CS 453 - mobile security

Ace your homework & exams now with Quizwiz!

Which 802.11 standard is an extension of 802.11n, offers more channels, and streams up to 1.3 Gbps of throughput on the 5 GHz band?

802.11ac

Which of the following is NOT a feature of Apple iOS architecture? Transport Layer Security (TLS) network security a secure boot-chain iMessage, FaceTime, and Siri Internet services

BitLocker disk encryption

When testing is conducted without the tester having any information about the app being tested, it's called

Black Box testing

Which of the following would be most helpful in capturing mobile app communications?

Burp Suite

Which of the following is an encapsulation method used to securely transport keying material for encryption over wireless and Point-to-Point Protocol (PPP) networks?

Extensible Authentication Protocol (EAP)

Which of the the following is a security concern with apps using external libraries?

External libraries can introduce their own vulnerabilities into an app

A semi-directional antenna is typically installed by default on wireless access points (WAPs) and radiates radio waves equally in all directions.

False

An attacker must be within a company's physical boundaries to detect a wireless network.

False

Android devices have more vulnerabilities because the Android operating system is generally not as secure as iOS.

False

Because most of the authentication and authorization logic happens at the endpoint, there is no need to test authentication on the mobile app side.

False

In order to protect sensitive data, app developers should create their own cryptographic implementations.

False

On a wireless network, all traffic is on different frequencies and channels, making it difficult to intercept and capture.

False

_______ works by transmitting data using a small carrier space in short bursts and then continuously changing, or "hopping," to another frequency during transmission.

Frequency hopping spread spectrum (FHSS)

A hotel is an environment in which many individuals demand wireless access, yet access should be granted only to paying guests. A solution is needed to interrupt the connection attempt and validate paying hotel guests. Which of the following solutions provides the best and most common approach?

Guests use a captive portal and authenticated Dynamic Host Configuration Protocol.v

Which of the following best describes the Android verified boot process?

It establishes a trust relationship between the hardware and the actual code that executes on this hardware

How does Execute Never (XN) help to secure against malware attacks on an iOS device?

It marks memory locations as either writable or executable but not both (W^X) preventing writing from buffer overflows

Which of the following is the main purpose of the NIST Mobile Threat Catalogue?

It provides a way to organize and categorize threats to mobile devices

Which of the following is an advantage of an automated app testing tool?

It provides quick results

Which of the following is NOT true of jailbreaking Apple iOS? It allows access to the file system. It enables users to download apps from any source. It gives owners root privileges.

It supports the walled garden security approach.

After experiencing many Ethernet network outages, a company decides to implement a wireless workgroup bridge as a backup. Which of the following is true of this solution?

It works well because the wired PCs continue to communicate with each other over the wireless bridge connection after a router or switch fails.

Which of the following is a Wi-Fi scanner that runs on Linux, and works as a network sniffer, network detector, and an intrusion detection system (IDS)?

Kismet

Which of the following tools would you use to find the MAC address of an access point that is not broadcasting it's SSID?

Kismet

You are a networking consultant who has been asked to penetration test the network of a small business. The company's tech support person gave you WPA2-PSK credentials and the service set identifier (SSID) of a wireless access point. You try to log on to the network but cannot connect. What is the most likely problem and how can you overcome it?

MAC filtering is in place. Scan the network, and then steal and spoof a genuine MAC address.

_______ is highly aggressive, commercial mobile adware.

Madware

Mobile app attack surfaces describe points where malware or a threat actor can attack a mobile app. Match the NIST attack surface with the appropriate description

Mobile Technology Stack Includes the hardware, firmware, mobile OS and application Communication Mechanisms Includes WiFI, Bluetooth, Cellular, NFC and SIM cards Supply Chain Includes individual hardware and software components from a variety of sources Mobile Ecosystem Includes communication networks, apps stores, vendor infrastructure and enterprise systems

Which of the following is a difference between mobile apps and traditional desktop apps?

Mobile apps have more communication channels that can be vectors for attacks

Which of the following app types is delivered from web, with offline access and uses Javascript service workers to cache content?

Progressive web app

You are in charge of security for a large organization that provides mobile devices to its sales staff. The devices have access to customer records and proprietary information. Which of the following should you do to protect the devices against malware?

Prohibit applications from non-certified developers and third-party marketplaces

When building PhoneGap apps, which of the following is the preferred method to prevent exposure of user data to attackers?

Server-side business logic

Which of the following is a popular IPS that can be used for wireless networks?

Snort

Which of the following best describes the legality of iPhone jailbreaking

The U.S. Copyright Office published an exemption permitting device jailbreaking in order to change carriers

Which of the following is considered the weakest link in protecting a mobile device against malware?

The end user

Which of the following is NOT true of 802.11 unlicensed bands? Users can operate on these bands without a Federal Communications Commission license. Users must use certified radio equipment. Users must comply with certain power limits. Unlicensed bands are subject to interference.

Those who use unlicensed bands have exclusive use of the bands.

What is the best use of virtual local area networks (VLANs) on a wireless network?

To separate and segregate traffic

By rooting or jailbreaking a device, you make it more vulnerable to malware and other attacks.

True

If an app has permissions that aren't consistent with it's use, it does not necessarily mean it has malicious intent.

True

If something goes wrong during the rooting/jailbreaking process, it may "brick" the device, or make it permanently unusable.

True

Implementing encryption settings, reset functions, access control lists, and shared keys can prevent wardriving attacks from being successful.

True

In order to publish an app in the Apple App Store, one must register and pay for an Apple Developer account.

True

Mobile apps differ from desktop apps in that there is a smaller attack surface and therefore more security against injection and similar attacks.

True

One way to prevent casual eavesdropping of a wireless network is to control the radiation of the radio frequency (RF) signal outside the premises.

True

To capture packets on a wireless network, a person can simply run sniffing software on a computer with a wireless network card in promiscuous mode.

True

iOS malware usually focuses on older, or jailbroken iPhones

True

Which of the following is the least secure?

WEP

Which of the following should be the first choice in wireless data protection?

WPA2 + CCMP

Which of the following is the most robust and used in enterprise environments?

WPA2-CCMP

Which of the following uses preshared keys?

WPA2-PSK

Which service set for Wi-Fi devices is the cornerstone of wireless networks, defines a common topology, is typically connected to a distribution network such as an Ethernet LAN, and moves all communication through the access point?

basic service set (BSS)

Which of the following is an advantage of testing on an emulator?

can be easily reset/restored

When an attacker superimposes frames or hidden buttons over real buttons in an app in order to redirect the user to a malicious site it is called

click jacking

Which network attack technique is a form of a man-in-the-middle attack that requires visibility at the Transport Layer (Layer 4) of the Open Systems Interconnection (OSI) Reference Model?

session hijacking

NIST recommends that organizations that plan to use consumer apps for their business

should make risk-based decisions for app acquisition based on their own security requirements

A MITM attack that steals the cookie from a web session and insert it into attacker's browser to gain access to server session is called ______

side jacking

Which of the following is a limitation of the app vetting process?

the quality of the outcome depends on the level of human effort and expertise available for an evaluation

Which of the following is NOT true of Wi-Fi Protected Access (WPA)? - supports Temporal Key Integrity Protocol (TKIP)/Rivest Cipher 4 (RC4) dynamic encryption key generation - supports 802.1X/Extensible Authentication Protocol (EAP) authentication in the enterprise - uses passphrase-based authentication in SOHO environments

was the first security protocol for wireless networks

______ involves injecting malicious code into a Web site to exploit vulnerabilities in browsers. A user's device can be infected simply by visiting the site.

A drive-by attack

Which Android security platform control or feature identifies application authors and deters or prevents malware?

APK signing process

Which of the following best describes the Android permission model?

After Android 6, the user must approve some permissions requests during runtime

A rogue access point May be added to the network to serve as an attack vector May be added to the network by well-meaning employees who want easier access to network Is unmanaged and vulnerable to attack

All of the above

Which of the following host systems can be used to test Android apps? Linux Mac OS Windows

All of the above

Which of the following is a security weakness of apps developed with Adobe PhoneGap? Insecure Local Data Storage Insecure Source Files Remotely Loading Javascript

All of the above

Which of the following is the official Android development tool?

Android SDK

Which of the following is the primary piece of software required for testing security testing of Android apps?

Android SDK

Which of the following 802.11 service sets is used when a network administrator wants to enable roaming for wireless devices?

Extended service set

Which of the following is NOT a threat category defined by the NIST Mobile Threat Catalogue? Stack Authentication Physical Access DevOps

DevOps

An important defense against mobile malware is ________

Enabling fraud detection on accounts you access with the device

When testing is conducted with the tester having full knowledge of the app and access to code is is known as

White Box testing

Which of the following is a cross-platform app development platform owned by Microsoft?

