最新の2024年01月 CertNexus ITS-110問題集で更新された102問あります [Q19-Q40]

Share

最新の2024年01月 CertNexus ITS-110問題集で更新された102問あります

PDF無料ダウンロードにはITS-110有効な練習テスト問題


CertNexus ITS-110 試験の主な利点の1つは、候補者がIoTセキュリティについて包括的な理解を得られることです。さまざまな産業で使用されるIoTデバイスの数が増加するにつれて、IoTセキュリティに詳しいプロフェッショナルが必要であり、これらのデバイスが攻撃に対して脆弱でないようにすることが重要です。また、この認定は、最新の業界標準やベストプラクティスに常にアップデートすることにコミットしていることを示し、競争の激しい求人市場でプロフェッショナルが目立つのに役立ちます。


CertNexus ITS-110認定試験は、最新のIoTセキュリティ基準とベストプラクティスに基づいています。この試験は、実際のシナリオでIoTシステムを保護するために必要な実践的なスキルと知識に焦点を当てています。認定試験はベンダー中立です。つまり、得られたスキルと知識は、特定のIoTベンダーまたはプラットフォームに固有のものではありません。これにより、認定は、幅広いIoTデバイスとプラットフォームを扱う専門家にとって優れた選択肢になります。

 

質問 # 19
A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?

  • A. Symmetric encryption standards
  • B. Elliptic curve cryptography (ECC)
  • C. Asymmetric encryption standards
  • D. Diffie-Hellman (DH) algorithm

正解:A


質問 # 20
An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

  • A. Ensure all firmware updates have been applied
  • B. Encrypt all locally stored data
  • C. Change default passwords
  • D. Implement URL filtering

正解:C


質問 # 21
An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?

  • A. Protect against account enumeration
  • B. Implement two-factor authentication (2FA)
  • C. Apply granular role-based access
  • D. Force a password change upon initial login

正解:D


質問 # 22
An IoT security administrator is concerned that someone could physically connect to his network and scan for vulnerable devices. Which of the following solutions should he install to prevent this kind of attack?

  • A. Network Intrusion Detection System (NIDS)
  • B. Media Access Control (MAC)
  • C. Network Access Control (NAC)
  • D. Host Intrusion Detection System (HIDS)

正解:A


質問 # 23
Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?

  • A. Teardrop
  • B. Smurf
  • C. SYN flood
  • D. Ping of Death

正解:C


質問 # 24
An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

  • A. Yes, because the hash wouldn't protect the integrity of the data.
  • B. No, because the data is inside the CPU's secure region while being used.
  • C. No, since the data is already encrypted while at rest and while in motion.
  • D. Yes, because the data is vulnerable during processing.

正解:D


質問 # 25
Which of the following is the BEST encryption standard to implement for securing bulk data?

  • A. Advanced Encryption Standard (AES)
  • B. Elliptic curve cryptography (ECC)
  • C. Rivest Cipher 4 (RC4)
  • D. Triple Data Encryption Standard (3DES)

正解:A


質問 # 26
Which of the following items should be part of an IoT software company's data retention policy?

  • A. X.509 certificate expiration
  • B. Transport encryption algorithms
  • C. Data backup storage location
  • D. Password expiration requirements

正解:C


質問 # 27
An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

  • A. Buffer overflow
  • B. Denial of Service (DoS)
  • C. Domain name system (DNS) poisoning
  • D. Birthday attack

正解:C


質問 # 28
You work for an IoT software-as-a-service (SaaS) provider. Your boss has asked you to research a way to effectively dispose of stored sensitive customer dat a. Which of the following methods should you recommend to your boss?

  • A. Physical destruction
  • B. Degaussing
  • C. Overwriting
  • D. Crypto-shredding

正解:A


質問 # 29
In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:

  • A. Type 2 authentication
  • B. Two-factor authentication
  • C. Type 1 authentication
  • D. Biometric authentication

正解:B


質問 # 30
An IoT developer discovers that clients frequently fall victim to phishing attacks. What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?

