[Free] 2018(Jan) EnsurePass Dumpsleader CompTIA ADR-001 Dumps with VCE and PDF 1-10

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released ADR-001
100% Free Download! 100% Pass Guaranteed!

CompTIA Mobile App Security Certification Exam (Android Edition)

Question No: 1

An Intent Sniffing attack is where:

  1. a malicious app intercepts network communications to capture Intent traffic.

  2. cached Intent messages are read from storage by an attacker.

  3. Intent declarations are read from the manifest in order to construct spoof Intents.

  4. a malicious app registers to receive public broadcasts in order to intercept data.

Answer: D

Question No: 2

When handling sensitive data with Android apps, which of the following storage strategies is MOST secure?

  1. Store data on device using encryption, with encryption key managed on the server

  2. Prompt users to enable encryption

  3. Store sensitive data locally in XML protected with file permissions

  4. Store sensitive data on the server

Answer: D

Question No: 3

A file with Unix permissions ‘700’ allows:

  1. all users to read, write and execute.

  2. full access to the app that created it and no other apps.

  3. only the system and root access.

  4. for protected storage on the shared SD card.

Answer: B

Question No: 4

In the AndroidManifest.xml file which element is used to define the permissions an app is

requesting access to?

  1. lt;uses-permissiongt;

  2. lt;permissiongt;

  3. lt;grant-uri-permissionsgt;

  4. lt;activitygt;

Answer: A

Question No: 5

Which of the following BEST describes the responsibility of a TrustManager object when used in an Android application with SSL?

  1. The TrustManager verifies that a Certificate Authority truly did issue a server’s SSL certificate by using the Online Certificate Status Protocol (OCSP).

  2. The TrustManager manages the client-side SSL certificate that the Android application will present to a server for mutual authentication.

  3. The TrustManager makes decisions on if a server’s SSL certificate should be trusted, by allowing the developer to specify which certificates should be allowed.

  4. The TrustManager verifies that a server’s SSL certificate has not been revoked by checking the Certificate Authority’s Certificate Revocation List (CRL).

Answer: C

Question No: 6

A developer is designing a very sensitive web application that will be accessed by both desktop web browsers and mobile Android applications. What is one way the developer can implement a multi-factor authentication system for these users?

  1. Have the user memorize a PIN in addition to their password and require them to supply both when attempting to log in.

  2. Have the user answer a security question once they authenticate using their username and password.

  3. Require a one-time-use code sent via an SMS message in addition to a username and password.

  4. Have the user supply their last password in addition to their current password when they attempt to log in.

Answer: C

Question No: 7

Which of the following can be performed to find security design flaws in mobile apps prior to writing code?

  1. Threat modeling

  2. Penetration testing

  3. Static source code analysis

  4. Dynamic validation testing

Answer: A

Question No: 8

When an app “logs out” of a back end system the developer should also ensure:

  1. app jumps to device home screen, clearing the data from the previous session.

  2. GUI components displaying data while logged in are destroyed as Android does not do this.

  3. app switches back to login screen forcing the user to re-login to view the data.

  4. app maintains the state of the session ID in the key chain.

Answer: B

Question No: 9

Which of the following is a disadvantage of using a static embedded API Key for client authentication to a web service?

  1. API Keys require the use of a certificate issued by a commercial Certificate Authority.

  2. API Keys are used with asymmetric cryptography, which is slow and can negatively impact the performance of the client application.

  3. API Keys cannot be transmitted over HTTPS, so they are open to compromise.

  4. API Keys can be discovered and abused by an attacker.

Answer: D

Question No: 10

When applying PBKDF2 to a password, what would be the MORE secure number of iterations to use?

A. 100

B. 1,000

C. 2,000

D. 10,000

Answer: D

100% Ensurepass Free Download!
Download Free Demo:ADR-001 Demo PDF
100% Ensurepass Free Guaranteed!
ADR-001 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.