Exam for engine

Q22. Which of the following policies provides the BEST protection against identity theft when data stored on an IoT portal has been compromised?

Q23. An embedded developer is about to release an IoT gateway. Which of the following precautions must be taken to minimize attacks due to physical access?

Q24. A compromised IoT device is initiating random connections to an attacker’s server in order to exfiltrate sensitive dat a. Which type of attack is being used?

Q25. An Agile Scrum Master working on IoT solutions needs to get software released for a new IoT product. Since bugs could be found after deployment, which of the following should be part of the overall solution?

Q26. Which of the following attacks relies on the trust that a website has for a user’s browser?

Q27. You work for a multi-national IoT device vendor. Your European customers are complaining about their inability to access the personal information about them that you have collected. Which of the following regulations is your organization at risk of violating?

Q28. Which of the following attacks utilizes Media Access Control (MAC) address spoofing?

Q29. Which of the following methods or technologies is most likely to be used in order to mitigate brute force attacks?

Q30. An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow methods or technologies is the administrator most likely to implement?

Q31. A hacker is able to eavesdrop on administrative sessions to remote IoT sensors. Which of the following has most likely been misconfigured or disabled?

Q32. A security practitioner wants to encrypt a large datastore. Which of the following is the BEST choice to implement?

Q33. Which of the following is one way to implement countermeasures on an IoT gateway to ensure physical security?

Q34. An IoT developer wants to ensure all sensor to portal communications are as secure as possible and do not require any client-side configuration. Which of the following is the developer most likely to use?

Q35. Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following attacks?

Q36. Accompany collects and stores sensitive data from thousands of IoT devices. The company’s IoT security administrator is concerned about attacks that compromise confidentiality. Which of the following attacks is the security administrator concerned about? (Choose two.)

Q37. An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

Q38. If an attacker were able to gain access to a user’s machine on your network, which of the following actions would she most likely take next?

Q39. Recently, you purchased a smart watch from Company A. You receive a notification on your watch that you missed a call and have a new message. Upon checking the message, you hear the following:
“Hello, my name is Julie Simmons, and I’m with Company A. I want to thank you for your recent purchase and send you a small token of our appreciation. Please call me back at 888-555-1234. You will need to enter your credit card number, so we can authenticate you and ship your gift. Thanks for being a valued customer and enjoy your gift!” Which of the following types of attacks could this be?

Q40. Requiring randomly generated tokens for each connection from an IoT device to the cloud can help mitigate which of the following types of attacks?

Q41. A manufacturer wants to ensure that user account information is isolated from physical attacks by storing credentials off-device. Which of the following methods or technologies best satisfies this requirement?

Q42. A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?

Q43. A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?