CompTIA ADR-001 - CompTIA Mobile App Security+ Certification Exam (Android Edition) Exam
Page: 2 / 21
Total 102 questions
Question #6 (Topic: )
A developer is designing a very sensitive web application that will be accessed by both
desktop web browsers and mobile Android applications. What is one way the developer
can implement a multi-factor authentication system for these users?
desktop web browsers and mobile Android applications. What is one way the developer
can implement a multi-factor authentication system for these users?
A. Have the user memorize a PIN in addition to their password and require them to supply both when attempting to log in.
B. Have the user answer a security question once they authenticate using their username and password.
C. Require a one-time-use code sent via an SMS message in addition to a username and password.
D. Have the user supply their last password in addition to their current password when they attempt to log in.
Answer: C
Question #7 (Topic: )
Which of the following can be performed to find security design flaws in mobile apps prior
to writing code?
to writing code?
A. Threat modeling
B. Penetration testing
C. Static source code analysis
D. Dynamic validation testing
Answer: A
Question #8 (Topic: )
When an app “logs out” of a back end system the developer should also ensure:
A. app jumps to device home screen, clearing the data from the previous session.
B. GUI components displaying data while logged in are destroyed as Android does not do this.
C. app switches back to login screen forcing the user to re-login to view the data.
D. app maintains the state of the session ID in the key chain.
Answer: B
Question #9 (Topic: )
Which of the following is a disadvantage of using a static embedded API Key for client
authentication to a web service?
authentication to a web service?
A. API Keys require the use of a certificate issued by a commercial Certificate Authority.
B. API Keys are used with asymmetric cryptography, which is slow and can negatively impact the performance of the client application.
C. API Keys cannot be transmitted over HTTPS, so they are open to compromise.
D. API Keys can be discovered and abused by an attacker.
Answer: D
Question #10 (Topic: )
When applying PBKDF2 to a password, what would be the MORE secure number of
iterations to use?
iterations to use?
A. 100
B. 1,000
C. 2,000
D. 10,000
Answer: D
