ITS-110 Premium Files Updated Dec-2023 Practice Valid Exam Dumps Question [Q54-Q75]

ITS-110 Premium Files Updated Dec-2023 Practice Valid Exam Dumps Question

Practice with ITS-110 Dumps for Certified IoT Security Practitioner Certified Exam Questions & Answer

NEW QUESTION # 54
Which of the following attacks relies on the trust that a website has for a user's browser?

• A. Cross-Site Scripting (XSS)
• B. SQL Injection (SQLi)
• C. Phishing
• D. Cross-Site Request Forgery (CSRF)

Answer: D

NEW QUESTION # 55
An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?

• A. Prevent nodes from being rejected to keep the value of the network as high as possible.
• B. Make pairing between nodes very easy so that troubleshooting is reduced.
• C. Allow implicit trust of all gateways since they are the link to the internet.
• D. Encrypt data transmission between nodes at the physical/logical layers.

Answer: D

NEW QUESTION # 56
In designing the campus of an IoT device manufacturer, a security consultant was hired to recommend best practices for deterring criminal behavior. Which of the following approaches would he have used to meet his client's needs?

• A. Crime Prevention Through Environmental Design (CPTED)
• B. National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
• C. British Standard 7799 part 3 (BS 7799-3)
• D. International Organization for Standardization 17799 (ISO 17799)

Answer: A

NEW QUESTION # 57
An IoT developer wants to ensure that their cloud management portal is protected against compromised end-user credentials. Which of the following technologies should the developer implement?

• A. An authentication policy that requires a password at initial logon, and a second password in order to access advanced features.
• B. An authentication policy which requires user passwords to include twelve characters, including uppercase, lowercase, and special characters.
• C. An authentication policy that requires a user to provide a strong password and on-demand token delivered via SMS.
• D. An authentication policy which requires two random tokens generated by a hardware device.

Answer: C

NEW QUESTION # 58
In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

• A. Least privilege principle
• B. Discretionary access control (DAC)
• C. Guest account access
• D. System administrator access

Answer: A

NEW QUESTION # 59
A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

• A. Unvalidated redirect or forwarding
• B. Insecure HTTP session management
• C. Unhandled malformed URLs
• D. Unsecure direct object references

Answer: C

NEW QUESTION # 60
Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

• A. SQL Injection (SQLi)
• B. Cross-Site Scripting (XSS)
• C. Smurf
• D. Ping of death
• E. Man-in-the-middle (MITM)

Answer: A,B

NEW QUESTION # 61
If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?

• A. Perform port scanning
• B. Initiate reconnaissance
• C. Start log scrubbing
• D. Escalate privileges

Answer: A

NEW QUESTION # 62
An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?

• A. Diffie-Hellman (DH)
• B. Rivest Cipher 6 (RC6)
• C. Rijndael
• D. Rivest-Shamir-Adleman (RSA)

Answer: D

NEW QUESTION # 63
A DevOps engineer wants to provide secure network services to an IoT/cloud solution. Which of the following countermeasures should be implemented to mitigate network attacks that can render a network useless?

• A. Denial of Service (DoS)/Distributed Denial of Service (DDoS) mitigation
• B. Network firewall
• C. Web application firewall (WAF)
• D. Deep Packet Inspection (DPI)

Answer: A

NEW QUESTION # 64
Passwords should be stored...

• A. For no more than 30 days.
• B. Only in cleartext.
• C. Inside a digital certificate.
• D. As a hash value.

Answer: D

NEW QUESTION # 65
A DevOps engineer wants to further secure the login mechanism to a website from IoT gateways. Which of the following is the BEST method the engineer should implement?

• A. Require that passwords cannot include special characters
• B. Require that passwords contain alphanumeric characters
• C. Require that passwords be changed periodically
• D. Require two-factor or multifactor authentication

Answer: D

NEW QUESTION # 66
An IoT developer wants to ensure all sensor to portal communications are as secure as possible and do not require any client-side configuration. Which of the following is the developer most likely to use?

• A. Public Key Infrastructure (PKI)
• B. Secure/Multipurpose Internet Mail Extensions (S/MIME)
• C. IP Security (IPSec)
• D. Virtual Private Networking (VPN)

Answer: C

NEW QUESTION # 67
Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?

• A. SSL certificate hijacking
• B. Malformed URL injection
• C. Buffer overflow
• D. Session replay

Answer: D

NEW QUESTION # 68
Accompany collects and stores sensitive data from thousands of IoT devices. The company's IoT security administrator is concerned about attacks that compromise confidentiality. Which of the following attacks is the security administrator concerned about? (Choose two.)

• A. Salami
• B. Data diddling
• C. Inference
• D. Denial of Service (DoS)
• E. Aggregation

Answer: C,E

NEW QUESTION # 69
An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

• A. Buffer overflow
• B. Birthday attack
• C. Denial of Service (DoS)
• D. Domain name system (DNS) poisoning

Answer: D

NEW QUESTION # 70
An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow methods or technologies is the administrator most likely to implement?

• A. Internet Protocol Security (IPSec) with Authentication Headers (AH)
• B. Layer 2 Tunneling Protocol (L2TP)
• C. Point-to-Point Tunneling Protocol (PPTP)
• D. Internet Protocol Security (IPSec) with Encapsulating Security Payload (ESP)

Answer: A

NEW QUESTION # 71
You work for an IoT software-as-a-service (SaaS) provider. Your boss has asked you to research a way to effectively dispose of stored sensitive customer dat a. Which of the following methods should you recommend to your boss?

• A. Degaussing
• B. Crypto-shredding
• C. Physical destruction
• D. Overwriting

Answer: C

NEW QUESTION # 72
Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

• A. Limit physical access to ports when possible
• B. Allow quick administrator access for mitigation
• C. Add tamper detection to the enclosure
• D. Implement features in software instead of hardware

Answer: A

NEW QUESTION # 73
During a brute force test on his users' passwords, the security administrator found several passwords that were cracked quickly. Which of the following passwords would have taken the longest to crack?

• A. GUESSmyPASSWORD
• B. Gu3$$MyP@s$w0Rd
• C. **myPASSword**
• D. 123my456password789

Answer: B

NEW QUESTION # 74
A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?

• A. Dictionary attack
• B. Key logger attack
• C. Phishing attack
• D. Collision attack

Answer: A

NEW QUESTION # 75
......

REAL ITS-110 Exam Questions With 100% Refund Guarantee : https://passleader.passsureexam.com/ITS-110-pass4sure-exam-dumps.html