CompTIA Pentest+ Chapter 5 Questions Flashcards
What is the name of the user interface framework that enables developers to build software applications on the iOS platform? A.Core OS B.Media C.Cocoa Touch D.Objective-C
C.Cocoa Touch
Explanation:
The user interface for building applications to run on the iOS platform is called Cocoa Touch
What is the one advantage of developing a mobile application in Swift versus Objective-C?
A.It is a modern-day language that closely resembles English
B.It makes it easier for programmers who have developed code for many years
C.Objective-C is a newer language than Swift
D.Objective-C is open source and Swift is not
A.It is a modern-day language that closely resembles English
Apple uses code signing to ensure only approved applications are installed on the iDevice
This is one of the core security features of iOS.
Which method can you use on a supported iDevice to gain privileged-level access?
A.Rooting
B.Jailbreaking
C.SETUID
D.JTAG
B.Jailbreaking
Explanation:
Jailbreaking is the method used to exploit a software vulnerability in the phone to escalate privileges on the device.
Rooting is a software exploit for Android based phones to gain privileged-level execution
The Android platform provides core components that are used to enhance the users experience with the product.
Which type of component is sometimes visible to the user and helps provide a cohesive user experience in mobile applications? A.Services B.Broadcast receivers C.Activities D.Intents
C.Activities
Explanation:
All of the answers are components of the Android application;however, activities are used specifically to help enhance the users experience
Older versions of the Android operating system (5.0 and earlier) do not use Android Runtime (ART); they use the Dalvik Virtual machine.
Smali files, which are written in a type of assembly, are created during which process? A.Compiling B.Server site testing C.Dynamic analysis D.Dissembling DEX executables
D.Dissembling DEX executables
Explanation:
DEX files, when compiled, are converted to .smali extensions.
Smali is a type of assembler, and Samli files are created when disassembling Dalvik executables (DEX), which are included in APKs
An IEEE standard used to address the issue of debugging and connecting to embedded devices on a circuit board is called what? A.JTAG B.RMF C.Xcode D.Clutch
A.JTAG
Explanation:
RMF, Xcode and Clutch have nothing to do specifically with debugging embedded devices.
A JTAG is an industry standard and common hardware interface for verifying designs and testing methodlogies.
Typically added (and sometimes hidden) by the manufactuer, the JTAG interface could be used to connect to a console and get command-line access to an embedded device
SSH and iProxy are two ways of connecting to a jailbroken iDevice.
If the iDevice fails and you have to re-establish connectivity, what is the easiest way to ensure there are no iProxy processes still running on your macOS laptop? A.iproxy stop B.killall iproxy C.kill iproxy D.kill -9
B.killall iproxy
Explanation:
Choice D is still a valid way to end the process, but its not the easiest when there are multiple processes
After installating a customers mobile application from the Google Play store to your jailbroken iPhone, your next step is to dump the application bundle into an IPA using clutch so you can use it to conduct static analysis.
By default, where does Clutch store IPA files post-processing? A./var/tmp/clutch B./var/tmp C/tmp D./storage
A./var/tmp/clutch
Property life files (plists) contain configuration data about an app installed on iOS
By default, Apple best security practices implement a security feature called App Transport Security (ATS) to improve data privacy and integrity.
However, there is a way to bypass this within the application settings in the plist file.
What is the name of the key used to control behavior of HTTP connections? A.NSAppleScriptEnabled B.NSAppTransportSecurity C.NSAllowsLocalNetworking D.NETestAppMapping
B.NSAppTransportSecurity
Explanation
This specifies the changes to the default HTTP connection security behavior in iOS and macOS apps.
Changing the default security behavior should only be done if you require an exception from best security practices, which could prohibit you from taking your application to market in the Apple Store
Select two methods you can use to install third-party application to a jailbroken iDevice A.Cydia application store B.idb C.Impactor tool D.Clutch
A.Cydia application store
C.Impactor tool
Explanation:
When you have Internet connectivity and can use the Cydia mobile app on the iDevice to download and install packages and two, the Impractor tool, when you are either first jailbreaking the phone or when you dont have Internet connectivity available.
You can connect over USB and drag-and-drop IPA files and install directly to the device through Impactor
What is the correct command option to use with Android Debug Bridge (ADB) that enables you to download files from the Android device? A.download B.copy C.pull D.push
C.pull
Explanation:
The pull command is sued to download files from the device, while the push commmand can be sued to transfer files to the device
Using Drozer to conduct an Android assessment of two separate applications that share the same vendor, you execute the command run app package.list to list the permissions of the application./
You observe in the report that the applications are permitted to read and write files on external storage.
Which component of the application would you want to test for injection flaws? A.Receivers B.Activities C.Services D.Content Provider
D.Content Provider
Explanation:
Content providers could provide an injection point from within the application.
Some mobile applications share the same external storage locations.
Thus, if an injection point could be exploited, it could enable a malicious user to read content outside of the sandbox environment of the application
Python treats everything as a/an \_\_\_\_\_\_\_ and variables do not have to be declared for using them A.Object B.Constant C.Class D.Method
A.Object
Explanation:
Python is object oriented such that everything gets treated as an object
Which option provides a proper way to inherit a class from a module in Python? A.From module import class B.Import class from module C.Import class; import module D.Import module; import class
A.From module import class
Explanation: The proper way to inherit a module from a class is to first specify the module you want to inherit a class from, then the class from within the module.
This way you dont have to load the entire module - only the classes you need
What is today () considered to be in the first line of code? A.User-defined function B.Constant variable C.Imported class D.A distinct method
A.User-defined function
Explanation:
The example today() is a user-defined function, where the user is able to extend the capability of the program to perform operations that are not bult into the standard functions provided by the program
