Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

ITS-110 CertNexus Certified Internet of Things Security Practitioner (CIoTSP) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your CertNexus ITS-110 Certified Internet of Things Security Practitioner (CIoTSP) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

CertNexus ITS-110 Premium Access     Download Demo    
Page: 1 / 2
Total 100 questions

Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?

A.

Transport Layer Security (TLS)

B.

Internet Protocol Security (IPSec)

C.

Virtual private network (VPN)

D.

Elliptic curve cryptography (ECC)

A developer needs to apply a family of protocols to mediate network access. Authentication and Authorization has been implemented properly. Which of the following is the missing component?

A.

Management

B.

Accounting

C.

Auditing

D.

Inventory

During a brute force test on his users’ passwords, the security administrator found several passwords that were cracked quickly. Which of the following passwords would have taken the longest to crack?

A.

GUESSmyPASSWORD

B.

Gu3$$MyP@s$w0Rd

C.

123my456password789

D.

**myPASSword**

Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

A.

Add tamper detection to the enclosure

B.

Limit physical access to ports when possible

C.

Allow quick administrator access for mitigation

D.

Implement features in software instead of hardware

An IoT software developer strives to reduce the complexity of his code to allow for efficient design and implementation. Which of the following terms describes the design principle he is implementing?

A.

Calibration

B.

Demodulation

C.

Encapsulation

D.

Abstraction

An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)

A.

Block all inbound packets with an internal source IP address

B.

Block all inbound packets originating from service ports

C.

Enable unused Transmission Control Protocol (TCP) service ports in order to create a honeypot

D.

Block the use of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) through his perimeter firewall

E.

Require the use of X.509 digital certificates for all incoming requests

A DevOps engineer wants to further secure the login mechanism to a website from IoT gateways. Which of the following is the BEST method the engineer should implement?

A.

Require that passwords contain alphanumeric characters

B.

Require two-factor or multifactor authentication

C.

Require that passwords cannot include special characters

D.

Require that passwords be changed periodically

Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?

A.

The portal's Internet Protocol (IP) address can more easily be spoofed.

B.

Domain Name System (DNS) address records are more susceptible to hijacking.

C.

The portal's administrative functions do not require authentication.

D.

Man-in-the-middle (MITM) attacks can be used to eavesdrop on communications.

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

A.

Require the use of Password Authentication Protocol (PAP)

B.

Create a separate management virtual LAN (VLAN)

C.

Ensure that all IoT management servers are running antivirus software

D.

Implement 802.1X for authentication

E.

Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1

F.

Only allow outbound traffic from the management LAN

G.

Ensure that all administrators access the management server at specific times

A manufacturer wants to ensure that approved software is delivered securely and can be verified prior to installation on its IoT devices. Which of the following technologies allows the manufacturer to meet this requirement?

A.

Advanced Encryption Standard (AES)

B.

Public Key Infrastructure (PKI)

C.

Generic Routing Encapsulation (GRE)

D.

Internet Protocol Security (IPsec)

An IoT device which allows unprotected shell access via console ports is most vulnerable to which of the following risks?

A.

Directory harvesting

B.

Rainbow table attacks

C.

Malware installation

D.

Buffer overflow

An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?

A.

Upgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

B.

Downgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

C.

Upgrade the browser, as older browsers have stopped allowing connections to hosts that use only outdated cipher suites.

D.

Downgrade the browser, as modern browsers have continued allowing connections to hosts that use only outdated cipher suites.

A hacker is attempting to exploit a known software flaw in an IoT portal in order to modify the site's administrative configuration. Which of the following BEST describes the type of attack the hacker is performing?

A.

Privilege escalation

B.

Transmission control protocol (TCP) flooding

C.

Application fuzzing

D.

Birthday attack

An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?

A.

Encrypt all locally stored data

B.

Ensure all firmware updates have been applied

C.

Change default passwords

D.

Implement URL filtering

An IoT security administrator is determining which cryptographic algorithm she should use to sign her server's digital certificates. Which of the following algorithms should she choose?

A.

Rivest Cipher 6 (RC6)

B.

Rijndael

C.

Diffie-Hellman (DH)

D.

Rivest-Shamir-Adleman (RSA)

Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)

A.

Smurf

B.

Ping of death

C.

Cross-Site Scripting (XSS)

D.

Man-in-the-middle (MITM)

E.

SQL Injection (SQLi)

An IoT manufacturer needs to ensure that firmware flaws can be addressed even after their devices have been deployed. Which of the following methods should the manufacturer use to meet this requirement?

A.

Ensure that the bootloader can be accessed remotely using Secure Shell (SSH)

B.

Ensure that a writable copy of the device's configuration is stored in flash memory

C.

Ensure that device can accept Over-the-Air (OTA) firmware updates

D.

Ensure that ail firmware is signed using digital certificates prior to deployment

Which of the following encryption standards should an IoT developer select in order to implement an asymmetric key pair?

A.

Temporal Key Integrity Protocol (TKIP)

B.

Elliptic curve cryptography (ECC)

C.

Advanced Encryption Standard (AES)

D.

Triple Data Encryption Standard (3DES)

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A security practitioner has the data encrypted while stored on the gateway and encrypted while transmitted across the network. Should this person be concerned with privacy while the data is in use?

A.

Yes, because the hash wouldn't protect the integrity of the data.

B.

Yes, because the data is vulnerable during processing.

C.

No, since the data is already encrypted while at rest and while in motion.

D.

No, because the data is inside the CPU's secure region while being used.

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

A.

Media Access Control (MAC) spoofing

B.

Buffer overflow

C.

Packet injection

D.

GPS spoofing

CertNexus ITS-110 Premium Access     Download Demo    
Page: 1 / 2
Total 100 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved