Lesson 9: Supporting Mobile Software

Question 1

Mobile device mechanism that locks the screen after a period of inactivity. (activates if the device is unused or if the user presses the power button. The user must perform a gesture to unlock the device.)

Answer 1

Screen lock

Question 2

PIN

Answer 2

Personal identification number

Question 3

Path for Updates for iOS

Answer 3

Settings > General > Software Update

Question 4

Mobile device authentication mechanism that progressively delays or blocks unlock attempts after multiple failures.

Answer 4

failed login attempts

Question 5

BYOD

Answer 5

Bring your own device

Question 6

COPE

Answer 6

Corporate owned, personally enabled

Question 7

COBO

Answer 7

Corporate owned, business only

Question 8

CYOD

Answer 8

Choose your own device

Question 9

Cloud app that uses mobile device location service to identify its current position on a map and enable security features to mitigate theft or loss. (find the device if it is lost or stolen.)

Answer 9

locator application

Question 9

MDM

Answer 9

Mobile Device Managment

Question 10

Software that allows deletion of data and settings on a mobile device to be initiated from a remote server.

Answer 10

remote wipe

Question 11

You are troubleshooting a user device that keeps powering off unexpectedly. You run hardware diagnostics and confirm there is no component fault or overheating issue. What should your next troubleshooting step be?

Answer 11

Check that the device has sufficient spare storage, and check for updates. If you can’t identify a device-wide fault, test to see whether the issue is associated with use of a single app.

Question 11

Remote-initiated factory reset of a mobile device that removes all user data and settings. (performs a factory default reset and clears all data, apps, and settings.)

Answer 11

device wipe

Question 12

Remote-initiated wipe of a mobile device that removes corporate apps and data only.

Answer 12

enterprise wipe

Question 13

IoT

Answer 13

Internet of Things

Question 14

Devices that can report state and configuration data and be remotely managed over IP networks. (used to describe the global network of personal devices, home appliances, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connectivity. These features allow these types of objects to communicate and pass data among themselves and other traditional systems such as computer servers.)

Answer 14

IoT (Internet of Things

Question 14

A company wants to minimize the number of devices and mobile OS versions that it must support but allow use of a device by employees for personal email and social networking. What mobile deployment model is the best fit for these requirements?

Answer 14

Corporate owned, personally enabled (COPE) will allow standardization to a single device and OS.

As the requirement does not specify a single device and OS, choose your own device (CYOD) would also fit.

Question 15

True or false? Updates are not necessary for iOS devices because the OS is closed source.

Answer 15

False.
Closed source just means that the vendor controls development of the OS. It is still subject to updates to fix problems and introduce new features.

Question 16

What two types of biometric authentication mechanism are supported on smartphones? (2)

Answer 16

• Fingerprint recognition
• Facial recognition.

Question 17

The marketing department has refitted a kitchen area and provisioned several smart appliances for employee use. Should the IT department have been consulted first?

Answer 17

Yes.
Uncontrolled deployment of network-enabled devices is referred as shadow IT. The devices could increase the network attack surface and expose it to vulnerabilities. The devices must be deployed in a secure configuration and monitored for security advisories and updates.

Question 18

Standard routine created by manufacturer that can be invoked to restore an appliance to its shipped state, clearing any user customization, configuration, or modification. (removes all user data, apps, and settings.)

Answer 18

factory reset

Question 19

iOS feature for simple file sharing via Bluetooth.

(an iOS feature that allows file transfer between iOS and macOS devices over Bluetooth, Wi-Fi, or cellular connections.)

Answer 19

AirDrop

Question 20

Android feature for simple file sharing via Bluetooth.

Answer 20

Nearby Share

Question 21

True or false? A factory reset preserves the user’s personal data.

Answer 21

False.
Restoring to factory settings means removing all user data and settings.

Question 22

You are updating an internal support knowledge base with advice for troubleshooting mobile devices. What is the first step to take if a user reports that an app will not close?

Answer 22

Use force stop if available and/or reboot the device.

Question 23

Gaining superuser level access over an Android-based mobile device.

Answer 23

Root access

Question 24

Removes the protective seal and any OS specific restrictions to give users greater control over the device.

Answer 24

Jailbreak

Question 25

Mobile device feature designed for testing apps during development that may weaken corporate security protections if misused.

Answer 25

developer mode

Question 26

Advanced malware can operate covertly with no easily detectable symptoms that can be obtained by scanning the device itself. What other type of symptom could provide evidence of compromise in this scenario?

Answer 26

Leaked data files or personal information such as passwords.

Question 26

Android app package format used when sideloading software from a source other than a trusted store.

Answer 26

APK

Question 27

You are assisting with the configuration of MDM software. One concern is to deny access to devices that might be able to run apps that could be used to circumvent the access controls enforced by MDM. What types of configurations are of concern?

Answer 27

Devices that are jailbroken or rooted allow the owner account complete control.

Devices that allow installation of apps from untrusted sources, such as by sideloading APK packages or via developer mode, could also have weakened permissions.

Question 27

Software that illegally copies or imitates a commercial product or brand. (one that pirates or very closely mimics a legitimate app.)

Answer 27

bootleg app

Question 28

A security manager sets up monitoring mechanisms to detect a rooted or jailbroken device. What type of security mechanism should the manager implement?

A.MDM
B.AV
C.Firewall
D.No-root firewall

Answer 28

A. MDM

Mobile-device management (MDM) suites have routines to detect a rooted or jailbroken device or custom firmware with no valid developer code signature and prevent access to an enterprise app, network, or workspace.

The main tool to use to try to remediate an infected system will be antivirus (AV) software, though if the software has not detected the virus in the first place, then it is best to use a different suite.

There are also firewall apps for mobile devices. These can be used to monitor app activity and prevent connections to ports or IP addresses.

“No-root” firewalls work by creating a virtual private network (VPN) and then controlling app access to the VPN.

Question 29

A user reports that a new device is not sustaining a battery charge for more than a couple of hours. What type of malware could this be a symptom of?

Answer 29

This is most characteristic of cryptomining malware as that explicitly hijacks the computer resources of a device to perform the intensive calculations required to mine blockchain currency.

Question 30

A user is setting up their company phone and wants the login to be secure. Which of the following authentication methods is generally considered the least secure?

A.Pattern Lock
B.PIN
C.Fingerprint
D.Facial recognition

Answer 30

A. Pattern Lock

Question 31

After reading many positive reviews, a user downloads an app that they later found out was malicious to their corporate device. Which of the following was the most likely cause for the user to download the malicious program?

A.Sideloading
B.Root access
C.Missing or renamed files
D.Spoofed app

Answer 31

D. Spoofed app

Question 32

A user is experiencing issues on their iPhone. What troubleshooting option should the user initially try?

A.Disable Safe Mode.
B.Perform a power cycle.
C.Perform a Settings/General/Factory reset.
D.Perform a System/Advanced/Factory reset.

Answer 32

B. Perform a power cycle

Question 33

A user’s phone is randomly rebooting all the time. What should the user do first to diagnose the issue?

A.Conduct battery diagnostics
B.Determine if inadequate resources exist
C.Conduct changes to autorotate settings
D.Ensure the device is connected to Wi-Fi.

Answer 33

A. Conduct battery diagnostics

A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.

If users can rule out hardware causes, such as throttling due to high temperature or low battery charge, a device that is slow to respond can be an indication of resources being inadequate.

Use the notification drawer or control center to check that the rotation lock is not enabled if a screen is not auto-rotating.

When an update does not download, connect the device to building power and Wi-Fi. An update may be blocked when there is insufficient battery charge or when the device is connected to a metered network.

Question 34

A security manager is looking at mobile security for company devices. They are investigating no-root firewalls and understanding how this works. Which of the following best describes no-root firewalls?

A.Control access locally.
B.Block phishing sites.
C.Control access through a VPN.
D.Block adware.

Answer 34

C. Control access through a VPN

“No-root” firewalls work by creating a virtual private network (VPN) and then controlling app access to the virtual private network (VPN).

The “no-root” firewalls do not control access locally because they would need root privileges to do so. It gets around this by setting up a VPN and controlling the firewall through the VPN.

Antivirus/anti-malware apps designed for mobile devices tend to work more like content filters to block access to known phishing sites.

Antivirus/anti-malware apps designed for mobile devices tend to work more like content filters to block adware/spyware activity.

Question 34

A company sets up a mobile device management policy. The company has concerns about the controllability of the devices due to liability, so they are going to purchase the devices for employees to use for business. What is this policy considered?

A.BYOD
B.COBO
C.COPE
D.CYOD

Answer 34

B. COBO

Corporate-owned, business only (COBO) means the device is the property of the company and may only be used for company business.

With bring your own device (BYOD), the mobile device is owned by the employee. The mobile will have to meet whatever profile is required by the company.

With corporate-owned, personally enabled (COPE), the device is chosen and supplied by the company and remains its property.

In choose your own device (CYOD), it is similar to COPE but the employee is given a choice of device from a list.

Question 35

A security manager proactively looks for solutions to prevent illegitimate apps from running on corporate iOS devices and stealing credentials. What is the security manager concerned about?

A.App Store
B.Developer tools
C.OS compatibility
D.Overheating

Answer 35

B. Developer tools

Under iOS, using the developer tools can be a means of installing apps from outside the App Store without having to jailbreak the device.

The App Store is the official platform for browsing and installing applications. This app can be controlled through device management but tends to offer a safer alternative than sideloading.

If an app fails to update, check that it is compatible with the current operating system (OS) version. Also, verify that there is sufficient storage space and an internet connection.

A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.

Question 36

A security analyst analyzes how most users perform exploits against iOS operating systems. Which of the following is most applicable?

A.Sideloaded apps
B.While tethered
C.Root access
D.Clear app cache

Answer 36

B. While tethered

For most exploits, this can only be done when the device is attached to a computer while it boots (tethered jailbreak).

iOS is more restrictive than Android, so the term “jailbreaking” became popular for exploits that enabled the user to obtain root privileges, sideload apps, change or add carriers, and customize the interface.

Root access is associated with Android devices. Some vendors provide authorized mechanisms for users to access the root account on their device.

Clearing the app cache is part of troubleshooting steps for apps crashing. It can be done either from within the app or (in Android) using the Clear Cache option under App info.

Question 37

A mobile device manager is looking at data encryption and the “Data Protection” setting. Which of the following does this protect?

A.Contacts
B.SMS message
C.Pictures
D.Email data

Answer 37

D. Email data

Email data and any apps using the “Data Protection” option are subject to a second round of encryption using a key derived from and protected by the user’s credential.

Not all user data is encrypted using the “Data Protection” option. Contacts are not encrypted. In iOS, Data Protection encryption is enabled automatically when the user configures a passcode lock on the device.

SMS messages are not encrypted under Data Protection settings either. As of Android 10, there is no full disk encryption as it is considered too detrimental to performance.

Pictures are also not encrypted under data protection settings.

Question 38

A user is frustrated that an app crashed after receiving a recent update. What is the first step the user should try?

A.Clear app cache.
B.Reboot.
C.Force stop and relaunch.
D.Check for pending updates.

Answer 38

C. Force stop and relaunch

If an app fails to launch, fails to close, or crashes, first use force stop to quit the app and try launching again.

If restarting the service does not work, users can try clearing the app cache either from within the app or (in Android) using the Clear Cache option under App info.

If the app is still unresponsive after restarting the service and clearing the cache, reboot the device.

After the device has been rebooted and the problem persists, use the app store to check whether an update is pending and install it if so.

Question 39

A security analyst sets up a new mobile device management policy and is looking into remote wiping, device wiping, and enterprise wiping. Which of the following will the enterprise wipe erase? (Select all that apply.)

