Question 9 - CertNexus ITS-110 Real Exam Questions [Jan 2026 Update]

Q: 9

An IoT software developer wants the users of her software tools to know if they have been modified by someone other than her. Which of the following tools or techniques should she use?

Options

Correct Answer:

Explanation

Hashing is the correct technique for this purpose. A hash function creates a unique, fixed-length digital fingerprint (a "hash" or "digest") of a file. The developer can compute the hash of the original software and publish it. Users can then download the software, compute the hash on their end using the same algorithm (e.g., SHA-256), and compare it to the one provided by the developer. If the hashes match, the user can be confident the software has not been modified. This process ensures data integrity.

Why Incorrect

A. Encryption: Encryption is used for confidentiality to make data unreadable to unauthorized parties, not primarily to verify that the data has not been altered.

B. Obfuscation: This technique makes code difficult for humans to read or reverse-engineer but does not provide a verifiable method to detect modifications.

D. Fuzzing: Fuzzing is a software testing method used to find vulnerabilities by inputting random data; it is not a tool for end-users to verify file integrity.

References

1. National Institute of Standards and Technology (NIST)

Special Publication 800-183

Networks of 'Things'

July 2016. Section 3.3.2

"Data Confidentiality

Integrity

and Origin Authentication

" discusses the need for data integrity and mentions cryptographic mechanisms like digital signatures

which are fundamentally based on hashing

to ensure data has not been altered.

2. CertNexus

ITS-110 Exam Objectives

Version 2.0. Domain 3.3

"Given a scenario

implement security measures for IoT devices

" covers the application of cryptographic controls. Hashing is a primary cryptographic control used to ensure the integrity of data and software.

3. Paar

& Pelzl

Understanding Cryptography: A Textbook for Students and Practitioners. (Material commonly used in university curricula). Chapter 11

"Hash Functions

" Section 11.1.2

"Digital Signatures

" explains that a core application of hash functions is to compute a short digest of a message or file for integrity verification as part of a digital signature scheme.

4. University of California

Berkeley

CS 161: Computer Security Course Notes

Fall 2020. Lecture 8: "Cryptographic Hash Functions

" page 2

explicitly states: "A major application of cryptographic hash functions is to verify file integrity." It details the exact process described in the explanation.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE