A developer needs to implement a highly secure authentication method for an IoT web portal. Which of the following authentication methods offers the highest level of identity assurance for end users?

• A.Two-step authentication with complex passwords
• B.Multi-factor authentication with three factors
• C.An X.509 certificate stored on a smart card
• D.A hardware-based token generation device

Comment: *

Name: *

Email: *

Verification: *

A hacker enters credentials into a web login page and observes the server's responses. Which of the following attacks is the hacker attempting?

• A.Buffer overflow
• B.Account enumeration
• C.Directory traversal
• D.Spear phishing

Comment: *

Name: *

Email: *

Verification: *

A DevOps engineer wants to further secure the login mechanism to a website from IoT gateways. Which of the following is the BEST method the engineer should implement?

• A.Require that passwords be changed periodically
• B.Require that passwords contain alphanumeric characters
• C.Require two-factor or multifactor authentication
• D.Require that passwords cannot include special characters

Comment: *

Name: *

Email: *

Verification: *

Which of the following functions can be added to the authorization component of AAA to enable the principal of least privilege with flexibility?

• A.Role-based access control (RBAC)
• B.Access control list (ACL)
• C.Discretionary access control (DAC)
• D.Mandatory access control (MAC)

Comment: *

Name: *

Email: *

Verification: *

An IoT security practitioner should be aware of which common misconception regarding data in motion?

• A.The assumption that network protocols automatically encrypt data on the fly.
• B.That transmitted data is point-to-point and therefore a third party does not exist.
• C.The assumption that all data is encrypted properly and cannot be exploited.
• D.That data can change instantly so old data is of no value.

Comment: *

Name: *

Email: *

Verification: *