What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?
An IoT developer discovers that clients frequently fall victim to phishing attacks. What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?A . Implement two-factor authentication (2FA) B. Enable Kerberos authentication C. Implement account lockout policies D....
Which of the following is NOT a method of attack that could be used to facilitate stealing data?
A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?A . Cross-Site Request Forgery (CSRF) B. SQL Injection (SQLi) C. Cross-Site Scripting...
Which of the following mitigation strategies should the security administrator implement?
An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)A . Block all inbound packets with an internal source IP address B. Block all inbound packets originating from...
Which of the following countermeasures should be implemented to mitigate network attacks that can render a network useless?
A DevOps engineer wants to provide secure network services to an IoT/cloud solution. Which of the following countermeasures should be implemented to mitigate network attacks that can render a network useless?A . Network firewall B. Denial of Service (DoS)/Distributed Denial of Service (DDoS) mitigation C. Web application firewall (WAF) D....
Which of the following precautions must be taken to minimize attacks due to physical access?
An embedded developer is about to release an IoT gateway. Which of the following precautions must be taken to minimize attacks due to physical access?A . Allow access only to the software B. Remove all unneeded physical ports C. Install a firewall on network ports D. Allow easy access to...
Which of the following is the BEST choice to implement?
A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?A . Asymmetric encryption standards B. Symmetric encryption standards C. Elliptic curve cryptography (ECC) D. Diffie-Hellman (DH) algorithmView AnswerAnswer: B
What should the system administrator do on the remote devices in order to address this issue?
An IoT system administrator discovers that unauthorized users are able to log onto and access data on remote IoT monitoring devices. What should the system administrator do on the remote devices in order to address this issue?A . Encrypt all locally stored data B. Ensure all firmware updates have been...
Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?
Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?A . Teardrop B. Ping of Death C. SYN flood D. SmurfView AnswerAnswer: C Explanation: Reference: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/
Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs?
The network administrator for an organization has read several recent articles stating that replay attacks are on the rise. Which of the following secure protocols could the administrator implement to prevent replay attacks via remote workers’ VPNs? (Choose three.)A . Internet Protocol Security (IPSec) B. Enhanced Interior Gateway Routing Protocol...
To which of the following attacks has he likely fallen victim?
An IoT security administrator realizes that when he attempts to visit the administrative website for his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?A . Buffer overflow B. Denial of Service (DoS) C. Birthday attack D. Domain name system...