• Home
  • Articles
  • [Jan 24, 2024] ITS-110 Exam Dumps - Try Best ITS-110 Exam Questions - DumpsValid [Q10-Q35]

[Jan 24, 2024] ITS-110 Exam Dumps - Try Best ITS-110 Exam Questions - DumpsValid [Q10-Q35]

Share

[Jan 24, 2024] ITS-110 Exam Dumps - Try Best ITS-110 Exam Questions - DumpsValid

Verified ITS-110 exam dumps Q&As with Correct 102 Questions and Answers


The rise of the Internet of Things (IoT) has brought about unprecedented levels of connectivity between devices, systems, and people. While this has brought about many benefits, it has also brought about new security challenges. The CertNexus ITS-110 (Certified Internet of Things Security Practitioner) certification exam has been designed to equip professionals with the skills and knowledge necessary to address these challenges.

 

NEW QUESTION # 10
Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

  • A. SQL Injection (SQLi)
  • B. Man-in-the-middle (MITM)
  • C. Ping of death
  • D. Cross-Site Scripting (XSS)
  • E. Smurf

Answer: A,D


NEW QUESTION # 11
An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?

  • A. That data isn't valuable unless it's used as evidence for crime committed.
  • B. That private data can never be fully destroyed.
  • C. That data is only valuable as perceived by the beholder.
  • D. The best practice to only collect critical data and nothing more.

Answer: D


NEW QUESTION # 12
An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?

  • A. Encrypt data transmission between nodes at the physical/logical layers.
  • B. Allow implicit trust of all gateways since they are the link to the internet.
  • C. Prevent nodes from being rejected to keep the value of the network as high as possible.
  • D. Make pairing between nodes very easy so that troubleshooting is reduced.

Answer: A


NEW QUESTION # 13
An IoT security administrator wants to encrypt the database used to store sensitive IoT device dat a. Which of the following algorithms should he choose?

  • A. Triple Data Encryption Standard (3DES)
  • B. ElGamal
  • C. Rivest-Shamir-Adleman (RSA)
  • D. Secure Hash Algorithm 3-512 (SHA3-512)

Answer: B


NEW QUESTION # 14
A hacker wants to record a live session between a user and a host in hopes that parts of the datastream can be used to spoof the session. Which of the following attacks is this person attempting?

  • A. Session replay
  • B. Reverse shell
  • C. Fuzzing
  • D. Bit flipping

Answer: A


NEW QUESTION # 15
An IoT developer discovers that clients frequently fall victim to phishing attacks. What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?

  • A. Implement Secure Lightweight Directory Access Protocol (LDAPS)
  • B. Enable Kerberos authentication
  • C. Implement two-factor authentication (2FA)
  • D. Implement account lockout policies

Answer: C


NEW QUESTION # 16
An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

  • A. Denial of Service (DoS)
  • B. Birthday attack
  • C. Buffer overflow
  • D. Domain name system (DNS) poisoning

Answer: D


NEW QUESTION # 17
A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?

  • A. Cross-Site Scripting (XSS)
  • B. SQL Injection (SQLi)
  • C. Cross-Site Request Forgery (CSRF)
  • D. LDAP Injection

Answer: D


NEW QUESTION # 18
Which of the following attacks would most likely be used to discover users, printers, and other objects within a network?

  • A. Distributed Denial of Service (DDoS)
  • B. Denial of Service (DoS)
  • C. SYN flood
  • D. LDAP Injection

Answer: D


NEW QUESTION # 19
A hacker is sniffing network traffic with plans to intercept user credentials and then use them to log into remote websites. Which of the following attacks could the hacker be attempting? (Choose two.)

  • A. Directory traversal
  • B. Brute force
  • C. Spear phishing
  • D. Session replay
  • E. Masquerading

Answer: B,C


NEW QUESTION # 20
An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

  • A. Encryption
  • B. Fuzzing
  • C. Obfuscation
  • D. Hashing

Answer: D


NEW QUESTION # 21
An IoT system administrator discovers that hackers are using rainbow tables to compromise user accounts on their cloud management portal. What should the administrator do in order to mitigate this risk?

  • A. Implement URL filtering
  • B. Implement certificates on all login pages
  • C. Implement granular role-based access
  • D. Implement robust password policies

Answer: C


NEW QUESTION # 22
A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?

