A hacker was able to generate a trusted certificate that spoofs an IoT-enabled security camera's management portal. Which of the following is the most likely cause of this exploit?

• A.X.509 private keys are stored in unsecure flash memory
• B.Bootloader code is stored in unsecure flash memory
• C.The portal's certificate is stored in unsecure flash memory
• D.Firmware is loaded from flash using unsecure object references

Comment: *

Name: *

Email: *

Verification: *

An IoT security practitioner should be aware of which common misconception regarding data in motion?

• A.That data can change instantly so old data is of no value.
• B.That transmitted data is point-to-point and therefore a third party does not exist.
• C.The assumption that all data is encrypted properly and cannot be exploited.
• D.The assumption that network protocols automatically encrypt data on the fly.

Comment: *

Name: *

Email: *

Verification: *

Which of the following items should be part of an IoT software company's data retention policy?

• A.Transport encryption algorithms
• B.Data backup storage location
• C.X.509 certificate expiration
• D.Password expiration requirements

Comment: *

Name: *

Email: *

Verification: *

Which of the following methods or technologies is most likely to be used to protect an IoT portal against protocol fuzzing?

• A.Secure Hypertext Transfer Protocol (HTTPS)
• B.Public Key Infrastructure (PKI)
• C.Hash-based Message Authentication Code (HMAC)
• D.Next-Generation Firewall (NGFW)

Comment: *

Name: *

Email: *

Verification: *

A web application is connected to an IoT endpoint. A hacker wants to steal data from the connection between them. Which of the following is NOT a method of attack that could be used to facilitate stealing data?

• A.LDAP Injection
• B.Cross-Site Request Forgery (CSRF)
• C.SQL Injection (SQLi)
• D.Cross-Site Scripting (XSS)

Comment: *

Name: *

Email: *

Verification: *