Month End Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Examstrust Logo
examstrust mcafee
  1. Home
  2. CertNexus
  3. Certified IoT Security Practitioner
  4. ITS-110 - Certified Internet of Things Security Practitioner (CIoTSP)

CertNexus ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) Exam Practice Test

Page: 1 / 10
Total 100 questions
Get ITS-110 Full Access Download ITS-110 PDF

Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$51  $169.99
Add to Cart

Testing Engine

  • Product Type: Testing Engine
$36  $119.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$31.5  $104.99
Add to Cart
Question 1

An IoT developer wants to ensure all sensor to portal communications are as secure as possible and do not require any client-side configuration. Which of the following is the developer most likely to use?

Options:

A.

Virtual Private Networking (VPN)

B.

Public Key Infrastructure (PKI)

C.

IP Security (IPSec)

D.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Question 2

Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?

Options:

A.

Discretionary access control (DAC)

B.

Role-based access control (RBAC)

C.

Mandatory access control (MAC)

D.

Access control list (ACL)

Question 3

An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)

Options:

A.

Block all inbound packets with an internal source IP address

B.

Block all inbound packets originating from service ports

C.

Enable unused Transmission Control Protocol (TCP) service ports in order to create a honeypot

D.

Block the use of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) through his perimeter firewall

E.

Require the use of X.509 digital certificates for all incoming requests

Question 4

A hacker is able to extract users' names, birth dates, height, and weight from an IoT manufacturer's user portal. Which of the following types of data has been compromised?

Options:

A.

Protected health information

B.

Personal health information

C.

Personal identity information

D.

Personally identifiable information

Question 5

A user grants an IoT manufacturer consent to store personally identifiable information (PII). According to the General Data Protection Regulation (GDPR), when is an organization required to delete this data?

Options:

A.

Within ninety days after collection, unless required for a legal proceeding

B.

Within thirty days of a user's written request

C.

Within seven days of being transferred to secure, long-term storage

D.

Within sixty days after collection, unless encrypted

Question 6

A hacker wants to record a live session between a user and a host in hopes that parts of the datastream can be used to spoof the session. Which of the following attacks is this person attempting?

Options:

A.

Fuzzing

B.

Session replay

C.

Bit flipping

D.

Reverse shell

Question 7

Which of the following attacks relies on the trust that a website has for a user's browser?

Options:

A.

Phishing

B.

SQL Injection (SQLi)

C.

Cross-Site Scripting (XSS)

D.

Cross-Site Request Forgery (CSRF)

Question 8

In designing the campus of an IoT device manufacturer, a security consultant was hired to recommend best practices for deterring criminal behavior. Which of the following approaches would he have used to meet his client's needs?

Options:

A.

Crime Prevention Through Environmental Design (CPTED)

B.

British Standard 7799 part 3 (BS 7799-3)

C.

International Organization for Standardization 17799 (ISO 17799)

D.

National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)

Question 9

Which of the following techniques protects the confidentiality of the information stored in databases?

Options:

A.

Hashing

B.

Archiving

C.

Monitoring

D.

Encryption

Question 10

A developer is coding for an IoT product in the healthcare sector. What special care must the developer take?

Options:

A.

Make sure the user interface looks polished so that people will pay higher prices.

B.

Apply best practices for privacy protection to minimize sensitive data exposure.

C.

Rapidly complete the product so that feedback from the market can be realized sooner.

D.

Slow down product development in order to obtain FDA approval with the first submission.

Question 11

An IoT manufacturer discovers that hackers have injected malware into their devices’ firmware updates. Which of the following methods could the manufacturer use to mitigate this risk?

Options:

A.

Ensure that all firmware updates are signed with a trusted certificate

B.

Ensure that all firmware updates are stored using 256-bit encryption

C.

Ensure that firmware updates can only be installed by trusted administrators

D.

Ensure that firmware updates are delivered using Internet Protocol Security (IPSec)

Question 12

A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?

Options:

A.

Key logger attack

B.

Dictionary attack

C.

Collision attack

D.

Phishing attack

Question 13

An IoT developer wants to ensure that their cloud management portal is protected against compromised end-user credentials. Which of the following technologies should the developer implement?

Options:

A.

An authentication policy that requires a password at initial logon, and a second password in order to access advanced features.

B.

An authentication policy which requires user passwords to include twelve characters, including uppercase, lowercase, and special characters.

C.

An authentication policy that requires a user to provide a strong password and on-demand token delivered via SMS.

D.

An authentication policy which requires two random tokens generated by a hardware device.

Question 14

If a site administrator wants to improve the secure access to a cloud portal, which of the following would be the BEST countermeasure to implement?

Options:

A.

Require frequent password changes

B.

Mandate multi-factor authentication (MFA)

C.

Utilize role-based access control (RBAC)

D.

Require separation of duties

Question 15

Which of the following methods is an IoT portal administrator most likely to use in order to mitigate Distributed Denial of Service (DDoS) attacks?

Options:

A.

Implement Domain Name System Security Extensions (DNSSEC) on all Internet-facing name servers

B.

Disable Network Address Translation Traversal (NAT-T) at the border firewall

C.

Implement traffic scrubbers on the upstream Internet Service Provider (ISP) connection

D.

Require Internet Protocol Security (IPSec) for all inbound portal connections

Load More ITS-110 Questions
Page: 1 / 10
Total 100 questions
Get ITS-110 Full Access Download ITS-110 PDF