首页
Latest images
搜索
注册
登录ADR-001 Exam Free study materials
entertainment :: 您的第一个分类 :: 您的第一个主题
第1页/共1页
ADR-001 Exam Free study materials
由 Admin 周三 八月 06, 2014 5:40 am
http://www.passfine.com/ADR-001.html
http://www.passfine.com/pdf/ADR-001.pdf
http://www.passfine.com/CompTIA-series.html
Exam Number/Code : ADR-001
Exam Name : CompTIA Mobile App Security+ Certification Exam (Android Edition)
Questions and Answers : 102 Q&As
Update Time: 2014-06-05
QUESTION NO: 1
Which of the following is a reason to take mobile app security seriously when developing a social
networking app that does NOT accept payments? (Select TWO).
A. PCI-DSS regulations
B. Consumer privacy expectations and regulations
C. HIPAA regulations
D. FIPS compliance
E. Company reputation
Answer: B,E
QUESTION NO: 2
Which of the following accurately explains why many people criticize the use of a unique hardware
ID such as IMEI/MEID to identify users? (Select TWO).
A. The hardware ID can be traced to an individual user and help track activity over time and
across apps
B. The hardware ID unlocks encryption on the device
C. Companies encode email addresses directly into the hardware ID
D. Hardware ID values are easily predictable
E. Users cannot selectively block apps’ access to it
Answer: A,E
QUESTION NO: 3
Which of the following attempts to inhibit an application from being trojanized and proliferating?
A. Tamper protection in code.
B. Encrypting config file.
C. Ensure appropriate permissions are deployed to every component.
D. Login credentials delivered over network with HTTPS.
Answer: A
QUESTION NO: 4
Which of the following is fundamental to MOST transport layer encryption implementations?
A. Device passcode
B. Obfuscation
C. HTTPS
D. Keychain
Answer: C
QUESTION NO: 5
Which of the following can be performed to find security design flaws in mobile apps prior to
writing code?
A. Threat modeling
B. Penetration testing
C. Static source code analysis
D. Dynamic validation testing
Answer: A
QUESTION NO: 6
Which of the following methodologies is BEST for a developer to find input validation weaknesses
in their own mobile app source code?
A. Disassembly of mobile app executable
B. Threat modeling
C. Fuzz testing an app’s attack su***ce
D. Single stepping an app through a debugger
Answer: C
http://www.passfine.com/pdf/ADR-001.pdf
http://www.passfine.com/CompTIA-series.html
Exam Number/Code : ADR-001
Exam Name : CompTIA Mobile App Security+ Certification Exam (Android Edition)
Questions and Answers : 102 Q&As
Update Time: 2014-06-05
QUESTION NO: 1
Which of the following is a reason to take mobile app security seriously when developing a social
networking app that does NOT accept payments? (Select TWO).
A. PCI-DSS regulations
B. Consumer privacy expectations and regulations
C. HIPAA regulations
D. FIPS compliance
E. Company reputation
Answer: B,E
QUESTION NO: 2
Which of the following accurately explains why many people criticize the use of a unique hardware
ID such as IMEI/MEID to identify users? (Select TWO).
A. The hardware ID can be traced to an individual user and help track activity over time and
across apps
B. The hardware ID unlocks encryption on the device
C. Companies encode email addresses directly into the hardware ID
D. Hardware ID values are easily predictable
E. Users cannot selectively block apps’ access to it
Answer: A,E
QUESTION NO: 3
Which of the following attempts to inhibit an application from being trojanized and proliferating?
A. Tamper protection in code.
B. Encrypting config file.
C. Ensure appropriate permissions are deployed to every component.
D. Login credentials delivered over network with HTTPS.
Answer: A
QUESTION NO: 4
Which of the following is fundamental to MOST transport layer encryption implementations?
A. Device passcode
B. Obfuscation
C. HTTPS
D. Keychain
Answer: C
QUESTION NO: 5
Which of the following can be performed to find security design flaws in mobile apps prior to
writing code?
A. Threat modeling
B. Penetration testing
C. Static source code analysis
D. Dynamic validation testing
Answer: A
QUESTION NO: 6
Which of the following methodologies is BEST for a developer to find input validation weaknesses
in their own mobile app source code?
A. Disassembly of mobile app executable
B. Threat modeling
C. Fuzz testing an app’s attack su***ce
D. Single stepping an app through a debugger
Answer: C
Admin- Admin
- 帖子数 : 161
注册日期 : 14-06-18 -
entertainment :: 您的第一个分类 :: 您的第一个主题
第1页/共1页
您在这个论坛的权限:
您不能在这个论坛回复主题