Free Download Pass4sure CompTIA ADR-001 Exam Questions

CompTIA Mobile App Security+ Certification Exam (Android Edition): ADR-001 Exam
ADR-001 Questions & Answers
Exam Code: ADR-001
Exam Name: CompTIA Mobile App Security+ Certification Exam (Android Edition)
Q & A: 110 Q&As

An architectural review is BEST for finding which of the following security defects?
A. Malware infection vectors
B. SQL or other injection flaws
C. Design flaws
D. Zero-day vulnerabilities
Answer: C

Which of the following describes a security risk that may have to be accepted when using a
commercial cross-platform mobile application framework?
A. Allowing code to run outside the app sandbox
B. Installing HTML 5 support on user device
C. Digest authentication without HTTPS
D. Using native code libraries without source code review
Answer: D

In an application architecture diagram, what categories of weaknesses are considered using
Microsoft’s threat modeling process?
A. Man-in-the-middle, Data injection, SQL Injection, Malware, Zero-day exploits
B. Damage, Reproducibility, Exploitability, Affected users, Discoverability
C. Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege
D. Cross site scripting, Clickjacking, Data input validation, SSL, RSA security, Buffer overflow, Heap
smashing, ARP injection
Answer: C

Android’s kernel-level app sandbox provides security by:
A. assigning a unique user ID (UID) to each app and running in a separate process.
B. running all apps under an unprivileged group ID (GID).
C. restricting read access to an app’s package to the kernel process.
D. preventing an app’s data files from being read by any running process.
Answer: A

The digital certificate used to sign the production release should be:
A. regenerated for each version of the app.
B. stored inside the app package before deployment.
C. stored in a secure location separate from the passphrase.
D. stored with the source code so all developers can build the app.
Answer: C

Which statement about native code in apps is TRUE?
A. Native code is faster because it runs as a separate user ID (UID) giving it direct access to restricted APIs.
B. Native code is run under the same user ID (UID) as the Java app and therefore comes under the same
sandbox restrictions.
C. Native code is executed by the kernel with increased privileges and is mainly used for root operations.
D. Native code runs outside the Dalvik VM and therefore is not restricted by the sandbox.
Answer: B

When an app creates a configuration file in its private data directory the developer should ensure:
A. that the file path is determined with getExternalStorageDirectory().
B. that the file is created world writable.
C. that file ownership is set to system.
D. that the file is not created world readable.
Answer: D

An example of APIs protected by permissions would bE. (Select TWO).
A. SIM card access
B. Telephony functions
C. File handling functions
D. Encryption functions
E. Network/data connections
Answer: BE

An app accessing protected APIs should use which manifest declaration?
A. app-permissions
B. add-permissions
C. grant-permission
D. uses-permission
Answer: D

The MOST likely reason the developer might want to define their own permission in the manifest is because:
A. they wish to ensure that only their app has the permission to launch their activities or access their
private data.
B. they wish to prevent the user from granting access to protected functionality by mistake.
C. they wish to define a permission to access system APIs and native libraries.
D. they wish to restrict access to a function in their app to only those apps which are specifically granted
access by the user.
Answer: D

…go to to download the full version Q&As.