Free Demo Questions

Test Online Free CertNexus ITS-110 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free ITS-110 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Dec 19, 2022 20 Questions 2 Pages

Get ITS-110 Full Access

Question 1 Selectable Answer

Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

A. Temporal Key Integrity Protocol (TKIP)
B. Elliptic curve cryptography (ECC)
C. Advanced Encryption Standard (AES)
D. Triple Data Encryption Standard (3DES)

Answer:

Question 2 Selectable Answer

What is one popular network protocol that is usually enabled by default on home routers that creates a large attack surface?

A. Open virtual private network (VPN)
B. Universal Plug and Play (UPnP)
C. Network Address Translation (NAT)
D. Domain Name System Security Extensions (DNSSEC)

Answer:
Explanation:
Reference: https://phoenixnap.com/blog/what-is-upnp

Question 3 Selectable Answer

An IoT system administrator wants to mitigate the risk of rainbow table attacks.
Which of the following methods or technologies can the administrator implement in order to address this concern?

A. Enable account lockout
B. Enable account database encryption
C. Require frequent password changes
D. Require complex passwords

Answer:

Question 4 Selectable Answer

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network.
Should this person be concerned with privacy while the data is in use?

A. Yes, because the hash wouldn't protect the integrity of the data.
B. Yes, because the data is vulnerable during processing.
C. No, since the data is already encrypted while at rest and while in motion.
D. No, because the data is inside the CPU's secure region while being used.

Answer:

Question 5 Selectable Answer

A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?

A. Key logger attack
B. Dictionary attack
C. Collision attack
D. Phishing attack

Answer:
Explanation:
Reference: https://www.techtarget.com/searchsecurity/definition/dictionary-attack

Question 6 Selectable Answer

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her.
Which of the following tools or techniques should she use?

A. Encryption
B. Obfuscation
C. Hashing
D. Fuzzing

Answer:

Question 7 Selectable Answer

An IoT developer discovers that clients frequently fall victim to phishing attacks.
What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?

A. Implement two-factor authentication (2FA)
B. Enable Kerberos authentication
C. Implement account lockout policies
D. Implement Secure Lightweight Directory Access Protocol (LDAPS)

Answer:

Question 8 Selectable Answer

An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks.
Which of the following mitigation strategies should the security administrator implement? (Choose two.)

A. Block all inbound packets with an internal source IP address
B. Block all inbound packets originating from service ports
C. Enable unused Transmission Control Protocol (TCP) service ports in order to create a honeypot
D. Block the use of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) through his perimeter firewall
E. Require the use of
F. 509 digital certificates for all incoming requests

Answer:

Question 9 Selectable Answer

Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?

A. Transport Layer Security (TLS)
B. Internet Protocol Security (IPSec)
C. Virtual private network (VPN)
D. Elliptic curve cryptography (ECC)

Answer:

Question 10 Selectable Answer

An IoT developer has endpoints that are shipped to users in the field.
Which of the following best practices must be implemented for using default passwords after delivery?

A. Implement two-factor authentication (2FA)
B. Force a password change upon initial login
C. Apply granular role-based access
D. Protect against account enumeration

Answer:

Question 11 Selectable Answer

The network administrator for an organization has read several recent articles stating that replay attacks are on the rise.
Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs? (Choose three.)

A. Internet Protocol Security (IPSec)
B. Enhanced Interior Gateway Routing Protocol (EIGRP)
C. Password Authentication Protocol (PAP)
D. Challenge Handshake Authentication Protocol (CHAP)
E. Simple Network Management Protocol (SNMP)
F. Layer 2 Tunneling Protocol (L2TP)
G. Interior Gateway Routing Protocol (IGRP)

Answer:

Question 12 Selectable Answer

Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?

A. The portal's Internet Protocol (IP) address can more easily be spoofed.
B. Domain Name System (DNS) address records are more susceptible to hijacking.
C. The portal's administrative functions do not require authentication.
D. Man-in-the-middle (MITM) attacks can be used to eavesdrop on communications.

Answer:

Question 13 Selectable Answer

An IoT developer needs to ensure that user passwords for a smartphone app are stored securely.
Which of the following methods should the developer use to meet this requirement?

A. Encrypt all stored passwords using 256-bit Advanced Encryption Standard (AES-256)
B. Encrypt all stored passwords using 128-bit Twofish
C. Hash all passwords using Message Digest 5 (MD5)
D. Store all passwords in read-only memory

Answer:

Question 14 Selectable Answer

Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?

A. Teardrop
B. Ping of Death
C. SYN flood
D. Smurf

Answer:
Explanation:
Reference: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/

Question 15 Selectable Answer

Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

A. Add tamper detection to the enclosure
B. Limit physical access to ports when possible
C. Allow quick administrator access for mitigation
D. Implement features in software instead of hardware

Answer:

Current Exam

ITS-110

CertNexus
Certified Internet of Things Security Practitioner(CIoTSP)

View Full ITS-110 Package