CHAPTER 5 Mobile Device and Application Testing
The GPU in a computing system (mobile or otherwise) serves what function? A. Processing and rendering of visual data to be displayed B. Computation of program or application instructions, including mathematical, logical, and input/output (I/O) operations C. Communication to remote hosts or systems (for example, via phone call) D. Long-term, nonvolatile storage for firmware and operating systems
A
Smartphones and tablet devices are typically built using a system on a chip (SoC), which is a small integrated circuit composed of several physical components, including which of the following? (Choose two.) A. Central processing unit (CPU) B. Firmware C. RAM D. Operating system
AC
Which tool, shown next, is primarily used to develop and build packages for its target mobile environment and has some utility in static application analysis when provided with the project file used to create the installable application package? A. Drozer B. Android Studio C. MobSF D. Cydia Impactor
B
Which terms describe the process of enabling low-level execution of user applications with elevated privileges in mobile environments? (Choose two.) A. DAST B. Rooting C. Pivoting D. Jailbreaking
BD
As defined by the OWASP Mobile Security Testing Guide, which core feature of the iOS security architecture ensures that only applications explicitly approved by Apple can run on the device? A. Secure Boot B. Encryption and data protection C. Code signing D. Hardware security
C
JTAG is an IEEE standard component that is best defined as serving what purpose? A. Provides testing capabilities for mobile device modems B. Provides a means for the burning of mobile operating systems and their initial configuration C. Provides a means of physical connection to an embedded system for debugging and other testing D. Provides a means for video output
C
Which component of an Android application is functionally a SQLite database that stores data in the form of a flat file? A. Activities B. Intents C. Content providers D. Broadcast receivers
C
Which tool for Android is a reverse engineering framework with a graphical interface, code editor, and an APK signing feature that allows users to modify and repackage code as needed? A. APKX B. MobSF C. APK Studio D. Drozer
C
Which tool is an all-in-one, automated penetration testing framework for mobile applications for Android, iOS, and Windows mobile platforms, providing SAST for Android, iOS, and Windows mobile devices and DAST for Android platforms? A. Drozer B. Pangu C. MobSF D. Clutch
C
Which tool, with the minimalist UI shown next, is used to transfer jailbreak IPAs to devices running iOS for installation? A. Android Studio B. Phoenix C. Cydia Impactor D. Electra
C
iOS runs on Apple hardware and is based on Darwin, an open-source OS originating from which operating system family? A. Windows B. Debian C. Unix D. Red Hat
C
The native C and C++ libraries present in Android provide support for which of the following applications? (Choose two.) A. Gmail B. Hangouts C. HAL D. ART
CD
Static analysis (sometimes called static application security testing, or SAST) is a debugging method used to examine source code, bytecode, and binaries without execution. Which of the following is not a test case commonly employed as part of static analysis? A. Disassembly or decompiling of the application from its original format B. Analysis of files and application permissions C. Searching for information disclosure weaknesses, such as hard-coded credentials D. Client-side injection attack attempts, such as SQL injection or local file inclusion
D
Which abstraction layer of iOS facilitates fundamental services such as networking and file access? A. Media B. Cocoa Touch C. Core OS D. Core Services
D
Which of the following best describes the role of a subscriber identity module (SIM) on a mobile device? A. Provides temporary, typically volatile storage for mobile applications B. Enables transmission of Short Message Service (SMS) and Multimedia Message Service (MMS) messages C. Communication to remote hosts or systems (for example, via phone call) D. Identifies and authenticates a user's device on a cellular network
D