  • A. Require strong passwords
  • B. Configure single sign-on (SSO)
  • C. Require two-factor authentication (2FA)
  • D. Parameter validation

Answer: D


NEW QUESTION # 23
A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the following has most likely been misconfigured or disabled?

  • A. Internet Protocol Security (IPSec)
  • B. Telnet
  • C. Virtual private network (VPN)
  • D. Secure Shell (SSH)

Answer: A


NEW QUESTION # 24
An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

  • A. Implement URL filtering
  • B. Ensure all firmware updates have been applied
  • C. Encrypt all locally stored data
  • D. Change default passwords

Answer: D


NEW QUESTION # 25
In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?

  • A. The server must be vulnerable to malformed Uniform Resource Locator (URL) injection
  • B. Client to server traffic must use Hypertext Transmission Protocol (HTTP)
  • C. The web server's X.509 certificate must be compromised
  • D. The server must be using a deprecated version of Transport Layer Security (TLS)

Answer: D


NEW QUESTION # 26
A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

  • A. Border Gateway Protocol (BGP)
  • B. Role-Based Access Control (RBAC)
  • C. Password Authentication Protocol (PAP)
  • D. Remote Authentication Dial-In User Service (RADIUS)

Answer: D


NEW QUESTION # 27
If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?

  • A. Escalate privileges
  • B. Initiate reconnaissance
  • C. Perform port scanning
  • D. Start log scrubbing

Answer: B


NEW QUESTION # 28
Passwords should be stored...

  • A. Only in cleartext.
  • B. For no more than 30 days.
  • C. As a hash value.
  • D. Inside a digital certificate.

Answer: C


NEW QUESTION # 29
You made an online purchase of a smart watch from a software as a service (SaaS) vendor, and filled out an extensive profile that will help you track several fitness variables. The vendor will provide you with customized health insights based on your profile. With which of the following regulations should the company be compliant? (Choose three.)

  • A. Payment Card Industry Data Security Standard (PCI-DSS)
  • B. Federal Information Security Management Act (FISMA)
  • C. Health Insurance Portability and Accountability Act (HIPAA)
  • D. Family Educational Rights and Privacy Act (FERPA)
  • E. Sarbanes-Oxley (SOX)
  • F. Gramm-Leach-Bliley Act (GLBA)
  • G. Federal Energy Regulatory Commission (FERC)

Answer: A,C,D


NEW QUESTION # 30
A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?

  • A. The database server
  • B. The Key Distribution Center (KDC)
  • C. The IoT endpoint
  • D. The administrator's machine

Answer: A


NEW QUESTION # 31
An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

  • A. Ensure that all administrators access the management server at specific times
  • B. Only allow outbound traffic from the management LAN
  • C. Create a separate management virtual LAN (VLAN)
  • D. Implement 802.1X for authentication
  • E. Ensure that all IoT management servers are running antivirus software
  • F. Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1
  • G. Require the use of Password Authentication Protocol (PAP)

Answer: A,C,D


NEW QUESTION # 32
A hacker is able to extract users' names, birth dates, height, and weight from an IoT manufacturer's user portal. Which of the following types of data has been compromised?

  • A. Personally identifiable information
  • B. Personal health information
  • C. Protected health information
  • D. Personal identity information

Answer: A


NEW QUESTION # 33
Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

  • A. Elliptic curve cryptography (ECC)
  • B. Triple Data Encryption Standard (3DES)
  • C. Temporal Key Integrity Protocol (TKIP)
  • D. Advanced Encryption Standard (AES)

Answer: A


NEW QUESTION # 34
Which of the following attacks utilizes Media Access Control (MAC) address spoofing?

  • A. Network device fuzzing
  • B. Network Address Translation (NAT)
  • C. Man-in-the-middle (MITM)
  • D. Unsecured network ports

Answer: C


NEW QUESTION # 35
......

CertNexus ITS-110 Test Engine PDF - All Free Dumps: https://www.dumpsvalid.com/ITS-110-still-valid-exam.html

Get New ITS-110 Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1Ho3VRaL35UlYmyo1Fgb2LVniF5uXVSka

Related Articles

more
CertNexus ITS-110 Certification Practice Exam

Copyright © 2026 DumpsValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy