[Free] 2018(Jan) EnsurePass Dumpsleader CompTIA ADR-001 Dumps with VCE and PDF 21-30

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released ADR-001
100% Free Download! 100% Pass Guaranteed!

CompTIA Mobile App Security Certification Exam (Android Edition)

Question No: 21

Session keys are useful because:

  1. they temporarily provide a mechanism to maintain the state of user interaction.

  2. they are generated on the Android device locally upon startup.

  3. there is only one key to generate.

  4. they are more secure than public/private keys.

Answer: A

Question No: 22

An app accessing protected APIs should use which manifest declaration?

  1. app-permissions

  2. add-permissions

  3. grant-permission

  4. uses-permission

Answer: D

Question No: 23

Which of the following describes a security risk that may have to be accepted when using a commercial cross-platform mobile application framework?

  1. Allowing code to run outside the app sandbox

  2. Installing HTML 5 support on user device

  3. Digest authentication without HTTPS

  4. Using native code libraries without source code review

Answer: D

Question No: 24

Which of the following is an effective means of confirming data integrity?

  1. File access control

  2. Set the No execute (NX) bit on data segment in memory

  3. Base64 encoding

  4. Digital signatures

Answer: D

Question No: 25

Which of the following describes the purpose of the HTTPOnly cookie attribute?

  1. This attribute ensures that such cookies are only sent over HTTP connections and not over SSL making them unusable.

  2. This attribute requests that clients use the cookie only for HTTP connections and not expose it to client-side scripting.

  3. This attribute requests that other protocols cannot access such cookies.

  4. This attribute ensures that such cookies are only transmitted over an encrypted connection.

Answer: B

Question No: 26

Android’s kernel-level app sandbox provides security by:

  1. assigning a unique user ID (UID) to each app and running in a separate process.

  2. running all apps under an unprivileged group ID (GID).

  3. restricting read access to an app’s package to the kernel process.

  4. preventing an app’s data files from being read by any running process.

Answer: A

Question No: 27

Which of the following defines the difference between static and dynamic analysis of an application?

  1. Static analysis can be used against encrypted code and is able to determine the actual instructions running on a device, while dynamic analysis is easily fooled when code is encrypted.

  2. Static analysis consists of examining an application’s code as it is provided, while dynamic analysis consists of examining the application as it runs on an emulator or other debugging environment.

  3. Static analysis is focused solely on the recovery of string and hardcoded values while

    dynamic analysis aims to understand the function of the code itself.

  4. Static analysis requires a dataflow-modeling tool to examine all data paths, while dynamic analysis can be conducted using only an Android device.

Answer: B

Question No: 28

Which of the following statements is TRUE about session tokens?

  1. Session tokens should be unpredictable and be short to derive a maximum security benefit with minimal storage.

  2. Session tokens should be reused every time a particular user logs in.

  3. Session tokens should be an obfuscated or encrypted version of the user’s ID.

  4. Session tokens should be unpredictable, of sufficient length and contain no information about the user.

Answer: D

Question No: 29

Why are file permissions important to security?

  1. They prevent files from being transmitted to another device.

  2. They hide files in the file system.

  3. They provide links to files outside the sandbox.

  4. They determine which processes can read files.

Answer: D

Question No: 30

On an unencrypted rooted Android device, which of the following BEST describes which data is recoverable?

  1. Active data and some deleted data.

  2. Active data and none of the deleted data.

  3. Only some active data and no deleted data.

  4. Only some active data and some deleted data.

Answer: A

100% Ensurepass Free Download!
Download Free Demo:ADR-001 Demo PDF
100% Ensurepass Free Guaranteed!
ADR-001 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.