最新的Certified IoT Security Practitioner認證 ITS-110考試題庫

問題1

A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?

A. Require two-factor authentication (2FA)

B. Parameter validation

C. Require strong passwords

D. Configure single sign-on (SSO)

正確答案: B

問題2

An IoT manufacturer needs to ensure that firmware flaws can be addressed even after their devices have been deployed. Which of the following methods should the manufacturer use to meet this requirement?

A. Ensure that ail firmware is signed using digital certificates prior to deployment

B. Ensure that the bootloader can be accessed remotely using Secure Shell (SSH)

C. Ensure that a writable copy of the device's configuration is stored in flash memory

D. Ensure that device can accept Over-the-Air (OTA) firmware updates

正確答案: D

問題3

An IoT security administrator is concerned that someone could physically connect to his network and scan for vulnerable devices. Which of the following solutions should he install to prevent this kind of attack?

A. Host Intrusion Detection System (HIDS)

B. Network Intrusion Detection System (NIDS)

C. Network Access Control (NAC)

D. Media Access Control (MAC)

正確答案: B

問題4

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

A. Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1

B. Implement 802.1X for authentication

C. Ensure that all administrators access the management server at specific times

D. Only allow outbound traffic from the management LAN

E. Ensure that all IoT management servers are running antivirus software

F. Require the use of Password Authentication Protocol (PAP)

G. Create a separate management virtual LAN (VLAN)

正確答案: B,C,G

問題5

Which of the following techniques protects the confidentiality of the information stored in databases?

A. Monitoring

B. Encryption

C. Archiving

D. Hashing

正確答案: B

問題6

Which of the following methods or technologies is most likely to be used in order to mitigate brute force attacks?

A. Account lockout policy

B. Automated security logging

C. Secure password recovery

D. Role-based access control

正確答案: A

問題7

Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

A. Man-in-the-middle (MITM)

B. Smurf

C. Cross-Site Scripting (XSS)

D. SQL Injection (SQLi)

E. Ping of death

正確答案: C,D

問題8

An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

A. Domain name system (DNS) poisoning

B. Birthday attack

C. Buffer overflow

D. Denial of Service (DoS)

正確答案: A

最新的CertNexus Certified Internet of Things Security Practitioner - ITS-110免費考試真題

最新更新

站內鏈接

聯系我們