[Free] 2018(Jan) EnsurePass Dumpsleader CompTIA ADR-001 Dumps with VCE and PDF 31-40

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released ADR-001
100% Free Download! 100% Pass Guaranteed!

CompTIA Mobile App Security Certification Exam (Android Edition)

Question No: 31

If a Java package contains sensitive data in one or more classes, and the data is declared public, what attacks does that expose?

  1. Public data can be intercepted in transit using network sniffing tools.

  2. Malicious code can declare itself as part of the same package, and directly access the public data with no means of protection.

  3. Public data can be accessed (read-write) via HTTP POST/POST arguments.

  4. The sensitive public data gets cached on the Java server, and is thus searchable using traditional enterprise intranet search tools.

Answer: B

Question No: 32

Which of the following is a reason to take mobile app security seriously when developing a social networking app that does NOT accept payments? (Select TWO).

  1. PCI-DSS regulations

  2. Consumer privacy expectations and regulations

  3. HIPAA regulations

  4. FIPS compliance

  5. Company reputation

Answer: B,E

Question No: 33

Which of the following is the primary reason for web services to output encode all data sent to Android application clients?

  1. Output encoding eliminates the need for the client to perform input validation, as the server has already ensured that all data being passed to the client is safe.

  2. Output encoding ensures that an attacker who can view network traffic cannot read the communications between the server and the client.

  3. Output encoding is required for the data to be sent over an SSL channel.

  4. Output encoding ensures that the client will treat all data received as data and not as executable scripts.

Answer: D

Question No: 34

Why should a developer ensure the debug flag is set to “false” in the manifest for a production build?

  1. It prevents malware from being able to connect to the debug socket and take control of the app.

  2. It prevents debug messages from showing up in the log.

  3. It prevents an attacker from being able to reverse engineer the app.

  4. It prevents an attacker from communicating with the app over the debug bridge.

Answer: A

Question No: 35

In public key cryptography which problem can occur when the public key is transmitted?

  1. The initialization vector can be determined

  2. The public key can be replaced with a different one

  3. The hash of the data can be decrypted with the private key

  4. The private key can be calculated from the public one

Answer: B

Question No: 36

What additional task is accomplished by using mutual-authentication SSL as opposed to standard SSL?

  1. The client performs an extra validation to ensure the integrity of the Root Certificate Authorities.

  2. The identity of the Certificate Authority that issued the server’s SSL certificate is validated in addition to that of the server itself.

  3. The Android application (the client) supplies a certificate to identify itself in addition to the server performing the same task, so that the client’s identity is authenticated to the server.

  4. The client decides to reject or accept the connection with the server based on its own criteria about the validity of the server’s SSL certificate.

Answer: C

Question No: 37

Which of the following mechanisms is MOST commonly used when attempting a privileged operation?

  1. A public method interface to private data fields.

  2. A private package containing only the privileged instructions.

  3. A try/catch/finally block.

  4. A security manager directive.

Answer: C

Question No: 38

Which of the following attempts to prevent Javascript from accessing a session cookie in a mobile browser?

  1. Both HTTPonly and Secure attributes

  2. HTTPonly attribute

  3. Cookie permission settings

  4. Use of super cookie

Answer: B

Question No: 39

When an app creates a configuration file in its private data directory the developer should ensure:

  1. that the file path is determined with getExternalStorageDirectory().

  2. that the file is created world writable.

  3. that file ownership is set to system.

  4. that the file is not created world readable.

Answer: D

Question No: 40

How should a developer securely share data between applications?

  1. Using file permissions on the SD card

  2. Creating world-readable files in the application directory

  3. Defining content providers with permissions

  4. Using a shared SQLite database

Answer: C

100% Ensurepass Free Download!
Download Free Demo:ADR-001 Demo PDF
100% Ensurepass Free Guaranteed!
ADR-001 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.