[2024年08月26日] 完全版には更新されたのはCertified IoT Security Practitioner(ITS-110)認定サンプル問題 [Q37-Q55]

Share

[2024年08月26日] 完全版には更新されたのはCertified IoT Security Practitioner(ITS-110)認定サンプル問題

最新のCertNexus ITS-110リアル試験問題集PDF


CertNexus ITS-110試験は、IoTシステムとデバイスのセキュリティに関与するITプロフェッショナルにとって重要な認定試験です。この急速に進化する分野での専門知識を証明することで、認定プロフェッショナルはキャリアを進め、ビジネスや消費者向けの安全で信頼性の高いIoTシステムの開発に貢献することができます。

 

質問 # 37
An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

  • A. Ensure that all administrators access the management server at specific times
  • B. Require the use of Password Authentication Protocol (PAP)
  • C. Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1
  • D. Create a separate management virtual LAN (VLAN)
  • E. Implement 802.1X for authentication
  • F. Ensure that all IoT management servers are running antivirus software
  • G. Only allow outbound traffic from the management LAN

正解:A、D、E


質問 # 38
In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?

  • A. Client to server traffic must use Hypertext Transmission Protocol (HTTP)
  • B. The web server's X.509 certificate must be compromised
  • C. The server must be using a deprecated version of Transport Layer Security (TLS)
  • D. The server must be vulnerable to malformed Uniform Resource Locator (URL) injection

正解:C


質問 # 39
Which of the following methods or technologies is most likely to be used in order to mitigate brute force attacks?

  • A. Role-based access control
  • B. Automated security logging
  • C. Secure password recovery
  • D. Account lockout policy

正解:D


質問 # 40
An IoT developer needs to ensure that user passwords for a smartphone app are stored securely. Which of the following methods should the developer use to meet this requirement?

  • A. Encrypt all stored passwords using 128-bit Twofish
  • B. Hash all passwords using Message Digest 5 (MD5)
  • C. Encrypt all stored passwords using 256-bit Advanced Encryption Standard (AES-256)
  • D. Store all passwords in read-only memory

正解:C


質問 # 41
An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

  • A. Ensure all firmware updates have been applied
  • B. Implement URL filtering
  • C. Change default passwords
  • D. Encrypt all locally stored data

正解:C


質問 # 42
An IoT manufacturer wants to ensure that their web-enabled cameras are secured against brute force password attacks. Which of the following technologies or protocols could they implement?

  • A. URL filtering policies
  • B. Software encryption
  • C. Buffer overflow prevention
  • D. Account lockout policies

正解:D


質問 # 43
A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

  • A. Your login attempt was unsuccessful
  • B. Invalid password
  • C. The username and/or password are incorrect
  • D. Incorrect email/password combination
  • E. That user does not exist

正解:A、E


質問 # 44
An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?

  • A. Upgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.
  • B. Downgrade the browser, as modern browsers have continued allowing connections to hosts that use only outdated cipher suites.
  • C. Upgrade the browser, as older browsers have stopped allowing connections to hosts that use only outdated cipher suites.
  • D. Downgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

正解:C


質問 # 45
You work for a business-to-consumer (B2C) IoT device company. Your organization wishes to publish an annual report showing statistics related to the volume and variety of sensor data it collects. Which of the following should your organization do prior to using this information?

  • A. Ensure all sensors are running the latest software
  • B. Require customers to sign a subscription license
  • C. Remove any customer-specific data
  • D. Confirm the devices they've sold are turned on

正解:C


質問 # 46
An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

  • A. Obfuscation
  • B. Encryption
  • C. Hashing
  • D. Fuzzing

正解:C


質問 # 47
Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

  • A. Cross-Site Scripting (XSS)
  • B. Smurf
  • C. SQL Injection (SQLi)
  • D. Man-in-the-middle (MITM)
  • E. Ping of death

正解:A、C


質問 # 48
An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth versions can meet this requirement?

  • A. Any of the BLE versions
  • B. BLE v4.2
  • C. BLE v4.1
  • D. Bluetooth Low Energy (BLE) v4.0

正解:A


質問 # 49
An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?

  • A. Authenticator Apps for smartphones
  • B. Fast Identity Online (FIDO) Universal 2nd Factor (U2F) USB key
  • C. Out-of-band authentication (OOBA)
  • D. 2FA over Short Message Service (SMS)

正解:D


質問 # 50
A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?

  • A. Configure single sign-on (SSO)
  • B. Require two-factor authentication (2FA)
  • C. Parameter validation
  • D. Require strong passwords

正解:C


質問 # 51
If an attacker were able to gain access to a user's machine on your network, which of the following actions would she most likely take next?

  • A. Initiate reconnaissance
  • B. Start log scrubbing
  • C. Perform port scanning
  • D. Escalate privileges

正解:A


質問 # 52
An IoT system administrator discovers that hackers are using rainbow tables to compromise user accounts on their cloud management portal. What should the administrator do in order to mitigate this risk?

  • A. Implement granular role-based access
  • B. Implement URL filtering
  • C. Implement certificates on all login pages
  • D. Implement robust password policies

正解:A


質問 # 53
A manufacturer wants to ensure that approved software is delivered securely and can be verified prior to installation on its IoT devices. Which of the following technologies allows the manufacturer to meet this requirement?

  • A. Public Key Infrastructure (PKI)
  • B. Generic Routing Encapsulation (GRE)
  • C. Advanced Encryption Standard (AES)
  • D. Internet Protocol Security (IPsec)

正解:A


質問 # 54
Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

  • A. Packet injection
  • B. Media Access Control (MAC) spoofing
  • C. Buffer overflow
  • D. GPS spoofing

正解:B


質問 # 55
......


CertNexus ITS-110認定は、IoTセキュリティの専門家に対する需要の高まりを満たすように設計されています。私たちの日常生活でIoTデバイスがより一般的になるにつれて、これらのデバイスを確保し保護できる熟練した専門家の必要性がより重要になります。この認定は、業界のニーズを満たすように設計されたIoTセキュリティに対する包括的かつ実用的なアプローチを提供します。認定を保持している専門家は需要が高く、優れた雇用機会と競争力のある給与を受け取ることが期待できます。

 

CertNexus ITS-110問題集で一発合格を目指すならこれ!:https://jp.fast2test.com/ITS-110-premium-file.html

ITS-110練習テスト問題更新されたのは102問があります:https://drive.google.com/open?id=17QCOtClkoUCOh0xXlHXlB5HfQgGbj-g1


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어