CS 453 - mobile security
Which 802.11 standard is an extension of 802.11n, offers more channels, and streams up to 1.3 Gbps of throughput on the 5 GHz band?
802.11ac
Which of the following is NOT a feature of Apple iOS architecture? Transport Layer Security (TLS) network security a secure boot-chain iMessage, FaceTime, and Siri Internet services
BitLocker disk encryption
When testing is conducted without the tester having any information about the app being tested, it's called
Black Box testing
Which of the following would be most helpful in capturing mobile app communications?
Burp Suite
Which of the following is an encapsulation method used to securely transport keying material for encryption over wireless and Point-to-Point Protocol (PPP) networks?
Extensible Authentication Protocol (EAP)
Which of the the following is a security concern with apps using external libraries?
External libraries can introduce their own vulnerabilities into an app
A semi-directional antenna is typically installed by default on wireless access points (WAPs) and radiates radio waves equally in all directions.
False
An attacker must be within a company's physical boundaries to detect a wireless network.
False
Android devices have more vulnerabilities because the Android operating system is generally not as secure as iOS.
False
Because most of the authentication and authorization logic happens at the endpoint, there is no need to test authentication on the mobile app side.
False
In order to protect sensitive data, app developers should create their own cryptographic implementations.
False
On a wireless network, all traffic is on different frequencies and channels, making it difficult to intercept and capture.
False
_______ works by transmitting data using a small carrier space in short bursts and then continuously changing, or "hopping," to another frequency during transmission.
Frequency hopping spread spectrum (FHSS)
A hotel is an environment in which many individuals demand wireless access, yet access should be granted only to paying guests. A solution is needed to interrupt the connection attempt and validate paying hotel guests. Which of the following solutions provides the best and most common approach?
Guests use a captive portal and authenticated Dynamic Host Configuration Protocol.v
Which of the following best describes the Android verified boot process?
It establishes a trust relationship between the hardware and the actual code that executes on this hardware
How does Execute Never (XN) help to secure against malware attacks on an iOS device?
It marks memory locations as either writable or executable but not both (W^X) preventing writing from buffer overflows
Which of the following is the main purpose of the NIST Mobile Threat Catalogue?
It provides a way to organize and categorize threats to mobile devices
Which of the following is an advantage of an automated app testing tool?
It provides quick results
Which of the following is NOT true of jailbreaking Apple iOS? It allows access to the file system. It enables users to download apps from any source. It gives owners root privileges.
It supports the walled garden security approach.
After experiencing many Ethernet network outages, a company decides to implement a wireless workgroup bridge as a backup. Which of the following is true of this solution?
It works well because the wired PCs continue to communicate with each other over the wireless bridge connection after a router or switch fails.
Which of the following is a Wi-Fi scanner that runs on Linux, and works as a network sniffer, network detector, and an intrusion detection system (IDS)?
Kismet
Which of the following tools would you use to find the MAC address of an access point that is not broadcasting it's SSID?
Kismet
You are a networking consultant who has been asked to penetration test the network of a small business. The company's tech support person gave you WPA2-PSK credentials and the service set identifier (SSID) of a wireless access point. You try to log on to the network but cannot connect. What is the most likely problem and how can you overcome it?
MAC filtering is in place. Scan the network, and then steal and spoof a genuine MAC address.
_______ is highly aggressive, commercial mobile adware.
Madware
Mobile app attack surfaces describe points where malware or a threat actor can attack a mobile app. Match the NIST attack surface with the appropriate description
Mobile Technology Stack Includes the hardware, firmware, mobile OS and application Communication Mechanisms Includes WiFI, Bluetooth, Cellular, NFC and SIM cards Supply Chain Includes individual hardware and software components from a variety of sources Mobile Ecosystem Includes communication networks, apps stores, vendor infrastructure and enterprise systems
Which of the following is a difference between mobile apps and traditional desktop apps?
Mobile apps have more communication channels that can be vectors for attacks
Which of the following app types is delivered from web, with offline access and uses Javascript service workers to cache content?
Progressive web app
You are in charge of security for a large organization that provides mobile devices to its sales staff. The devices have access to customer records and proprietary information. Which of the following should you do to protect the devices against malware?
