1. Home
  2. CertNexus
  3. Certified IoT Security Practitioner
  4. ITS-110
  5. Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

Pass the CertNexus Certified IoT Security Practitioner ITS-110 Questions and answers with CertsForce

 CertNexus Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 3 pages
Viewing questions 1-10 out of questions
Questions # 1:

Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

Options:
A.

Smurf

B.

Ping of death

C.

Cross-Site Scripting (XSS)

D.

Man-in-the-middle (MITM)

E.

SQL Injection (SQLi)

Questions # 2:

A hacker was able to generate a trusted certificate that spoofs an IoT-enabled security camera's management portal. Which of the following is the most likely cause of this exploit?

Options:
A.

Bootloader code is stored in unsecure flash memory

B.

The portal's certificate is stored in unsecure flash memory

C.

X.509 private keys are stored in unsecure flash memory

D.

Firmware is loaded from flash using unsecure object references

Questions # 3:

A developer needs to implement a highly secure authentication method for an IoT web portal. Which of the following authentication methods offers the highest level of identity assurance for end users?

Options:
A.

A hardware-based token generation device

B.

An X.509 certificate stored on a smart card

C.

Two-step authentication with complex passwords

D.

Multi-factor authentication with three factors

Questions # 4:

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

Options:
A.

Encryption

B.

Obfuscation

C.

Hashing

D.

Fuzzing

Questions # 5:

Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

Options:
A.

Secure Hypertext Transfer Protocol (HTTPS)

B.

Public Key Infrastructure (PKI)

C.

Next-Generation Firewall (NGFW)

D.

Hash-based Message Authentication Code (HMAC)

Questions # 6:

A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?

Options:
A.

Key logger attack

B.

Dictionary attack

C.

Collision attack

D.

Phishing attack

Questions # 7:

An IoT device which allows unprotected shell access via console ports is most vulnerable to which of the following risks?

Options:
A.

Directory harvesting

B.

Rainbow table attacks

C.

Malware installation

D.

Buffer overflow

Questions # 8:

A developer is coding for an IoT product in the healthcare sector. What special care must the developer take?

Options:
A.

Make sure the user interface looks polished so that people will pay higher prices.

B.

Apply best practices for privacy protection to minimize sensitive data exposure.

C.

Rapidly complete the product so that feedback from the market can be realized sooner.

D.

Slow down product development in order to obtain FDA approval with the first submission.

Questions # 9:

If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?

Options:
A.

Start log scrubbing

B.

Escalate privileges

C.

Perform port scanning

D.

Initiate reconnaissance

Questions # 10:

A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?

Options:
A.

Management

B.

Accounting

C.

Auditing

D.

Inventory

Viewing page 1 out of 3 pages
Viewing questions 1-10 out of questions