title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Certified IoT Security Practitioner (CIoTSP) Exam Voucher
Duration
1 Day
Course
LQEX-CNX0006V
Available Formats
Exam Vouchers
Course Description
Overview
Exam Voucher for ITS-110.This course is designed for IoT practitioners who are looking to improve their skills and knowledge of IoT security and privacy. This course is also designed for students who are seeking the CertNexus Certified Internet of Things Security Practitioner (CIoTSP) certification and who want to prepare for Exam ITS-110.
Objectives
This exam will certify that the candidate has the foundational skill set of secure IoT concepts, technologies, and tools that will enable them to become a capable IoT Security practitioner in a wide variety of IoT-related job functions.
Audience
This certification exam is designed for practitioners who are seeking to demonstrate a vendor-neutral, cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure IoT ecosystem.
Prerequisites
-
While there are no formal prerequisites to register for and schedule an exam, we strongly recommend you first possess the following knowledge:
- Understanding of the fundamental benefits and challenges of securing IoT systems.
- Understanding of an IoT ecosystem, including the physical elements, edge/fog computing elements, network and connectivity elements, cloud and cloud platform elements, and the applications and “Things” within various market sectors.
- Understanding of common IoT security and privacy threats and countermeasures.
- Understanding of common IoT safety and risk management approaches.
- Understanding of the IoT system/software development life cycle.
- CertNexus Internet of Things (IoT) Security Practitioner™ (Exam ITS-110)
Topics
Domain 1.0 Securing IoT Portals
Objective 1.1 - Identify common threats used to compromise unsecure web, cloud, or mobile interfaces.
- Account enumeration
- Weak default credentials
- Injection flaws
- SQLi
- Second order SQLi
- LDAP injection
- XSS
- Unsecure direct object references
- Sensitive data exposure
- CSRF
- Unvalidated redirects and forwards
- Session Management
- Malformed URLs
- Session replay
- Reverse shell
- Misconfiguration
- Weak account lockout settings
- No account lockout
- Unsecured credentials
- Lack of integration credentials on Edge devices
- Change default passwords
- Secure password recovery mechanisms
- Secure the web interface from XSS, SQLi, or CSRF
- Protect credentials
- Robust password policies
- Account lockout policies
- Protect against account enumeration
- 2FA if possible
- Granular role-based access
- Lack of password complexity
- Poorly protected credentials
- Lack of 2FA
- Unsecure password recovery
- Privilege escalation
- Lack of RBAC
- Unsecure databases and datastores
- Lack of account lockout policy
- Lack of access auditing
- Lack of security monitoring
- Lack of security logging
- Granular access control
- Password management
- Strong passwords
- Change default username and password
- Password expiration policies
- Secure password recovery mechanisms
- 2FA where possible
- Ensure re-authentication is required for sensitive features
- Event logging and IT/OT admin notification
- Security monitoring
- Vulnerable services
- FTP, DNS, SNMP, Telnet
- Buffer overflow
- Open ports via UPnP
- Exploitable UDP services
- DoS/DDoS
- DoS via network device fuzzing
- Endpoint (address) spoofing
- Packet manipulation/injection
- Networking, protocols, radio communications
- Public data cellular network
- Dedicated/Custom APN setting
- Unsecured network ports
- Port control
- Access control list
- Secure memory spaces
- Fuzzing
- Buffer overflow
- DoS mitigation/DDoS
- Endpoints
- Cloud
- Secure network nodes
- Cloud
- Gateway
- Edge
- Secure field devices
- Secure network pathways
- Physical
- Logical
- Vulnerable data in motion
- Internet
- Local network
- Poorly implemented SSL/TLS
- Misconfigured SSL/TLS
- M2M
- Blockchain
- Vulnerable data at rest
- Databases and datastores
- Vulnerable data in use o Lack of memory space isolation o Unsecure memory space
- Encrypt data in motion, at rest, and in use
- SSL/TLS
- SSH
- IPSec
- S/MIME
- PKI
- Symmetric
- AES, 3DES
- Asymmetric
- RSA, DH, ECC
- Collection of unnecessary personal or sensitive information (PII, PHI, metadata)
- Unsecured data in transit or at rest
- Unauthorized access to personal information
- Lack of proper data anonymization
- Lack of data retention policies
- Only collect critical data
- Protect sensitive data
- Anonymize
- Encrypt
- De-identify
- Comply with regulations/laws
- Authorize data users
- Data retention policies
- Data disposal policies
- End-user notification policies (GDPR)
- Enable courtesy notifications to end users
- Enable notifications as required by law
- Poorly designed/tested software/firmware
- Unsecure updates/patches
- Firmware contains sensitive information
- Lack of OTA updates
- Constrained devices with non-existent security features
- Lack of end-to-end solution
- Embedded sensors, actuators, and communication modules
- Applications/software (programming, etc.)
- System integration (API)
- Microservice architectures (container security)
- Software/firmware not digitally signed
- Unsecure bootloader/boot
- Unsecure key storage
- Digitally signed updates
- Remote update capability for, e.g. bootloader, firmware, OS, drivers, application, certificates
- Secure updates/digitally signed updates
- Hardened update server
- Secured download and installation
- Failsafe option to revert to previous bootloader/firmware
- Method to modify certificates within endpoints after deployment
- Root-of-trust/secure enclave
- Secure bootloader/boot, measured boot
- Access to software/configuration via physical ports
- Access to or removal of storage media
- Unprotected shell access for accessible ports
- Unrestricted physical access to vulnerable devices
- Easily disassembled devices
- Protect data storage medium
- Encrypt data at rest
- Protect physical ports
- Tamper-resistant devices
- Limit physical access when possible
- Hardened security for shell access
- Limit administrative capabilities and access
Related Courses
-
Cyber Secure Coder Certified CSC (Exam CSC-210)
CNX0032- Duration: 3
- Delivery Format: Classroom Training, Online Training
- Price: 2,100.00 USD
-
CyberSec First Responder CFR (Exam CFR-410)
CNX0013- Duration: 5
- Delivery Format: Classroom Training, Online Training
- Price: 3,500.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
THIS IS A SELF-PACED VIRTUAL CLASS. AFTER YOU REGISTER, YOU HAVE 30 DAYS TO COMPLETE THE COURSE.
Before you enroll, review the system requirements to ensure that your system meets the minimum requirements for this course. AFTER YOU ARE ENROLLED IN THIS COURSE, YOU WILL NOT BE ABLE TO CANCEL YOUR ENROLLMENT. You are billed for the course when you submit the enrollment form. Self-Paced Virtual Classes are non-refundable. Once you purchase a Self-Paced Virtual Class, you will be charged the full price.
After you receive confirmation that you are enrolled, you will be sent further instructions to access your course material and remote labs. A confirmation email will contain your online link, your ID and password, and additional instructions for starting the course.
You can start the course at any time within 12 months of enrolling for the course. After you register/start the course, you have 30 days to complete your course. Within this 30 days, the self-paced format gives you the opportunity to complete the course at your convenience, at any location, and at your own pace. The course is available 24 hours a day.
Exam Terms & Conditions
??exam-warning??
??group-training-form-area??
??how-can-we-help-you-area??
??personalized-form-area??
??request-quote-area??
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Nothing yet
Purchase Information
??elearning-coursenumber?? ??coursename??
View Cart
title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.