CS-4451 Quiz 05 - Mobile Embedded and Specialized Device Security Study Questions
Which of the following tools allow a mobile device to be managed remotely by an organization and typically involve a server sending out management commands to mobile devices?
MDM Reason - Mobile device management (MDM) tools allow a device to be managed remotely by an organization. MDM provides a high degree of control over the device.
Which one of the following is the most appropriate explanation of photoplethysmography?
Measuring heart rate by tracking changes in green light absorption, since human blood absorbs green light Reason - Photoplethysmography uses human blood's absorption of green light to measures heart rate.
Simon is working in a telecom firm. Being an HOD, he was asked to suggest a lock pattern for their mobile devices with the following features: The device should have a prerecord of its user's walking and other body movement patterns, and on sensing any change in the regular movements, should be able to lock the device. Which lock pattern should Simon suggest?
On-body detection Reason - On-body detection learns the user's walking patterns, and if it detects a different walking style, it locks the device.
Peter is a design engineer at a mobile device manufacturing company. He is designing the core components included in their flagship mobile device being launched during year-end 2020. Peter wants to design a tablet component that would detect vibrations and movements and determine the device's orientation so that the screen image is always displayed upright. Which of the following are materials he should use for developing this component?
Piezoelectric, piezoresistive, and capacitive components Reason - Piezoelectric, piezoresistive and capacitive components are used to build Accelerometers
Which of the following are categories of vulnerabilities in mobile device connections that can also be exploited by threat actors?
Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots Reason - Tethering, USB-on-the-go (OTG), malicious USB cable, and hotspots are all categories of vulnerabilities in mobile device connections that can also be exploited by threat actors.
Which of the following sets consists of only the core features of a mobile or computing device?
Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local non-removable data storage Reason - Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local non-removable data storage, and data synchronization capabilities with a separate computer or remote servers are the core features of mobile devices.
Kelly is asked to choose a mobile management tool that provides a single management interface for all applications, content, and device management. Which of the following is the best one-step solution?
Unified environment management (UEM) tool Reason - The unified endpoint management (UEM) has the capabilities of MDM, MAM, and MCM unified as a group or class of software tools with a single management interface for mobile devices and computer devices. It provides capabilities for managing and securing mobile devices, applications, and content.
Which of the following mobile device features senses movements that it then uses to ensure the screen is always oriented upright?
Accelerometer Reason - Accelerometers sense movements and vibrations, which are then used to ensure the mobile display image is oriented upright no matter how the device is turned.
Which of the following devices is similar to Raspberry Pi?
Arduino Reason - A device similar to the Raspberry Pi is the Arduino. Unlike the Raspberry Pi, which can function as a complete computer, the Arduino is designed to control other devices; it has an 8-bit microcontroller, compared to the 64-bit microprocessor on the Raspberry Pi, a limited amount of RAM, and no operating system.
Sara is asked to create a controller for light sensors. When the light falls on the sensor, it needs to indicate when a particular object is moved from its original position. For this, she needs a credit card-sized motherboard with a microcontroller on it. Which option should she select?
Arduino Reason - The Arduino is a controller for other devices; it has an 8-bit microcontroller instead of a 64-bit microprocessor like the Raspberry Pi, limited RAM, and no operating system.
Which of the following sensors help generate security alerts to physicians regarding patient health?
BAN Reason - A body area network (BAN) can monitor electrocardiogram (EKG) impulses, blood pressure, glucose, and other human biological functions and alert physicians to any anomalies.
In which of the following mobile device connectivity methods are transmitters connected through a mobile telecommunication switching office (MTSO) that controls all of the transmitters in the cellular network and serves as the link between the cellular network and the wired telephone world?
Cellular Reason - Many mobile devices rely on cellular telephony for connectivity. A cellular telephony network's coverage area is divided into hexagon-shaped cells; in a typical city, the cells measure 10 square miles (26 square kilometers). At the center of each cell is a transmitter that mobile devices in the cell use to send and receive signals. The transmitters are connected through a mobile telecommunications switching office (MTSO) that controls all transmitters in the cellular network and serves as the link between the cellular network and the wired telephone world.
Zyan works for ABC Technology. The enterprise wants to provide smartphones to all its employees. They can choose from a limited list of approved mobile devices. But they need to pay for the device themselves. The company will pay them a monthly stipend. Which deployment method should Zyan suggest to meet his company's needs?
Choose your own device (CYOD) Reason - In choose your own device (CYOD), employees choose from a limited selection of approved devices but pay the upfront cost of the device while the business owns the contract.
Which of the following mobile device enterprise deployment models are implemented so that employees in an organization are offered a suite of security, reliability, and durability choices that the company has already approved?
Choose your own device (CYOD) Reason - In the CYOD model, employees are offered a suite of security, reliability, and durability choices that the company has already approved.
James is a black hat hacker employed as an authorized officer at Apple. He has credentials and signed a non-disclosure agreement to perform advanced penetration testing on the iOS 6.1.6 operating system, and has already gained low-level access to the mobile device using a backdoor. Which of the following actions should James take to design/create his own custom firmware to exploit underlying vulnerabilities and gain a higher level of access to a UNIX shell with root privileges, essentially allowing them to do anything on the device?
Clone and inherit the source code of the open-source software "P0sixspwn" Reason - Users can circumvent built-in installation limitations on their smartphone to download an app from an unofficial third-party app store, which can be used to access the mobile device's underlying OS and file system with full permissions. This is called jailbreaking. For example, a jailbreak on an Apple iPhone gives users access to a UNIX shell with root privileges, essentially allowing them to do anything on the device. P0sixspwn is an open-source jailbreaking software used to jailbreak iOS 6.1.3-iOS 6.1.6 operating system. This is the most appropriate software James can clone and inherit to build his own custom firmware.
Marcus is an information security architect at a product-based IT firm. He is responsible for developing policies for the most-secure mobile device enterprise-deploying model. The company will decide the level of choice and freedom for employees. Employees are supplied company-chosen and paid-for devices that they can use for both professional and personal activities. This action is performed under which enterprise deployment model?
Corporate-owned, personally enabled (COPE) Reason - In COPE, employees are supplied the device chosen and paid for by the company, but they can also use it for personal activities.
John has been appointed as a product manager at a large mobile device manufacturing company. He is designing the core features included in their flagship mobile device that will be launched during the holiday shopping season. Which of the following features should he primarily include?
Data synchronization with a remote server or separate device Reason - Data synchronization capabilities with a remote server or a separate computer/mobile device are a core feature of mobile devices.
Sean is an information security architect at a financial firm. As his first project, he must design and build an efficient, sure-shot, yet cost-effective solution to detect and prevent bank credit card fraud. How should Sean proceed?
Design a solution that keeps track of dates, times, locations of transactions, and geolocation of the authorized cell phone. When a user makes a purchase at a store, the bank can immediately check that the cell phone and the bank card are in the same place. If they are, the purchase is considered legitimate. But if they are not, then the payment is rejected. Reason - This solution is based on geolocation to reduce the chances of bank card fraud. Geolocation can also help prevent the rejection of valid purchases. As per a credit card issuer, the design solutions can reduce unnecessary declines by as much as 30 percent.
Amaya is looking for a hardware chip or integrated circuit (IC) that can be programmed by the user to carry out one or more logical operations, can be reprogrammed when needed, and can be configured by either the user or designer. Which option should Amaya select?
Field-programmable gate array (FPGA) Reason - A field-programmable gate array (FPGA) is an integrated chip (IC) consisting of internal hardware blocks with user-programmable interconnects to customize operations for a specific application. A user can write software that loads onto the FPGA chip and executes functions, and that software can later be replaced or deleted.
Which of the following is the most secure encryption solution to adopt for a Google Android mobile device?
File-based encryption Reason - Android provides an encryption option called file-based encryption, which is considered more secure than full disk encryption. File-based encryption encrypts each file with a different key so that files can be unlocked independently without decrypting the entire partition. The device can decrypt and use files needed to boot the system and process critical notifications while not decrypting personal apps and data.
Which of the following sets only lists additional features of a mobile device or a computing device?
Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), removable storage media Reason - Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), and removable storage media are additional, non-core features of a mobile device.
Photoplethysmography uses which type of light to measure heart rate on a wearable device?
Green Reason - Green LED lights are used when the wearer is exercising by flashing green light onto the wrist hundreds of times per second. Human blood absorbs the green light. The heart rate can be determined by measuring the changes found in the green light absorption, and this method is called photoplethysmography.
John is asked to design a specialized device that does not have any security features but operates on the basis of trust that assumes all other devices or users can be trusted. Which security constraint for the embedded system should John use?
Implied trust Reason - Many devices are designed without any security features but operate on an "implied trust" basis that assumes all other devices or users can be trusted.
In which of the following mobile device connectivity methods are light waves used as a communication channel?
Infrared Reason - Instead of using radio frequency (RF) as the communication media, some devices can use infrared light. Infrared light has a longer wavelength than the visible light spectrum.
Jordan has been asked by his organization to help them choose a mobile device communication channel for their new mobile device build. Which of the following mobile device communication channels should Jordan NOT suggest to his company?
Infrared Reason - Instead of using radio frequency (RF) as the communication media, some devices can use light. All types of light travel from the sun to the Earth make up the light spectrum, and visible light is a small part of that entire spectrum. This channel is rarely found today because of its slow speed.
Walter's organization is in the beginning stages of a new project. His team is tasked with finding a tool that must have the following features, allowing it to be remotely managed by the organization: 1. It must be able to apply default device settings. 2. It must be able to approve or quarantine new mobile devices. 3. It must be able to configure emails, calendars, contacts, and Wi-Fi profile settings. 4. It must be able to detect and restrict jailbroken and rooted devices. Which tool should Walter's team suggest, and why?
MDM, because it allows remote management and over the air updates. Reason - Mobile device management (MDM) tools allow a device to be managed remotely by an organization. It typically involves a server component that sends management commands to the mobile devices and a client component that runs on the mobile device to receive and implement the management commands. An administrator can then perform over-the-air (OTA) updates or change the configuration on one device, groups of devices, or all devices. It can also perform all the above-mentioned tasks.
Dan uses his personal laptop for writing the script for an upcoming high-budget, highly anticipated movie. To keep the script private, he decided not to connect his laptop to any network and updated his system with the latest virus definitions and security patches. Which of the following is Dan's laptop still vulnerable to?
Malicious USB Reason - Dan's laptop is still vulnerable to a malicious USB. A USB cable can be embedded with a Wi-Fi controller that can receive commands from nearby devices to send malicious commands to the connected mobile device.
Which alert utility can identify theft in a smart meter?
Tamper protection Reason - Tamper protection can alert a utility in the event of tampering or theft.
Alpha Tech started a charitable competition in which every team is asked to submit a proposal for a public health contract asking for a new viral transmission mitigation app. Which team has selected the correct option?
Team B has selected BAN. Reason - IoT BAN is a wireless network of wearable computing devices. Sensors that continuously monitor body temperature are being proposed to help stem the transmission of viruses among humans. The sensors could help shut down emerging viruses before a pandemic can take hold.
Which of the following vulnerabilities involves connecting a flash drive infected with malware to a mobile device?
USB-on-the-go (OTG) Reason - Connecting a malicious flash drive infected with malware to a mobile device could result in an infection, just as using a device as a peripheral while connected to an infected computer could allow malware to be sent to the device.
Anola is the security administrator in XYZ consulting. She is asked to suggest a deployment method where the data is stored in a completely secure, centralized server and accessed by authorized employees using their own devices. Which deployment should Anola choose?
Virtual desktop infrastructure (VDI) Reason - The virtual desktop infrastructure(VDI) stores sensitive applications and data on a remote server and can be accessed through employee devices. Enterprise can centrally protect and manage the apps and data on the server.