ADR-001 Exam Questions

What is the point of using an initialization vector in encryption? (Select TWO).

The checkCallingPermission() method is used when:

Which of the following accurately explains why many people criticize the use of a unique hardware ID such as IMEI/MEID to identify users? (Select TWO).

Which of the following BEST describes a process or mechanism to thwart reverse engineering through software fault injection?

A developer has written an Android application that uses the HttpURLConnection API to communicate with a backend server. Which of the following is the simplest method to protect th...

When handling sensitive data with Android apps, which of the following storage strategies is MOST secure?

Which of the following is a disadvantage of using a static embedded API Key for client authentication to a web service?

If using a WebView to serve assets contained within the app package it is good practice to also:

If a Java package contains sensitive data in one or more classes, and the data is declared public, what attacks does that expose?

Which of the following must be done on a typical Android project to enable reverse engineering countermeasures provided with the standard Android SDK?

What is the reverse engineering countermeasure tool that is provided with the standard Android SDK?

Which of the following describes the purpose of the HTTPOnly cookie attribute?

Which of the following can take advantage of man in the middle techniques to prevent data exfiltration?

An administrator must select an algorithm to encrypt data at rest. Which of the following could be used?

In order to gain an understanding of the latest attack tools being used in the wild, an administrator puts a Unix server on the network with the root users password to set root. Wh...

Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?

Once an Android client has authenticated to a web service, what must be done on the server-side to ensure correct authorization checks are being performed?

Which of the following BEST describes the responsibility of a TrustManager object when used in an Android application with SSL?

Which of the following is true about methods that receive an array as a parameter?

Which of the following is true regarding DNS?

Which of the following defines why it is important for a developer to deploy known-good (whitelist) input validation for all requests made to a web service API?

Why is it necessary to pass session tokens over a secure, encrypted channel?

An administrator, Ann, wants to ensure that only authorized devices are connected to a switch. She decides to control access based on MAC addresses. Which of the following should b...

During a third-party audit, it is determined that a member of the firewall team can request, approve, and implement a new rule-set on the firewall. Which of the following will the...

Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for...

Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv...

Which of the following can be performed to find security design flaws in mobile apps prior to writing code?

An architectural review is BEST for finding which of the following security defects?

When implementing encryption which of the following is the MOST important factor to ensure it will be secure?

Which of the following is true regarding apps running on rooted devices?

Fine grained permission control for Content Providers can be achieved with:

Which of the following is a more secure way for a developer to give 3rd party apps temporary access to resources in their app, such as opening attachments in an external editor?

A developer is designing a very sensitive web application that will be accessed by both desktop web browsers and mobile Android applications. What is one way the developer can impl...

Which of the following is the MOST reliable form of input validation?

What two types of input validation should a developer implement for a web server that will be implementing SOAP-based web services? (Select TWO).

An app accessing protected APIs should use which manifest declaration?

Which of the following is the primary reverse engineering countermeasure provided with the standard Android SDK?

Which of the following is an effective means of confirming data integrity?

Valid permission protection levelsare.(Select TWO).

Why must Android clients perform input validation on data received from publically accessible web service API calls?

How should a developer securely share data between applications?

Why is it important to security to follow defined naming conventions when coding?

Android's kernel-level app sandbox provides security by:

The digital certificate used to sign the production release should be:

Session keys are useful because:

When an app creates a configuration file in its private data directory the developer should ensure:

An Intent Sniffing attack is where:

When handling sensitive data inside an exception block, it is BEST to do which of the following before returning control flow to the application?

Adding an Intent Filter to an Activity could cause a security issue because:

Why are file permissions important to security?