ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

An IoT integrator wants to deploy an IoT gateway at the Edge and have it connect to the cloud via API. In order to minimize risk, which of the following actions should the integrator take before integration?

Which of the following attacks utilizes Media Access Control (MAC) address spoofing?

You work for a business-to-consumer (B2C) IoT device company. Your organization wishes to publish an annual report showing statistics related to the volume and variety of sensor data it collects. Which of the following should your organization do prior to using this information?

An IoT developer discovers that clients frequently fall victim to phishing attacks. What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?

A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?

An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?

An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?

A software developer for an IoT device company is creating software to enhance the capabilities of his company's security cameras. He wants the end users to be confidentthat the software they are downloading from his company's support site is legitimate. Which of the following tools or techniques should he utilize?

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?

A user grants an IoT manufacturer consent to store personally identifiable information (PII). According to the General Data Protection Regulation (GDPR), when is an organization required to delete this data?

An IoT software developer strives to reduce the complexity of his code to allow for efficient design and implementation. Which of the following terms describes the design principle he is implementing?

An IoT manufacturer wants to ensure that their web-enabled cameras are secured against brute force password attacks. Which of the following technologies or protocols could they implement?

Passwords should be stored…

An IoT security administrator wants to encrypt the database used to store sensitive IoT device data. Which of the following algorithms should he choose?

An IoT systems administrator wants to ensure that all data stored on remote IoT gateways is unreadable. Which of the following technologies is the administrator most likely to implement?

A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

An IoT developer needs to ensure that user passwords for a smartphone app are stored securely. Which of the following methods should the developer use to meet this requirement?

Which of the following tools or techniques is used by software developers to maintain code, but also used by hackers to maintain control of a compromised system?