New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

CertNexus ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) Exam Practice Test

Page: 1 / 10
Total 100 questions

Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?

Options:

A.

Management

B.

Accounting

C.

Auditing

D.

Inventory

Question 2

Which of the following attacks would most likely be used to discover users, printers, and other objects within a network?

Options:

A.

Distributed Denial of Service (DDoS)

B.

SYN flood

C.

LDAP Injection

D.

Denial of Service (DoS)

Question 3

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

Options:

A.

Sarbanes-Oxley (SOX)

B.

General Data Protection Regulation (GDPR)

C.

Electronic Identification Authentication and Trust Services (elDAS)

D.

Database Service on Alternative Methods (DB-ALM)

Question 4

An embedded engineer wants to implement security features to be sure that the IoT gateway under development will only load verified images. Which of the following countermeasures could be used to achieve this goal?

Options:

A.

Implement Over-The-Air (OTA) updates

B.

Enforce a secure boot function

C.

Enforce a measured boot function

D.

Harden the update server

Question 5

Which of the following is the BEST encryption standard to implement for securing bulk data?

Options:

A.

Triple Data Encryption Standard (3DES)

B.

Advanced Encryption Standard (AES)

C.

Rivest Cipher 4 (RC4)

D.

Elliptic curve cryptography (ECC)

Question 6

It is a new employee's first day on the job. When trying to access secured systems, he incorrectly enters his credentials multiple times. Which resulting action should take place?

Options:

A.

His account is deleted.

B.

He receives a new password.

C.

His account is locked.

D.

He notifies Human Resources.

Question 7

What is one popular network protocol that is usually enabled by default on home routers that creates a large attack surface?

Options:

A.

Open virtual private network (VPN)

B.

Universal Plug and Play (UPnP)

C.

Network Address Translation (NAT)

D.

Domain Name System Security Extensions (DNSSEC)

Question 8

Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?

Options:

A.

The portal's Internet Protocol (IP) address can more easily be spoofed.

B.

Domain Name System (DNS) address records are more susceptible to hijacking.

C.

The portal's administrative functions do not require authentication.

D.

Man-in-the-middle (MITM) attacks can be used to eavesdrop on communications.

Question 9

Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?

Options:

A.

Malformed URL injection

B.

Buffer overflow

C.

SSL certificate hijacking

D.

Session replay

Question 10

Which of the following attacks relies on the trust that a website has for a user's browser?

Options:

A.

Phishing

B.

SQL Injection (SQLi)

C.

Cross-Site Scripting (XSS)

D.

Cross-Site Request Forgery (CSRF)

Question 11

The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs? (Choose three.)

Options:

A.

Internet Protocol Security (IPSec)

B.

Enhanced Interior Gateway Routing Protocol (EIGRP)

C.

Password Authentication Protocol (PAP)

D.

Challenge Handshake Authentication Protocol (CHAP)

E.

Simple Network Management Protocol (SNMP)

F.

Layer 2 Tunneling Protocol (L2TP)

G.

Interior Gateway Routing Protocol (IGRP)

Question 12

Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

Options:

A.

Smurf

B.

Ping of death

C.

Cross-Site Scripting (XSS)

D.

Man-in-the-middle (MITM)

E.

SQL Injection (SQLi)

Question 13

A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?

Options:

A.

Cross-Site Request Forgery (CSRF)

B.

SQL Injection (SQLi)

C.

Cross-Site Scripting (XSS)

D.

LDAP Injection

Question 14

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

Options:

A.

System administrator access

B.

Least privilege principle

C.

Guest account access

D.

Discretionary access control (DAC)

Question 15

A hacker is able to extract users' names, birth dates, height, and weight from an IoT manufacturer's user portal. Which of the following types of data has been compromised?

Options:

A.

Protected health information

B.

Personal health information

C.

Personal identity information

D.

Personally identifiable information

Question 16

If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?

Options:

A.

Start log scrubbing

B.

Escalate privileges

C.

Perform port scanning

D.

Initiate reconnaissance

Question 17

A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the following has most likely been misconfigured or disabled?

Options:

A.

Secure Shell (SSH)

B.

Internet Protocol Security (IPSec)

C.

Telnet

D.

Virtual private network (VPN)

Question 18

An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?

Options:

A.

Out-of-band authentication (OOBA)

B.

2FA over Short Message Service (SMS)

C.

Authenticator Apps for smartphones

D.

Fast Identity Online (FIDO) Universal 2nd Factor (U2F) USB key

Question 19

In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

Options:

A.

Type 1 authentication

B.

Type 2 authentication

C.

Two-factor authentication

D.

Biometric authentication

Question 20

An Agile Scrum Master working on IoT solutions needs to get software released for a new IoT product. Since bugs could be found after deployment, which of the following should be part of the overall solution?

Options:

A.

A money back guarantee, no questions asked

B.

Over-the-Air (OTA) software updates

C.

A lifetime transferable warranty

D.

Free firmware updates if the product is sent back to the manufacturer

Question 21

An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

Options:

A.

Buffer overflow

B.

Denial of Service (DoS)

C.

Birthday attack

D.

Domain name system (DNS) poisoning

Question 22

Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?

Options:

A.

Transport Layer Security (TLS)

B.

Internet Protocol Security (IPSec)

C.

Virtual private network (VPN)

D.

Elliptic curve cryptography (ECC)

Question 23

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

Options:

A.

Require the use of Password Authentication Protocol (PAP)

B.

Create a separate management virtual LAN (VLAN)

C.

Ensure that all IoT management servers are running antivirus software

D.

Implement 802.1X for authentication

E.

Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1

F.

Only allow outbound traffic from the management LAN

G.

Ensure that all administrators access the management server at specific times

Question 24

A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

Options:

A.

Role-Based Access Control (RBAC)

B.

Password Authentication Protocol (PAP)

C.

Remote Authentication Dial-In User Service (RADIUS)

D.

Border Gateway Protocol (BGP)

Question 25

Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?

Options:

A.

Discretionary access control (DAC)

B.

Role-based access control (RBAC)

C.

Mandatory access control (MAC)

D.

Access control list (ACL)

Question 26

Which of the following attacks utilizes Media Access Control (MAC) address spoofing?

Options:

A.

Network Address Translation (NAT)

B.

Man-in-the-middle (MITM)

C.

Network device fuzzing

D.

Unsecured network ports

Question 27

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

Options:

A.

Yes, because the hash wouldn't protect the integrity of the data.

B.

Yes, because the data is vulnerable during processing.

C.

No, since the data is already encrypted while at rest and while in motion.

D.

No, because the data is inside the CPU's secure region while being used.

Question 28

Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

Options:

A.

Add tamper detection to the enclosure

B.

Limit physical access to ports when possible

C.

Allow quick administrator access for mitigation

D.

Implement features in software instead of hardware

Question 29

An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?

Options:

A.

Make pairing between nodes very easy so that troubleshooting is reduced.

B.

Encrypt data transmission between nodes at the physical/logical layers.

C.

Prevent nodes from being rejected to keep the value of the network as high as possible.

D.

Allow implicit trust of all gateways since they are the link to the internet.

Question 30

Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:

“Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!"

Which of the following types of attacks could this be?

Options:

A.

Phishing

B.

Spear phishing

C.

Whaling

D.

Vishing

Page: 1 / 10
Total 100 questions