Xamarin

In an attempt to reduce OS fragmentation, recent versions of Android have implemented

a hardware abstraction layer (HAL) that allows changes to the OS without changing hardware drivers

On a wireless local area network (WLAN), every access point is identified by ________, which is a configurable name or an alphanumeric code.

a service set identifier (SSID)

A newly installed wireless access point (WAP) was incorrectly configured and is now a security threat. Skilled hackers discover the WAP while wardriving. What type of target does this access point represent and how is such a risk mitigated?

a target of opportunity; risk mitigated by defense in depth

If an attacker was able to capture packets from a user authenticating to your WiFi network, which of the following tools could she use to crack the WPA password?

aircrack-ng

A developer requires all connections to the server to use HTTPS. What technique might an attacker use to intercept and decrypt this communication?

an HTTP stripping attack

The visible part of an Android app is

an activity

Code obfuscation is related to

anti-tampering and anti-reverse engineering

When scanning wireless access points for vulnerabilities, which of the following is typically NOT a concern? the latest firmware and security patches the correct security credentials the appropriate security protocols

antivirus software

Which of the following security model characteristics are shared by Apple iOS and the Android operating system (OS)?

applications run in a sandbox

When testing app communications with Android 7 or above ___________

apps must be unpacked and a trusted certificate must be added

Which of the following is a basic requirement for secure app communication?

apps must set up a secure, encrypted channel for network communication using the TLS protocol.

Which network attack technique sends a constant stream of deauthentication (deauth) packets to force access points to deauthenticate and drop connections?

denial of service (DoS)

The first step in the mobile app vetting process is?

developing app security requirements

Which of the following makes it impossible for cybercriminals to modify or tamper with released Apple iOS applications?

digital certificate for approved products

Which of the following is the best control for combatting the risk of network interception vulnerabilities?

encryption

Which of the following describes static app analysis?

examining an application's components without executing them

Which of the following is a common technique for delivering malware on an iPhone?

getting a user to click a link that side loads a malicious app

Which of the following iOS permissions is granted to all apps by default?

iOS does not grant default permissions

Which service set for Wi-Fi devices does NOT use access points? basic service set (BSS) extended service set (ESS) mesh basic service set (MBSS)

independent basic service set (IBSS)

A common way of rooting an Android device is

installing a modified OTA package and recovery OS

__________ facilities enable apps to exchange signals and data.

inter-process communications

In the Android framework, an intent is

is a messaging object that can be used to request an action from another app component.

On a network, ________ is the practice of impersonating authorized users to gain their level of privileges.

masquerading

In order to conduct penetration testing on a WiFi network, you should use a device with a network card in _______

monitor mode

An inherent issue with radio waves is that they reflect off certain materials and surfaces. This results in multiple versions of the same radio waves bouncing around, known as ______.

multipath

Which type of antenna uses complex signal-processing techniques, allows multiple antennas to transmit and receive concurrently, and requires antenna signals to travel a different path for the receiver to be able to distinguish the multipath signals?

multiple input/multiple output (MIMO) antenna

When vetting a mobile app, testing app communication ___________

often requires the use of a proxy

Address space layout randomization (ASLR) ____

randomizes the locations of system components makes it difficult for attackers to know exactly where to hook their code

An evil twin is a type of _______.

rogue access point (AP)

Before a client can connect to an access point on a wireless local area network (WLAN), the client must detect an access point's presence through active or passive _________.

scanning

Software fragmentation of the Android operating system (OS) occurs when many different vendors modify or customize core software code to suit their own requirements. What does software fragmentation typically increase?

security vulnerabilities

You are a networking consultant who has been asked to penetration test the network of a small business. You do not have any details regarding the network. You initially notice that employees are using laptops and tablets but you cannot find any available Wi-Fi network. What basic security measure is being deployed, and how can you defeat it?

service set identifier (SSID) cloaking and solve using Kismet


Related study sets

Microsoft Office GCF Lessons 5-8: Study Guide

View Set

PrepU Chapter 38: Agents to Control Blood Glucose Levels

View Set

Engage Fundamentals RN ATI: Scope and Standards of Practice- Posttest

View Set

Women & Psych - 320 - Module 2 Exam (Ch. 3 +10P, 5, 6, 8)

View Set

PHONETIC ALPHABET, 10 CODES, 11 CODES, CODES

View Set

Fluid And Electrolyte Practice Questions

View Set

General Anatomy-Topographical Anatomy

View Set

GMetrix Test Training 1 & 2 Matthew B.

View Set