Certified Internet of Things Security Practitioner (CIoTSP)
Last Update Dec 2, 2024
Total Questions : 100
We are offering FREE ITS-110 CertNexus exam questions. All you do is to just go and sign up. Give your details, prepare ITS-110 free exam questions and then go for complete pool of Certified Internet of Things Security Practitioner (CIoTSP) test questions that will help you more.
An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?
Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:
“Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!"
Which of the following types of attacks could this be?
An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?
A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?
An IoT integrator wants to deploy an IoT gateway at the Edge and have it connect to the cloud via API. In order to minimize risk, which of the following actions should the integrator take before integration?
An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?
A DevOps engineer wants to provide secure network services to an IoT/cloud solution. Which of the following countermeasures should be implemented to mitigate network attacks that can render a network useless?
An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow methods or technologies is the administrator most likely to implement?
Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?
An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?
An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?
A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?
An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth versions can meet this requirement?
An IoT system administrator wants to mitigate the risk of rainbow table attacks. Which of the following methods or technologies can the administrator implement in order to address this concern?
A hacker wants to record a live session between a user and a host in hopes that parts of the datastream can be used to spoof the session. Which of the following attacks is this person attempting?
An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?
A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?
An IoT manufacturer discovers that hackers have injected malware into their devices’ firmware updates. Which of the following methods could the manufacturer use to mitigate this risk?
An IoT system administrator discovers that hackers are using rainbow tables to compromise user accounts on their cloud management portal. What should the administrator do in order to mitigate this risk?
A developer needs to implement a highly secure authentication method for an IoT web portal. Which of the following authentication methods offers the highest level of identity assurance for end users?
Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)
If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?
A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?
What is one popular network protocol that is usually enabled by default on home routers that creates a large attack surface?
Which of the following attacks relies on the trust that a website has for a user's browser?
An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?
An IoT systems administrator wants to ensure that all data stored on remote IoT gateways is unreadable. Which of the following technologies is the administrator most likely to implement?
You made an online purchase of a smart watch from a software as a service (SaaS) vendor, and filled out an extensive profile that will help you track several fitness variables. The vendor will provide you with customized health insights based on your profile. With which of the following regulations should the company be compliant? (Choose three.)
Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?