ITS-110試験無料問題集（102題）「CertNexus Certified Internet of Things Security Practitioner 認定」

出題：1

A hacker was able to generate a trusted certificate that spoofs an IoT-enabled security camera's management portal. Which of the following is the most likely cause of this exploit?

A. Firmware is loaded from flash using unsecure object references

B. X.509 private keys are stored in unsecure flash memory

C. The portal's certificate is stored in unsecure flash memory

D. Bootloader code is stored in unsecure flash memory

正解：B 解答を投票する

出題：2

Which of the following attacks relies on the trust that a website has for a user's browser?

A. SQL Injection (SQLi)

B. Cross-Site Scripting (XSS)

C. Cross-Site Request Forgery (CSRF)

D. Phishing

正解：C 解答を投票する

出題：3

In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?

A. The web server's X.509 certificate must be compromised

B. The server must be vulnerable to malformed Uniform Resource Locator (URL) injection

C. Client to server traffic must use Hypertext Transmission Protocol (HTTP)

D. The server must be using a deprecated version of Transport Layer Security (TLS)

正解：D 解答を投票する

出題：4

A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

A. Unhandled malformed URLs

B. Unsecure direct object references

C. Unvalidated redirect or forwarding

D. Insecure HTTP session management

正解：A 解答を投票する

出題：5

Which of the following attacks utilizes Media Access Control (MAC) address spoofing?

A. Man-in-the-middle (MITM)

B. Unsecured network ports

C. Network Address Translation (NAT)

D. Network device fuzzing

正解：A 解答を投票する

出題：6

A developer is coding for an IoT product in the healthcare sector. What special care must the developer take?

A. Slow down product development in order to obtain FDA approval with the first submission.

B. Make sure the user interface looks polished so that people will pay higher prices.

C. Rapidly complete the product so that feedback from the market can be realized sooner.

D. Apply best practices for privacy protection to minimize sensitive data exposure.

正解：D 解答を投票する

出題：7

You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

A. Sarbanes-Oxley (SOX)

B. General Data Protection Regulation (GDPR)

C. Database Service on Alternative Methods (DB-ALM)

D. Electronic Identification Authentication and Trust Services (elDAS)

正解：B 解答を投票する

出題：8

A cloud developer for an IoT service is storing billing information. Which of the following should be considered a common vulnerability in regard to this data that could be used to compromise privacy?

A. Enabled notifications as required by law

B. Authorized access to personal information

C. Lack of data retention policies

D. Secured data in motion and at rest

正解：B 解答を投票する

出題：9

A hacker enters credentials into a web login page and observes the server's responses. Which of the following attacks is the hacker attempting?

A. Spear phishing

B. Buffer overflow

C. Account enumeration

D. Directory traversal

正解：C 解答を投票する

出題：10

A DevOps engineer wants to further secure the login mechanism to a website from IoT gateways. Which of the following is the BEST method the engineer should implement?

A. Require that passwords contain alphanumeric characters

B. Require that passwords cannot include special characters

C. Require two-factor or multifactor authentication

D. Require that passwords be changed periodically

正解：C 解答を投票する

ITS-110試験無料問題集「CertNexus Certified Internet of Things Security Practitioner 認定」