CertNexus Certified Internet of Things Security Practitioner - ITS-110 FREE EXAM DUMPS QUESTIONS & ANSWERS]

Question 1

An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?

A. Downgrade the browser, as modern browsers have continued allowing connections to hosts that use only outdated cipher suites. B. Upgrade the browser, as older browsers have stopped allowing connections to hosts that use only outdated cipher suites. C. Upgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites. D. Downgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

Discussion 0

Correct Answer: B Vote an answer

Question 2

It is a new employee's first day on the job. When trying to access secured systems, he incorrectly enters his credentials multiple times. Which resulting action should take place?

A. His account is locked. B. He receives a new password. C. He notifies Human Resources. D. His account is deleted.

Discussion 0

Correct Answer: A Vote an answer

Question 3

A network administrator is looking to implement best practices for the organization's password policy. Which of the following elements should the administrator include?

A. No password expiration B. Maximum length restriction C. No use of special characters D. Password history checks

Discussion 0

Correct Answer: D Vote an answer

Question 4

Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?

A. Man-in-the-middle (MITM) attacks can be used to eavesdrop on communications. B. The portal's Internet Protocol (IP) address can more easily be spoofed. C. Domain Name System (DNS) address records are more susceptible to hijacking. D. The portal's administrative functions do not require authentication.

Discussion 0

Correct Answer: A Vote an answer

Question 5

Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:
"Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!" Which of the following types of attacks could this be?

A. Phishing B. Spear phishing C. Whaling D. Vishing

Discussion 0

Correct Answer: B Vote an answer

Question 6

An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?

A. Implement two-factor authentication (2FA) B. Apply granular role-based access C. Protect against account enumeration D. Force a password change upon initial login

Discussion 0

Correct Answer: D Vote an answer

Question 7

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

A. Invalid password B. Your login attempt was unsuccessful C. The username and/or password are incorrect D. Incorrect email/password combination E. That user does not exist

Discussion 0

Correct Answer: B,E Vote an answer

Question 8

An IoT security administrator is concerned that someone could physically connect to his network and scan for vulnerable devices. Which of the following solutions should he install to prevent this kind of attack?

A. Host Intrusion Detection System (HIDS) B. Network Access Control (NAC) C. Media Access Control (MAC) D. Network Intrusion Detection System (NIDS)

Discussion 0

Correct Answer: D Vote an answer

Question 9

An IoT security administrator wants to encrypt the database used to store sensitive IoT device dat a. Which of the following algorithms should he choose?

A. Rivest-Shamir-Adleman (RSA) B. Secure Hash Algorithm 3-512 (SHA3-512) C. ElGamal D. Triple Data Encryption Standard (3DES)

Discussion 0

Correct Answer: C Vote an answer