An OT security practitioner wants to implement two-factor authentication (2FA). Which of the following is the least secure method to use for implementation?

• A.2FA over Short Message Service (SMS)
• B.Fast Identity Online (FIDO) Universal 2nd Factor (U2F) USB key
• C.Out-of-band authentication (OOBA)
• D.Authenticator Apps for smartphones

Comment: *

Name: *

Email: *

Verification: *

A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?

• A.SQL Injection (SQLi)
• B.Cross-Site Request Forgery (CSRF)
• C.Cross-Site Scripting (XSS)
• D.LDAP Injection

Comment: *

Name: *

Email: *

Verification: *

You work for an IoT software-as-a-service (SaaS) provider. Your boss has asked you to research a way to effectively dispose of stored sensitive customer dat a. Which of the following methods should you recommend to your boss?

• A.Degaussing
• B.Crypto-shredding
• C.Overwriting
• D.Physical destruction

Comment: *

Name: *

Email: *

Verification: *

An IoT developer has endpoints that are shipped to users in the field. Which of the following best practices must be implemented for using default passwords after delivery?

• A.Protect against account enumeration
• B.Apply granular role-based access
• C.Force a password change upon initial login
• D.Implement two-factor authentication (2FA)

Comment: *

Name: *

Email: *

Verification: *

Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

• A.Hash-based Message Authentication Code (HMAC)
• B.Next-Generation Firewall (NGFW)
• C.Public Key Infrastructure (PKI)
• D.Secure Hypertext Transfer Protocol (HTTPS)

Comment: *

Name: *

Email: *

Verification: *