Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SEC575: Mobile Device Security > Mobile Penetration Testing > Flashcards

Mobile Penetration Testing Flashcards

1
Q

What does IMEI stand for?

A

International Mobile Equipment Identifier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does TAC stand for? What is it?

A

The Type Allocation Code (TAC) is the initial eight-digit portion of the 15-digit IMEI and 16-digit IMEISV codes used to uniquely identify wireless devices.

The Type Allocation Code identifies a particular model (and often revision) of wireless telephone for use on a GSM, UMTS or other IMEI-employing wireless network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.

A

Ettercap-ng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Alternative to Burp.

A

mitmproxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What Linux tool can you use to configure the local firewall?

A

iptables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does SCEP stand for?

A

Simple Certificate Enrollment Protocol

This protocol is designed to make the issuing of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the five things that user-agents are supposed to check when validating SSL/TLS certificates?

A
  1. The client is trying to use the certificate for its intended purpose (client or server)
  2. Is the certificate issued to the resource that the client is requesting
  3. Is the certificate issued by a certification authority (CA) that I trust
  4. Is the certificate still valid, according to the expiration date.
  5. The certificate is not on the revocation list.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does OCSP stand for?

A

Online Certificate Status Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is one way that Ettercap is better than BetterCap, when performing a MITM attack?

A

Like Cain, Ettercap is capability of certificate impersonation. It allows the user to change certificate details to make it look legitimate.

BetterCap’s certificate is static (*.bettercap.org)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does HSTS stand for?

A

HTTP Strict Transport Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name the file that grants iOS apps an exception to the App Transport Security requirement.

A

Info.plist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Name the file that allows Android apps to communicate without TLS.

A

cleartextTrafficPermitted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a RAT?

A

Remote Access Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does UDID stand for?

A

Unique Device Identifier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does ARP stand for?

A

Address Resolution Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

SEC575: Mobile Device Security (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions