Black Friday Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Question # 4

An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?

A.

Rivest Cipher 6 (RC6)

B.

Rijndael

C.

Diffie-Hellman (DH)

D.

Rivest-Shamir-Adleman (RSA)

Full Access
Question # 5

An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?

A.

Implement two-factor authentication (2FA)

B.

Force a password change upon initial login

C.

Apply granular role-based access

D.

Protect against account enumeration

Full Access
Question # 6

An embedded developer is about to release an IoT gateway. Which of the following precautions must be taken to minimize attacks due to physical access?

A.

Allow access only to the software

B.

Remove all unneeded physical ports

C.

Install a firewall on network ports

D.

Allow easy access to components

Full Access
Question # 7

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

A.

Media Access Control (MAC) spoofing

B.

Buffer overflow

C.

Packet injection

D.

GPS spoofing

Full Access
Question # 8

An IoT security practitioner should be aware of which common misconception regarding data in motion?

A.

That transmitted data is point-to-point and therefore a third party does not exist.

B.

The assumption that all data is encrypted properly and cannot be exploited.

C.

That data can change instantly so old data is of no value.

D.

The assumption that network protocols automatically encrypt data on the fly.

Full Access
Question # 9

An IoT security administrator wants to encrypt the database used to store sensitive IoT device data. Which of the following algorithms should he choose?

A.

Triple Data Encryption Standard (3DES)

B.

ElGamal

C.

Rivest-Shamir-Adleman (RSA)

D.

Secure Hash Algorithm 3-512 (SHA3-512)

Full Access
Question # 10

An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?

A.

Collect as much data as possible so as to maximize potential value of the new IoT use-case.

B.

Collect only the minimum amount of data required to perform all the business functions.

C.

The amount or type of data collected isn't important if you have a properly secured IoT device.

D.

The amount or type of data collected isn't important if you implement proper authorization controls.

Full Access
Question # 11

A hacker enters credentials into a web login page and observes the server's responses. Which of the following attacks is the hacker attempting?

A.

Account enumeration

B.

Directory traversal

C.

Buffer overflow

D.

Spear phishing

Full Access
Question # 12

Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?

A.

Teardrop

B.

Ping of Death

C.

SYN flood

D.

Smurf

Full Access
Question # 13

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

A.

Require the use of Password Authentication Protocol (PAP)

B.

Create a separate management virtual LAN (VLAN)

C.

Ensure that all IoT management servers are running antivirus software

D.

Implement 802.1X for authentication

E.

Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1

F.

Only allow outbound traffic from the management LAN

G.

Ensure that all administrators access the management server at specific times

Full Access
Question # 14

You work for an IoT software-as-a-service (SaaS) provider. Your boss has asked you to research a way to effectively dispose of stored sensitive customer data. Which of the following methods should you recommend to your boss?

A.

Crypto-shredding

B.

Degaussing

C.

Overwriting

D.

Physical destruction

Full Access
Question # 15

A hacker is sniffing network traffic with plans to intercept user credentials and then use them to log into remote websites. Which of the following attacks could the hacker be attempting? (Choose two.)

A.

Masquerading

B.

Brute force

C.

Directory traversal

D.

Session replay

E.

Spear phishing

Full Access
Question # 16

You made an online purchase of a smart watch from a software as a service (SaaS) vendor, and filled out an extensive profile that will help you track several fitness variables. The vendor will provide you with customized health insights based on your profile. With which of the following regulations should the company be compliant? (Choose three.)

A.

Gramm-Leach-Bliley Act (GLBA)

B.

Payment Card Industry Data Security Standard (PCI-DSS)

C.

Federal Information Security Management Act (FISMA)

D.

Sarbanes-Oxley (SOX)

E.

Health Insurance Portability and Accountability Act (HIPAA)

F.

Family Educational Rights and Privacy Act (FERPA)

G.

Federal Energy Regulatory Commission (FERC)

Full Access
Question # 17

An IoT developer needs to ensure that user passwords for a smartphone app are stored securely. Which of the following methods should the developer use to meet this requirement?

A.

Encrypt all stored passwords using 256-bit Advanced Encryption Standard (AES-256)

B.

Encrypt all stored passwords using 128-bit Twofish

C.

Hash all passwords using Message Digest 5 (MD5)

D.

Store all passwords in read-only memory

Full Access
Question # 18

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

A.

Your login attempt was unsuccessful

B.

Invalid password

C.

That user does not exist

D.

The username and/or password are incorrect

E.

Incorrect email/password combination

Full Access
Question # 19

A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the following has most likely been misconfigured or disabled?

A.

Secure Shell (SSH)

B.

Internet Protocol Security (IPSec)

C.

Telnet

D.

Virtual private network (VPN)

Full Access
Question # 20

Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

A.

Add tamper detection to the enclosure

B.

Limit physical access to ports when possible

C.

Allow quick administrator access for mitigation

D.

Implement features in software instead of hardware

Full Access
Question # 21

Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

A.

Temporal Key Integrity Protocol (TKIP)

B.

Elliptic curve cryptography (ECC)

C.

Advanced Encryption Standard (AES)

D.

Triple Data Encryption Standard (3DES)

Full Access
Question # 22

An IoT system administrator wants to mitigate the risk of rainbow table attacks. Which of the following methods or technologies can the administrator implement in order to address this concern?

A.

Enable account lockout

B.

Enable account database encryption

C.

Require frequent password changes

D.

Require complex passwords

Full Access
Question # 23

An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

A.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

B.

Message-digest 5 (MD5)

C.

Blowfish

D.

Transport Layer Security (TLS)

Full Access
Question # 24

A network administrator is looking to implement best practices for the organization's password policy. Which of the following elements should the administrator include?

A.

Maximum length restriction

B.

Password history checks

C.

No use of special characters

D.

No password expiration

Full Access
Question # 25

An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth versions can meet this requirement?

A.

Bluetooth Low Energy (BLE) v4.0

B.

BLE v4.2

C.

BLE v4.1

D.

Any of the BLE versions

Full Access
Question # 26

An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?

A.

Upgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

B.

Downgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

C.

Upgrade the browser, as older browsers have stopped allowing connections to hosts that use only outdated cipher suites.

D.

Downgrade the browser, as modern browsers have continued allowing connections to hosts that use only outdated cipher suites.

Full Access
Question # 27

A DevOps engineer wants to further secure the login mechanism to a website from IoT gateways. Which of the following is the BEST method the engineer should implement?

A.

Require that passwords contain alphanumeric characters

B.

Require two-factor or multifactor authentication

C.

Require that passwords cannot include special characters

D.

Require that passwords be changed periodically

Full Access
Question # 28

An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

A.

Buffer overflow

B.

Denial of Service (DoS)

C.

Birthday attack

D.

Domain name system (DNS) poisoning

Full Access
Question # 29

A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?

A.

Privilege escalation

B.

Transmission control protocol (TCP) flooding

C.

Application fuzzing

D.

Birthday attack

Full Access
Question # 30

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

A.

Yes, because the hash wouldn't protect the integrity of the data.

B.

Yes, because the data is vulnerable during processing.

C.

No, since the data is already encrypted while at rest and while in motion.

D.

No, because the data is inside the CPU's secure region while being used.

Full Access