Latest ITS-210 Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : ITS-210
Exam Name : Certified Internet of Things Security Practitioner (CIoTSP)
Vendor Name :
"CertNexus"

Download Full Version of ITS-210

---

ITS-210 Dumps

ITS-210 Braindumps ITS-210 Real Questions ITS-210 Practice Test

ITS-210 Actual Questions

CertNexus

ITS-210

Certified Internet of Things Security Practitioner (CIoTSP)

https://killexams.com/pass4sure/exam-detail/ITS-210

Question: 20

A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?

1. Cross-Site Request Forgery (CSRF)

2. SQL Injection (SQLi)

3. Cross-Site Scripting (XSS)

4. LDAP Injection

Answer: D
Question: 21

If a site administrator wants to improve the secure access to a cloud portal, which of the following would be the BEST countermeasure to implement?

1. Require frequent password changes

2. Mandate multi-factor authentication (MFA)

3. Utilize role-based access control (RBAC)

4. Require separation of duties

Answer: C
Question: 22

An IoT developer discovers that clients frequently fall victim to phishing attacks.

What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?

1. Implement two-factor authentication (2FA)

2. Enable Kerberos authentication

3. Implement account lockout policies

4. Implement Secure Lightweight Directory Access Protocol (LDAPS)

Answer: A
Question: 23

An IoT security practitioner should be aware of which common misconception regarding data in motion?

1. That transmitted data is point-to-point and therefore a third party does not exist.

2. The assumption that all data is encrypted properly and cannot be exploited.

3. That data can change instantly so old data is of no value.

4. The assumption that network protocols automatically encrypt data on the fly.

Answer: B
Question: 24

In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?

1. Client to server traffic must use Hypertext Transmission Protocol (HTTP)

2. The server must be vulnerable to malformed Uniform Resource Locator (URL) injection

3. The server must be using a deprecated version of Transport Layer Security (TLS)

4. The web server's

5. 509 certificate must be compromised

Answer: C

Explanation:

Reference: https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/

Question: 25

Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?

1. Teardrop

2. Ping of Death

3. SYN flood

4. Smurf

Answer: C

Explanation:

Reference: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/

Question: 26

The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote

workersâ VPNs? (Choose three.)

1. Internet Protocol Security (IPSec)

2. Enhanced Interior Gateway Routing Protocol (EIGRP)

3. Password Authentication Protocol (PAP)

4. Challenge Handshake Authentication Protocol (CHAP)

5. Simple Network Management Protocol (SNMP)

6. Layer 2 Tunneling Protocol (L2TP)

7. Interior Gateway Routing Protocol (IGRP)

Answer: A,D,F
Question: 27

Which of the following tools or techniques is used by software developers to maintain code, but also used by hackers to maintain control of a compromised system?

1. Disassembler

2. Backdoor

3. Debugger

4. Stack pointer

Answer: B
Question: 28

Passwords should be storedâŠ

1. For no more than 30 days.

2. Only in cleartext.

3. As a hash value.

4. Inside a digital certificate.

Answer: C

Explanation:

Reference: https://snyk.io/learn/password-storage-best-practices/

Question: 29

If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?

1. Start log scrubbing

2. Escalate privileges

3. Perform port scanning

4. Initiate reconnaissance

Answer: C
Question: 30

Which of the following is the BEST encryption standard to implement for securing bulk data?

1. Triple Data Encryption Standard (3DES)

2. Advanced Encryption Standard (AES)

3. Rivest Cipher 4 (RC4)

4. Elliptic curve cryptography (ECC)

Answer: B
Question: 31

A user grants an IoT manufacturer consent to store personally identifiable information (PII).

According to the General Data Protection Regulation (GDPR), when is an organization required to delete this data?

1. Within ninety days after collection, unless required for a legal proceeding

2. Within thirty days of a user's written request

3. Within seven days of being transferred to secure, long-term storage

4. Within sixty days after collection, unless encrypted

Answer: B
Question: 32

An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?

1. Out-of-band authentication (OOBA)

2. 2FA over Short Message Service (SMS)

3. Authenticator Apps for smartphones

4. Fast Identity Online (FIDO) Universal 2nd Factor (U2F) USB key

Answer: B
Question: 33

An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices.

What should the system administrator do on the remote devices in order to address this issue?

1. Encrypt all locally stored data

2. Ensure all firmware updates have been applied

3. Change default passwords

4. Implement URL filtering

Answer: C
Question: 34

An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website.

To which of the following attacks has he likely fallen victim?

1. Buffer overflow

2. Denial of Service (DoS)

3. Birthday attack

4. Domain name system (DNS) poisoning

Answer: D
Question: 35

Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?

1. Transport Layer Security (TLS)

2. Internet Protocol Security (IPSec)

3. Virtual private network (VPN)

4. Elliptic curve cryptography (ECC)

Answer: C

User: Moses***** I never thought I would be able to answer all the questions in the ITS-210 exam correctly. However, thanks to killexams.com, I was able to understand the principles behind the questions and answer even the unknown ones. Their custom-designed material met all of my coaching needs, and I was able to respond to 90% of the questions from the guide quickly, leaving me more time for the unknown ones.

User: Felix***** Thank you for the ITS-210 practice tests. I was able to identify most of the questions and simulations that were already covered in your practice tests. I scored 97% marks in the exam. After reading several books, I was still confused about the right material to use for exam preparation. I was looking for an easy-to-understand guideline for the ITS-210 exam with simple questions and answers, and Killexams.com Questions and Answers satisfied my need by defining the complicated subjects in the most effective manner. In the actual exam, I scored 97%, which exceeded my expectation. Thanks to Killexams.com for their awesome guideline.

User: Pearl***** I found the its-210 Questions and Answers provided by killexams.com to be extremely helpful during my exam. Not only did it assist me in passing the exam, but I am also considering using it for other certifications in the future.

User: Lukah***** I am feeling incredibly happy right now. I recently received my its-210 exam results, and I passed with flying colors. I wanted to take a moment to thank killexams.com for providing such helpful guidance and support during my preparation.

User: Tassy***** I am proud to have scored 89% on my its-210 exam, which was a challenging but rewarding experience. I owe my success to Killexams.com, which provided accurate assessments of my potential and capabilities in preparation for the exam. This resource is particularly helpful for tests taken shortly before the academic test and offers reliable updates. The its-210 exam offers a thorough evaluation of a candidates potential and capabilities.

---