MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?
Question2: A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?
Question3: An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?
Question4: A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?
Question5: An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?
Question6: You work for an IoT software-as-a-service (SaaS) provider. Your boss has asked you to research a way to effectively dispose of stored sensitive customer dat a. Which of the following methods should you recommend to your boss?
Question7: An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?
Question8: It is a new employee's first day on the job. When trying to access secured systems, he incorrectly enters his credentials multiple times. Which resulting action should take place?
Question9: A hacker was able to generate a trusted certificate that spoofs an IoT-enabled security camera's management portal. Which of the following is the most likely cause of this exploit?
Question10: A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?
Question11: An IoT system administrator discovers that end users are able to access administrative features on the company's IoT management portal. Which of the following actions should the administrator take to address this issue?
Question12: A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?
Question13: Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:"Hello, my name is Julie Simmons, and I'm with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!" Which of the following types of attacks could this be?
Question14: An IoT manufacturer wants to ensure that their web-enabled cameras are secured against brute force password attacks. Which of the following technologies or protocols could they implement?
Question15: An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)
Question16: Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?
Question17: An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow methods or technologies is the administrator most likely to implement?
Question18: A developer needs to implement a highly secure authentication method for an IoT web portal. Which of the following authentication methods offers the highest level of identity assurance for end users?
Question19: Which of the following is the BEST encryption standard to implement for securing bulk data?
Question20: An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?
Question21: An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?
Question22: A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)
Question23: An IoT system administrator wants to mitigate the risk of rainbow table attacks. Which of the following methods or technologies can the administrator implement in order to address this concern?
Question24: Which of the following attacks utilizes Media Access Control (MAC) address spoofing?
Question25: A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?
Question26: An IoT security administrator wants to encrypt the database used to store sensitive IoT device dat a. Which of the following algorithms should he choose?
Question27: Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?
Question28: A compromised IoT device is initiating random connections to an attacker's server in order to exfiltrate sensitive dat a. Which type of attack is being used?
Question29: A manufacturer wants to ensure that approved software is delivered securely and can be verified prior to installation on its IoT devices. Which of the following technologies allows the manufacturer to meet this requirement?
Question30: In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?
Question31: Which of the following items should be part of an IoT software company's data retention policy?
Question32: In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:
Question33: A cloud developer for an IoT service is storing billing information. Which of the following should be considered a common vulnerability in regard to this data that could be used to compromise privacy?
Question34: An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?
Question35: Passwords should be stored...
Question36: A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?
Question37: An IoT manufacturer needs to ensure that firmware flaws can be addressed even after their devices have been deployed. Which of the following methods should the manufacturer use to meet this requirement?
Question38: A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)
Question39: An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?
Question40: Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?
Question41: A developer is coding for an IoT product in the healthcare sector. What special care must the developer take?
Question42: An IoT manufacturer discovers that hackers have injected malware into their devices' firmware updates. Which of the following methods could the manufacturer use to mitigate this risk?
Question43: Accompany collects and stores sensitive data from thousands of IoT devices. The company's IoT security administrator is concerned about attacks that compromise confidentiality. Which of the following attacks is the security administrator concerned about? (Choose two.)
Question44: Which of the following attacks relies on the trust that a website has for a user's browser?
Question45: You work for a business-to-consumer (B2C) IoT device company. Your organization wishes to publish an annual report showing statistics related to the volume and variety of sensor data it collects. Which of the following should your organization do prior to using this information?
Question46: An IoT integrator wants to deploy an IoT gateway at the Edge and have it connect to the cloud via API. In order to minimize risk, which of the following actions should the integrator take before integration?