Chapter 11 -12 Quiz
Android does not have the ability to encrypt data through cryptographic application programming interfaces (APIs). A) True B) False
B) False
Whereas Apple iOS and Windows Phone use a sandbox architecture approach, Google Android does not. A) True B) False
B) False
What is the SmartScreen Filter in Windows Phone? A)a sandboxing technology B)a defense technology that reduces the attack surface area for memory-related exploits C)a method of providing two-factor authentication D)a mechanism for preventing phishing attacks
D)a mechanism for preventing phishing attacks
Which of the following is NOT a feature of Windows Phone architecture? A)BitLocker disk encryption B)compartmentalization C)closed system D)iMessage, FaceTime, and Siri Internet services
D)iMessage, FaceTime, and Siri Internet services
Android developers typically write their apps in Java and then convert them to run on the Dalvik platform on all Android devices. A) True B) False
A) True
Android users who download apps only from Google Play run little chance of infecting their devices. A) True B) False
A) True
Because Android is an open source platform, every application created for Android devices consists of essential building blocks. Therefore, every application can be decompiled and reviewed as blocks of source code. A) True B) False
A) True
Matching the URL of a link to the name presented in the text of an e-mail message before clicking on it can reduce the success rate of phishing attacks. A) True B) False
A) True
The Linux file system uses permissions to ensure that one user cannot access the files of other users. A) True B) False
A) True
The Linux kernel has been used for many years in security-sensitive environments. A) True B) False
A) True
The applications used on Android devices are developed in Java. A) True B) False
A) True
The small size of mobile device screens makes users vulnerable to phishing attacks. A) True B) False
A) True
In 2014, _____ released the Handoff feature, which allows users to move seamlessly between devices, continuing where they left off when they switch devices. A)Apple B)Android C)BlackBerry D)Microsoft
A)Apple
Which of the following is true of the Android security model? A)Each Android app runs in its own Dalvik virtual machine (VM), and each VM is isolated within its own Linux process. B)Android relies on Java VM to enforce security. NOT C)Android uses a server-based permission model. D)Developers cannot remove any elements from the operating system kernel.
A)Each Android app runs in its own Dalvik virtual machine (VM), and each VM is isolated within its own Linux process.
Which of the following is the official Android development tool? A)AndroRAT B)Android SDK C)DroidBox D)Android Framework for Exploitation
B)Android SDK
Which of the following is NOT a feature of Apple iOS architecture? A)Transport Layer Security (TLS) network security B)BitLocker disk encryption C)a secure boot-chain D)iMessage, FaceTime, and Siri Internet services
B)BitLocker disk encryption
Which of the following makes it impossible for cybercriminals to modify or tamper with released Apple iOS applications? A)BitLocker encryption B)digital certificate for approved products C)application isolation D)permission-based access control
B)digital certificate for approved products
Which mobile phone vulnerability involves hijacking the phone to participate in mass attacks on a third-party network? A)location snooping B)participating in distributed denial of service (DDoS) attacks C)global positioning system (GPS) tracking D)SMS redirection
B)participating in distributed denial of service (DDoS) attacks
In addition to the Android operating system being open source, the source code behind the applications running on Android are also viewable. The process to view source code within any Android application involves which step? A)unlocking the Cocoa Touch Layer B)using Android SDK to decompile the code C)applying the Android Framework for Exploitation D)decompiling with AndroRAT
B)using Android SDK to decompile the code
Which of the following is NOT a feature of Android operating system (OS) architecture? A)open system B)sandbox approach C)BitLocker disk encryption D)digital signing of applications
C)BitLocker disk encryption
Which tool used on Android devices can check for password hashes, check files for read/write data, and record incoming and outgoing communications (SMS messages and phone calls)? A)AndroRAT B)Android SDK C)DroidBox D)Android Framework for Exploitation
C)DroidBox
Which of the following is NOT true of Handoff? NOT A)It works with iOS apps and browsers used on an iPhone. B)It allows a user to make calls from a Mac or an iPad. C)It allows a user to switch between an iPhone and a Windows Phone device seamlessly. D)It requires inter-device continuity, using Bluetooth 4 and Wi-Fi direct connections.
C)It allows a user to switch between an iPhone and a Windows Phone device seamlessly.
Which of the following is NOT true of enterprise mobility management (EMM)? A)It is a framework that consists of sets of people, processes, and technologies required to manage mobile IT within the enterprise. NOT B)It is a turnkey solution. C)It is designed only for Windows Phone. D)It secures and manages a broad range of operating systems and devices.
