2.5 Given a scenario, deploy mobile devices securely. Flashcards

1
Q

Evaluate the statements and select the appropriate procedures to follow when implementing a mobile device security. (Select more than one)

A

Implement security controls on mobile devices

Enforce policies to curtail or disable the use of certain mobile device activities

Monitor certain activities associated with mobile devices

When implementing mobile device security, it is good practice to enforce policies to curtail or disable the use of certain mobile device activities that bring unwanted risk to the organization.

In implementing mobile device security, be aware of the inherent risks of allowing BYOD into the organization.

When implementing mobile device security, monitor certain activities associated with mobile devices, such as app installation from third parties, rooting/jailbreaking, carrier unlocking, and more.

When implementing mobile device security, there is a need to put security controls on mobile devices, such as screen locking, geolocation, remote wipe, device encryption, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When uploading a picture to a photo web site, it automatically loads the photo onto its interactive world map. How is it possible that the website can read the location of the uploaded picture? (Select more than one)

A

Geolocation

GPS Tagging

GPS tagging is the process of adding geographical identification metadata, such as the latitude and longitude of where the device was located at the time, to media, such as photographs, SMS messages, video, and so on.

Geolocation is the use of network attributes to identify (or estimate) the physical position of a device.

Geofencing is the practice of creating a virtual boundary based on real-world geography.

Indoor Positioning Systems (IPS) work out a device’s location by triangulating its proximity to other radio sources, such as Wi-Fi access points or Bluetooth beacons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What kind of access points provide a risk for Wi-Fi users? (Select more than one)

A

Open access

Rogue Access

The risks from Wi-Fi come from users connecting to open access points or possibly a rogue access point imitating a corporate network. These allow the access point owner to launch any number of attacks, even potentially compromising sessions with secure servers (using an SSL stripping attack, for instance).

Wi-Fi can be used to establish a Personal Area Network (PAN). Most PANs enable connectivity between a mobile device and peripherals, but ad hoc (or peer-to-peer) networks between mobile devices or between mobile devices and other computing devices can also be established.

A NearField Communications (NFC) chip allows a mobile device to make payments via contactless Point-of-Sale (PoS) machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What technology allows people to use their mobile device to pay for things by scanning?

A

NFC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Select the term that describes a widely used radio standard for wireless connectivity?

A

Bluetooth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What identifies the physical location of a device?

A

Geolocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Evaluate the selections and differentiate between rooting and jailbreaking.

A

Jailbreaking refers to Apple iOS devices while rooting is refers to Android devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In analyzing the different ways of security control, which method requires the user to enter a code into the mobile device to gain access?

A

Screen lock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the best solution for a client who needs to set up communications in extremely remote areas?

A

SATCOM

Some businesses have to establish telecommunications in extremely remote areas, or in the case of military forces, use a communications system that is wholly owned and managed. Satellite communications (SATCOM) offer the best solutions to these requirements.

Geolocation is the use of network attributes to identify (or estimate) the physical position of a device.

Most devices are now fitted with Global Positioning System (GPS) chips. GPS is a means of determining a receiver’s position on the Earth (its latitude and longitude) based on information received from GPS satellites.

Indoor Positioning Systems (IPS) work out a device’s location by triangulating its proximity to other radio sources, such as Wi-Fi access points or Bluetooth beacons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Evaluate the following mobile device deployment models and determine which answer best describes the main difference between company-issued, personally-enabled (COPE) and choose your own device (CYOD).

A

In using CYOD, the employee can select the device from a list of approved mobile devices.

The difference between CYOD (Choose Your Own Device) and COPE is that CYOD (Corporate Owned, Personally-Enabled) allows the employee to select a device from a list provided by the company.

COPE refers to a device that is chosen and supplied by the company and remains its property. The employee may use it to access personal email, social media accounts, and for personal web browsing (subject to the company’s acceptable use policies).

CYOD and COPE are company-owned devices, but they can be used for personal email and social media.

CYOD and COPE are company provided mobile devices, not personally owned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A company provides mobile phones for their employees for business use only. What type of deployment model must the company provide their employees with a mobile device?

A

COBO

COBO (Corporate Owned, Business Only) device is the property of the company and may only be used for company business.

BYOD (Bring Your Own Device) is when the mobile device is owned by the employee. The employee will have to agree on the installation of corporate apps and to some level of oversight and auditing.

COPE (Corporate Owned, Personally-Enabled) is a device that is chosen and supplied by the company, but the employee can use it to access personal email, social media accounts, and for personal web browsing.

CYOD (Choose Your Own Device) is much the same as COPE, but the employee is given a choice of device from a list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a push notification?

A

Store services that an app or website can use to display an alert on a mobile device.

Push notifications are store services (such as Apple Push Notification Service and Google Cloud to Device Messaging) that an app or website can use to display an alert on a mobile device.

The radio firmware in a mobile device contains an operating system that is separate from the end-user operating system (for example, Android or iOS).

GPS tagging is the process of adding geographical identification metadata, such as the latitude and longitude where the device was located at the time, to media such as photographs, SMS messages, and video.

A content management system tags corporate or confidential data and prevents it from being shared or copied to unauthorized media or channels, such as non-corporate email systems or cloud storage services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When deploying satellite communications (SATCOM), what should a business assess?

A

Service providers

The need to assess service providers is important, to ensure that the provider has vulnerability management procedures for receivers and handsets, and that the communications links use secure encryption.

The USB ports are not involved in the SATCOM, therefore, it is not necessary to assess those.

Geofencing is the practice of creating a virtual boundary based on real-world geography. Geofencing can be a useful tool with respect to controlling the use of camera or video functions.

The radio firmware is in a mobile device and contains an operating system that is separate from the end-user operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Analyze the following scenarios to determine which best represent attacks that Nearfield Communications (NFC) are vulnerable to. (Select more than one)

A

An attacker with a reader can skim information from the NFC device.

Certain antenna configurations may pick up the Radio Frequency (RF) signals.

An attacker may be able to corrupt data being transferred.

Certain antenna configurations may be able to pick up the Radio Frequency (RF) signals emitted by NFC from several feet away, giving an attacker the ability to eavesdrop from a more comfortable distance.

An attacker with a reader will be able to skim information from an NFC device in a crowded area, such as a busy train.

An attacker may be able to corrupt data as it is being transferred through a method like a Denial-of-Service (DoS) attack. This type of attack floods the area with an excess of RF signals to interrupt the transfer.

The wallet app does not transmit the original credit card information, rather a one-time token that is interpreted by the card merchant and linked backed to the relevant customer account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Evaluate the methods of obtaining privilege escalation on mobile devices and conclude which is an example of jailbreaking.

A

A user boots the device with a patched kernel while the device is attached to a computer.

Jailbreaking is popular for iOS devices as they are more restrictive than Android. This gives users the ability to obtain root privileges, sideload apps, change or add carriers and customize the interface. It is accomplished by booting the device with a patched kernel and can be done when the device is attached to a computer when it boots.

Rooting is a term associated with Android devices. One method of rooting is to exploit a vulnerability.

Carrier unlocking is used for both iOS and Android and is a means of removing the restrictions that lock a device to a single carrier.

Custom firmware can also be used for rooting Android devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What security issues can occur when using a Bluetooth device? (Select more than one)

A

Malware

Authentication and authorization

Device discovery

Device discovery occurs when a device can be put into discoverable mode, meaning that it will connect to any other Bluetooth devices nearby, which can pose a security issue.

Malware occurs when there is proof-of-concept Bluetooth worms and application exploits, which can compromise any active and unpatched system, regardless of whether discovery is enabled and without requiring any user intervention.

Wireless technologies are important in establishing Personal Area Networks (PANs). The PANs usually provide connectivity between a host and peripheral devices, but can also be used for data sharing between hosts.

Authentication and authorization occur when devices authenticate using a simple passkey configured on both devices.

17
Q

What trigger occurs with several incorrect passcode attempts?

A

Remote wipe

18
Q

A dementia facility would like the ability to track their dementia patients inside the facility. In evaluating their need for a patient wandering system, what type of system would the IT administrator suggest?

A

IPS

Indoor Positioning Systems (IPS) finds a device’s location by triangulating its proximity to other radio sources, such as Wi-Fi access points or Bluetooth beacons.

