REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Hopes
 
 

 

Braindumps of ADR-001
CompTIA Mobile App Security+ Certification Exam

 

Exam Questions, Answers, Braindumps (ADR-001)

This braindump is provided with ratings from different students. I used www.examcheats.net study material and the exam was not a problem for me.

 

QUESTION NO: 1

Which of the following is true about methods that receive an array as a parameter?

A. The developer should never use an array as a parameter because it will cause a buffer overflow.

B. The developer should expose the array so it can be modified outside the class.

C. The developer should clear the array first.

D. The developer should clone the array object and store the copy.

ANS: D

QUESTION NO: 2

Which of the following accurately explains why many people criticize the use of a unique hardware ID such as IMEI/MEID to identify users? (Select TWO).

A. The hardware ID can be traced to an individual user and help track activity over time and across apps

B. The hardware ID unlocks encryption on the device

C. Companies encode email addresses directly into the hardware ID

D. Hardware ID values are easily predictable

E. Users cannot selectively block apps’ access to it

ANS: A,E

QUESTION NO: 3

Which of the following attempts to inhibit an application from being trojanized and proliferating?

A. Tamper protection in code.

B. Encrypting config file.

C. Ensure appropriate permissions are deployed to every component.

D. Login credentials delivered over network with HTTPS.

ANS: A

QUESTION NO: 4

Which of the following is fundamental to MOST transport layer encryption implementations?

A. Device passcode

B. Obfuscation

C. HTTPS

D. Keychain

ANS: C

QUESTION NO: 5

Which of the following can be performed to find security design flaws in mobile apps prior to writing code?

A. Threat modeling

B. Penetration testing

C. Static source code analysis

D. Dynamic validation testing

ANS: A

QUESTION NO: 6

Which of the following methodologies is BEST for a developer to find input validation weaknesses in their own mobile app source code?

A. Disassembly of mobile app executable

B. Threat modeling

C. Fuzz testing an app’s attack surface

D. Single stepping an app through a debugger

ANS: C

QUESTION NO: 7

Which of the following techniques are useful in a secure software development process? (Select TWO).

A. Cross platform compatibility testing with HTML5

B. Using hardware encryption to protect all data on the device

C. Static code analysis

D. Abuse/misuse case analysis

E. Implementation of two-factor authentication

ANS: C,D

QUESTION NO: 8

Which of the following will LEAST likely be detected through source code analysis?

A. Improper certificate validation

B. Buffer overflow vulnerability

C. Improper build process

D. Hardcoded credentials

ANS: C

QUESTION NO: 9

Which of the following is the MOST reliable form of input validation?

A. Positive validation of input data using regular expression processing

B. Base64 encoding of input data

C. Validating the bounds of input data using a character set

D. HTML or URI encoding of input data and ensuring Unicode support

ANS: A

QUESTION NO: 10

When handling sensitive data with Android apps, which of the following storage strategies is MOST secure?

A. Store data on device using encryption, with encryption key managed on the server

B. Prompt users to enable encryption

C. Store sensitive data locally in XML protected with file permissions

D. Store sensitive data on the server

ANS: D

QUESTION NO: 11

Which of the following describes a best practice in a software system?

A. Security through obscurity

B. Hardcoded encryption keys

C. Principle of least privilege

D. Trust session implicitly

ANS: C

QUESTION NO: 12

Which of the following provides an enumeration of software weaknesses to be avoided?

A. Open IOC (MANDIANT)

B. Metasploit Framework (RAPID7)

C. NVD (NIST)

D. CWE (MITRE)

ANS: D

QUESTION NO: 13

A developer is using a third-party cloud service via Web APIs for backup of unencrypted user photos. The use of this service is invisible to the end user. Incorporation of this service into the application introduces which potential key security risk?

A. User data breach on cloud provider’s systems

B. Breaking backward compatibility

C. Reflected XSS

D. Application instability in case of cloud provider outage

ANS: A

QUESTION NO: 14

Which of the following is true regarding DNS?

A. Each DNS request is uniquely encrypted

B. DNS security is by design difficult to tamper

C. Secure host name resolution is assured globally by ICANN

D. DNS on most public Wi-Fi has little security

ANS: D

QUESTION NO: 15

Which of the following is an effective means of confirming data integrity?

A. File access control

B. Set the No execute (NX) bit on data segment in memory

C. Base64 encoding

D. Digital signatures

ANS: D

QUESTION NO: 16

In an application architecture diagram, what categories of weaknesses are considered using Microsoft’s threat modeling process?

A. Man-in-the-middle, Data injection, SQL Injection, Malware, Zero-day exploits

B. Damage, Reproducibility, Exploitability, Affected users, Discoverability

C. Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege

D. Cross site scripting, Clickjacking, Data input validation, SSL, RSA security, Buffer overflow, Heap smashing, ARP injection

ANS: C



ADR-001

 

 


 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend