is about to release an IoT gateway. Which of the following precautions must be taken to minimize attacks due to physical access?

Options:

A.

Allow access only to the software

B.

Remove all unneeded physical ports

C.

Install a firewall on network ports

D.

Allow easy access to components

Buy Now
Questions 18

An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?

Options:

A.

Upgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

B.

Downgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

C.

Upgrade the browser, as older browsers have stopped allowing connections to hosts that use only outdated cipher suites.

D.

Downgrade the browser, as modern browsers have continued allowing connections to hosts that use only outdated cipher suites.

Buy Now
Questions 19

A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?

Options:

A.

Key logger attack

B.

Dictionary attack

C.

Collision attack

D.

Phishing attack

Buy Now
Questions 20

An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

Options:

A.

Encrypt all locally stored data

B.

Ensure all firmware updates have been applied

C.

Change default passwords

D.

Implement URL filtering

Buy Now
Questions 21

A hacker is able to extract users' names, birth dates, height, and weight from an IoT manufacturer's user portal. Which of the following types of data has been compromised?

Options:

A.

Protected health information

B.

Personal health information

C.

Personal identity information

D.

Personally identifiable information

Buy Now
Questions 22

A developer needs to implement a highly secure authentication method for an IoT web portal. Which of the following authentication methods offers the highest level of identity assurance for end users?

Options:

A.

A hardware-based token generation device

B.

An X.509 certificate stored on a smart card

C.

Two-step authentication with complex passwords

D.

Multi-factor authentication with three factors

Buy Now
Questions 23

A network administrator is looking to implement best practices for the organization's password policy. Which of the following elements should the administrator include?

Options:

A.

Maximum length restriction

B.

Password history checks

C.

No use of special characters

D.

No password expiration

Buy Now
Questions 24

An embedded engineer wants to implement security features to be sure that the IoT gateway under development will only load verified images. Which of the following countermeasures could be used to achieve this goal?

Options:

A.

Implement Over-The-Air (OTA) updates

B.

Enforce a secure boot function

C.

Enforce a measured boot function

D.

Harden the update server

Buy Now
Questions 25

A user grants an IoT manufacturer consent to store personally identifiable information (PII). According to the General Data Protection Regulation (GDPR), when is an organization required to delete this data?

Options:

A.

Within ninety days after collection, unless required for a legal proceeding

B.

Within thirty days of a user's written request

C.

Within seven days of being transferred to secure, long-term storage

D.

Within sixty days after collection, unless encrypted

Buy Now
Questions 26

Which of the following items should be part of an IoT software company's data retention policy?

Options:

A.

Transport encryption algorithms

B.

X.509 certificate expiration

C.

Data backup storage location

D.

Password expiration requirements

Buy Now
Questions 27

Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?

Options:

A.

Teardrop

B.

Ping of Death

C.

SYN flood

D.

Smurf

Buy Now
Questions 28

Which of the following is the BEST encryption standard to implement for securing bulk data?

Options:

A.

Triple Data Encryption Standard (3DES)

B.

Advanced Encryption Standard (AES)

C.

Rivest Cipher 4 (RC4)

D.

Elliptic curve cryptography (ECC)

Buy Now
Questions 29

An IoT manufacturer needs to ensure that firmware flaws can be addressed even after their devices have been deployed. Which of the following methods should the manufacturer use to meet this requirement?

Options:

A.

Ensure that the bootloader can be accessed remotely using Secure Shell (SSH)

B.

Ensure that a writable copy of the device's configuration is stored in flash memory

C.

Ensure that device can accept Over-the-Air (OTA) firmware updates

D.

Ensure that ail firmware is signed using digital certificates prior to deployment

Buy Now
Questions 30

An IoT developer wants to ensure that their cloud management portal is protected against compromised end-user credentials. Which of the following technologies should the developer implement?

Options:

A.

An authentication policy that requires a password at initial logon, and a second password in order to access advanced features.

B.

An authentication policy which requires user passwords to include twelve characters, including uppercase, lowercase, and special characters.

C.

An authentication policy that requires a user to provide a strong password and on-demand token delivered via SMS.

D.

An authentication policy which requires two random tokens generated by a hardware device.

Buy Now
Exam Code: ITS-110
Exam Name: Certified Internet of Things Security Practitioner (CIoTSP)
Last Update: Oct 4, 2024
Questions: 100
ITS-110 pdf

ITS-110 PDF

$24  $80
ITS-110 Engine

ITS-110 Testing Engine

$28.5  $95
ITS-110 PDF + Engine

ITS-110 PDF + Testing Engine

$39  $130