ADR-001 Exam Questions
110 real ADR-001 exam questions with expert-verified answers and explanations. Page 1 of 3.
- Question #1
Why is it important to carefully set the permissions for a content provider?
- Question #2
Which of the following statements is TRUE about session tokens?
- Question #3
Which of the following in asymmetric encryption should NOT be transmitted?
- Question #4
When applying PBKDF2 to a password, what would be the MORE secure number of iterations to use?
- Question #5
To protect a Content Provider from abuse a developer might implement:
- Question #6
Which of the following describes a process by which one party confirms the identity of another party?
- Question #7
Which of the following describes what is wrong with the following sample code? public class MyActivity extends Activity{ public void onCreate(Bundle myBundle){ foo( ); } }
- Question #8
What is an advantage of mutually authenticated SSL over standard HTTP authentication methods?
- Question #9
What additional task is accomplished by using mutual-authentication SSL as opposed to standard SSL?
- Question #10
Which of the following is the primary reason for web services to output encode all data sent to Android application clients?
- Question #11
When an app "logs out" of a back end system the developer should also ensure:
- Question #12
In public key cryptography which problem can occur when the public key is transmitted?
- Question #13
Which of the following is a reason to take mobile app security seriously when developing a social networking app that does NOT accept payments? (Select TWO).
- Question #14
When reviewing the security architecture of a mobile app, which of the following is the MOST important piece of data to start with?
- Question #15
What level of security is provided by placing sensitive methods and data inside its own Java package?
- Question #16
When storing a PIN used to logon to the app, by applying a cryptographic hash function a developer will:
- Question #17
Which of the following is TRUE regarding permissions?
- Question #18
How does HTTP Basic Authentication work?
- Question #19
Which of the following attempts to inhibit an application from being trojanized and proliferating?
- Question #20
Which of the following defines the difference between static and dynamic analysis of an application?
- Question #21
An attacker intercepts and potentially tampers with communication between two entities without the knowledge of either of the two entities. This BEST describes which of the followi...
- Question #22
Which of the following methodologies is BEST for a developer to find input validation weaknesses in their own mobile app source code?
- Question #23
Which of the following describes why a developer should define private wrappers around native and public native methods?
- Question #24
The MOST likely reason the developer might want to define their own permission in the manifest is because:
- Question #25
A file with Unix permissions `700' allows:
- Question #26
In an application architecture diagram, what categories of weaknesses are considered using Microsoft's threat modeling process?
- Question #27
In the AndroidManifest.xml file which element is used to define the permissions an app is requesting access to?
- Question #28
Which of the following attempts to prevent Javascript from accessing a session cookie in a mobile browser?
- Question #29
Which statement about native code in apps is TRUE?
- Question #30
Which of the following sensitive data items must be protected in transit at all times?
- Question #31
On an unencrypted rooted Android device, which of the following BEST describes which data is recoverable?
- Question #32
The filterTouchesWhenObscured property helps protect against which of the following attacks?
- Question #33
An example of APIs protected by permissions would bE.(Select TWO).
- Question #34
How does HTTP Digest Authentication work?
- Question #35
A onetime pad is considered cryptographically secure, which are two ways it can be broken? (Select TWO).
- Question #36
What are two advantages to using OAuth as the authentication method for an Android application to access a web application or service? (Select TWO).
- Question #37
Which of the following describes a best practice in a software system?
- Question #38
A SQL database password should be:
- Question #39
What is meant by one way function?
- Question #40
Why should the Secure attribute be set on any session cookie sent to an Android application?
- Question #41
Unencrypted temporary private user data cached in the application directory should be:
- Question #42
Signing data with a digitalsignature.(Select TWO)
- Question #43
A developer is using a third-party cloud service via Web APIs for backup of unencrypted user photos. The use of this service is invisible to the end user. Incorporation of this ser...
- Question #44
Which of the following must be protected in a symmetric encryption system?
- Question #45
Why should a developer ensure the debug flag is set to "false" in the manifest for a production build?
- Question #46
Which of the following are widely considered appropriate uses of reverse engineering? (Select TWO).
- Question #47
Which of the following techniques are useful in a secure software development process? (Select TWO).
- Question #48
Which of the following describes a security risk that may have to be accepted when using a commercial cross-platform mobile application framework?
- Question #49
When generating a key from a password why would a developer want to iterate this process many times?
- Question #50
Why should a developer add a `salt' to a password?