New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CertNexus ITS-110 - Certified Internet of Things Security Practitioner (CIoTSP)

CertNexus ITS-110 Premium Access     Download Demo    
Page: 2 / 3
Total 100 questions

In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

A.

Type 1 authentication

B.

Type 2 authentication

C.

Two-factor authentication

D.

Biometric authentication

Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

A.

Temporal Key Integrity Protocol (TKIP)

B.

Elliptic curve cryptography (ECC)

C.

Advanced Encryption Standard (AES)

D.

Triple Data Encryption Standard (3DES)

A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the following has most likely been misconfigured or disabled?

A.

Secure Shell (SSH)

B.

Internet Protocol Security (IPSec)

C.

Telnet

D.

Virtual private network (VPN)

An IoT systems administrator wants to ensure that all data stored on remote IoT gateways is unreadable. Which of the following technologies is the administrator most likely to implement?

A.

Secure Hypertext Transmission Protocol (HTTPS)

B.

Internet Protocol Security (IPSec)

C.

Triple Data Encryption Standard (3DES)

D.

Message Digest 5 (MD5)

Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:

“Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!"

Which of the following types of attacks could this be?

A.

Phishing

B.

Spear phishing

C.

Whaling

D.

Vishing

An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?

A.

That private data can never be fully destroyed.

B.

The best practice to only collect critical data and nothing more.

C.

That data isn't valuable unless it's used as evidence for crime committed.

D.

That data is only valuable as perceived by the beholder.

Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?

A.

Discretionary access control (DAC)

B.

Role-based access control (RBAC)

C.

Mandatory access control (MAC)

D.

Access control list (ACL)

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

A.

Sarbanes-Oxley (SOX)

B.

General Data Protection Regulation (GDPR)

C.

Electronic Identification Authentication and Trust Services (elDAS)

D.

Database Service on Alternative Methods (DB-ALM)

An embedded engineer wants to implement security features to be sure that the IoT gateway under development will only load verified images. Which of the following countermeasures could be used to achieve this goal?

A.

Implement Over-The-Air (OTA) updates

B.

Enforce a secure boot function

C.

Enforce a measured boot function

D.

Harden the update server

A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?

A.

The administrator's machine

B.

The database server

C.

The Key Distribution Center (KDC)

D.

The IoT endpoint