[Free] 2018(June) Ensurepass CompTIA ADR-001 Dumps with VCE and PDF 41-50

Ensurepass.com : Ensure you pass the IT Exams
2018 May CompTIA Official New Released ADR-001
100% Free Download! 100% Pass Guaranteed!

CompTIA Mobile App Security Certification Exam (Android Edition)

Question No: 41

A SQL database password should be:

  1. memorable for development purposes.

  2. encrypted with MD5.

  3. seeded with a secure random value.

  4. as complex as possible.

Answer: D

Question No: 42

Why is it important to carefully set the permissions for a content provider?

  1. It controls how data will be deleted from the app database

  2. It controls how well the content resolver will perform

  3. It controls how other apps can access the content

  4. It controls how the content is transmitted

Answer: C

Question No: 43

Which of the following describes a way to perform certificate pinning in an SSL Android application?

  1. Use a KeyManager with a client-side SSL certificate so that mutual authentication will fail if the server’s certificate changes.

  2. Use the httpsURLConnectionPinned method to ensure certificate pinning is enabled.

  3. Use a TrustManager that is based on a KeyManager specifying the public key associated with the private key that the server should be using.

  4. Use a TrustManager that is based on a KeyStore containing only the specific certificate(s) that the server should be using.

Answer: D

Question No: 44

To prevent a component from being publically accessible via Intents the developer can:

  1. set the attribute android:exported=false in the manifest.

  2. declare the method as private in the Java source.

  3. sign the app because Android protects component access by verifying digital signatures.

  4. add an Intent Filter with the attribute of “private”.

Answer: A

Question No: 45

Which of the following is true regarding DNS?

  1. Each DNS request is uniquely encrypted

  2. DNS security is by design difficult to tamper

  3. Secure host name resolution is assured globally by ICANN

  4. DNS on most public Wi-Fi has little security

Answer: D

Question No: 46

Which of the following describes a best practice in a software system?

  1. Security through obscurity

  2. Hardcoded encryption keys

  3. Principle of least privilege

  4. Trust session implicitly

Answer: C

Question No: 47

Implicit Broadcast Intents:

  1. cannot be secured from interception as they are public by nature.

  2. cannot be secured from interception without changing to an Explicit Intent.

  3. can be secured from interception with a permission.

  4. can be secured by specifying the receiving threshold to system apps.

Answer: C

Question No: 48

What does a KeyStore do in the Android SSL implementation?

  1. Stores only private keys associated with certificates, which are stored elsewhere in the resources section of an Android application.

  2. Stores certificates and associated private keys in an encrypted form.

  3. Provides a device-wide repository to safely store passwords so any other applications or users of the device cannot access them.

  4. Stores certificates and associated private keys, but does not encrypt them.

Answer: B

Question No: 49

What is the point of using an initialization vector in encryption? (Select TWO).

  1. It stops readable patterns from forming

  2. It creates randomization

  3. It adds geometry to the encryption

  4. It is required for any encryption process

  5. It removes the need for the public key

Answer: A,B

Question No: 50

In an application architecture diagram, what categories of weaknesses are considered using Microsoft’s threat modeling process?

  1. Man-in-the-middle, Data injection, SQL Injection, Malware, Zero-day exploits

  2. Damage, Reproducibility, Exploitability, Affected users, Discoverability

  3. Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege

  4. Cross site scripting, Clickjacking, Data input validation, SSL, RSA security, Buffer overflow, Heap smashing, ARP injection

Answer: C

100% Ensurepass Free Download!
Download Free Demo:ADR-001 Demo PDF
100% Ensurepass Free Guaranteed!
ADR-001 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No