• Home
  • Articles
  • 2023 Correct Practice Tests of ITS-110 Dumps with Practice Exam [Q42-Q62]

2023 Correct Practice Tests of ITS-110 Dumps with Practice Exam [Q42-Q62]

Share

2023 Correct Practice Tests of ITS-110 Dumps with Practice Exam

Certification Sample Questions of ITS-110 Dumps With 100% Exam Passing Guarantee

NEW QUESTION # 42
A hacker wants to record a live session between a user and a host in hopes that parts of the datastream can be used to spoof the session. Which of the following attacks is this person attempting?

  • A. Fuzzing
  • B. Bit flipping
  • C. Reverse shell
  • D. Session replay

Answer: D


NEW QUESTION # 43
A hacker is sniffing network traffic with plans to intercept user credentials and then use them to log into remote websites. Which of the following attacks could the hacker be attempting? (Choose two.)

  • A. Directory traversal
  • B. Masquerading
  • C. Session replay
  • D. Brute force
  • E. Spear phishing

Answer: D,E


NEW QUESTION # 44
An IoT security practitioner should be aware of which common misconception regarding data in motion?

  • A. That transmitted data is point-to-point and therefore a third party does not exist.
  • B. That data can change instantly so old data is of no value.
  • C. The assumption that network protocols automatically encrypt data on the fly.
  • D. The assumption that all data is encrypted properly and cannot be exploited.

Answer: D


NEW QUESTION # 45
What is one popular network protocol that is usually enabled by default on home routers that creates a large attack surface?

  • A. Universal Plug and Play (UPnP)
  • B. Domain Name System Security Extensions (DNSSEC)
  • C. Network Address Translation (NAT)
  • D. Open virtual private network (VPN)

Answer: A


NEW QUESTION # 46
Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

  • A. Add tamper detection to the enclosure
  • B. Allow quick administrator access for mitigation
  • C. Implement features in software instead of hardware
  • D. Limit physical access to ports when possible

Answer: D


NEW QUESTION # 47
An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth versions can meet this requirement?

  • A. Bluetooth Low Energy (BLE) v4.0
  • B. BLE v4.2
  • C. Any of the BLE versions
  • D. BLE v4.1

Answer: C


NEW QUESTION # 48
A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?

  • A. Transmission control protocol (TCP) flooding
  • B. Privilege escalation
  • C. Birthday attack
  • D. Application fuzzing

Answer: B


NEW QUESTION # 49
Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?

  • A. Discretionary access control (DAC)
  • B. Access control list (ACL)
  • C. Role-based access control (RBAC)
  • D. Mandatory access control (MAC)

Answer: C


NEW QUESTION # 50
Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

  • A. Secure Hypertext Transfer Protocol (HTTPS)
  • B. Public Key Infrastructure (PKI)
  • C. Hash-based Message Authentication Code (HMAC)
  • D. Next-Generation Firewall (NGFW)

Answer: D


NEW QUESTION # 51
A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

  • A. Password Authentication Protocol (PAP)
  • B. Remote Authentication Dial-In User Service (RADIUS)
  • C. Role-Based Access Control (RBAC)
  • D. Border Gateway Protocol (BGP)

Answer: B


NEW QUESTION # 52
A network administrator is looking to implement best practices for the organization's password policy. Which of the following elements should the administrator include?

  • A. Maximum length restriction
  • B. No use of special characters
  • C. Password history checks
  • D. No password expiration

Answer: C


NEW QUESTION # 53
A developer needs to implement a highly secure authentication method for an IoT web portal. Which of the following authentication methods offers the highest level of identity assurance for end users?

  • A. Two-step authentication with complex passwords
  • B. Multi-factor authentication with three factors
  • C. An X.509 certificate stored on a smart card
  • D. A hardware-based token generation device

Answer: B


NEW QUESTION # 54
An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?

  • A. Collect only the minimum amount of data required to perform all the business functions.
  • B. The amount or type of data collected isn't important if you implement proper authorization controls.
  • C. Collect as much data as possible so as to maximize potential value of the new IoT use-case.
  • D. The amount or type of data collected isn't important if you have a properly secured IoT device.

Answer: A


NEW QUESTION # 55
Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?

  • A. The portal's Internet Protocol (IP) address can more easily be spoofed.
  • B. Domain Name System (DNS) address records are more susceptible to hijacking.
  • C. The portal's administrative functions do not require authentication.
  • D. Man-in-the-middle (MITM) attacks can be used to eavesdrop on communications.

Answer: D


NEW QUESTION # 56
Passwords should be stored...

  • A. Inside a digital certificate.
  • B. Only in cleartext.
  • C. As a hash value.
  • D. For no more than 30 days.

Answer: C


NEW QUESTION # 57
During a brute force test on his users' passwords, the security administrator found several passwords that were cracked quickly. Which of the following passwords would have taken the longest to crack?

  • A. **myPASSword**
  • B. 123my456password789
  • C. GUESSmyPASSWORD
  • D. Gu3$$MyP@s$w0Rd

Answer: D


NEW QUESTION # 58
A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?

  • A. Elliptic curve cryptography (ECC)
  • B. Asymmetric encryption standards
  • C. Symmetric encryption standards
  • D. Diffie-Hellman (DH) algorithm

Answer: C


NEW QUESTION # 59
Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?

  • A. Malformed URL injection
  • B. SSL certificate hijacking
  • C. Buffer overflow
  • D. Session replay

Answer: D


NEW QUESTION # 60
An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

  • A. Domain name system (DNS) poisoning
  • B. Birthday attack
  • C. Buffer overflow
  • D. Denial of Service (DoS)

Answer: A


NEW QUESTION # 61
An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

  • A. Blowfish
  • B. Message-digest 5 (MD5)
  • C. Transport Layer Security (TLS)
  • D. Secure/Multipurpose Internet Mail Extensions (S/MIME)

Answer: C


NEW QUESTION # 62
......

ITS-110 Sample Practice Exam Questions 2023 Updated Verified: https://www.vceprep.com/ITS-110-latest-vce-prep.html

Pass Key features of ITS-110 Course with Updated 102 Questions: https://drive.google.com/open?id=1T9tVE3QpP9CJlA9YITmoH0XHUS4PcbDg

Related Articles

more
CertNexus ITS-110 Certification Practice Exam