Question 1

A web administrator is concerned about injection attacks. Which of the following mitigation techniques should the web administrator implement?

Options :

A : Configure single sign-on (SSO)

B : Parameter validation

C : Require strong passwords

D : Require two-factor authentication (2FA)

Answer: B

Question 2

A corporation's IoT security administrator has configured his IoT endpoints to send their data directly to a database using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). Which entity provides the symmetric key used to secure the data in transit?

Options :

A : The administrator-s machine

B : The database server

C : The Key Distribution Center (KDC)

D : The IoT endpoint

Answer: B

Question 3

A hacker is able to access privileged information via an IoT portal by modifying a SQL parameter in a URL. Which of the following BEST describes the vulnerability that allows this type of attack?

Options :

A : Unvalidated redirect or forwarding

B : Insecure HTTP session management

C : Unsecure direct object references

D : Unhandled malformed URLs

Answer: C

Question 4

In order to minimize the risk of abusing access controls, which of the following is a good example of granular access control implementation?

Options :

A : System administrator access

B : Least privilege principle

C : Guest account access

D : Discretionary access control (DAC)

Answer: B

Question 5

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

Options :

A : Encryption

B : Obfuscation

C : Hashing

D : Fuzzing

Answer: C

Higher Test Marks with Free Online ITS-110 Exam Practice

Buying Options: