Lesson 18: Supporting Mobile Software

Question 1

What two types of ‘biometric authentication’ mechanism are supported on smartphones?

Answer 1

‘Fingerprint’ recognition and ‘facial’ recognition.

Question 2

True or false? Updates are not necessary for iOS devices because the OS is ‘closed source’.

Answer 2

False. ‘Closed source’ just means that the vendor controls development of the OS; it is still subject to updates to fix problems and introduce new features.

Question 3

A company wants to minimize the number of devices and mobile OS versions that it must support but allow use of a device by employees for personal email and social networking. What ‘mobile deployment model’ is the best fit for these requirements?

Answer 3

‘Corporate owned, personally enabled’ (COPE) will allow standardization to a single device and OS. As the
requirement does not specify a single device and OS, ‘choose your own device’ (CYOD) would also fit.

Question 4

The marketing department has refitted a kitchen area and provisioned several smart appliances for employee use. Should the IT department have been consulted first?

Answer 4

Yes. Uncontrolled deployment of ‘network-enabled’ devices is referred as ‘shadow IT’. The devices could increase the network attack surface and expose it to vulnerabilities. The devices must be deployed in a secure configuration and monitored for security advisories and updates.

Question 5

True or false? A ‘factory reset’ preserves the user’s personal data.

Answer 5

False. ‘Restoring to factory settings’ means removing all user data and settings.

Question 6

You are updating an internal support knowledge base with advice for troubleshooting mobile devices. What is the first step to take if a user reports that an app will not start?

Answer 6

Use ‘force stop’ if available and/or reboot the device.

Question 7

You are troubleshooting a user device that keeps powering off unexpectedly. You run hardware diagnostics and confirm there is no component fault or overheating issue. What should your next troubleshooting step be?

Answer 7

Check that the device has sufficient spare storage, and check for updates. If you can’t identify a ‘device-wide’ fault, test to see whether the issue is associated with use of a single app.

Question 8

You are assisting with the configuration of MDM software. One concern is to deny access to devices that might be able to run apps that could be used to circumvent the access controls enforced by MDM. What types of configurations are of concern?

Answer 8

Devices that are ‘jailbroken’ or ‘rooted’ allow the owner account complete control. Devices that allow installation of apps from untrusted sources, such as by ‘sideloading’ APK packages or via ‘developer’ mode,
could also have weakened permissions.

Question 9

A user reports that a new device is not sustaining a battery charge for more than a couple of hours. What type of malware could this be a symptom of?

Answer 9

This is most characteristic of ‘cryptomining’ malware as that explicitly hijacks the compute resources of a device to perform the intensive calculations required to mint blockchain currency.

Question 10

Advanced malware can operate covertly with no easily detectable symptoms that can be obtained by scanning the device itself. What other type of symptom could provide evidence of compromise in this scenario?

Answer 10

Leaked data files or personal information such as passwords.

Question 11

A user connects their laptop to the company’s wireless access point, but the internet is very slow. A connection to the Wi-Fi with their corporate mobile device is even slower. What should the user try?

A.Check for airplane mode.
B.Check individual radio functions.
C.Move closer to the AP.
D.Reboot the device.

Answer 11

On a mobile, be aware that the radio is less powerful than the one on a computer and that a low battery charge will weaken the signal strength. Try moving the device closer to the access point.

Use the notification drawer or Control Center to check that the device is not in airplane mode

The user should also check that an individual radio function has not been disabled.

If airplane mode is not on, the device range has been checked, and individual radio buttons are enabled, then try rebooting the device.

Question 12

A user’s phone is randomly rebooting all the time. What should the user do first to diagnose the issue?

A.Conduct battery diagnostics
B.Determine if inadequate resources exist
C.Conduct changes to autorotate settings
D.Ensure the device is connected to Wi-Fi.

Answer 12

A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.

If users can rule out hardware causes, such as throttling due to high temperature or low battery charge, a device that is slow to respond can be an indication of resources being inadequate.

Use the notification drawer or control center to check that the rotation lock is not enabled if a screen is not auto-rotating.

When an update does not download, connect the device to building power and Wi-Fi. An update may be blocked when there is insufficient battery charge or when the device is connected to a metered network.

Question 13

A user is experiencing issues on their iPhone. What troubleshooting option should the user initially try?

A.Disable Safe Mode.
B.Perform a power cycle.
C.Perform a Settings/General/Factory reset.
D.Perform a System/Advanced/Factory reset.

Answer 13

Just as turning it off and on again is the tried and trusted method of “fixing” a computer, a reboot can often resolve a transitory performance or stability issue on a mobile device.

Safe Mode disables third-party apps but leaves core services running. Booting a phone in Safe Mode may allow troubleshooting.

To factory reset an iOS device, use the option on the General page in Settings.

On stock Android, initiate a reset from the System > Advanced section of Settings.

Question 14

A company sets up a mobile device management policy. The company has concerns about the controllability of the devices due to liability, so they are going to purchase the devices for employees to use for business. What is this policy considered?

A.BYOD
B.COBO
C.COPE
D.CYOD

Answer 14

Corporate-owned, business only (COBO) means the device is the property of the company and may only be used for company business.

With bring your own device (BYOD), the mobile device is owned by the employee. The mobile will have to meet whatever profile is required by the company.

With corporate-owned, personally enabled (COPE), the device is chosen and supplied by the company and remains its property.

In choose your own device (CYOD), it is similar to COPE but the employee is given a choice of device from a list.

Question 15

A security manager is looking at mobile security for company devices. They are investigating no-root firewalls and understanding how this works. Which of the following best describes no-root firewalls?

A.Control access locally.
B.Block phishing sites.
C.Control access through a VPN.
D.Block adware.

Answer 15

“No-root” firewalls work by creating a virtual private network (VPN) and then controlling app access to the virtual private network (VPN).

The “no-root” firewalls do not control access locally because they would need root privileges to do so. It gets around this by setting up a VPN and controlling the firewall through the VPN.

Antivirus/anti-malware apps designed for mobile devices tend to work more like content filters to block access to known phishing sites.

Antivirus/anti-malware apps designed for mobile devices tend to work more like content filters to block adware/spyware activity.

Question 16

A user started using near-field communication (NFC) for payments; however, the user is unable to pay using NFC. Which of the following is NOT part of troubleshooting?

A.Unlock.
B.Ensure airplane mode is off.
C.Hold closer and longer to the reader.
D.List in recipient’s authorized list.

Answer 16

To use Bluetooth, the sender must be listed in the recipient’s contacts list. This is NOT a step in NFC troubleshooting.

A near-field communication (NFC) issue typically manifests when trying to make payments via a contactless card reader. The device must be unlocked to authorize the payment and enable NFC.

Verify that the NFC sensor is supported and enabled for the wallet app and that airplane mode is not active.

One of the troubleshooting steps with NFC issues is to try holding the device closer to the reader and for longer.

Question 17

A mobile device manager is looking at data encryption and the “Data Protection” setting. Which of the following does this protect?

A.Contacts
B.SMS message
C.Pictures
D.Email data

Answer 17

Email data and any apps using the “Data Protection” option are subject to a second round of encryption using a key derived from and protected by the user’s credential.

Not all user data is encrypted using the “Data Protection” option. Contacts are not encrypted. In iOS, Data Protection encryption is enabled automatically when the user configures a passcode lock on the device.

SMS messages are not encrypted under Data Protection settings either. As of Android 10, there is no full disk encryption as it is considered too detrimental to performance.

Pictures are also not encrypted under data protection settings.

Question 18

After reading many positive reviews, a user downloads an app that they later found out was malicious to their corporate device. Which of the following was the most likely cause for the user to download the malicious program?

A.Sideloading
B.Root access
C.Missing or renamed files
D.Spoofed app

Answer 18

A malicious app will typically spoof a legitimate app by using a very similar name and use fake reviews and automated downloads to boost its apparent popularity.

With unknown sources enabled, untrusted apps can be downloaded from a website and installed using the .APK file format. This is referred to as sideloading.

Root access is associated with Android devices. Some vendors provide authorized mechanisms for users to access the root account on their devices.

Looking for missing or renamed files could be one of the many steps in investigating after a computer has been quarantined. Identification of these techniques could help scan the enterprise to see how far it spread.

Question 19

A security manager sets up monitoring mechanisms to detect a rooted or jailbroken device. What type of security mechanism should the manager implement?

A.MDM
B.AV
C.Firewall
D.No-root firewall

Answer 19

Mobile-device management (MDM) suites have routines to detect a rooted or jailbroken device or custom firmware with no valid developer code signature and prevent access to an enterprise app, network, or workspace.

The main tool to use to try to remediate an infected system will be antivirus (AV) software, though if the software has not detected the virus in the first place, then it is best to use a different suite.

There are also firewall apps for mobile devices. These can be used to monitor app activity and prevent connections to ports or IP addresses.

“No-root” firewalls work by creating a virtual private network (VPN) and then controlling app access to the VPN.

Question 20

A user is setting up their company phone and wants the login to be secure. Which of the following authentication methods is generally considered the least secure?

A.Pattern Lock
B.PIN
C.Fingerprint
D.Facial recognition

Answer 20

Pattern Locks can be less secure than other authentication methods. The user draws a pattern across a grid of nine dots. The pattern is a sequence of connected dots and can be relatively easy to guess or observe.

A PIN (Personal Identification Number) requires the user to enter a numeric code to unlock the device. While more secure than a pattern lock, a simple or commonly used PIN can still be guessed.

Fingerprint authentication uses a sensor to scan the user’s fingerprint and match it against a stored image to unlock the device. This biometric method provides a higher level of security than a PIN or pattern lock.

Facial recognition technology scans the user’s face and matches it against a stored image to unlock the device. This method can be quite secure, but its effectiveness can vary depending on the sophistication of the technology used.

Question 21

A security manager proactively looks for solutions to prevent illegitimate apps from running on corporate iOS devices and stealing credentials. What is the security manager concerned about?

A.App Store
B.Developer tools
C.OS compatibility
D.Overheating

Answer 21

Under iOS, using the developer tools can be a means of installing apps from outside the App Store without having to jailbreak the device.

The App Store is the official platform for browsing and installing applications. This app can be controlled through device management but tends to offer a safer alternative than sideloading.

If an app fails to update, check that it is compatible with the current operating system (OS) version. Also, verify that there is sufficient storage space and an internet connection.

A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.

Question 22

A security analyst sets up a new mobile device management policy and is looking into remote wiping, device wiping, and enterprise wiping. Which of the following will the enterprise wipe erase? (Select all that apply.)

A.Corporate container
B.Personal apps
C.Business accounts
D.Settings

Answer 22

If the device is enrolled with mobile device management (MDM), an enterprise wipe can be performed against the corporate container only.

An enterprise wipe also removes any corporate accounts and files. If a device is lost with no chance of recovery, it may be necessary to perform some level of remote wipe to protect data and account credentials.

An enterprise wipe leaves personal apps and settings alone. A device wipe performs a factory default reset and clears all data, apps, and settings.

An enterprise wipe also leaves personal settings and files untouched.

Question 23

A user is frustrated that an app crashed after receiving a recent update. What is the first step the user should try?

A.Clear app cache.
B.Reboot.
C.Force stop and relaunch.
D.Check for pending updates.

Answer 23

If an app fails to launch, fails to close, or crashes, first use force stop to quit the app and try launching again.

If restarting the service does not work, users can try clearing the app cache either from within the app or (in Android) using the Clear Cache option under App info.

If the app is still unresponsive after restarting the service and clearing the cache, reboot the device.

After the device has been rebooted and the problem persists, use the app store to check whether an update is pending and install it if so.

Question 24

A security analyst analyzes how most attackers perform exploits against iOS operating systems. Which of the following is most applicable?

A.Sideloaded apps
B.While tethered
C.Root access
D.Clear app cache

Answer 24

For most exploits, this can only be done when the device is attached to a computer while it boots (tethered jailbreak).

iOS is more restrictive than Android, so the term “jailbreaking” became popular for exploits that enabled the user to obtain root privileges, sideload apps, change or add carriers, and customize the interface.

Root access is associated with Android devices. Some vendors provide authorized mechanisms for users to access the root account on their device.

Clearing the app cache is part of troubleshooting steps for apps crashing. It can be done either from within the app or (in Android) using the Clear Cache option under App info.

Question 25

A security manager puts together a security awareness campaign for mobile devices. Which of the following is least likely to be a symptom of malware?

A.High number of ads
B.Sluggish response time
C.Unexpected Reboots
D.Redirect to spoofed sites

Answer 25

A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.

If ads display in the browser, open pop-ups that are hard to close, or exhibit a high degree of personalization that the user has not authorized, this might indicate some type of tracking or spyware activity.

Malware is likely to try to collect data in the background or perform processing such as crypto mining.

Malware is likely to corrupt the domain name system (DNS) and/or search provider to perform redirection attacks and force users to spoof sites.