Question 1

A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?

Options :

A : The administrator-s machine

B : The database server

C : The Key Distribution Center (KDC)

D : The IoT endpoint

Answer: B

Question 2

A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?

Options :

A : Configure single sign-on (SSO)

B : Parameter validation

C : Require strong passwords

D : Require two-factor authentication (2FA)

Answer: B

Question 3

An IoT developer wants to ensure that data collected from a remotely deployed power station monitoring system is transferred securely to the cloud. Which of the following technologies should the developer consider?

Options :

A : Secure/Multipurpose Internet Mail Extensions (S/MIME)

B : Message-digest 5 (MD5)

C : Blowfish

D : Transport Layer Security (TLS)

Answer: D

Question 4

A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

Options :

A : Unvalidated redirect or forwarding

B : Insecure HTTP session management

C : Unsecure direct object references

D : Unhandled malformed URLs

Answer: C

Question 5

Which of the following techniques protects the confidentiality of the information stored in databases?

Options :

A : Hashing

B : Archiving

C : Monitoring

D : Encryption

Answer: D