Question 1

A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

Options :

A : Unvalidated redirect or forwarding

B : Insecure HTTP session management

C : Unsecure direct object references

D : Unhandled malformed URLs

Answer: C

Question 2

An IoT developer discovers that clients frequently fall victim to phishing attacks. What should the developer do in order to ensure that customer accounts cannot be accessed even if the customer's password has been compromised?

Options :

A : Implement two-factor authentication (2FA)

B : Enable Kerberos authentication

C : Implement account lockout policies

D : Implement Secure Lightweight Directory Access Protocol (LDAPS)

Answer: A

Question 3

An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

Options :

A : Secure/Multipurpose Internet Mail Extensions (S/MIME)

B : Message-digest 5 (MD5)

C : Blowfish

D : Transport Layer Security (TLS)

Answer: D

Question 4

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

Options :

A : System administrator access

B : Least privilege principle

C : Guest account access

D : Discretionary access control (DAC)

Answer: B

Question 5

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

Options :

A : Encryption

B : Obfuscation

C : Hashing

D : Fuzzing

Answer: C