certnexus its-110 practice test

Certified Internet of Things Security Practitioner

Last exam update: Nov 18 ,2025
Page 1 out of 7. Viewing questions 1-15 out of 100

Question 1

Which of the following attacks utilizes Media Access Control (MAC) address spoofing?

  • A. Network Address Translation (NAT)
  • B. Man-in-the-middle (MITM)
  • C. Network device fuzzing
  • D. Unsecured network ports
Mark Question:
Answer:

B


Explanation:
Reference: https://www.comparitech.com/net-admin/spoofing-attacks-guide/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

In order to successfully perform a man-in-the-middle (MITM) attack against a secure website, which
of the following could be true?

  • A. Client to server traffic must use Hypertext Transmission Protocol (HTTP)
  • B. The server must be vulnerable to malformed Uniform Resource Locator (URL) injection
  • C. The server must be using a deprecated version of Transport Layer Security (TLS)
  • D. The web server's X.509 certificate must be compromised
Mark Question:
Answer:

C


Explanation:
Reference: https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of
Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator
implement? (Choose two.)

  • A. Block all inbound packets with an internal source IP address
  • B. Block all inbound packets originating from service ports
  • C. Enable unused Transmission Control Protocol (TCP) service ports in order to create a honeypot
  • D. Block the use of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) through his perimeter firewall
  • E. Require the use of X.509 digital certificates for all incoming requests
Mark Question:
Answer:

D, E


User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4

An IoT security administrator is concerned about an external attacker using the internal device
management local area network (LAN) to compromise his IoT devices. Which of the following
countermeasures should the security administrator implement? (Choose three.)

  • A. Require the use of Password Authentication Protocol (PAP)
  • B. Create a separate management virtual LAN (VLAN)
  • C. Ensure that all IoT management servers are running antivirus software
  • D. Implement 802.1X for authentication
  • E. Ensure that the Time To Live (TTL) flag for outgoing packets is set to 1
  • F. Only allow outbound traffic from the management LAN
  • G. Ensure that all administrators access the management server at specific times
Mark Question:
Answer:

B, D, G


User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
G
50%
Discussions
vote your answer:
A
B
C
D
E
F
G
0 / 1000

Question 5

Which of the following attacks is a reflected Distributed Denial of Service (DDoS) attack?

  • A. Teardrop
  • B. Ping of Death
  • C. SYN flood
  • D. Smurf
Mark Question:
Answer:

C


Explanation:
Reference: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

An IoT security architect wants to implement Bluetooth between two nodes. The Elliptic Curve Diffie-
Hellman (ECDH) cipher suite has been identified as a requirement. Which of the following Bluetooth
versions can meet this requirement?

  • A. Bluetooth Low Energy (BLE) v4.0
  • B. BLE v4.2
  • C. BLE v4.1
  • D. Any of the BLE versions
Mark Question:
Answer:

D


Explanation:
Reference:
https://www.symmetryelectronics.com/blog/ble-4-1-vs-ble-4-2-new-features-and-
advantages/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

An IoT security administrator realizes that when he attempts to visit the administrative website for
his devices, he is sent to a fake website. To which of the following attacks has he likely fallen victim?

  • A. Buffer overflow
  • B. Denial of Service (DoS)
  • C. Birthday attack
  • D. Domain name system (DNS) poisoning
Mark Question:
Answer:

D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Network filters based on Ethernet burned-in-addresses are vulnerable to which of the following
attacks?

  • A. Media Access Control (MAC) spoofing
  • B. Buffer overflow
  • C. Packet injection
  • D. GPS spoofing
Mark Question:
Answer:

A


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

An IoT security architect needs to minimize the security risk of a radio frequency (RF) mesh
application. Which of the following might the architect consider as part of the design?

  • A. Make pairing between nodes very easy so that troubleshooting is reduced.
  • B. Encrypt data transmission between nodes at the physical/logical layers.
  • C. Prevent nodes from being rejected to keep the value of the network as high as possible.
  • D. Allow implicit trust of all gateways since they are the link to the internet.
Mark Question:
Answer:

B


Explanation:
Reference: https://www.bmc.com/blogs/osi-model-7-layers/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following methods is an IoT portal administrator most likely to use in order to mitigate
Distributed Denial of Service (DDoS) attacks?

  • A. Implement Domain Name System Security Extensions (DNSSEC) on all Internet-facing name servers
  • B. Disable Network Address Translation Traversal (NAT-T) at the border firewall
  • C. Implement traffic scrubbers on the upstream Internet Service Provider (ISP) connection
  • D. Require Internet Protocol Security (IPSec) for all inbound portal connections
Mark Question:
Answer:

C


Explanation:
Reference: https://www.computerweekly.com/news/252456702/How-traffic-scrubbing-can-guard-
against-DDoS-attacks

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

A DevOps engineer wants to provide secure network services to an IoT/cloud solution. Which of the
following countermeasures should be implemented to mitigate network attacks that can render a
network useless?

  • A. Network firewall
  • B. Denial of Service (DoS)/Distributed Denial of Service (DDoS) mitigation
  • C. Web application firewall (WAF)
  • D. Deep Packet Inspection (DPI)
Mark Question:
Answer:

B


Explanation:
Reference:
https://www.cloudflare.com/learning/ddos/what-is-a-ddos-
attack/#:~:text=A%20distributed%20denial%2Dof%2Dservice,a%20flood%20of%20Internet%20traffic

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

What is one popular network protocol that is usually enabled by default on home routers that
creates a large attack surface?

  • A. Open virtual private network (VPN)
  • B. Universal Plug and Play (UPnP)
  • C. Network Address Translation (NAT)
  • D. Domain Name System Security Extensions (DNSSEC)
Mark Question:
Answer:

B


Explanation:
Reference: https://phoenixnap.com/blog/what-is-upnp

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

An IoT systems administrator needs to be able to detect packet injection attacks. Which of the follow
methods or technologies is the administrator most likely to implement?

  • A. Internet Protocol Security (IPSec) with Encapsulating Security Payload (ESP)
  • B. Point-to-Point Tunneling Protocol (PPTP)
  • C. Layer 2 Tunneling Protocol (L2TP)
  • D. Internet Protocol Security (IPSec) with Authentication Headers (AH)
Mark Question:
Answer:

D


Explanation:
Reference: https://www.techtarget.com/searchsecurity/definition/IPsec-Internet-Protocol-Security

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

An IoT developer wants to ensure all sensor to portal communications are as secure as possible and
do not require any client-side configuration. Which of the following is the developer most likely to
use?

  • A. Virtual Private Networking (VPN)
  • B. Public Key Infrastructure (PKI)
  • C. IP Security (IPSec)
  • D. Secure/Multipurpose Internet Mail Extensions (S/MIME)
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

An IoT security practitioner should be aware of which common misconception regarding data in
motion?

  • A. That transmitted data is point-to-point and therefore a third party does not exist.
  • B. The assumption that all data is encrypted properly and cannot be exploited.
  • C. That data can change instantly so old data is of no value.
  • D. The assumption that network protocols automatically encrypt data on the fly.
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2