ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

A cloud developer for an IoT service is storing billing information. Which of the following should be considered a common vulnerability in regard to this data that could be used to compromise privacy?

A manufacturer wants to ensure that approved software is delivered securely and can be verified prior to installation on its IoT devices. Which of the following technologies allows the manufacturer to meet this requirement?

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

If a site administrator wants to improve the secure access to a cloud portal, which of the following would be the BEST countermeasure to implement?

A DevOps engineer wants to provide secure network services to an IoT/cloud solution. Which of the following countermeasures should be implemented to mitigate network attacks that can render a network useless?

A DevOps engineer wants to further secure the login mechanism to a website from IoT gateways. Which of the following is the BEST method the engineer should implement?

An embedded engineer wants to implement security features to be sure that the IoT gateway under development will only load verified images. Which of the following countermeasures could be used to achieve this goal?

Which of the following techniques protects the confidentiality of the information stored in databases?

It is a new employee's first day on the job. When trying to access secured systems, he incorrectly enters his credentials multiple times. Which resulting action should take place?

An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?

An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?

An IoT security practitioner should be aware of which common misconception regarding data in motion?

A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the following has most likely been misconfigured or disabled?

Which of the following items should be part of an IoT software company's data retention policy?

Which of the following methods is an IoT portal administrator most likely to use in order to mitigate Distributed Denial of Service (DDoS) attacks?

An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth versions can meet this requirement?

An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs? (Choose three.)

In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

During a brute force test on his users’ passwords, the security administrator found several passwords that were cracked quickly. Which of the following passwords would have taken the longest to crack?

Which of the following methods or technologies is most likely to be used in order to mitigate brute force attacks?