[Free] 2018(June) Dumps4cert CompTIA ADR-001 Dumps with VCE and PDF Download 11-20

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May CompTIA Official New Released ADR-001
100% Free Download! 100% Pass Guaranteed!

CompTIA Mobile App Security Certification Exam (Android Edition)

Question No: 11

Adding an Intent Filter to an Activity could cause a security issue because:

  1. activities with Intent Filters are unprivileged by default.

  2. it bypasses Android’s default filters.

  3. activities with Intent Filters are exported by default.

  4. it violates the Android sandbox security model.

Answer: C

Question No: 12

Which of the following describes why a developer should define private wrappers around native and public native methods?

  1. To prevent untrusted callers from invoking native methods.

  2. To filter data that is sent to the native methods.

  3. Because native methods cannot be called directly.

  4. To impose naming convention on methods.

Answer: A

Question No: 13

How does HTTP Basic Authentication work?

  1. A client-specific secret value is combined with a server-specific secret value to form a master secret, which is then used to sign all communications.

  2. A one-time use token (nonce) is generated by the server and sent to the client, where it is then returned on each subsequent request.

  3. A digital signature is generated of the request using the client’s private key and sent to the server.

  4. A username and password are combined into a string on the client, base 64 encoded, and then sent to the server as an HTTP header.

Answer: D

Question No: 14

Which of the following provides an enumeration of software weaknesses to be avoided?

  1. Open IOC (MANDIANT)

  2. Metasploit Framework (RAPID7)

  3. NVD (NIST)

  4. CWE (MITRE)

Answer: D

Question No: 15

Which of the following is TRUE regarding permissions?

  1. Users cannot review permissions before installing an app

  2. Android permissions do not change between versions

  3. Over-permissioned apps increase the risk to the end user

  4. Apps are granted access to contacts data without requesting permissions

Answer: C

Question No: 16

Which of the following describes what is wrong with the following sample code?

public class MyActivity extends Activity{ public void onCreate(Bundle myBundle){ foo( );



  1. The method onCreate must be private.

  2. A developer cannot extend Activity.

  3. A call is missing to super.onCreate(mybundle).

  4. The class MyActivity must be private.

Answer: C

Question No: 17

Which of the following is true about methods that receive an array as a parameter?

  1. The developer should never use an array as a parameter because it will cause a buffer overflow.

  2. The developer should expose the array so it can be modified outside the class.

  3. The developer should clear the array first.

  4. The developer should clone the array object and store the copy.

Answer: D

Question No: 18

Why is it necessary to pass session tokens over a secure, encrypted channel?

  1. Revealing the session token over an unsecured channel would allow an attacker to determine the private key used to generate the token.

  2. Session tokens can be used to reveal the physical location of the Android device.

  3. Session tokens contain the user password.

  4. Session tokens can be presented to the application allowing an attacker to impersonate

a valid user.

Answer: D

Question No: 19

A developer is using a third-party cloud service via Web APIs for backup of unencrypted user photos. The use of this service is invisible to the end user. Incorporation of this service into the application introduces which potential key security risk?

  1. User data breach on cloud provider’s systems

  2. Breaking backward compatibility

  3. Reflected XSS

  4. Application instability in case of cloud provider outage

Answer: A

Question No: 20

Which of the following BEST describes a process or mechanism to thwart reverse engineering through software fault injection?

  1. Dumping stack trace information

  2. Handling of program exceptions

  3. Altering of class names and/or method names

  4. Eliminating dead, i.e. unreachable, code

Answer: B

100% Dumps4cert Free Download!
Download Free Demo:ADR-001 Demo PDF
100% Dumps4cert Pass Guaranteed!
ADR-001 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No