A.Corporate container
B.Personal apps
C.Business accounts
D.Settings

Answer 39

A. Corporate container and C. Business account

If the device is enrolled with mobile device management (MDM), an enterprise wipe can be performed against the corporate container only.

An enterprise wipe also removes any corporate accounts and files. If a device is lost with no chance of recovery, it may be necessary to perform some level of remote wipe to protect data and account credentials.

An enterprise wipe leaves personal apps and settings alone. A device wipe performs a factory default reset and clears all data, apps, and settings.

An enterprise wipe also leaves personal settings and files untouched.

Question 40

A user connects their laptop to the company’s wireless access point, but the internet is very slow. A connection to the Wi-Fi with their corporate mobile device is even slower. What should the user try?

A.Check for airplane mode.
B.Check individual radio functions.
C.Move closer to the AP.
D.Reboot the device.

Answer 40

C. Move closer to the AP (access point)

On a mobile, be aware that the radio is less powerful than the one on a computer and that a low battery charge will weaken the signal strength. Try moving the device closer to the access point.

Use the notification drawer or Control Center to check that the device is not in airplane mode

The user should also check that an individual radio function has not been disabled.

If airplane mode is not on, the device range has been checked, and individual radio buttons are enabled, then try rebooting the device.

Question 41

NFC

Answer 41

near-field communication

Question 42

A user started using near-field communication (NFC) for payments; however, the user is unable to pay using NFC. Which of the following is NOT part of troubleshooting?

A.Unlock.
B.Ensure airplane mode is off.
C.Hold closer and longer to the reader.
D.List in recipient’s authorized list.

Answer 42

D. List in recipient’s authorized list

To use Bluetooth, the sender must be listed in the recipient’s contacts list. This is NOT a step in NFC troubleshooting.

A near-field communication (NFC) issue typically manifests when trying to make payments via a contactless card reader. The device must be unlocked to authorize the payment and enable NFC.

Verify that the NFC sensor is supported and enabled for the wallet app and that airplane mode is not active.

One of the troubleshooting steps with NFC issues is to try holding the device closer to the reader and for longer.

Question 42

A security manager puts together a security awareness campaign for mobile devices. Which of the following is least likely to be a symptom of malware?

A.High number of ads
B.Sluggish response time
C.Unexpected Reboots
D.Redirect to spoofed sites

Answer 42

C. Unexpected Reboots

A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.

If ads display in the browser, open pop-ups that are hard to close, or exhibit a high degree of personalization that the user has not authorized, this might indicate some type of tracking or spyware activity.

Malware is likely to try to collect data in the background or perform processing such as crypto mining.

Malware is likely to corrupt the domain name system (DNS) and/or search provider to perform redirection attacks and force users to spoof sites.

Question 43

Lesson 9 Summary

Answer 43

You should be able to explain common methods for securing mobile and embedded devices and troubleshoot common and security-related mobile OS and app issues.

Guidelines for Supporting Mobile Software

Follow these guidelines to support mobile OS and app software and security settings:

Establish policies and procedures to support a BYOD or corporate-owned provisioning model and profile security requirements, such as locator apps, remote wipe, device encryption, remote backup, antivirus, and firewalls.
Configure a screen lock with an appropriate authenticated unlock method (PIN, fingerprint, or facial recognition) and failed-attempts restrictions.
Establish policies and procedures to support secure use of Internet of Things (IoT) devices.
Develop a knowledge base to document steps for resolving general mobile OS and app issues (app fails to launch, app fails to close, app crashes, app fails to update, slow to respond, OS fails to update, battery-life issues, randomly reboots, connectivity issues with Bluetooth/Wi-Fi/NFC/AirDrop, and screen does not autorotate).
Develop a knowledge base to document security concerns (APK, developer mode, root access/jailbreak, and bootleg/malicious application spoofing) and steps for resolving mobile-security issues (high network traffic, sluggish response time, data-usage limit notification, limited/no Internet connectivity, high number of ads, fake security warnings, unexpected application behavior, and leaked personal files/data).
Additional practice questions for the topics covered in this lesson are available on the CompTIA Learning Center.