title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Certified IoT Security Practitioner (CIoTSP) Exam Voucher
Duration
1 Day
Course
LQEX-CNX0006V
Available Formats
Exam Vouchers
Course Description
Overview
Exam Voucher for ITS-110.This course is designed for IoT practitioners who are looking to improve their skills and knowledge of IoT security and privacy. This course is also designed for students who are seeking the CertNexus Certified Internet of Things Security Practitioner (CIoTSP) certification and who want to prepare for Exam ITS-110.
Objectives
This exam will certify that the candidate has the foundational skill set of secure IoT concepts, technologies, and tools that will enable them to become a capable IoT Security practitioner in a wide variety of IoT-related job functions.
Audience
This certification exam is designed for practitioners who are seeking to demonstrate a vendor-neutral, cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure IoT ecosystem.
Prerequisites
-
While there are no formal prerequisites to register for and schedule an exam, we strongly recommend you first possess the following knowledge:
- Understanding of the fundamental benefits and challenges of securing IoT systems.
- Understanding of an IoT ecosystem, including the physical elements, edge/fog computing elements, network and connectivity elements, cloud and cloud platform elements, and the applications and “Things” within various market sectors.
- Understanding of common IoT security and privacy threats and countermeasures.
- Understanding of common IoT safety and risk management approaches.
- Understanding of the IoT system/software development life cycle.
- CertNexus Internet of Things (IoT) Security Practitioner™ (Exam ITS-110)
Topics
Domain 1.0 Securing IoT Portals
Objective 1.1 - Identify common threats used to compromise unsecure web, cloud, or mobile interfaces.
- Account enumeration
- Weak default credentials
- Injection flaws
- SQLi
- Second order SQLi
- LDAP injection
- XSS
- Unsecure direct object references
- Sensitive data exposure
- CSRF
- Unvalidated redirects and forwards
- Session Management
- Malformed URLs
- Session replay
- Reverse shell
- Misconfiguration
- Weak account lockout settings
- No account lockout
- Unsecured credentials
- Lack of integration credentials on Edge devices
- Change default passwords
- Secure password recovery mechanisms
- Secure the web interface from XSS, SQLi, or CSRF
- Protect credentials
- Robust password policies
- Account lockout policies
- Protect against account enumeration
- 2FA if possible
- Granular role-based access
- Lack of password complexity
- Poorly protected credentials
- Lack of 2FA
- Unsecure password recovery
- Privilege escalation
- Lack of RBAC
- Unsecure databases and datastores
- Lack of account lockout policy
- Lack of access auditing
- Lack of security monitoring
- Lack of security logging
- Granular access control
- Password management
- Strong passwords
- Change default username and password
- Password expiration policies
- Secure password recovery mechanisms
- 2FA where possible
- Ensure re-authentication is required for sensitive features
- Event logging and IT/OT admin notification
- Security monitoring
- Vulnerable services
- FTP, DNS, SNMP, Telnet
- Buffer overflow
- Open ports via UPnP
- Exploitable UDP services
- DoS/DDoS
- DoS via network device fuzzing
- Endpoint (address) spoofing
- Packet manipulation/injection
- Networking, protocols, radio communications
- Public data cellular network
- Dedicated/Custom APN setting
- Unsecured network ports
- Port control
- Access control list
- Secure memory spaces
- Fuzzing
- Buffer overflow
- DoS mitigation/DDoS
- Endpoints
- Cloud
- Secure network nodes
- Cloud
- Gateway
- Edge
- Secure field devices
- Secure network pathways
- Physical
- Logical
- Vulnerable data in motion
- Internet
- Local network
- Poorly implemented SSL/TLS
- Misconfigured SSL/TLS
- M2M
- Blockchain
- Vulnerable data at rest
- Databases and datastores
- Vulnerable data in use o Lack of memory space isolation o Unsecure memory space
- Encrypt data in motion, at rest, and in use
- SSL/TLS
- SSH
- IPSec
- S/MIME
- PKI
- Symmetric
- AES, 3DES
- Asymmetric
- RSA, DH, ECC
- Collection of unnecessary personal or sensitive information (PII, PHI, metadata)
- Unsecured data in transit or at rest
- Unauthorized access to personal information
- Lack of proper data anonymization
- Lack of data retention policies
- Only collect critical data
- Protect sensitive data
- Anonymize
- Encrypt
- De-identify
- Comply with regulations/laws
- Authorize data users
- Data retention policies
- Data disposal policies
- End-user notification policies (GDPR)
- Enable courtesy notifications to end users
- Enable notifications as required by law
- Poorly designed/tested software/firmware
- Unsecure updates/patches
- Firmware contains sensitive information
- Lack of OTA updates
- Constrained devices with non-existent security features
- Lack of end-to-end solution
- Embedded sensors, actuators, and communication modules
- Applications/software (programming, etc.)
- System integration (API)
- Microservice architectures (container security)
- Software/firmware not digitally signed
- Unsecure bootloader/boot
- Unsecure key storage
- Digitally signed updates
- Remote update capability for, e.g. bootloader, firmware, OS, drivers, application, certificates
- Secure updates/digitally signed updates
- Hardened update server
- Secured download and installation
- Failsafe option to revert to previous bootloader/firmware
- Method to modify certificates within endpoints after deployment
- Root-of-trust/secure enclave
- Secure bootloader/boot, measured boot
- Access to software/configuration via physical ports
- Access to or removal of storage media
- Unprotected shell access for accessible ports
- Unrestricted physical access to vulnerable devices
- Easily disassembled devices
- Protect data storage medium
- Encrypt data at rest
- Protect physical ports
- Tamper-resistant devices
- Limit physical access when possible
- Hardened security for shell access
- Limit administrative capabilities and access
Related Courses
-
Cyber Secure Coder Certified CSC (Exam CSC-210)
CNX0032- Duration: 3
- Delivery Format: Classroom Training, Online Training
- Price: 2,100.00 USD
-
CyberSec First Responder CFR (Exam CFR-410)
CNX0013- Duration: 5
- Delivery Format: Classroom Training, Online Training
- Price: 3,500.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
- All cancellations must be made in accordance with the policies of the specific testing center that is administering your certification exam. Additionally, candidates are subject to the testing center’s no-show policy in terms of rescheduling or seeking a refund. Visit your testing centers’ website for more information on cancellations and no-shows.
- Vouchers for CertNexus certification exams are non-refundable, non-transferable, and non-exchangeable.
- All vouchers, including any retakes, expire 18 months from the date of purchase, unless otherwise noted.
- Any candidates who do not pass a CertNexus certification exam on their first attempt are eligible for a second attempt immediately, at no additional cost and with no waiting period before the retake. All CertNexus certification exam vouchers include one free retake.
- Retakes are only valid for the same exam and same exam version that was initially purchased and using the same voucher code. All attempts, including retakes, must occur prior to the voucher expiration date.
- For any attempts after the free retake (i.e. before the third attempt or any subsequent attempt, or after the expiration date), candidates must purchase another voucher.
- While there are no time restrictions on the third attempt or any subsequent attempts thereafter, CertNexus strongly recommends a 30-day preparation period before taking the exam again.
For more information:Visit
Exam Terms & Conditions
??exam-warning??
??group-training-form-area??
??how-can-we-help-you-area??
??personalized-form-area??
??request-quote-area??
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Nothing yet
Purchase Information
??elearning-coursenumber?? ??coursename??
View Cart
title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.