[Free] 2018(June) Dumps4cert CompTIA ADR-001 Dumps with VCE and PDF Download 51-60

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May CompTIA Official New Released ADR-001
100% Free Download! 100% Pass Guaranteed!

CompTIA Mobile App Security Certification Exam (Android Edition)

Question No: 51

Once an Android client has authenticated to a web service, what must be done on the server-side to ensure correct authorization checks are being performed?

  1. For each request that is considered more sensitive than previous ones, force the client to re-authenticate so that the user’s identity can be confirmed.

  2. For each request, check the session token to verify the client has been authorized for that device and session.

  3. For each request, ensure that the client is authenticated and that the specific Android device identified in the request is the same as for the last request.

  4. For each request, ensure that the client is authenticated and that the specific client is authorized to perform the specific action on the specific data.

Answer: D

Question No: 52

Which of the following defines why it is important for a developer to deploy known-good (whitelist) input validation for all requests made to a web service API?

  1. Known-good validation ensures that all inputs are in an expected format and are valid before processing them. As requests to the API come over the network, they must be considered untrusted.

  2. Known-good (whitelist) can be performed much faster than known-bad input validation.

  3. Known-good input validation is the only way to prevent command (SQL) injection attacks and since web services are typically integrated with a backend SQL database, this checking ensures the integrity and confidentiality of the database.

  4. Known-good input validation first checks to ensure that incoming requests are being made by a valid and known client before beginning to process them, so that inputs from attackers are never processed, thus protecting the web service.

Answer: A

Question No: 53

Which of the following techniques are useful in a secure software development process? (Select TWO).

  1. Cross platform compatibility testing with HTML5

  2. Using hardware encryption to protect all data on the device

  3. Static code analysis

  4. Abuse/misuse case analysis

  5. Implementation of two-factor authentication

Answer: C,D

Question No: 54

Signing data with a digitalsignature.(Select TWO)

  1. allows it to be decrypted.

  2. requires a public key to verify.

  3. requires a private key to verify.

  4. allows one to see if it has not been modified.

  5. encrypts the data.

Answer: B,D

Question No: 55

When generating a key from a password why would a developer want to iterate this process many times?

  1. To make brute force attempts more expensive.

  2. To ensure there is enough entropy.

  3. To shrink the length of long passwords.

  4. To generate extra processing cycles.

Answer: A

Question No: 56

Which of the following is true regarding apps running on rooted devices?

  1. Google Play will remove any app running on a rooted device.

  2. The developer can attempt to prevent the app from running on rooted devices.

  3. By default Android automatically prevents apps from running on a rooted device.

  4. The handset manufacturers control which apps can run on rooted devices.

Answer: B

Question No: 57

Why should the Secure attribute be set on any session cookie sent to an Android application?

  1. This attribute instructs the device to store the cookie in an encrypted region of the device storage.

  2. This attribute requests the client to only send the cookie over an HTTPS connection.

  3. This attribute encrypts the cookie so that if it is compromised, it cannot be used.

  4. This attribute ensures that session cookies are generated in a random fashion.

Answer: B

Question No: 58

When storing a PIN used to logon to the app, by applying a cryptographic hash function a developer will:

  1. provide plausible deniability.

  2. mitigate the salt used with the password.

  3. mitigate the location of the encrypted data.

  4. mitigate the password from being recovered.

Answer: D

Question No: 59

If using a WebView to serve assets contained within the app package it is good practice to also:

  1. enable Plugins support for the WebView.

  2. add JavaScript handlers for the WebView.

  3. disable dynamic content handlers for the WebView.

  4. disable local file system access from the WebView.

Answer: D

Question No: 60

The filterTouchesWhenObscured property helps protect against which of the following attacks?

  1. Tap Jacking

  2. Intent Hijacking

  3. Screen Bypass

  4. Key Logging

Answer: A

100% Dumps4cert Free Download!
Download Free Demo:ADR-001 Demo PDF
100% Dumps4cert Pass Guaranteed!
ADR-001 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No