Free Certified Internet of Things Security Practitioner Exam ITS-110 Exam Practice Test

Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

• Smurf
  
• Ping of death
  
• Cross-Site Scripting (XSS)
  
• Man-in-the-middle (MITM)
  
• SQL Injection (SQLi)
  

A developer needs to implement a highly secure authentication method for an IoT web portal. Which of the following authentication methods offers the highest level of identity assurance for end users?

• A hardware-based token generation device
  
• An X.509 certificate stored on a smart card
  
• Two-step authentication with complex passwords
  
• Multi-factor authentication with three factors
  

An IoT manufacturer discovers that hackers have injected malware into their devices' firmware updates. Which of the following methods could the manufacturer use to mitigate this risk?

• Ensure that all firmware updates are signed with a trusted certificate
  
• Ensure that all firmware updates are stored using 256-bit encryption
  
• Ensure that firmware updates can only be installed by trusted administrators
  
• Ensure that firmware updates are delivered using Internet Protocol Security (IPSec)
  

An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow methods or technologies is the administrator most likely to implement?

• Internet Protocol Security (IPSec) with Encapsulating Security Payload (ESP)
  
• Point-to-Point Tunneling Protocol (PPTP)
  
• Layer 2 Tunneling Protocol (L2TP)
  
• Internet Protocol Security (IPSec) with Authentication Headers (AH)
  

An IoT manufacturer wants to ensure that their web-enabled cameras are secured against brute force password attacks. Which of the following technologies or protocols could they implement?

• URL filtering policies
  
• Account lockout policies
  
• Software encryption
  
• Buffer overflow prevention
  

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

• Sarbanes-Oxley (SOX)
  
• General Data Protection Regulation (GDPR)
  
• Electronic Identification Authentication and Trust Services (elDAS)
  
• Database Service on Alternative Methods (DB-ALM)
  

Which of the following tools or techniques is used by software developers to maintain code, but also used by hackers to maintain control of a compromised system?

• Disassembler
  
• Backdoor
  
• Debugger
  
• Stack pointer
  

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

• Your login attempt was unsuccessful
  
• Invalid password
  
• That user does not exist
  
• The username and/or password are incorrect
  
• Incorrect email/password combination
  

A hacker is sniffing network traffic with plans to intercept user credentials and then use them to log into remote websites. Which of the following attacks could the hacker be attempting? (Choose two.)

• Masquerading
  
• Brute force
  
• Directory traversal
  
• Session replay
  
• Spear phishing
  

Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

• Secure Hypertext Transfer Protocol (HTTPS)
  
• Public Key Infrastructure (PKI)
  
• Next-Generation Firewall (NGFW)
  
• Hash-based Message Authentication Code (HMAC)