Lesson 13 - Implementing Secure Mobile Solutions Flashcards

1
Q

Methods of provisioning mobile devices to users, such as BYOD and CYOD.

A

Deployment Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

A

Bring Your Own Device (BYOD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.

A

Corporate Owned, Business Only (COBO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.

A

Corporate Owned, Personally Enabled (COPE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.

A

Choose Your Own Device (CYOD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The process and supporting technologies for tracking, controlling, and securing the organization’s mobile infrastructure.

A

Mobile Device Management (MDM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Enterprise management function that enables control over apps and storage for mobile devices and other endpoints.

A

Mobile Application Management (MAM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

A

Unified Endpoint Management (UEM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Since version 4.3, Android has been based on Security-Enhanced Linux, enabling granular permissions for apps, container isolation, and storage segmentation.

A

SEAndroid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An access control scheme that verifies an object’s identity based on various environmental factors, like time, location, and behavior.

A

Context-Aware Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Software that allows deletion of data and settings on a mobile device to be initiated from a remote server.

A

remote wipe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

a small form factor hardware security module designed to store cryptographic keys securely. This allows the cryptographic material to be used with different devices, such as a laptop and smartphone.

A

MicroSD HSM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

a means of determining the device’s latitude and longitude based on information received from satellites via a GPS sensor.
Means of determining a receiver’s position on the Earth based on information received from GPS satellites. The receiver must have line-of-sight to the GPS satellites.

A

Global Positioning System (GPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A means of deriving a device’s location when indoors, by triangulating its proximity to radio sources such as Bluetooth beacons or WAPs.

A

Indoor Positioning System (IPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The practice of creating a virtual boundary based on real-world geography.

A

Geofencing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The process of adding geographical identification metadata, such as the latitude and longitude where the device was located at the time, to media such as photographs, SMS messages, video, and so on.

A

GPS Tagging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Installing an app to a mobile device without using an app store.

A

Sideloading

18
Q

A type of virtualization applied by a host operating system to provision an isolated execution environment for an application.

A

Containerization

19
Q

this term is associated with Android devices. Some vendors provide authorized mechanisms for users to access the root account on their device. For some devices it is necessary to exploit a vulnerability or use custom firmware. Custom firmware is essentially a new Android OS image applied to the device. This can also be referred to as a custom ROM, after the term for the read only memory chips that used to hold firmware.

A

Rooting

20
Q

iOS is more restrictive than Android so the term “jailbreaking” became popular for exploits that enabled the user to obtain root privileges, sideload apps, change or add carriers, and customize the interface. iOS jailbreaking is accomplished by booting the device with a patched kernel. For most exploits, this can only be done when the device is attached to a computer when it boots (tethered jailbreak).

A

Jailbreaking

21
Q

For either iOS or Android, this means removing the restrictions that lock a device to a single carrier.

A

Carrier Unlocking

22
Q

Close-range networking (usually based on Bluetooth or NFC) allowing communications between personal devices, such as smartphones, laptops, and printers/peripheral devices.

A

Personal Area Networks (PANs)

23
Q

A type of wireless network where connected devices communicate directly with each other instead of over an established medium.

A

Adhoc Network

24
Q

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot).

A

Hotspot

25
Q

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot).

A

Tethering

26
Q

Sending an unsolicited message or picture message using a Bluetooth connection.

A

Bluejacking

27
Q

A wireless attack where an attacker gains access to unauthorized information on a device using a Bluetooth connection.

A

Bluesnarfing

28
Q

Computing devices integrated into wearable items, such as bands, watches, and glasses. Most are focused on providing information and contact management via the Internet and many incorporate health and fitness monitoring.

A

Wearable Technology

29
Q

this allows the device to interact with an IR receiver and operate a device such as a TV or HVAC monitor as though it were the remote control handset.

A

RF Blaster

30
Q

these are used as proximity sensors (to detect when a smartphone is being held to the ear, for instance) and to measure health information (such as heart rate and blood oxygen levels).

A

IR Blaster

31
Q

A means of encoding information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else.

A

Radio Frequency ID (RFID)

32
Q

these are used as proximity sensors (to detect when a smartphone is being held to the ear, for instance) and to measure health information (such as heart rate and blood oxygen levels).

A

IR Sensor

33
Q

where an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card.

A

Skimming

34
Q

A standard for peer-to-peer (2-way) radio communications over very short (around 4”) distances, facilitating contactless payment and similar technologies. NFC is based on RFID.

A

Near Field Communication (NFC)
NFC does not provide encryption.

35
Q

An NFC transaction is sometimes known as

A

A Bump

36
Q

USB specification allowing a mobile device to act as a host when a device such as an external drive or keyboard is attached.

A

On The Go (OTG)

37
Q

A system for sending text messages between cell phones.

A

Short Message Service (SMS)

38
Q

Extension to SMS allowing digital data (picture, video, or audio) to be sent over a cellular data connection.

A

Multimedia Message Service (MMS)

39
Q

Platform-independent advanced messaging functionality designed to replace SMS and MMS.

A

Rich Communication Service (RCS)
No end-to-end encryption.

40
Q

Mechanism to send text messages to a browser or mobile device.

A

Push Notifications

41
Q

A firmware update delivered on a cellular data connection.

A

Over-the-Air (OTA)

42
Q
A

Point-to-Point (P2P)