Summer Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

ITS-110 PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

ITS-110 PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: Certified Internet of Things Security Practitioner (CIoTSP)
  • Last Update: Sep 17, 2024
  • Questions and Answers: 100
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

ITS-110 Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

ITS-110 Practice Exam Questions with Answers Certified Internet of Things Security Practitioner (CIoTSP) Certification

Question # 6

An IoT device which allows unprotected shell access via console ports is most vulnerable to which of the following risks?

A.

Directory harvesting

B.

Rainbow table attacks

C.

Malware installation

D.

Buffer overflow

Full Access
Question # 7

Which of the following attacks relies on the trust that a website has for a user's browser?

A.

Phishing

B.

SQL Injection (SQLi)

C.

Cross-Site Scripting (XSS)

D.

Cross-Site Request Forgery (CSRF)

Full Access
Question # 8

Passwords should be stored…

A.

For no more than 30 days.

B.

Only in cleartext.

C.

As a hash value.

D.

Inside a digital certificate.

Full Access
Question # 9

An IoT security administrator wants to encrypt the database used to store sensitive IoT device data. Which of the following algorithms should he choose?

A.

Triple Data Encryption Standard (3DES)

B.

ElGamal

C.

Rivest-Shamir-Adleman (RSA)

D.

Secure Hash Algorithm 3-512 (SHA3-512)

Full Access
Question # 10

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

A.

Yes, because the hash wouldn't protect the integrity of the data.

B.

Yes, because the data is vulnerable during processing.

C.

No, since the data is already encrypted while at rest and while in motion.

D.

No, because the data is inside the CPU's secure region while being used.

Full Access
Question # 11

An embedded developer is about to release an IoT gateway. Which of the following precautions must be taken to minimize attacks due to physical access?

A.

Allow access only to the software

B.

Remove all unneeded physical ports

C.

Install a firewall on network ports

D.

Allow easy access to components

Full Access
Question # 12

Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

A.

Smurf

B.

Ping of death

C.

Cross-Site Scripting (XSS)

D.

Man-in-the-middle (MITM)

E.

SQL Injection (SQLi)

Full Access
Question # 13

Which of the following techniques protects the confidentiality of the information stored in databases?

A.

Hashing

B.

Archiving

C.

Monitoring

D.

Encryption

Full Access
Question # 14

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

A.

System administrator access

B.

Least privilege principle

C.

Guest account access

D.

Discretionary access control (DAC)

Full Access
Question # 15

An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

A.

Buffer overflow

B.

Denial of Service (DoS)

C.

Birthday attack

D.

Domain name system (DNS) poisoning

Full Access
Question # 16

An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?

A.

Upgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

B.

Downgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

C.

Upgrade the browser, as older browsers have stopped allowing connections to hosts that use only outdated cipher suites.

D.

Downgrade the browser, as modern browsers have continued allowing connections to hosts that use only outdated cipher suites.

Full Access
Question # 17

An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?

A.

Rivest Cipher 6 (RC6)

B.

Rijndael

C.

Diffie-Hellman (DH)

D.

Rivest-Shamir-Adleman (RSA)

Full Access
Question # 18

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

A.

Sarbanes-Oxley (SOX)

B.

General Data Protection Regulation (GDPR)

C.

Electronic Identification Authentication and Trust Services (elDAS)

D.

Database Service on Alternative Methods (DB-ALM)

Full Access
Question # 19

An IoT security architect needs to secure data in motion. Which of the following is a common vulnerability used to exploit unsecure data in motion?

A.

External flash access

B.

Misconfigured Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

C.

Databases and datastores

D.

Lack of memory space isolation

Full Access
Question # 20

An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?

A.

Collect as much data as possible so as to maximize potential value of the new IoT use-case.

B.

Collect only the minimum amount of data required to perform all the business functions.

C.

The amount or type of data collected isn't important if you have a properly secured IoT device.

D.

The amount or type of data collected isn't important if you implement proper authorization controls.

Full Access
Question # 21

An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

A.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

B.

Message-digest 5 (MD5)

C.

Blowfish

D.

Transport Layer Security (TLS)

Full Access
Question # 22

You work for an IoT software-as-a-service (SaaS) provider. Your boss has asked you to research a way to effectively dispose of stored sensitive customer data. Which of the following methods should you recommend to your boss?

A.

Crypto-shredding

B.

Degaussing

C.

Overwriting

D.

Physical destruction

Full Access
Question # 23

An IoT system administrator discovers that end users are able to access administrative features on the company's IoT management portal. Which of the following actions should the administrator take to address this issue?

A.

Implement password complexity policies

B.

Implement granular role-based access

C.

Implement account lockout policies

D.

Implement digitally signed firmware updates

Full Access
Question # 24

An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth versions can meet this requirement?

A.

Bluetooth Low Energy (BLE) v4.0

B.

BLE v4.2

C.

BLE v4.1

D.

Any of the BLE versions

Full Access
Question # 25

Which of the following methods or technologies is most likely to be used in order to mitigate brute force attacks?

A.

Account lockout policy

B.

Automated security logging

C.

Role-based access control

D.

Secure password recovery

Full Access
Question # 26

Which of the following tools or techniques is used by software developers to maintain code, but also used by hackers to maintain control of a compromised system?

A.

Disassembler

B.

Backdoor

C.

Debugger

D.

Stack pointer

Full Access
Question # 27

A hacker is able to extract users' names, birth dates, height, and weight from an IoT manufacturer's user portal. Which of the following types of data has been compromised?

A.

Protected health information

B.

Personal health information

C.

Personal identity information

D.

Personally identifiable information

Full Access
Question # 28

A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

A.

Role-Based Access Control (RBAC)

B.

Password Authentication Protocol (PAP)

C.

Remote Authentication Dial-In User Service (RADIUS)

D.

Border Gateway Protocol (BGP)

Full Access
Question # 29

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

A.

Require the use of Password Authentication Protocol (PAP)

B.

Create a separate management virtual LAN (VLAN)

C.

Ensure that all IoT management servers are running antivirus software

D.

Implement 802.1X for authentication

E.

Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1

F.

Only allow outbound traffic from the management LAN

G.

Ensure that all administrators access the management server at specific times

Full Access
Question # 30

Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

A.

Secure Hypertext Transfer Protocol (HTTPS)

B.

Public Key Infrastructure (PKI)

C.

Next-Generation Firewall (NGFW)

D.

Hash-based Message Authentication Code (HMAC)

Full Access