CompTIA ADR-001 - CompTIA Mobile App Security+ Certification Exam (Android Edition) Exam
Page: 1 / 21
Total 102 questions
Question #1 (Topic: )
An Intent Sniffing attack is where:
A. a malicious app intercepts network communications to capture Intent traffic.
B. cached Intent messages are read from storage by an attacker.
C. Intent declarations are read from the manifest in order to construct spoof Intents.
D. a malicious app registers to receive public broadcasts in order to intercept data.
Answer: D
Question #2 (Topic: )
When handling sensitive data with Android apps, which of the following storage strategies
is MOST secure?
is MOST secure?
A. Store data on device using encryption, with encryption key managed on the server
B. Prompt users to enable encryption
C. Store sensitive data locally in XML protected with file permissions
D. Store sensitive data on the server
Answer: D
Question #3 (Topic: )
A file with Unix permissions ‘700’ allows:
A. all users to read, write and execute.
B. full access to the app that created it and no other apps.
C. only the system and root access.
D. for protected storage on the shared SD card.
Answer: B
Question #4 (Topic: )
In the AndroidManifest.xml file which element is used to define the permissions an app is
requesting access to?
requesting access to?
A. <uses-permission>
B. <permission>
C. <grant-uri-permissions>
D. <activity>
Answer: A
Question #5 (Topic: )
Which of the following BEST describes the responsibility of a TrustManager object when
used in an Android application with SSL?
used in an Android application with SSL?
A. The TrustManager verifies that a Certificate Authority truly did issue a servers SSL certificate by using the Online Certificate Status Protocol (OCSP).
B. The TrustManager manages the client-side SSL certificate that the Android application will present to a server for mutual authentication.
C. The TrustManager makes decisions on if a servers SSL certificate should be trusted, by allowing the developer to specify which certificates should be allowed.
D. The TrustManager verifies that a server’s SSL certificate has not been revoked by checking the Certificate Authority’s Certificate Revocation List (CRL).
Answer: C
