A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?
Which of the following attacks would most likely be used to discover users, printers, and other objects within a network?
You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?
An embedded engineer wants to implement security features to be sure that the IoT gateway under development will only load verified images. Which of the following countermeasures could be used to achieve this goal?
Which of the following is the BEST encryption standard to implement for securing bulk data?
It is a new employee's first day on the job. When trying to access secured systems, he incorrectly enters his credentials multiple times. Which resulting action should take place?
What is one popular network protocol that is usually enabled by default on home routers that creates a large attack surface?
Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?
Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?
Which of the following attacks relies on the trust that a website has for a user's browser?
The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs? (Choose three.)
Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)
A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?
In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?
A hacker is able to extract users' names, birth dates, height, and weight from an IoT manufacturer's user portal. Which of the following types of data has been compromised?
If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?
A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the following has most likely been misconfigured or disabled?
An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?
In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:
An Agile Scrum Master working on IoT solutions needs to get software released for a new IoT product. Since bugs could be found after deployment, which of the following should be part of the overall solution?
An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?
Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?
An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)
A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?
Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?
Which of the following attacks utilizes Media Access Control (MAC) address spoofing?
An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?
Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?
An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?
Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:
“Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!"
Which of the following types of attacks could this be?