Certified Internet of Things Security Practitioner (CIoTSP) Questions and Answers
An IoT service collects massive amounts of data and the developer is encrypting the data, forcing administrative users to authenticate and be authorized. The data is being disposed of properly and on a timely basis. However, which of the following countermeasures is the developer most likely overlooking?
An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?
What is one popular network protocol that is usually enabled by default on home routers that creates a large attack surface?
Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?
A DevOps engineer wants to further secure the login mechanism to a website from IoT gateways. Which of the following is the BEST method the engineer should implement?
A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?
A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?
A developer is coding for an IoT product in the healthcare sector. What special care must the developer take?
An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth versions can meet this requirement?
An IoT system administrator discovers that end users are able to access administrative features on the company's IoT management portal. Which of the following actions should the administrator take to address this issue?
In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?
An Agile Scrum Master working on IoT solutions needs to get software released for a new IoT product. Since bugs could be found after deployment, which of the following should be part of the overall solution?
Which of the following items should be part of an IoT software company's data retention policy?
In order to gain access to a user dashboard via an online portal, an end user must provide their username, a PIN, and a software token code. This process is known as:
In designing the campus of an IoT device manufacturer, a security consultant was hired to recommend best practices for deterring criminal behavior. Which of the following approaches would he have used to meet his client's needs?
An IoT software developer strives to reduce the complexity of his code to allow for efficient design and implementation. Which of the following terms describes the design principle he is implementing?
The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs? (Choose three.)
Which of the following attacks utilizes Media Access Control (MAC) address spoofing?
An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh application. Which of the following might the architect consider as part of the design?
An IoT manufacturer discovers that hackers have injected malware into their devices’ firmware updates. Which of the following methods could the manufacturer use to mitigate this risk?
An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)
A user grants an IoT manufacturer consent to store personally identifiable information (PII). According to the General Data Protection Regulation (GDPR), when is an organization required to delete this data?
A site administrator is not enforcing strong passwords or password complexity. To which of the following types of attacks is this system probably MOST vulnerable?
During a brute force test on his users’ passwords, the security administrator found several passwords that were cracked quickly. Which of the following passwords would have taken the longest to crack?
An embedded engineer wants to implement security features to be sure that the IoT gateway under development will only load verified images. Which of the following countermeasures could be used to achieve this goal?
You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?
A manufacturer wants to ensure that approved software is delivered securely and can be verified prior to installation on its IoT devices. Which of the following technologies allows the manufacturer to meet this requirement?
Which of the following policies provides the BEST protection against identity theft when data stored on an IoT portal has been compromised?
An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)
A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)
