Chapter 13
Which of the following describes Mobile Device Management software?
A combination of an on-device application or agent that communicates with a backend server to receive policies and settings.
Which of the following policies best governs the use of bring-your-own-device (BYOD) that connect with an organization's private network?
Acceptable use policy
Which key area in the mobile device security model is supported by device designers requiring passwords, biometrics, and two-factor authentication methods?
Access controls
Which of the following operating systems is the most prevalent in the smartphone market?
Android
Jim, a smartphone user, receives a bill from his provider that contains fees for calling international numbers he is sure he hasn't called. Which of the following forms of Bluetooth hacking was most likely used to attack his phone?
Bluebugging
Which of the following types of Bluetooth hacking is a denial-of-service attack?
Bluesmacking
You have just discovered that a hacker is trying to penetrate your network using MAC spoofing. Which of the following best describes MAC spoofing?
Changing a hacker's network card to match a legitimate address being used on a network.
Which of the following steps in an Android penetration test checks for a vulnerability hackers use to break down the browser's sandbox using infected JavaScript code?
Check for a cross-application-scripting error
You are the cybersecurity specialist for your company and have been hired to perform a penetration test. You have been using Wireshark to capture and analyze packets. Knowing that HTTP POST data can sometimes be easy prey for hackers, you have used the http.request.method==POST Wireshark filter. The results of that filter are shown in the image. After analyzing the captured information, which of the following would be your biggest concern?
Clear text passwords are shown.
Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following are the best options for preventing this from happening? (Select two.)
Configure the device to remotely wipe as soon as it is reported lost. Configure the device to wipe after a number of failed login attempts.
Which of the following mobile security best practices for users is concerned with geotags?
Don't auto-upload photos to social networks.
James, a penetration tester, uses nmap to locate mobile devices attached to a network. Which of the following mobile device penetration testing stages is being implemented?
Footprinting
Ann has a corner office that looks out on a patio that is frequently occupied by tourists. She likes the convenience of her Bluetooth headset paired to her smartphone, but is concerned that her conversations could be intercepted by an attacker sitting on the patio. Which of the following countermeasures would be the most effective for protecting her conversations?
Lower the Bluetooth power setting on the smartphone and headset.
Which of the following mobile security concerns is characterized by malicious code that specifically targets mobile devices?
Malicious websites
Which of the following bring-your-own-device (BYOD) risks is both a security issue for an organization and a privacy issue for a BYOD user?
Mixing personal and corporate data
Linda, an Android user, wants to remove unwanted applications (bloatware) that are pre-installed on her device. Which of the following actions must she take?
Root the Android device.
Which of the following can void a mobile device's warranty, cause poor performance, or brick a mobile device (making it impossible to turn on or repair)?
Rooting or jailbreaking
Which of the following describes the risks of spyware that are particular to mobile devices?
Spyware can monitor and log call histories, GPS locations, and text messages.
Which of the following best describes this image?
The iOS operating system stack.
Which of the following best describes the purpose of the wireless attack type known as wardriving?
To find information that will help breach a victim's wireless network.
The ACME company has decided to implement wireless technology to help improve the productivity of their employees. As the cybersecurity specialist for this company, you have the responsibility of seeing that the wireless network is as secure as possible. Which of the following best describes one of the first countermeasures that should be used to ensure wireless security?
Use a Wi-Fi predictive planning tool to determine where to place your access points.
Which of the following Bluetooth attack countermeasures would help prevent other devices from finding your Bluetooth device that is in continuous operation?
Use hidden mode when your Bluetooth device is enabled.
Which of the following types of wireless antenna is shown?
Yagi
You are a cybersecurity consultant. The company hiring you suspects that employees are connecting to a rogue access point (AP). You need to find the name of the hidden rogue AP so it can be deauthorized. Which of the following commands would help you locate the rouge access point from the wlp1s0 interface and produce the results shown?
airodump-ng wlp1s0mon
Which of the following Bluetooth discovery tool commands will show the Bluetooth MAC address, clock offset, and class of each discovered device?
hcitool inq
Which of the following Bluetooth discovery tools will produce the output shown below?
sdptool
Which of the following Bluetooth configuration and discovery tools can be used to check which services are made available by a specific device and can work when the device is not discoverable, but is still nearby?
sdptool
Which of the following best describes Bluetooth MAC spoofing?
An attacker changes the Bluetooth address of his own device to match the address of a target device so that the data meant for the victim device reaches the attacker's device first.
Which of the following best describes a rogue access point attack?
A hacker installing an unauthorized access point within a company.
Which of the following best describes a wireless access point?
A networking hardware device that allows other Wi-Fi devices to connect to a wired network.
Which of the following best describes the Bluediving hacking tool?
A penetration suite that runs on Linux that can implement several attacks, including bluebug, bluesnarf, and bluesmack, and also performs Bluetooth address spoofing.
Which of the following Bluetooth hacking tools is a complete framework to perform man-in-the-middle attacks on Bluetooth smart devices?
Btlejuice
You are a cybersecurity specialist. ACME, Inc. has hired you to install and configure their wireless network. As part of your installation, you have decided to use Wi-Fi Protected Access 2 (WPA2) security on all of your wireless access points. You want to ensure that the highest level of security is used. Which of the following encryption protocols should you use to provide the highest level of security?
CCMP
From your Kali Linux computer, you have used a terminal and the airodump-ng command to scan for wireless access points. From the results shown, which of the following is most likely a rogue access point?
CoffeeShop
You are configuring a wireless access point and are presented with the image shown below. Which of the following is the most correct statement regarding the access point's configuration?
The Host Name is what the users see in the list of available networks when they connect to the access point.
You are configuring several wireless access points for your network. Knowing that each access point will have a service set identifier (SSID), you want to ensure that it is configured correctly. Which of the following SSID statements are true?
The SSID is a unique name, separate from the access point name.
Which of the following Bluetooth threats has increased due to the availability of software that can be used to activate Bluetooth cameras and microphones?
The creation of Bluetooth bugging and eavesdropping devices.
Alan, an ethical hacker, roots or jailbreaks a mobile device. He checks the inventory information reported by the mobile device management (MDM) software that manages the mobile device. Which of the following describes what he expects to see in the inventory?
The inventory will show the device as vulnerable
Which of the following describes the exploitation stage of the mobile device penetration testing process?
The use of man-in-the-middle attacks, spoofing, and other attacks to take advantage of client-side vulnerabilities.
A user is having trouble connecting to a newly purchased Bluetooth device. An administrator troubleshoots the device using a Linux computer with BlueZ installed. The administrator sends an echo request to the device's Bluetooth MAC address to determine whether the device responds. Which of the following commands was used?
l2ping
Which of the following best describes a wireless hotspot?
A physical location where people may obtain free internet access using Wi-Fi.
You work for a very small company that has 12 employees. You have been asked to configure wireless access for them. Knowing that you have a very limited budget to work with, which of the following technologies should you use?
A software-based access point.
Which of the following types of wireless antenna is shown in the image?
Parabolic