ITS-110 Sample Questions Answers

Which of the following items should be part of an IoT software company's data retention policy?

In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

An IoT developer wants to ensure all sensor to portal communications are as secure as possible and do not require any client-side configuration. Which of the following is the developer most likely to use?

A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?

An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?

Passwords should be stored…

An IoT system administrator discovers that hackers are using rainbow tables to compromise user accounts on their cloud management portal. What should the administrator do in order to mitigate this risk?

Which of the following techniques protects the confidentiality of the information stored in databases?

An IoT system administrator discovers that end users are able to access administrative features on the company's IoT management portal. Which of the following actions should the administrator take to address this issue?

Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?

Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:

“Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!"

Which of the following types of attacks could this be?

Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

Which of the following is the BEST encryption standard to implement for securing bulk data?

A network administrator is looking to implement best practices for the organization's password policy. Which of the following elements should the administrator include?

An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?

An IoT software developer strives to reduce the complexity of his code to allow for efficient design and implementation. Which of the following terms describes the design principle he is implementing?

An IoT security practitioner should be aware of which common misconception regarding data in motion?

Which of the following attacks would most likely be used to discover users, printers, and other objects within a network?

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

An IoT integrator wants to deploy an IoT gateway at the Edge and have it connect to the cloud via API. In order to minimize risk, which of the following actions should the integrator take before integration?

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

An IoT security administrator wants to encrypt the database used to store sensitive IoT device data. Which of the following algorithms should he choose?

An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth versions can meet this requirement?

An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?

An IoT developer discovers that clients frequently fall victim to phishing attacks. What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?