C)It is designed only for Windows Phone.
Which of the following is NOT true of jailbreaking Apple iOS? A)It unlocks carrier restrictions. B)It enables users to download apps from any source. C)It supports the walled garden security approach. D)It gives owners root privileges.
C)It supports the walled garden security approach.
Which of the following uses Secure Boot and Trusted Boot? A)Android operating system B)Apple iOS C)Windows Phone D)BlackBerry
C)Windows Phone
Which of the following security model characteristics are shared by Apple iOS and the Android operating system (OS)? A)open system B)limited permission-based access control C)applications run in a sandbox D)strict application provenance
C)applications run in a sandbox
Which mobile phone vulnerability involves hijacking the camera to monitor the user or the user's surroundings? A)audio attack B)photographs and video attack C)camera attack D)SMS redirection
C)camera attack
Which Android security platform control or feature identifies application authors and deters or prevents malware? A) mandatory sandboxing B)secure inter-process communication C)digital signing of applications D)user-granted application permissions
C)digital signing of applications
There are two opposing models of source code management for mobile operating systems. One is the open source model, which developers can freely alter. The Android operating system follows this model. Apple's operating system iOS follows the other model. Which of the following best characterizes the Apple iOS philosophy? A)jailbroken B)rooted C)walled garden D)non-component-layered model
C)walled garden
Which of the following can scan the network, looking for security issues and vulnerabilities on Android devices? A)AndroRAT B)Android SDK C)DroidBox D)Android Framework for Exploitation
D)Android Framework for Exploitation
Which security model characteristic is found in Windows Phone but not Apple iOS or Android operating system (OS)? A)walled garden B)strict application provenance C)applications run in a sandbox D)BitLocker encryption
D)BitLocker encryption
Which of the following is NOT true of the Android operating system and apps? NOT A)Android apps run on the Dalvik platform on all Android devices. B)The Android security model is based on an open system. C)Android allows owners to download applications and software from any Web site. D)Google vets the trustworthiness of all apps regardless of the source.
D)Google vets the trustworthiness of all apps regardless of the source.
What makes the Apple iPhone with iOS ideal for bring your own device (BYOD)? A)Apple iOS is an open system. B)It cannot be jailbroken. C)Apple iOS doesn't have strong built-in security, which makes it more manageable. D)It has one operating system and only one or two models of each version of the device.
D)It has one operating system and only one or two models of each version of the device.
Which mobile phone vulnerability is used for eavesdropping and potential extortion? A)International Mobile Station Equipment Identity (IMEI) number theft B)sending premium-rate SMS messages C)making expensive calls D)SMS redirection
D)SMS redirection
Which of the following is a characteristic of the Android sandbox? A)The Android security system does not need to assign a unique user ID to each Android application. B)A memory crash in one application creates a security issue that compromises the overall security of the device. C)It isolates applications and their files but not memory space. D)The application kernel is within the operating system (OS) kernel.
D)The application kernel is within the operating system (OS) kernel.
What does NOT pose a significant security risk to users of Android smartphones? NOT A)widespread penetration of Android in the smartphone market NOT B)open source nature of the Android operating system (OS) C)users' tendency to bypass available authentication options D)downloading apps from Google Play
.C)users' tendency to bypass available authentication options
What purpose does Unified Extensible Firmware Interface (UEFI) serve in Windows Phone? A)It initializes hardware and starts the boot loader, and ensures that the operating system loader is secure and tamper free. B)It is a crypto-processor designed to secure data, enable authentication, and ensure device integrity. C)It is a defense technology that aims to reduce the attack surface area for memory-related exploits. D)It protects the system by moving executable images into random areas of memory.
A)It initializes hardware and starts the boot loader, and ensures that the operating system loader is secure and tamper free.
Which of the following is true of Windows Phone in general? A)low market share B)low programming complexity C)experiences a high rate of successful malware attacks D)is more likely to be jailbroken than Apple iOS due to the diversity of devices on which it runs
A)low market share
A company's IT security team is considering a new security awareness program for employees. All employees are already security-conscious about threats on their PCs. However, because some employees are new mobile users, the security team believes those employees need mobile-specific awareness training. What subject can the employees benefit from the most? A)phishing attacks B)social engineering C)principle of least privilege NOT D)use of strong passwords
A)phishing attacks
What is an effective method of protecting an organization's assets in a bring your own device (BYOD) model? A)security policies B)implementing bring your own application (BYOA) C)full-device encryption D)Secure Boot
A)security policies