CEH#16 - Oriyano - Mobile Device Security
6. What could a company do to protect itself from a loss of data when a phone is stolen? (choose all that apply) a. passwords b. patching c. encryption d. remote wipe
a, c, d, A company should proactively set passwords and use encryption, as well as employ remote wipe on a mobile device in the event that it is lost or stolen.
5. iOS is based on which operating system? a. windows b. os x c. unix d linux
b. ios is based on os X
18 Remote wipes do what (choose two). a. wipe all data off a device b. remove sensitive information such as contacts from a remote system c. factory reset a device d. insert cookies and devices
a, b. remote wipes remove data and other sensitive information from a device.
13. When a device is rooted, what is the effect on security? a. improved b. lowered c. stays the same d. hardened
b. security is lowered on a device when rooting is performed.
7. A utility for auditing WordPress from Android is _____? a. droidsheep b. firesheep c. wpscan d. nmap
c wpscan is used to look for weaknesses in wordpress sites.
2. Jailbreaking a phone refers to what? a. removing DRM from the system b. removing a device from a network c. acquiring root access on a device d. removing ransomware from a system
c. jail braking refers to gaining root access on a mobile device specifically iOS devices.
3. What does rooting a device do? a. removes updates from a system b. removes access to a user c. provides root-level access to a user on a system d. increases security on a device
c. rooting is the process of increasing the amount of access a user has on an android device.
4. Android is based on which operating system? a. windows b. os x c. unix d. linux
d. android is based on linux
14. Session hijacking can be thwarted with which of the following? a. sandroproxy b. droidsheep c. faceniff d. psiphon
d. psiphon would provide some protection against sniffing and session hijacking.
20. NetCut is used to do what? (choose two) a. test firewalls b. craft packets c. take over a session d. scan a network
a, b. netcut can test a firewall and craft packets.
8. What utility could be used to avoid sniffing of traffic? a. sandroproxy b. proxify c. psiphon d. shark
c psiphon is essetially a vpn technology that would thwart sniffing of traffic.
19 A session hijack can be used against a mobile device using all of the following except? a. emails b browsers c. worms d. cookies
c worms do not cause session hijacks.
17. An attack that can be performed using FaceNiff is _____. a. infecting the client system b. infecting the server system c. inserting oneself into an active session d. inserting oneself into a web application
c. faceniff is used to take over active sessions.
11. What option would you use to install software thats not from the Google Play store a. install from unknown sources b install unsigned sources c. install from unknown locations d install from unsigned services
a. if install from unknown sources is enabled on android devices, unsafe or unprotected applications could compromise a device, but still will be installed.
12. Which technology can provide protection against session hijacking? a. ipsec b. udp c. tcp d. ids
a. ipsec can protect against session hijacking.
16. A man-in-the-browser attack delivered by a piece of malware can be prevented by which of the following? a. anti-virus b. anti-spyware c. using firefox d. rooting a device
a. much like desktop systems, installing an antivirus can prevent this type of malware based attack.
15. A denial of service application for Android is ______. a. blaster b LOIC c. evil d. pryfi
b. LOIC is software used to perform denial of service attacks.
9. Jennifer has captured the following URL; ww.snaz22enu.com/&w25/session=22525. She realizes that she can perform a session hijack. Which utility would she use? a. shark b. droidsheep c. airmon d. droid
b. droidsheep is used to perform session hijacks.
1. What is the benefit of encryption on mobile devices? a. protection against stolen devices b. protection of data on lost or stolen devices c. prevention of malware d. protection of data being sent to website
b. encryption safeguards data on devices that have been lost or stolen.
10. Jennifer is concerned about her scans being tracked back to her tablet. What could she use to hide the source of the scans? a. sniffing b. sandroproxy c. faceniff d. blind scanning
b. sandroproxy would be ueful to disguise the soure of a scan.