New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. CertNexus
  3. Certified IoT Security Practitioner
  4. ITS-110 - Certified Internet of Things Security Practitioner (CIoTSP)

ITS-110 Exam Dumps - Certified Internet of Things Security Practitioner (CIoTSP)

Go to page:
Question # 9

A compromised IoT device is initiating random connections to an attacker's server in order to exfiltrate sensitive data. Which type of attack is being used?

A.

Man-in-the-middle (MITM)

B.

SSL session hijack

C.

Reverse shell

D.

Honeypot

Full Access
Question # 10

An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?

A.

Collect as much data as possible so as to maximize potential value of the new IoT use-case.

B.

Collect only the minimum amount of data required to perform all the business functions.

C.

The amount or type of data collected isn't important if you have a properly secured IoT device.

D.

The amount or type of data collected isn't important if you implement proper authorization controls.

Full Access
Question # 11

An embedded developer is about to release an IoT gateway. Which of the following precautions must be taken to minimize attacks due to physical access?

A.

Allow access only to the software

B.

Remove all unneeded physical ports

C.

Install a firewall on network ports

D.

Allow easy access to components

Full Access
Question # 12

Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?

A.

Malformed URL injection

B.

Buffer overflow

C.

SSL certificate hijacking

D.

Session replay

Full Access
Question # 13

A hacker enters credentials into a web login page and observes the server's responses. Which of the following attacks is the hacker attempting?

A.

Account enumeration

B.

Directory traversal

C.

Buffer overflow

D.

Spear phishing

Full Access
Question # 14

A software developer for an IoT device company is creating software to enhance the capabilities of his company's security cameras. He wants the end users to be confidentthat the software they are downloading from his company's support site is legitimate. Which of the following tools or techniques should he utilize?

A.

Data validation

B.

Interrupt analyzer

C.

Digital certificate

D.

Pseudocode

Full Access
Question # 15

An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?

A.

That private data can never be fully destroyed.

B.

The best practice to only collect critical data and nothing more.

C.

That data isn't valuable unless it's used as evidence for crime committed.

D.

That data is only valuable as perceived by the beholder.

Full Access
Question # 16

A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?

A.

Configure single sign-on (SSO)

B.

Parameter validation

C.

Require strong passwords

D.

Require two-factor authentication (2FA)

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps