2.7 Mobile Device Security

Question 1

What is the highest level of encryption available for mobile Wi-Fi at this time?

Answer 1

WPA3

Question 2

What settings must a firewall have to successfully protect a mobile device?

Answer 2

Root or administrative privileges on the device

Question 3

Give a better option for connecting to the internet securely than a firewall

Answer 3

VPN connection between the mobile device and a centralised server

Question 4

Should the mobile firewall be implemented before or after securing wireless connectivity?

Answer 4

After

Question 5

List 5 options for unlocking a mobile device

Answer 5

• PIN
• Password
• Pattern
• Fingerprint
• ID

Question 6

How many possible codes are there for a 4-digit PIN?

Answer 6

10,000

Question 7

What attacks are PINs susceptible to?

Answer 7

Shoulder surfing attacks

Question 8

Contrast PINs and passwords

Answer 8

PINs only have numbers whereas passwords can have letters and symbols also

Question 9

Describe how a remote wipe could work

Answer 9

Deletes all data after 10 failed login attempts

Question 10

Give the fail rate of touch ID

Answer 10

1 in every 50,000 attempts

Question 11

Give the fail rate of face ID

Answer 11

1 in every million attempts

Question 12

List 4 best practices for protecting against mobile malware

Answer 12

• Don’t jailbreak/root device
• Don’t use custom firmware/ROM
• Only load official store apps
• Always update software

Question 13

How does TLS for mobiles work?

Answer 13

By utilising an encryption layer and a tunnel between the device and the server

Question 14

Why would you use TLS for mobile?

Answer 14

To ensure confidentiality of data

Question 15

Name one category of apps that relies on TLS

Answer 15

Social networking apps

Question 16

Geotagging

Answer 16

Embedding of the geolocation coordinates into a piece of data e.g. a photo

Question 17

What is the most secure, restrictive and expensive mobile deployment option?

Answer 17

COBO

Question 18

Describe COBO

Answer 18

Purchased by the company and only used by the employee for work-related purposes

Question 19

COPE

Answer 19

Company provides a device used for work and/or personal use by employees

Question 20

CYOD

Answer 20

Allows employees to choose device from an approved list of vendors or devices

Question 21

BYOD

Answer 21

Employees bring their own devices and connect to the corporate network

Question 22

Which mobile device deployment option is the most difficult to secure?

Answer 22

BYOD

Question 23

Storage segmentation

Answer 23

Isolation of company apps and data from user apps and data

Question 24

List ten steps to make mobile devices more secure

Answer 24

1. Update your device to the latest software
2. Install Antivirus
3. Train users on proper security and use of their device
4. Only install apps from the official app stores
5. Do not jailbreak or root your devices
6. Only use Version 2 SIM cards for your devices
7. Turn off all unnecessary features on your device
8. Turn on encryption for voice and data
9. Use strong passwords or biometrics
10. Don’t allow BYOD

Question 25

What OS do most IoT devices use?

Answer 25

An embedded version of Linux or Android

Question 26

Give 3 IoT vulnerabilities

Answer 26

• Insecure defaults
• Hard-coded configurations
• Cleartext communication

Question 27

What is a risk in using IoT devices?

Answer 27

Manufacturers often use outdated or insecure hardware components

Question 28

Why is Bluetooth communication between IoT devices risky?

Answer 28

Because attackers can monitor frequencies and may be able to eavesdrop

Question 29

What can exploits cause IoT devices to do?

Answer 29

Go offline, crash, or malfunction