Pre Black Friday Sale Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

ITS-110 PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

ITS-110 PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: Certified Internet of Things Security Practitioner (CIoTSP)
  • Last Update: Dec 3, 2023
  • Questions and Answers: 100
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

ITS-110 Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

Question # 6

An IoT integrator wants to deploy an IoT gateway at the Edge and have it connect to the cloud via API. In order to minimize risk, which of the following actions should the integrator take before integration?

A.

Write down the default login and password

B.

Remove all logins and passwords that may exist

C.

Create new credentials using a strong password

D.

Reset the IoT gateway to factory defaults

Full Access
Question # 7

Which of the following attacks utilizes Media Access Control (MAC) address spoofing?

A.

Network Address Translation (NAT)

B.

Man-in-the-middle (MITM)

C.

Network device fuzzing

D.

Unsecured network ports

Full Access
Question # 8

You work for a business-to-consumer (B2C) IoT device company. Your organization wishes to publish an annual report showing statistics related to the volume and variety of sensor data it collects. Which of the following should your organization do prior to using this information?

A.

Confirm the devices they've sold are turned on

B.

Ensure all sensors are running the latest software

C.

Require customers to sign a subscription license

D.

Remove any customer-specific data

Full Access
Question # 9

An IoT developer discovers that clients frequently fall victim to phishing attacks. What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?

A.

Implement two-factor authentication (2FA)

B.

Enable Kerberos authentication

C.

Implement account lockout policies

D.

Implement Secure Lightweight Directory Access Protocol (LDAPS)

Full Access
Question # 10

A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?

A.

Management

B.

Accounting

C.

Auditing

D.

Inventory

Full Access
Question # 11

An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

A.

Encrypt all locally stored data

B.

Ensure all firmware updates have been applied

C.

Change default passwords

D.

Implement URL filtering

Full Access
Question # 12

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

A.

System administrator access

B.

Least privilege principle

C.

Guest account access

D.

Discretionary access control (DAC)

Full Access
Question # 13

A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?

A.

Privilege escalation

B.

Transmission control protocol (TCP) flooding

C.

Application fuzzing

D.

Birthday attack

Full Access
Question # 14

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

A.

Media Access Control (MAC) spoofing

B.

Buffer overflow

C.

Packet injection

D.

GPS spoofing

Full Access
Question # 15

An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

A.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

B.

Message-digest 5 (MD5)

C.

Blowfish

D.

Transport Layer Security (TLS)

Full Access
Question # 16

An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?

A.

Collect as much data as possible so as to maximize potential value of the new IoT use-case.

B.

Collect only the minimum amount of data required to perform all the business functions.

C.

The amount or type of data collected isn't important if you have a properly secured IoT device.

D.

The amount or type of data collected isn't important if you implement proper authorization controls.

Full Access
Question # 17

An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?

A.

Out-of-band authentication (OOBA)

B.

2FA over Short Message Service (SMS)

C.

Authenticator Apps for smartphones

D.

Fast Identity Online (FIDO) Universal 2nd Factor (U2F) USB key

Full Access
Question # 18

A software developer for an IoT device company is creating software to enhance the capabilities of his company's security cameras. He wants the end users to be confidentthat the software they are downloading from his company's support site is legitimate. Which of the following tools or techniques should he utilize?

A.

Data validation

B.

Interrupt analyzer

C.

Digital certificate

D.

Pseudocode

Full Access
Question # 19

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

A.

Your login attempt was unsuccessful

B.

Invalid password

C.

That user does not exist

D.

The username and/or password are incorrect

E.

Incorrect email/password combination

Full Access
Question # 20

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

A.

Require the use of Password Authentication Protocol (PAP)

B.

Create a separate management virtual LAN (VLAN)

C.

Ensure that all IoT management servers are running antivirus software

D.

Implement 802.1X for authentication

E.

Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1

F.

Only allow outbound traffic from the management LAN

G.

Ensure that all administrators access the management server at specific times

Full Access
Question # 21

An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?

A.

That private data can never be fully destroyed.

B.

The best practice to only collect critical data and nothing more.

C.

That data isn't valuable unless it's used as evidence for crime committed.

D.

That data is only valuable as perceived by the beholder.

Full Access
Question # 22

A user grants an IoT manufacturer consent to store personally identifiable information (PII). According to the General Data Protection Regulation (GDPR), when is an organization required to delete this data?

A.

Within ninety days after collection, unless required for a legal proceeding

B.

Within thirty days of a user's written request

C.

Within seven days of being transferred to secure, long-term storage

D.

Within sixty days after collection, unless encrypted

Full Access
Question # 23

An IoT software developer strives to reduce the complexity of his code to allow for efficient design and implementation. Which of the following terms describes the design principle he is implementing?

A.

Calibration

B.

Demodulation

C.

Encapsulation

D.

Abstraction

Full Access
Question # 24

An IoT manufacturer wants to ensure that their web-enabled cameras are secured against brute force password attacks. Which of the following technologies or protocols could they implement?

A.

URL filtering policies

B.

Account lockout policies

C.

Software encryption

D.

Buffer overflow prevention

Full Access
Question # 25

Passwords should be stored…

A.

For no more than 30 days.

B.

Only in cleartext.

C.

As a hash value.

D.

Inside a digital certificate.

Full Access
Question # 26

An IoT security administrator wants to encrypt the database used to store sensitive IoT device data. Which of the following algorithms should he choose?

A.

Triple Data Encryption Standard (3DES)

B.

ElGamal

C.

Rivest-Shamir-Adleman (RSA)

D.

Secure Hash Algorithm 3-512 (SHA3-512)

Full Access
Question # 27

An IoT systems administrator wants to ensure that all data stored on remote IoT gateways is unreadable. Which of the following technologies is the administrator most likely to implement?

A.

Secure Hypertext Transmission Protocol (HTTPS)

B.

Internet Protocol Security (IPSec)

C.

Triple Data Encryption Standard (3DES)

D.

Message Digest 5 (MD5)

Full Access
Question # 28

A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

A.

Role-Based Access Control (RBAC)

B.

Password Authentication Protocol (PAP)

C.

Remote Authentication Dial-In User Service (RADIUS)

D.

Border Gateway Protocol (BGP)

Full Access
Question # 29

An IoT developer needs to ensure that user passwords for a smartphone app are stored securely. Which of the following methods should the developer use to meet this requirement?

A.

Encrypt all stored passwords using 256-bit Advanced Encryption Standard (AES-256)

B.

Encrypt all stored passwords using 128-bit Twofish

C.

Hash all passwords using Message Digest 5 (MD5)

D.

Store all passwords in read-only memory

Full Access
Question # 30

Which of the following tools or techniques is used by software developers to maintain code, but also used by hackers to maintain control of a compromised system?

A.

Disassembler

B.

Backdoor

C.

Debugger

D.

Stack pointer

Full Access