Global Positioning Systems (GPS) determines a receiver’s position on the Earth (its latitude and longitude) based on information received from GPS satellites. The receiver must have line-of-sight to the GPS satellites. As GPS requires line-of-sight, it does not work indoors.

Geofencing is the practice of creating a virtual boundary based on real-world geography. Geofencing can be a useful tool with respect to controlling the use of camera or video functions.

Push notifications are store services (such as Apple Push Notification Service and Google Cloud to Device Messaging) that an app or website can use to display an alert on a mobile device.

19
Q

When implementing mobile device security, what should admin consider? (Select more than one)

A

Enforce policies to curtail or disable the use of certain mobile device activities

Implement security controls on mobile devices

Monitor certain activities associated with mobile devices

20
Q

A company provides smartphones to their employees. The IT administrators have the ability to deploy, secure and remove specific applications and data from the employees’ smart phones. Analyze the selections and determine how IT can perform this type of control.

A

Storage segmentation

Storage segmentation is personal data that is segmented from organizational data on a mobile device. It gives IT administrators control over corporate assets on employees’ mobile devices.

A content management system tags corporate or confidential data and prevents it from being shared or copied to unauthorized media or channels, such as non-corporate email systems or cloud storage services.

A baseband update modifies the firmware of the radio modem used for cellular, Wi-Fi, Bluetooth, NFC, and GPS connectivity.

Push notifications are store services (such as Apple Push Notification Service and Google Cloud to Device Messaging) that an app or website can use to display an alert on a mobile device.

21
Q

An employee leaves a company mobile device at the airport, which contained sensitive data. As a precaution, backup of the device secured the sensitive data. What other procedure should the company do to ensure the data is inaccessible?

A

Remote wipe

Remote wiping allows deletion of data and settings on a mobile device to be initiated from a remote server.

The screen lock is a passcode which opens the device, but hackers can find ways to get around the screen lock and get into the device to retrieve the information.

Full device encryption occurs when the user data on the device is encrypted, but the key is stored on the device. Hackers would be able to find that key and get to the data.

A content management system tags corporate or confidential data and prevents it from being shared or copied to unauthorized media or channels.

previous
next

22
Q

A company changed the policy for mobile device use to Bring Your Own Device (BYOD). Management asks the IT administrator to ensure employees can access corporate application and data at anytime and anywhere. What does the IT administrator implement to safeguard corporate applications on BYOD’s?

A

MDM

23
Q

What is the best solution that Enterprise Mobility Management seeks for enterprise workspaces?

A

Containerization

24
Q

A user owns an iOS mobile device and would like the ability to sideload applications. Evaluate the methods of obtaining privilege escalation on mobile devices and recommend what action the user should take.

A

Boot the device with a patched kernel while attached to a computer.

Jailbreaking is popular for iOS devices as they are more restrictive than Android. This gives users the ability to obtain root privileges, sideload apps, change or add carriers and customize the interface. It is accomplished by booting the device with a patched kernel and can be done when the device is attached to a computer when it boots.

Rooting is a term associated with Android devices. One method of rooting is to exploit a vulnerability.

Carrier unlocking is used for both iOS and Android and is a means of removing the restrictions that lock a device to a single carrier.

Custom firmware can also be used for rooting Android devices.

25
Q

A retail company would like to have a coupon automatically sent to smartphones located within 500 feet of their store entrance. Recommend the technology that can achieve this function.

A

Geofencing

26
Q

A user has a tracker that calculates the number of steps taken, number of minutes active per day, and how many miles the user walked. What type of technology does this device utilize?

A

Adaptive Network Topology

Adaptive Network Topology (ANT) is widely used in communicating health and fitness sensor data between devices. ANT+ is its associated product standard.

Personal Area Network (PAN) enables connectivity between a mobile device and peripherals. However, ad hoc networks between mobile devices, or between mobile devices and other computing devices, can also be established.

Bluetooth is a widely used radio standard for wireless connectivity. Devices can be configured with a pass code to try to prevent malicious pairing.

Tethering is the term used when mobile devices share cellular data or Wi-Fi connections with other devices.

27
Q

A developer works on building a new device that will track the activity level of a user. Compare the technology utilized with mobile devices and determine what the developer will most likely employ.

A

Adaptive Network Topology