  • A. Enable Kerberos authentication
  • B. Implement two-factor authentication (2FA)
  • C. Implement Secure Lightweight Directory Access Protocol (LDAPS)
  • D. Implement account lockout policies

正解:B


質問 # 31
Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

  • A. GPS spoofing
  • B. Buffer overflow
  • C. Packet injection
  • D. Media Access Control (MAC) spoofing

正解:D


質問 # 32
Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?

  • A. Malformed URL injection
  • B. SSL certificate hijacking
  • C. Buffer overflow
  • D. Session replay

正解:D


質問 # 33
An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow methods or technologies is the administrator most likely to implement?

  • A. Layer 2 Tunneling Protocol (L2TP)
  • B. Point-to-Point Tunneling Protocol (PPTP)
  • C. Internet Protocol Security (IPSec) with Encapsulating Security Payload (ESP)
  • D. Internet Protocol Security (IPSec) with Authentication Headers (AH)

正解:D


質問 # 34
An IoT security practitioner should be aware of which common misconception regarding data in motion?

  • A. That transmitted data is point-to-point and therefore a third party does not exist.
  • B. That data can change instantly so old data is of no value.
  • C. The assumption that network protocols automatically encrypt data on the fly.
  • D. The assumption that all data is encrypted properly and cannot be exploited.

正解:D


質問 # 35
Accompany collects and stores sensitive data from thousands of IoT devices. The company's IoT security administrator is concerned about attacks that compromise confidentiality. Which of the following attacks is the security administrator concerned about? (Choose two.)

  • A. Inference
  • B. Denial of Service (DoS)
  • C. Aggregation
  • D. Data diddling
  • E. Salami

正解:A、C


質問 # 36
Which of the following methods is an IoT portal administrator most likely to use in order to mitigate Distributed Denial of Service (DDoS) attacks?

  • A. Disable Network Address Translation Traversal (NAT-T) at the border firewall
  • B. Implement traffic scrubbers on the upstream Internet Service Provider (ISP) connection
  • C. Require Internet Protocol Security (IPSec) for all inbound portal connections
  • D. Implement Domain Name System Security Extensions (DNSSEC) on all Internet-facing name servers

正解:B


質問 # 37
A network administrator is looking to implement best practices for the organization's password policy. Which of the following elements should the administrator include?

  • A. No password expiration
  • B. No use of special characters
  • C. Password history checks
  • D. Maximum length restriction

正解:C


質問 # 38
In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

  • A. Discretionary access control (DAC)
  • B. Least privilege principle
  • C. System administrator access
  • D. Guest account access

正解:B


質問 # 39
An IoT developer needs to ensure that user passwords for a smartphone app are stored securely. Which of the following methods should the developer use to meet this requirement?

  • A. Hash all passwords using Message Digest 5 (MD5)
  • B. Store all passwords in read-only memory
  • C. Encrypt all stored passwords using 256-bit Advanced Encryption Standard (AES-256)
  • D. Encrypt all stored passwords using 128-bit Twofish

正解:C


質問 # 40
......


CertNexus ITS-110試験は、インターネット・オブ・シングス(IoT)のセキュリティ原則とプラクティスを深く理解しているプロフェッショナルを認定するために設計されています。試験は、ネットワークセキュリティ、データ保護、デバイスセキュリティ、リスク管理など、IoTセキュリティに関連する広範なトピックをカバーしています。この認定は、セキュリティアナリスト、ITプロフェッショナル、IoT開発者など、IoTデバイスとネットワークのセキュリティを担当するプロフェッショナルを対象としています。

 

ITS-110テストエンジンお試しセット、ITS-110問題集PDF:https://jp.fast2test.com/ITS-110-premium-file.html

最新のCertNexus ITS-110PDFと問題集で(2024)無料試験問題解答はここ:https://drive.google.com/open?id=17QCOtClkoUCOh0xXlHXlB5HfQgGbj-g1


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어