• Home
  • Articles
  • CertNexus ITS-110 Exam Dumps [2024] Practice Valid Exam Dumps Question [Q48-Q66]

CertNexus ITS-110 Exam Dumps [2024] Practice Valid Exam Dumps Question [Q48-Q66]

Share

CertNexus ITS-110 Exam Dumps [2024] Practice Valid Exam Dumps Question

ITS-110 Dumps - Grab Out For [NEW-2024] CertNexus Exam

NEW QUESTION # 48
During a brute force test on his users' passwords, the security administrator found several passwords that were cracked quickly. Which of the following passwords would have taken the longest to crack?

  • A. GUESSmyPASSWORD
  • B. 123my456password789
  • C. **myPASSword**
  • D. Gu3$$MyP@s$w0Rd

Answer: D


NEW QUESTION # 49
A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

  • A. Unsecure direct object references
  • B. Unvalidated redirect or forwarding
  • C. Unhandled malformed URLs
  • D. Insecure HTTP session management

Answer: A


NEW QUESTION # 50
An IoT device which allows unprotected shell access via console ports is most vulnerable to which of the following risks?

  • A. Malware installation
  • B. Rainbow table attacks
  • C. Directory harvesting
  • D. Buffer overflow

Answer: A


NEW QUESTION # 51
Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

  • A. Temporal Key Integrity Protocol (TKIP)
  • B. Elliptic curve cryptography (ECC)
  • C. Advanced Encryption Standard (AES)
  • D. Triple Data Encryption Standard (3DES)

Answer: B


NEW QUESTION # 52
Which of the following is the BEST encryption standard to implement for securing bulk data?

  • A. Elliptic curve cryptography (ECC)
  • B. Rivest Cipher 4 (RC4)
  • C. Triple Data Encryption Standard (3DES)
  • D. Advanced Encryption Standard (AES)

Answer: D


NEW QUESTION # 53
A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

  • A. Unsecure direct object references
  • B. Unvalidated redirect or forwarding
  • C. Unhandled malformed URLs
  • D. Insecure HTTP session management

Answer: C


NEW QUESTION # 54
Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?

  • A. Discretionary access control (DAC)
  • B. Role-based access control (RBAC)
  • C. Access control list (ACL)
  • D. Mandatory access control (MAC)

Answer: B


NEW QUESTION # 55
An Agile Scrum Master working on IoT solutions needs to get software released for a new IoT product. Since bugs could be found after deployment, which of the following should be part of the overall solution?

  • A. Over-the-Air (OTA) software updates
  • B. Free firmware updates if the product is sent back to the manufacturer
  • C. A money back guarantee, no questions asked
  • D. A lifetime transferable warranty

Answer: A


NEW QUESTION # 56
A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?

  • A. The administrator's machine
  • B. The database server
  • C. The Key Distribution Center (KDC)
  • D. The IoT endpoint

Answer: B


NEW QUESTION # 57
An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow methods or technologies is the administrator most likely to implement?

  • A. Internet Protocol Security (IPSec) with Encapsulating Security Payload (ESP)
  • B. Internet Protocol Security (IPSec) with Authentication Headers (AH)
  • C. Point-to-Point Tunneling Protocol (PPTP)
  • D. Layer 2 Tunneling Protocol (L2TP)

Answer: B


NEW QUESTION # 58
A user grants an IoT manufacturer consent to store personally identifiable information (PII). According to the General Data Protection Regulation (GDPR), when is an organization required to delete this data?

  • A. Within ninety days after collection, unless required for a legal proceeding
  • B. Within thirty days of a user's written request
  • C. Within sixty days after collection, unless encrypted
  • D. Within seven days of being transferred to secure, long-term storage

Answer: B


NEW QUESTION # 59
A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

  • A. Remote Authentication Dial-In User Service (RADIUS)
  • B. Role-Based Access Control (RBAC)
  • C. Border Gateway Protocol (BGP)
  • D. Password Authentication Protocol (PAP)

Answer: A


NEW QUESTION # 60
An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

  • A. Birthday attack
  • B. Denial of Service (DoS)
  • C. Domain name system (DNS) poisoning
  • D. Buffer overflow

Answer: C


NEW QUESTION # 61
The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers' VPNs? (Choose three.)

  • A. Simple Network Management Protocol (SNMP)
  • B. Layer 2 Tunneling Protocol (L2TP)
  • C. Challenge Handshake Authentication Protocol (CHAP)
  • D. Enhanced Interior Gateway Routing Protocol (EIGRP)
  • E. Interior Gateway Routing Protocol (IGRP)
  • F. Password Authentication Protocol (PAP)
  • G. Internet Protocol Security (IPSec)

Answer: B,C,G


NEW QUESTION # 62
It is a new employee's first day on the job. When trying to access secured systems, he incorrectly enters his credentials multiple times. Which resulting action should take place?

  • A. His account is locked.
  • B. He receives a new password.
  • C. His account is deleted.
  • D. He notifies Human Resources.

Answer: A


NEW QUESTION # 63
Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:
"Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!" Which of the following types of attacks could this be?

  • A. Phishing
  • B. Whaling
  • C. Vishing
  • D. Spear phishing

Answer: D


NEW QUESTION # 64
In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

  • A. System administrator access
  • B. Least privilege principle
  • C. Discretionary access control (DAC)
  • D. Guest account access

Answer: B


NEW QUESTION # 65
A network administrator is looking to implement best practices for the organization's password policy. Which of the following elements should the administrator include?

  • A. No use of special characters
  • B. Password history checks
  • C. No password expiration
  • D. Maximum length restriction

Answer: B


NEW QUESTION # 66
......

ITS-110 Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions: https://itexambus.passleadervce.com/Certified-IoT-Security-Practitioner/reliable-ITS-110-exam-learning-guide.html

Related Articles

more
CertNexus ITS-110 Certification Practice Exam