Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?
Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?A . Malformed URL injection B. Buffer overflow C. SSL certificate hijacking D. Session replayView AnswerAnswer: D
An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?
An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?A . Collect as much data as possible so as to maximize potential value of...
In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?
In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?A . Client to server traffic must use Hypertext Transmission Protocol (HTTP) B. The server must be vulnerable to malformed Uniform Resource Locator (URL) injection C. The server must be using...
Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?
Which of the following technologies allows for encryption of networking communications without requiring any configuration on IoT endpoints?A . Transport Layer Security (TLS) B. Internet Protocol Security (IPSec) C. Virtual private network (VPN) D. Elliptic curve cryptography (ECC)View AnswerAnswer: C
Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?
Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?A . The portal's Internet Protocol (IP) address can more easily be spoofed. B. Domain Name System (DNS) address records are more susceptible to hijacking. C. The portal's administrative functions do not require...
Which of the following attacks is the security administrator concerned about?
Accompany collects and stores sensitive data from thousands of IoT devices. The company's IoT security administrator is concerned about attacks that compromise confidentiality. Which of the following attacks is the security administrator concerned about? (Choose two.)A . Salami B. Aggregation C. Data diddling D. Denial of Service (DoS) E. InferenceView...
An IoT device which allows unprotected shell access via console ports is most vulnerable to which of the following risks?
An IoT device which allows unprotected shell access via console ports is most vulnerable to which of the following risks?A . Directory harvesting B. Rainbow table attacks C. Malware installation D. Buffer overflowView AnswerAnswer: C
Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)
Web forms that contain unvalidated fields are vulnerable to which of the following attacks? (Choose two.)A . Smurf B. Ping of death C. Cross-Site Scripting (XSS) D. Man-in-the-middle (MITM) E. SQL Injection (SQLi)View AnswerAnswer: C,E
Which entity provides the symmetric key used to secure the data in transit?
A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?A . The administrator's machine B. The database server C. The Key...
An IoT security practitioner should be aware of which common misconception regarding data in motion?
An IoT security practitioner should be aware of which common misconception regarding data in motion?A . That transmitted data is point-to-point and therefore a third party does not exist. B. The assumption that all data is encrypted properly and cannot be exploited. C. That data can change instantly so old...