• Home
  • Articles
  • [Jul-2023] Updated Certified IoT Security Practitioner ITS-110 Exam Questions BUNDLE PACK [Q34-Q50]

[Jul-2023] Updated Certified IoT Security Practitioner ITS-110 Exam Questions BUNDLE PACK [Q34-Q50]

Share

[Jul-2023] Updated Certified IoT Security Practitioner ITS-110 Exam Questions BUNDLE PACK

Master The CertNexus Content ITS-110 EXAM DUMPS WITH GUARANTEED SUCCESS!

NEW QUESTION # 34
An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?

  • A. The amount or type of data collected isn't important if you have a properly secured IoT device.
  • B. Collect as much data as possible so as to maximize potential value of the new IoT use-case.
  • C. The amount or type of data collected isn't important if you implement proper authorization controls.
  • D. Collect only the minimum amount of data required to perform all the business functions.

Answer: D


NEW QUESTION # 35
A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?

  • A. Dictionary attack
  • B. Collision attack
  • C. Key logger attack
  • D. Phishing attack

Answer: A


NEW QUESTION # 36
An IoT security administrator is concerned that someone could physically connect to his network and scan for vulnerable devices. Which of the following solutions should he install to prevent this kind of attack?

  • A. Host Intrusion Detection System (HIDS)
  • B. Network Access Control (NAC)
  • C. Media Access Control (MAC)
  • D. Network Intrusion Detection System (NIDS)

Answer: D


NEW QUESTION # 37
A hacker is sniffing network traffic with plans to intercept user credentials and then use them to log into remote websites. Which of the following attacks could the hacker be attempting? (Choose two.)

  • A. Directory traversal
  • B. Session replay
  • C. Spear phishing
  • D. Masquerading
  • E. Brute force

Answer: C,E


NEW QUESTION # 38
An IoT developer needs to ensure that user passwords for a smartphone app are stored securely. Which of the following methods should the developer use to meet this requirement?

  • A. Store all passwords in read-only memory
  • B. Encrypt all stored passwords using 128-bit Twofish
  • C. Hash all passwords using Message Digest 5 (MD5)
  • D. Encrypt all stored passwords using 256-bit Advanced Encryption Standard (AES-256)

Answer: D


NEW QUESTION # 39
Which of the following methods or technologies is most likely to be used in order to mitigate brute force attacks?

  • A. Account lockout policy
  • B. Secure password recovery
  • C. Role-based access control
  • D. Automated security logging

Answer: A


NEW QUESTION # 40
An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?

  • A. Allow implicit trust of all gateways since they are the link to the internet.
  • B. Prevent nodes from being rejected to keep the value of the network as high as possible.
  • C. Make pairing between nodes very easy so that troubleshooting is reduced.
  • D. Encrypt data transmission between nodes at the physical/logical layers.

Answer: D


NEW QUESTION # 41
Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

  • A. Triple Data Encryption Standard (3DES)
  • B. Advanced Encryption Standard (AES)
  • C. Temporal Key Integrity Protocol (TKIP)
  • D. Elliptic curve cryptography (ECC)

Answer: D


NEW QUESTION # 42
A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?

  • A. Transmission control protocol (TCP) flooding
  • B. Birthday attack
  • C. Application fuzzing
  • D. Privilege escalation

Answer: D


NEW QUESTION # 43
A hacker was able to generate a trusted certificate that spoofs an IoT-enabled security camera's management portal. Which of the following is the most likely cause of this exploit?

  • A. X.509 private keys are stored in unsecure flash memory
  • B. Firmware is loaded from flash using unsecure object references
  • C. Bootloader code is stored in unsecure flash memory
  • D. The portal's certificate is stored in unsecure flash memory

Answer: A


NEW QUESTION # 44
An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

  • A. Secure/Multipurpose Internet Mail Extensions (S/MIME)
  • B. Blowfish
  • C. Transport Layer Security (TLS)
  • D. Message-digest 5 (MD5)

Answer: C


NEW QUESTION # 45
If a site administrator wants to improve the secure access to a cloud portal, which of the following would be the BEST countermeasure to implement?

  • A. Mandate multi-factor authentication (MFA)
  • B. Utilize role-based access control (RBAC)
  • C. Require frequent password changes
  • D. Require separation of duties

Answer: B


NEW QUESTION # 46
Accompany collects and stores sensitive data from thousands of IoT devices. The company's IoT security administrator is concerned about attacks that compromise confidentiality. Which of the following attacks is the security administrator concerned about? (Choose two.)

  • A. Data diddling
  • B. Salami
  • C. Denial of Service (DoS)
  • D. Inference
  • E. Aggregation

Answer: D,E


NEW QUESTION # 47
An IoT system administrator discovers that hackers are using rainbow tables to compromise user accounts on their cloud management portal. What should the administrator do in order to mitigate this risk?

  • A. Implement granular role-based access
  • B. Implement certificates on all login pages
  • C. Implement robust password policies
  • D. Implement URL filtering

Answer: A


NEW QUESTION # 48
An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)

  • A. Block all inbound packets with an internal source IP address
  • B. Require the use of X.509 digital certificates for all incoming requests
  • C. Block the use of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) through his perimeter firewall
  • D. Enable unused Transmission Control Protocol (TCP) service ports in order to create a honeypot
  • E. Block all inbound packets originating from service ports

Answer: B,C


NEW QUESTION # 49
You work for a business-to-consumer (B2C) IoT device company. Your organization wishes to publish an annual report showing statistics related to the volume and variety of sensor data it collects. Which of the following should your organization do prior to using this information?

  • A. Require customers to sign a subscription license
  • B. Ensure all sensors are running the latest software
  • C. Confirm the devices they've sold are turned on
  • D. Remove any customer-specific data

Answer: D


NEW QUESTION # 50
......

Pass CertNexus ITS-110 Exam – Experts Are Here To Help You: https://examsforall.actual4dump.com/CertNexus/ITS-110-actualtests-dumps.html

Related Articles

more
CertNexus ITS-110 Certification Practice Exam