ITS-110 - Latest Training Dumps

[Feb 24, 2023] Download Free CertNexus ITS-110 Real Exam Questions

Pass Your Exam With 100% Verified ITS-110 Exam Questions

Q42. A hacker wants to record a live session between a user and a host in hopes that parts of the datastream can be used to spoof the session. Which of the following attacks is this person attempting?

Fuzzing

Session replay

Bit flipping

Reverse shell

Q43. Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?

The portal’s Internet Protocol (IP) address can more easily be spoofed.

Domain Name System (DNS) address records are more susceptible to hijacking.

The portal’s administrative functions do not require authentication.

Man-in-the-middle (MITM) attacks can be used to eavesdrop on communications.

Q44. An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Message-digest 5 (MD5)

Blowfish

Transport Layer Security (TLS)

Q45. An IoT developer wants to ensure all sensor to portal communications are as secure as possible and do not require any client-side configuration. Which of the following is the developer most likely to use?

Virtual Private Networking (VPN)

Public Key Infrastructure (PKI)

IP Security (IPSec)

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Q46. You made an online purchase of a smart watch from a software as a service (SaaS) vendor, and filled out an extensive profile that will help you track several fitness variables. The vendor will provide you with customized health insights based on your profile. With which of the following regulations should the company be compliant? (Choose three.)

Gramm-Leach-Bliley Act (GLBA)

Payment Card Industry Data Security Standard (PCI-DSS)

Federal Information Security Management Act (FISMA)

Sarbanes-Oxley (SOX)

Health Insurance Portability and Accountability Act (HIPAA)

Family Educational Rights and Privacy Act (FERPA)

Federal Energy Regulatory Commission (FERC)

Q47. You work for a business-to-consumer (B2C) IoT device company. Your organization wishes to publish an annual report showing statistics related to the volume and variety of sensor data it collects. Which of the following should your organization do prior to using this information?

Confirm the devices they’ve sold are turned on

Ensure all sensors are running the latest software

Require customers to sign a subscription license

Remove any customer-specific data

Q48. The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs? (Choose three.)

Internet Protocol Security (IPSec)

Enhanced Interior Gateway Routing Protocol (EIGRP)

Password Authentication Protocol (PAP)

Challenge Handshake Authentication Protocol (CHAP)

Simple Network Management Protocol (SNMP)

Layer 2 Tunneling Protocol (L2TP)

Interior Gateway Routing Protocol (IGRP)

Q49. Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

Secure Hypertext Transfer Protocol (HTTPS)

Public Key Infrastructure (PKI)

Next-Generation Firewall (NGFW)

Hash-based Message Authentication Code (HMAC)

Q50. An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

Yes, because the hash wouldn’t protect the integrity of the data.

Yes, because the data is vulnerable during processing.

No, since the data is already encrypted while at rest and while in motion.

No, because the data is inside the CPU’s secure region while being used.

Q51. An IoT system administrator discovers that hackers are using rainbow tables to compromise user accounts on their cloud management portal. What should the administrator do in order to mitigate this risk?

Implement robust password policies

Implement certificates on all login pages

Implement granular role-based access

Implement URL filtering

Q52. An IoT security administrator is concerned that someone could physically connect to his network and scan for vulnerable devices. Which of the following solutions should he install to prevent this kind of attack?

Media Access Control (MAC)

Network Access Control (NAC)

Host Intrusion Detection System (HIDS)

Network Intrusion Detection System (NIDS)

Q53. In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

Type 1 authentication

Type 2 authentication

Two-factor authentication

Biometric authentication

Q54. A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?

Asymmetric encryption standards

Symmetric encryption standards

Elliptic curve cryptography (ECC)

Diffie-Hellman (DH) algorithm

Q55. What is one popular network protocol that is usually enabled by default on home routers that creates a large attack surface?

Open virtual private network (VPN)

Universal Plug and Play (UPnP)

Network Address Translation (NAT)

Domain Name System Security Extensions (DNSSEC)

Q56. A hacker is able to extract users’ names, birth dates, height, and weight from an IoT manufacturer’s user portal. Which of the following types of data has been compromised?

Protected health information

Personal health information

Personal identity information

Personally identifiable information

Q57. A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

Role-Based Access Control (RBAC)

Password Authentication Protocol (PAP)

Remote Authentication Dial-In User Service (RADIUS)

Border Gateway Protocol (BGP)

Q58. An IoT security administrator wants to encrypt the database used to store sensitive IoT device dat a. Which of the following algorithms should he choose?

Triple Data Encryption Standard (3DES)

ElGamal

Rivest-Shamir-Adleman (RSA)

Secure Hash Algorithm 3-512 (SHA3-512)

Q59. Which of the following policies provides the BEST protection against identity theft when data stored on an IoT portal has been compromised?

Data retention polices

Data categorization policies

Data anonymization policies

Data disposal policies

Q60. A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?

Key logger attack

Dictionary attack

Collision attack

Phishing attack

Q61. If a site administrator wants to improve the secure access to a cloud portal, which of the following would be the BEST countermeasure to implement?

Require frequent password changes

Mandate multi-factor authentication (MFA)

Utilize role-based access control (RBAC)

Require separation of duties

Q62. Which of the following tools or techniques is used by software developers to maintain code, but also used by hackers to maintain control of a compromised system?

Disassembler

Backdoor

Debugger

Stack pointer

Q63. A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?

Configure single sign-on (SSO)

Parameter validation

Require strong passwords

Require two-factor authentication (2FA)

Q64. A developer is coding for an IoT product in the healthcare sector. What special care must the developer take?

Make sure the user interface looks polished so that people will pay higher prices.

Apply best practices for privacy protection to minimize sensitive data exposure.

Rapidly complete the product so that feedback from the market can be realized sooner.

Slow down product development in order to obtain FDA approval with the first submission.

ITS-110 Dumps 100 Pass Guarantee With Latest Demo: https://www.trainingdump.com/CertNexus/ITS-110-practice-exam-dumps.html

Category ITS-110

[Feb 24, 2023] Download Free CertNexus ITS-110 Real Exam Questions [Q42-Q64]