Free Access CertNexus.ITS-110.v2023-03-31.q40 Practice Test (Page 6)

Question 21

An IoT device has many sensors on it and that sensor data is sent to the cloud. An IoT security practitioner should be sure to do which of the following in regard to that sensor data?

A.The amount or type of data collected isn't important if you implement proper authorization controls.

B.Collect only the minimum amount of data required to perform all the business functions.

C.The amount or type of data collected isn't important if you have a properly secured IoT device.

D.Collect as much data as possible so as to maximize potential value of the new IoT use-case.

Question 22

An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?

A.Protect against account enumeration

B.Implement two-factor authentication (2FA)

C.Apply granular role-based access

D.Force a password change upon initial login

Question 23

A DevOps engineer wants to provide secure network services to an IoT/cloud solution. Which of the following countermeasures should be implemented to mitigate network attacks that can render a network useless?

A.Network firewall

B.Deep Packet Inspection (DPI)

C.Denial of Service (DoS)/Distributed Denial of Service (DDoS) mitigation

D.Web application firewall (WAF)

Question 24

In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which of the following could be true?

A.The server must be using a deprecated version of Transport Layer Security (TLS)

B.The server must be vulnerable to malformed Uniform Resource Locator (URL) injection

C.Client to server traffic must use Hypertext Transmission Protocol (HTTP)

D.The web server's X.509 certificate must be compromised

Question 25

Which of the following describes the most significant risk created by implementing unverified certificates on an IoT portal?

A.The portal's administrative functions do not require authentication.

B.Domain Name System (DNS) address records are more susceptible to hijacking.

C.Man-in-the-middle (MITM) attacks can be used to eavesdrop on communications.

D.The portal's Internet Protocol (IP) address can more easily be spoofed.

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 162TheSecOpsGroup.CNSP.v2025-09-08.q20; 219CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 183Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 21

Question 22

Question 23

Question 24

Question 25

Download PDF File