CertNexus CIoTSP (IoT Security Practitioner) Exam Syllabus

CIoTSP PDF, ITS-110 Dumps, ITS-110 PDF, CIoTSP VCE, ITS-110 Questions PDF, CertNexus ITS-110 VCE, CertNexus IoT Security Practitioner Dumps, CertNexus IoT Security Practitioner PDFUse this quick start guide to collect all the information about CertNexus CIoTSP (ITS-110) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the ITS-110 CertNexus Certified Internet of Things Security Practitioner exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual CertNexus IoT Security Practitioner certification exam.

The CertNexus CIoTSP certification is mainly targeted to those candidates who want to build their career in Internet of Things domain. The CertNexus Certified IoT Security Practitioner (CIoTSP) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of CertNexus IoT Security Practitioner.

CertNexus CIoTSP Exam Summary:

Exam Name CertNexus Certified IoT Security Practitioner (CIoTSP)
Exam Code ITS-110
Exam Price $368 (USD)
Duration 120 mins
Number of Questions 100
Passing Score 61%
Books / Training ITS training
Schedule Exam Pearson VUE
Sample Questions CertNexus CIoTSP Sample Questions
Practice Exam CertNexus ITS-110 Certification Practice Exam

CertNexus ITS-110 Exam Syllabus Topics:

Topic Details Weights
Securing IoT Portals - Identify common threats used to compromise unsecure web, cloud, or mobile interfaces.
  • Account enumeration
  • Weak default credentials
  • Injection flaws
  • Unsecure direct object references
  • Sensitive data exposure
  • CSRF
  • Unvalidated redirects and forwards
  • Session Management
  • Malformed URLs
  • Session replay
  • Reverse shell
  • Misconfiguration
  • Weak account lockout settings
  • No account lockout
  • Unsecured credentials
  • Lack of integration credentials on Edge devices

- Implement countermeasures used to secure web, cloud, or mobile interfaces.

  • Change default passwords
  • Secure password recovery mechanisms
  • Secure the web interface from XSS, SQLi, or CSRF
  • Protect credentials
  • Robust password policies
  • Account lockout policies
  • Protect against account enumeration
  • 2FA if possible
  • Granular role-based access
 29%
Implementing Authentication, Authorization, and Accounting - Identify common threats used to exploit weak authentication/authorization schemes.
  • Lack of password complexity
  • Poorly protected credentials
  • Lack of 2FA
  • Unsecure password recovery
  • Privilege escalation
  • Lack of RBAC
  • Unsecure databases and datastores
  • Lack of account lockout policy
  • Lack of access auditing
  • Lack of security monitoring
  • Lack of security logging

- Implement countermeasures used to provide secure authentication, authorization, and accounting.

  • Granular access control
  • Password management
  • Ensure re-authentication is required for sensitive features
  • Event logging and IT/OT admin notification
  • Security monitoring
 14%
Securing Network Services - Identify common threats used to exploit unsecure network services.
  • Vulnerable services
  • Buffer overflow
  • Open ports via UPnP
  • Exploitable UDP services
  • DoS/DDoS
  • DoS via network device fuzzing
  • Endpoint (address) spoofing
  • Packet manipulation/injection
  • Networking, protocols, radio communications

- Implement countermeasures used to provide secure network services.

  • Port control
  • Secure memory spaces
  • DoS mitigation/DDoS
  • Secure network nodes
  • Secure field devices
  • Secure network pathways
 14%
Securing Data - Identify common threats used to exploit unsecure data.
  • Vulnerable data in motion
  • Vulnerable data at rest
  • Vulnerable data in use

- Implement countermeasures used to secure data.

  • Encrypt data in motion, at rest, and in use
 14%
Addressing Privacy Concerns - Identify common threats used to compromise privacy.
  • Collection of unnecessary personal or sensitive information (PII, PHI, metadata)
  • Unsecured data in transit or at rest
  • Unauthorized access to personal information
  • Lack of proper data anonymization
  • Lack of data retention policies

- Implement countermeasures used to ensure data privacy.

  • Only collect critical data
  • Protect sensitive data
  • Comply with regulations/laws
  • Authorize data users
  • Data retention policies
  • Data disposal policies
  • End-user notification policies (GDPR)
  • Enable courtesy notifications to end users
  • Enable notifications as required by law
 12%
Securing Software/Firmware - Identify common threats used to exploit unsecure software/firmware.
  • Poorly designed/tested software/firmware
  • Unsecure updates/patches
  • Firmware contains sensitive information
  • Lack of OTA updates
  • Constrained devices with non-existent security features
  • Lack of end-to-end solution
  • Software/firmware not digitally signed
  • Unsecure bootloader/boot
  • Unsecure key storage

- Implement countermeasures used to provide secure software/firmware.

  • Digitally signed updates
  • Remote update capability for, e.g., bootloader, firmware, OS, drivers, application, certificates
  • Secure updates/digitally signed updates
  • Root-of-trust/secure enclave
  • Secure bootloader/boot, measured boot
 10%
Enhancing Physical Security - Identify common threats used to exploit poor physical security. 
  • Access to software/configuration via physical ports
  • Access to or removal of storage media
  • Unprotected shell access for accessible ports
  • Unrestricted physical access to vulnerable devices
  • Easily disassembled devices 

- Implement countermeasures used to ensure physical security. 

  • Protect data storage medium 
  • Encrypt data at rest 
  • Protect physical ports
  • Tamper-resistant devices
  • Limit physical access when possible
  • Hardened security for shell access
  • Limit administrative capabilities and access
 7%

To ensure success in CertNexus IoT Security Practitioner certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for CertNexus Certified Internet of Things Security Practitioner (ITS-110) exam.

Rating: 5 / 5 (2 votes)