Prohibit applications from non-certified developers and third-party marketplaces
When building PhoneGap apps, which of the following is the preferred method to prevent exposure of user data to attackers?
Server-side business logic
Which of the following is a popular IPS that can be used for wireless networks?
Snort
Which of the following best describes the legality of iPhone jailbreaking
The U.S. Copyright Office published an exemption permitting device jailbreaking in order to change carriers
Which of the following is considered the weakest link in protecting a mobile device against malware?
The end user
Which of the following is NOT true of 802.11 unlicensed bands? Users can operate on these bands without a Federal Communications Commission license. Users must use certified radio equipment. Users must comply with certain power limits. Unlicensed bands are subject to interference.
Those who use unlicensed bands have exclusive use of the bands.
What is the best use of virtual local area networks (VLANs) on a wireless network?
To separate and segregate traffic
By rooting or jailbreaking a device, you make it more vulnerable to malware and other attacks.
True
If an app has permissions that aren't consistent with it's use, it does not necessarily mean it has malicious intent.
True
If something goes wrong during the rooting/jailbreaking process, it may "brick" the device, or make it permanently unusable.
True
Implementing encryption settings, reset functions, access control lists, and shared keys can prevent wardriving attacks from being successful.
True
In order to publish an app in the Apple App Store, one must register and pay for an Apple Developer account.
True
Mobile apps differ from desktop apps in that there is a smaller attack surface and therefore more security against injection and similar attacks.
True
One way to prevent casual eavesdropping of a wireless network is to control the radiation of the radio frequency (RF) signal outside the premises.
True
To capture packets on a wireless network, a person can simply run sniffing software on a computer with a wireless network card in promiscuous mode.
True
iOS malware usually focuses on older, or jailbroken iPhones
True
Which of the following is the least secure?
WEP
Which of the following should be the first choice in wireless data protection?
WPA2 + CCMP
Which of the following is the most robust and used in enterprise environments?
WPA2-CCMP
Which of the following uses preshared keys?
WPA2-PSK
Which service set for Wi-Fi devices is the cornerstone of wireless networks, defines a common topology, is typically connected to a distribution network such as an Ethernet LAN, and moves all communication through the access point?
basic service set (BSS)
Which of the following is an advantage of testing on an emulator?
can be easily reset/restored
When an attacker superimposes frames or hidden buttons over real buttons in an app in order to redirect the user to a malicious site it is called
click jacking
Which network attack technique is a form of a man-in-the-middle attack that requires visibility at the Transport Layer (Layer 4) of the Open Systems Interconnection (OSI) Reference Model?
session hijacking
NIST recommends that organizations that plan to use consumer apps for their business
should make risk-based decisions for app acquisition based on their own security requirements
A MITM attack that steals the cookie from a web session and insert it into attacker's browser to gain access to server session is called ______
side jacking
Which of the following is a limitation of the app vetting process?
the quality of the outcome depends on the level of human effort and expertise available for an evaluation
Which of the following is NOT true of Wi-Fi Protected Access (WPA)? - supports Temporal Key Integrity Protocol (TKIP)/Rivest Cipher 4 (RC4) dynamic encryption key generation - supports 802.1X/Extensible Authentication Protocol (EAP) authentication in the enterprise - uses passphrase-based authentication in SOHO environments
was the first security protocol for wireless networks
______ involves injecting malicious code into a Web site to exploit vulnerabilities in browsers. A user's device can be infected simply by visiting the site.
A drive-by attack
Which Android security platform control or feature identifies application authors and deters or prevents malware?
APK signing process
Which of the following best describes the Android permission model?
After Android 6, the user must approve some permissions requests during runtime
A rogue access point May be added to the network to serve as an attack vector May be added to the network by well-meaning employees who want easier access to network Is unmanaged and vulnerable to attack
All of the above
Which of the following host systems can be used to test Android apps? Linux Mac OS Windows
All of the above
Which of the following is a security weakness of apps developed with Adobe PhoneGap? Insecure Local Data Storage Insecure Source Files Remotely Loading Javascript
All of the above
Which of the following is the official Android development tool?
Android SDK
Which of the following is the primary piece of software required for testing security testing of Android apps?
Android SDK
Which of the following 802.11 service sets is used when a network administrator wants to enable roaming for wireless devices?
