CompTIA ADR-001 - CompTIA Mobile App Security+ Certification Exam (Android Edition) Exam

Page:    1 / 21   
Total 102 questions

An Intent Sniffing attack is where:

  • A. a malicious app intercepts network communications to capture Intent traffic.
  • B. cached Intent messages are read from storage by an attacker.
  • C. Intent declarations are read from the manifest in order to construct spoof Intents.
  • D. a malicious app registers to receive public broadcasts in order to intercept data.


Answer : D

When handling sensitive data with Android apps, which of the following storage strategies is MOST secure?

  • A. Store data on device using encryption, with encryption key managed on the server
  • B. Prompt users to enable encryption
  • C. Store sensitive data locally in XML protected with file permissions
  • D. Store sensitive data on the server


Answer : D

A file with Unix permissions ‘700’ allows:

  • A. all users to read, write and execute.
  • B. full access to the app that created it and no other apps.
  • C. only the system and root access.
  • D. for protected storage on the shared SD card.


Answer : B

In the AndroidManifest.xml file which element is used to define the permissions an app is requesting access to?

  • A. <uses-permission>
  • B. <permission>
  • C. <grant-uri-permissions>
  • D. <activity>


Answer : A

Which of the following BEST describes the responsibility of a TrustManager object when used in an Android application with SSL?

  • A. The TrustManager verifies that a Certificate Authority truly did issue a servers SSL certificate by using the Online Certificate Status Protocol (OCSP).
  • B. The TrustManager manages the client-side SSL certificate that the Android application will present to a server for mutual authentication.
  • C. The TrustManager makes decisions on if a servers SSL certificate should be trusted, by allowing the developer to specify which certificates should be allowed.
  • D. The TrustManager verifies that a server’s SSL certificate has not been revoked by checking the Certificate Authority’s Certificate Revocation List (CRL).


Answer : C

Page:    1 / 21   
Total 102 questions