Strong Knowledge on CompTIA ADR-001 Mobile App Security
Strong Knowledge on CompTIA ADR-001 Mobile App Security+
Strong Knowledge on CompTIA ADR-001 Mobile App Security+ (Android Edition)
Strong Knowledge on CompTIA ADR-001 Mobile App Security+ (Android Edition) Exam
Sample Questions:
What are two advantages to using OAuth as the authentication method for an Android application to access a web application or service? (Select TWO).
OAuth integrates seamlessly into a mobile application, never requiring the user to interact with the web application or service in question
OAuth only maintains long and complex passwords for users of the Android application so the users do not have to remember them.
The application does not need to ever know the user’s login credentials.
In the event the device running the application is lost or stolen, the OAuth credentials issued to it can be revoked by the applications server.
OAuth enables both ends of an SSL tunnel to authenticate each other.
When an app logs out of a back end system the developer should also ensure:
app jumps to device home screen, clearing the data from the previous session.
GUI components displaying data while logged in are destroyed as Android does not do this.
app switches back to login screen forcing the user to re-login to view the data.
app maintains the state of the session ID in the key chain.
As a general best practice when logging application data which of the following is the BEST approach?
Log verbosely to the syslog.
Log everything so that the security team can figure out what occurred.
Log the operationally critical data, while preventing private data from being logged.
Log the critical data and quarantine anything sensitive in a separate log file.
Which of the following describes a process by which one party confirms the identity of another party?
Authentication
Integrity verification
Diffie-Hellman key exchange
Handshake protocol
The digital certificate used to sign the production release should be:
regenerated for each version of the app.
stored inside the app package before deployment.
stored in a secure location separate from the passphrase.
stored with the source code so all developers can build the app.
When an app creates a configuration file in its private data directory the developer should ensure:
that the file path is determined with get External Storage Directory().
that the file is created world writable.
that file ownership is set to system.
that the file is not created world readable.
Which of the following provides an enumeration of software weaknesses to be avoided?
Open IOC (MANDIANT)
Metasploit Framework (RAPID7)
NVD (NIST)
CWE (MITRE)