[Free] 2018(Jan) EnsurePass Dumpsleader CompTIA ADR-001 Dumps with VCE and PDF 61-70

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released ADR-001
100% Free Download! 100% Pass Guaranteed!

CompTIA Mobile App Security Certification Exam (Android Edition)

Question No: 61

Failing to declare a class final can enable which of the following attacks on a developer’s code?

  1. Session hijacking via compromised session cookies

  2. Decompilation of java class files (including those in APK files), revealing sensitive data

  3. Attacker can use data injection (e.g., SQL injection, Cross-site scripting) to corrupt data in the application or the DOM

  4. Attacker can potentially extend a class and define new methods that access sensitive data from inside the scope of the class

Answer: D

Question No: 62

Which of the following describes a process by which one party confirms the identity of another party?

  1. Authentication

  2. Integrity verification

  3. Diffie-Hellman key exchange

  4. Handshake protocol

Answer: A

Question No: 63

What level of security is provided by placing sensitive methods and data inside its own Java package?

  1. High security, as only approved Java classes and methods inside the package can access the package’s data and methods

  2. Minimal security, as any java file can declare itself as part of the same package, and thus have access to that package’s data and methods

  3. Medium security, as it depends on whether the sensitive methods and data are declared public vs. private

  4. Minimal security unless all the methods are declared final

Answer: B

Question No: 64

What is meant by one way function?

  1. The input cannot be calculated from the output.

  2. The function can only have an integer input.

  3. The function can only be called from the parent class.

  4. The function has no inputs only outputs.

Answer: A

Question No: 65

An architectural review is BEST for finding which of the following security defects?

  1. Malware infection vectors

  2. SQL or other injection flaws

  3. Design flaws

  4. Zero-day vulnerabilities

Answer: C

Question No: 66

Fine grained permission control for Content Providers can be achieved with:

  1. android:ReadWritePermission.

  2. android:ContentPermissions.

  3. android:ProviderPermission.

  4. android:grantUriPermissions.

Answer: D

Question No: 67

A onetime pad is considered cryptographically secure, which are two ways it can be broken? (Select TWO).

  1. By not having an accurate clock with the pad

  2. If the repeated use of one pad occurs

  3. By losing one of the complete pads

  4. If too much randomness is used in the pad generation

  5. If XOR is used to apply the one time pad

Answer: B,C

Question No: 68

Which of the following must be done on a typical Android project to enable reverse engineering countermeasures provided with the standard Android SDK?

  1. Ensure that a Proguard configuration file exists and add a proguard.config statement to the project’s property file that references the location of the configuration file.

  2. Enable Bouncer using the Eclipse Bouncer plugin.

  3. Create a dump.txt file that describes the internal structure of the application in question and point the Dalvik VM startup properties to the file.

  4. Add a custom property to the Android Manifest.

Answer: A

Question No: 69

Which of the following methodologies is BEST for a developer to find input validation weaknesses in their own mobile app source code?

  1. Disassembly of mobile app executable

  2. Threat modeling

  3. Fuzz testing an app’s attack surface

  4. Single stepping an app through a debugger

Answer: C

Question No: 70

What are two advantages to using OAuth as the authentication method for an Android application to access a web application or service? (Select TWO).

  1. OAuth integrates seamlessly into a mobile application, never requiring the user to interact with the web application or service in question

  2. OAuth only maintains long and complex passwords for users of the Android application so the users do not have to remember them.

  3. The application does not need to ever know the user’s login credentials.

  4. In the event the device running the application is lost or stolen, the OAuth credentials issued to it can be revoked by the application’s server.

  5. OAuth enables both ends of an SSL tunnel to authenticate each other.

Answer: C,D

100% Ensurepass Free Download!
Download Free Demo:ADR-001 Demo PDF
100% Ensurepass Free Guaranteed!
ADR-001 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.