Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
CertNexus
Certified IoT Security Practitioner
ITS-110
Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers

Pass the CertNexus Certified IoT Security Practitioner ITS-110 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam ITS-110 Premium Access

View all detail and faqs for the ITS-110 exam

Go to Exam

448 Students Passed

89% Average Score

91% Same Questions

Viewing page 1 out of 3 pages

Viewing questions 1-10 out of questions

Questions # 1:

An IoT integrator wants to deploy an IoT gateway at the Edge and have it connect to the cloud via API. In order to minimize risk, which of the following actions should the integrator take before integration?

Options:

Write down the default login and password

Remove all logins and passwords that may exist

Create new credentials using a strong password

Reset the IoT gateway to factory defaults

Answer

Questions # 2:

A developer is coding for an IoT product in the healthcare sector. What special care must the developer take?

Options:

Make sure the user interface looks polished so that people will pay higher prices.

Apply best practices for privacy protection to minimize sensitive data exposure.

Rapidly complete the product so that feedback from the market can be realized sooner.

Slow down product development in order to obtain FDA approval with the first submission.

Answer

Explanation

[Reference: https://www.zibtek.com/blog/iot-architecture/#:~:text=The%20three%20layers%20of%20IoT%20architecture&text=It%20proposes%20three%20layers%3A%20Perception%2C%20Network%2C%20and%20Application.&text=This%20is%20the%20physical%20layer,the%20need%20of%20the%20project, ]

Questions # 3:

Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?

Options:

The portal's Internet Protocol (IP) address can more easily be spoofed.

Domain Name System (DNS) address records are more susceptible to hijacking.

The portal's administrative functions do not require authentication.

Man-in-the-middle (MITM) attacks can be used to eavesdrop on communications.

Answer

Questions # 4:

If a site administrator wants to improve the secure access to a cloud portal, which of the following would be the BEST countermeasure to implement?

Options:

Require frequent password changes

Mandate multi-factor authentication (MFA)

Utilize role-based access control (RBAC)

Require separation of duties

Answer

Questions # 5:

Which of the following methods or technologies is most likely to be used in order to mitigate brute force attacks?

Options:

Account lockout policy

Automated security logging

Role-based access control

Secure password recovery

Answer

Explanation

[Reference: https://www.sciencedirect.com/topics/computer-science/account-lockout-policy#:~:text=Account%20lockout%20policies%20are%20used,twice%2C%20but%20not%20numerous%20times, ]

Questions # 6:

A cloud developer for an IoT service is storing billing information. Which of the following should be considered a common vulnerability in regard to this data that could be used to compromise privacy?

Options:

Enabled notifications as required by law

Lack of data retention policies

Authorized access to personal information

Secured data in motion and at rest

Answer

Questions # 7:

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

Options:

Your login attempt was unsuccessful

Invalid password

That user does not exist

The username and/or password are incorrect

Incorrect email/password combination

Answer

A, C

Questions # 8:

In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

Options:

Type 1 authentication

Type 2 authentication

Two-factor authentication

Biometric authentication

Answer

Questions # 9:

Which of the following items should be part of an IoT software company's data retention policy?

Options:

Transport encryption algorithms

X.509 certificate expiration

Data backup storage location

Password expiration requirements

Answer

Questions # 10:

An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?