Question 1

An IoT systems administrator wants to ensure that all data stored on remote IoT gateways is unreadable. Which of the following technologies is the administrator most likely to implement?

Options :

A : Secure Hypertext Transmission Protocol (HTTPS)

B : Internet Protocol Security (IPSec)

C : Triple Data Encryption Standard (3DES)

D : Message Digest 5 (MD5)

Answer: B

Question 2

A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

Options :

A : Unvalidated redirect or forwarding

B : Insecure HTTP session management

C : Unsecure direct object references

D : Unhandled malformed URLs

Answer: C

Question 3

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

Options :

A : Encryption

B : Obfuscation

C : Hashing

D : Fuzzing

Answer: C

Question 4

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

Options :

A : System administrator access

B : Least privilege principle

C : Guest account access

D : Discretionary access control (DAC)

Answer: B

Question 5

A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?

Options :

A : The administrator-s machine

B : The database server

C : The Key Distribution Center (KDC)

D : The IoT endpoint

Answer: B