certnexus its-110 practice test

A DevOps engineer wants to provide secure network services to an IoT/cloud solution. Which of the
following countermeasures should be implemented to mitigate network attacks that can render a
network useless?

• A. Network firewall
• B. Denial of Service (DoS)/Distributed Denial of Service (DDoS) mitigation
• C. Web application firewall (WAF)
• D. Deep Packet Inspection (DPI)

What is one popular network protocol that is usually enabled by default on home routers that
creates a large attack surface?

• A. Open virtual private network (VPN)
• B. Universal Plug and Play (UPnP)
• C. Network Address Translation (NAT)
• D. Domain Name System Security Extensions (DNSSEC)

An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow
methods or technologies is the administrator most likely to implement?

• A. Internet Protocol Security (IPSec) with Encapsulating Security Payload (ESP)
• B. Point-to-Point Tunneling Protocol (PPTP)
• C. Layer 2 Tunneling Protocol (L2TP)
• D. Internet Protocol Security (IPSec) with Authentication Headers (AH)

An IoT developer wants to ensure all sensor to portal communications are as secure as possible and
do not require any client-side configuration. Which of the following is the developer most likely to
use?

• A. Virtual Private Networking (VPN)
• B. Public Key Infrastructure (PKI)
• C. IP Security (IPSec)
• D. Secure/Multipurpose Internet Mail Extensions (S/MIME)

An IoT security practitioner should be aware of which common misconception regarding data in
motion?

• A. That transmitted data is point-to-point and therefore a third party does not exist.
• B. The assumption that all data is encrypted properly and cannot be exploited.
• C. That data can change instantly so old data is of no value.
• D. The assumption that network protocols automatically encrypt data on the fly.

A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the
following has most likely been misconfigured or disabled?

• A. Secure Shell (SSH)
• B. Internet Protocol Security (IPSec)
• C. Telnet
• D. Virtual private network (VPN)

A corporation's IoT security administrator has configured his IoT endpoints to send their data directly
to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides
the symmetric key used to secure the data in transit?

• A. The administrator's machine
• B. The database server
• C. The Key Distribution Center (KDC)
• D. The IoT endpoint

An IoT security architect needs to secure data in motion. Which of the following is a common
vulnerability used to exploit unsecure data in motion?

• A. External flash access
• B. Misconfigured Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
• C. Databases and datastores
• D. Lack of memory space isolation

An IoT security administrator is determining which cryptographic algorithm she should use to sign
her server's digital certificates. Which of the following algorithms should she choose?

• A. Rivest Cipher 6 (RC6)
• B. Rijndael
• C. Diffie-Hellman (DH)
• D. Rivest-Shamir-Adleman (RSA)

An IoT gateway will be brokering data on numerous northbound and southbound interfaces. A
security practitioner has the data encrypted while stored on the gateway and encrypted while
transmitted across the network. Should this person be concerned with privacy while the data is in
use?

• A. Yes, because the hash wouldn't protect the integrity of the data.
• B. Yes, because the data is vulnerable during processing.
• C. No, since the data is already encrypted while at rest and while in motion.
• D. No, because the data is inside the CPU's secure region while being used.