Extended service set
Which of the following is NOT a threat category defined by the NIST Mobile Threat Catalogue? Stack Authentication Physical Access DevOps
DevOps
An important defense against mobile malware is ________
Enabling fraud detection on accounts you access with the device
When testing is conducted with the tester having full knowledge of the app and access to code is is known as
White Box testing
Which of the following is a cross-platform app development platform owned by Microsoft?
Xamarin
In an attempt to reduce OS fragmentation, recent versions of Android have implemented
a hardware abstraction layer (HAL) that allows changes to the OS without changing hardware drivers
On a wireless local area network (WLAN), every access point is identified by ________, which is a configurable name or an alphanumeric code.
a service set identifier (SSID)
A newly installed wireless access point (WAP) was incorrectly configured and is now a security threat. Skilled hackers discover the WAP while wardriving. What type of target does this access point represent and how is such a risk mitigated?
a target of opportunity; risk mitigated by defense in depth
If an attacker was able to capture packets from a user authenticating to your WiFi network, which of the following tools could she use to crack the WPA password?
aircrack-ng
A developer requires all connections to the server to use HTTPS. What technique might an attacker use to intercept and decrypt this communication?
an HTTP stripping attack
The visible part of an Android app is
an activity
Code obfuscation is related to
anti-tampering and anti-reverse engineering
When scanning wireless access points for vulnerabilities, which of the following is typically NOT a concern? the latest firmware and security patches the correct security credentials the appropriate security protocols
antivirus software
Which of the following security model characteristics are shared by Apple iOS and the Android operating system (OS)?
applications run in a sandbox
When testing app communications with Android 7 or above ___________
apps must be unpacked and a trusted certificate must be added
Which of the following is a basic requirement for secure app communication?
apps must set up a secure, encrypted channel for network communication using the TLS protocol.
Which network attack technique sends a constant stream of deauthentication (deauth) packets to force access points to deauthenticate and drop connections?
denial of service (DoS)
The first step in the mobile app vetting process is?
developing app security requirements
Which of the following makes it impossible for cybercriminals to modify or tamper with released Apple iOS applications?
digital certificate for approved products
Which of the following is the best control for combatting the risk of network interception vulnerabilities?
encryption
Which of the following describes static app analysis?
examining an application's components without executing them
Which of the following is a common technique for delivering malware on an iPhone?
getting a user to click a link that side loads a malicious app
Which of the following iOS permissions is granted to all apps by default?
iOS does not grant default permissions
Which service set for Wi-Fi devices does NOT use access points? basic service set (BSS) extended service set (ESS) mesh basic service set (MBSS)
independent basic service set (IBSS)
A common way of rooting an Android device is
installing a modified OTA package and recovery OS
__________ facilities enable apps to exchange signals and data.
inter-process communications
In the Android framework, an intent is
is a messaging object that can be used to request an action from another app component.
On a network, ________ is the practice of impersonating authorized users to gain their level of privileges.
masquerading
In order to conduct penetration testing on a WiFi network, you should use a device with a network card in _______
monitor mode
An inherent issue with radio waves is that they reflect off certain materials and surfaces. This results in multiple versions of the same radio waves bouncing around, known as ______.
multipath
Which type of antenna uses complex signal-processing techniques, allows multiple antennas to transmit and receive concurrently, and requires antenna signals to travel a different path for the receiver to be able to distinguish the multipath signals?
multiple input/multiple output (MIMO) antenna
When vetting a mobile app, testing app communication ___________
often requires the use of a proxy
Address space layout randomization (ASLR) ____
randomizes the locations of system components makes it difficult for attackers to know exactly where to hook their code
An evil twin is a type of _______.
rogue access point (AP)
Before a client can connect to an access point on a wireless local area network (WLAN), the client must detect an access point's presence through active or passive _________.
scanning
Software fragmentation of the Android operating system (OS) occurs when many different vendors modify or customize core software code to suit their own requirements. What does software fragmentation typically increase?
security vulnerabilities
You are a networking consultant who has been asked to penetration test the network of a small business. You do not have any details regarding the network. You initially notice that employees are using laptops and tablets but you cannot find any available Wi-Fi network. What basic security measure is being deployed, and how can you defeat it?
service set identifier (SSID) cloaking and solve using Kismet
