CertNexus ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) Exam Practice Test

Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?

Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

An IoT manufacturer wants to ensure that their web-enabled cameras are secured against brute force password attacks. Which of the following technologies or protocols could they implement?

You work for an IoT software-as-a-service (SaaS) provider. Your boss has asked you to research a way to effectively dispose of stored sensitive customer data. Which of the following methods should you recommend to your boss?

Passwords should be stored…

You made an online purchase of a smart watch from a software as a service (SaaS) vendor, and filled out an extensive profile that will help you track several fitness variables. The vendor will provide you with customized health insights based on your profile. With which of the following regulations should the company be compliant? (Choose three.)

A hacker enters credentials into a web login page and observes the server's responses. Which of the following attacks is the hacker attempting?

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?

If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?

A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?

Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

A software developer for an IoT device company is creating software to enhance the capabilities of his company's security cameras. He wants the end users to be confidentthat the software they are downloading from his company's support site is legitimate. Which of the following tools or techniques should he utilize?

Which of the following methods is an IoT portal administrator most likely to use in order to mitigate Distributed Denial of Service (DDoS) attacks?

An IoT integrator wants to deploy an IoT gateway at the Edge and have it connect to the cloud via API. In order to minimize risk, which of the following actions should the integrator take before integration?

A hacker wants to record a live session between a user and a host in hopes that parts of the datastream can be used to spoof the session. Which of the following attacks is this person attempting?

Which of the following tools or techniques is used by software developers to maintain code, but also used by hackers to maintain control of a compromised system?

An IoT security architect needs to secure data in motion. Which of the following is a common vulnerability used to exploit unsecure data in motion?

An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

An IoT software developer strives to reduce the complexity of his code to allow for efficient design and implementation. Which of the following terms describes the design principle he is implementing?

A developer needs to implement a highly secure authentication method for an IoT web portal. Which of the following authentication methods offers the highest level of identity assurance for end users?

Which of the following methods or technologies is most likely to be used in order to mitigate brute force attacks?

An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?

An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow methods or technologies is the administrator most likely to implement?

Which of the following attacks would most likely be used to discover users, printers, and other objects within a network?

A hacker is sniffing network traffic with plans to intercept user credentials and then use them to log into remote websites. Which of the following attacks could the hacker be attempting? (Choose two.)