If a site administrator wants to improve the secure access to a cloud portal, which of the following would be the BEST countermeasure to implement?

• A.Mandate multi-factor authentication (MFA)
• B.Require separation of duties
• C.Utilize role-based access control (RBAC)
• D.Require frequent password changes

Comment: *

Name: *

Email: *

Verification: *

A hacker wants to discover login names that may exist on a website. Which of the following responses to the login and password entries would aid in the discovery? (Choose two.)

• A.Invalid password
• B.Incorrect email/password combination
• C.That user does not exist
• D.Your login attempt was unsuccessful
• E.The username and/or password are incorrect

Comment: *

Name: *

Email: *

Verification: *

An IoT security administrator is concerned about an external attacker using the internal device management local area network (LAN) to compromise his IoT devices. Which of the following countermeasures should the security administrator implement? (Choose three.)

• A.Require the use of Password Authentication Protocol (PAP)
• B.Implement 802.1X for authentication
• C.Only allow outbound traffic from the management LAN
• D.Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1
• E.Ensure that all IoT management servers are running antivirus software
• F.Create a separate management virtual LAN (VLAN)
• G.Ensure that all administrators access the management server at specific times

Comment: *

Name: *

Email: *

Verification: *

Accompany collects and stores sensitive data from thousands of IoT devices. The company's IoT security administrator is concerned about attacks that compromise confidentiality. Which of the following attacks is the security administrator concerned about? (Choose two.)

• A.Salami
• B.Denial of Service (DoS)
• C.Aggregation
• D.Data diddling
• E.Inference

Comment: *

Name: *

Email: *

Verification: *

An IoT systems integrator has a very old IoT gateway that doesn't offer many security features besides viewing a system configuration page via browser over HTTPS. The systems integrator can't get their modern browser to bring up the page due to a cipher suite mismatch. Which of the following must the integrator perform before the configuration page can be viewed?

• A.Downgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.
• B.Upgrade the browser, as older browsers have stopped allowing connections to hosts that use only outdated cipher suites.
• C.Downgrade the browser, as modern browsers have continued allowing connections to hosts that use only outdated cipher suites.
• D.Upgrade the browser, as modern browsers have stopped allowing connections to hosts that use only outdated cipher suites.

Comment: *

Name: *

Email: *

Verification: *