New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CertNexus ITS-110 - Certified Internet of Things Security Practitioner (CIoTSP)

CertNexus ITS-110 Premium Access     Download Demo    
Page: 3 / 3
Total 100 questions

If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?

A.

Start log scrubbing

B.

Escalate privileges

C.

Perform port scanning

D.

Initiate reconnaissance

In designing the campus of an IoT device manufacturer, a security consultant was hired to recommend best practices for deterring criminal behavior. Which of the following approaches would he have used to meet his client's needs?

A.

Crime Prevention Through Environmental Design (CPTED)

B.

British Standard 7799 part 3 (BS 7799-3)

C.

International Organization for Standardization 17799 (ISO 17799)

D.

National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

A.

Encryption

B.

Obfuscation

C.

Hashing

D.

Fuzzing

An IoT manufacturer discovers that hackers have injected malware into their devices’ firmware updates. Which of the following methods could the manufacturer use to mitigate this risk?

A.

Ensure that all firmware updates are signed with a trusted certificate

B.

Ensure that all firmware updates are stored using 256-bit encryption

C.

Ensure that firmware updates can only be installed by trusted administrators

D.

Ensure that firmware updates are delivered using Internet Protocol Security (IPSec)

A hacker is sniffing network traffic with plans to intercept user credentials and then use them to log into remote websites. Which of the following attacks could the hacker be attempting? (Choose two.)

A.

Masquerading

B.

Brute force

C.

Directory traversal

D.

Session replay

E.

Spear phishing

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

A.

Yes, because the hash wouldn't protect the integrity of the data.

B.

Yes, because the data is vulnerable during processing.

C.

No, since the data is already encrypted while at rest and while in motion.

D.

No, because the data is inside the CPU's secure region while being used.

Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

A.

Secure Hypertext Transfer Protocol (HTTPS)

B.

Public Key Infrastructure (PKI)

C.

Next-Generation Firewall (NGFW)

D.

Hash-based Message Authentication Code (HMAC)

You made an online purchase of a smart watch from a software as a service (SaaS) vendor, and filled out an extensive profile that will help you track several fitness variables. The vendor will provide you with customized health insights based on your profile. With which of the following regulations should the company be compliant? (Choose three.)

A.

Gramm-Leach-Bliley Act (GLBA)

B.

Payment Card Industry Data Security Standard (PCI-DSS)

C.

Federal Information Security Management Act (FISMA)

D.

Sarbanes-Oxley (SOX)

E.

Health Insurance Portability and Accountability Act (HIPAA)

F.

Family Educational Rights and Privacy Act (FERPA)

G.

Federal Energy Regulatory Commission (FERC)

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

A.

Media Access Control (MAC) spoofing

B.

Buffer overflow

C.

Packet injection

D.

GPS spoofing

Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?

A.

Malformed URL injection

B.

Buffer overflow

C.

SSL certificate hijacking

D.

Session replay