Module 5: Mobile, Embedded, & Specialized Device Security Q

Question 1

Which of the following sets consists of only the core features of a mobile or computing device?

Answer 1

Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local non-removable data storage

Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local non-removable data storage, and data synchronization capabilities with a separate computer or remote servers are the core features of mobile devices

Question 2

Which of the following sets only lists additional features of a mobile device or a computing device?

Answer 2

Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), removable storage media

Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), and removable storage media are additional, non-core features of a mobile device

Question 3

Which of the following mobile device features senses movements that it then uses to ensure the screen is always oriented upright?

Answer 3

Accelerometer

Accelerometers sense movements and vibrations, which are then used to ensure the mobile display image is oriented upright no matter how the device is turned

Question 4

John has been appointed as a product manager at a large mobile device manufacturing company. He is designing the core features included in their flagship mobile device that will be launched during the holiday shopping season. Which of the following features should he primarily include?

Answer 4

Data synchronization with a remote server or separate device

Data synchronization capabilities with a remote server or a separate computer/mobile device are a core feature of mobile devices

Question 5

Dan uses his personal laptop for writing the script for an upcoming high-budget, highly anticipated movie. To keep the script private, he decided not to connect his laptop to any network and updated his system with the latest virus definitions and security patches. Which of the following is Dan’s laptop still vulnerable to?

Answer 5

Malicious USB

Dan’s laptop is still vulnerable to a malicious USB. A USB cable can be embedded with a Wi-Fi controller that can receive commands from nearby devices to send malicious commands to the connected mobile device

Question 6

Peter is a design engineer at a mobile device manufacturing company. He is designing the core components included in their flagship mobile device being launched during year-end 2020. Peter wants to design a tablet component that would detect vibrations and movements and determine the device’s orientation so that the screen image is always displayed upright. Which of the following are materials he should use for developing this component?

Answer 6

Piezoelectric, piezoresistive, and capacitive components

Piezoelectric, piezoresistive and capacitive components are used to build Accelerometers

Question 7

Walter’s organization is in the beginning stages of a new project. His team is tasked with finding a tool that must have the following features, allowing it to be remotely managed by the organization:

1. It must be able to apply default device settings.
2. It must be able to approve or quarantine new mobile devices.
3. It must be able to configure emails, calendars, contacts, and Wi-Fi profile settings.
4. It must be able to detect and restrict jailbroken and rooted devices.

Which tool should Walter’s team suggest, and why?

Answer 7

MDM, because it allows remote management and over the air updates

Mobile device management (MDM) tools allow a device to be managed remotely by an organization. It typically involves a server component that sends management commands to the mobile devices and a client component that runs on the mobile device to receive and implement the management commands. An administrator can then perform over-the-air (OTA) updates or change the configuration on one device, groups of devices, or all devices. It can also perform all the above-mentioned tasks

Question 8

Which one of the following is the most appropriate explanation of photoplethysmography?

Answer 8

Measuring heart rate by tracking changes in green light absorption, since human blood absorbs green light

Photoplethysmography uses human blood’s absorption of green light to measures heart rate

Question 9

In which of the following mobile device connectivity methods are transmitters connected through a mobile telecommunication switching office (MTSO) that controls all of the transmitters in the cellular network and serves as the link between the cellular network and the wired telephone world?

Answer 9

Cellular

Many mobile devices rely on cellular telephony for connectivity. A cellular telephony network’s coverage area is divided into hexagon-shaped cells; in a typical city, the cells measure 10 square miles (26 square kilometers). At the center of each cell is a transmitter that mobile devices in the cell use to send and receive signals. The transmitters are connected through a mobile telecommunications switching office (MTSO) that controls all transmitters in the cellular network and serves as the link between the cellular network and the wired telephone world

Question 10

In which of the following mobile device connectivity methods are light waves used as a communication channel?

Answer 10

Infrared

Instead of using radio frequency (RF) as the communication media, some devices can use infrared light. Infrared light has a longer wavelength than the visible light spectrum

Question 11

Marcus is an information security architect at a product-based IT firm. He is responsible for developing policies for the most-secure mobile device enterprise-deploying model. The company will decide the level of choice and freedom for employees. Employees are supplied company-chosen and paid-for devices that they can use for both professional and personal activities. This action is performed under which enterprise deployment model?

Answer 11

Corporate-owned, personally enabled (COPE)

In COPE, employees are supplied the device chosen and paid for by the company, but they can also use it for personal activities

Question 12

Anola is the security administrator in XYZ consulting. She is asked to suggest a deployment method where the data is stored in a completely secure, centralized server and accessed by authorized employees using their own devices. Which deployment should Anola choose?

Answer 12

Virtual desktop infrastructure (VDI)

The virtual desktop infrastructure(VDI) stores sensitive applications and data on a remote server and can be accessed through employee devices. Enterprise can centrally protect and manage the apps and data on the server

Question 13

Sean is an information security architect at a financial firm. As his first project, he must design and build an efficient, sure-shot, yet cost-effective solution to detect and prevent bank credit card fraud. How should Sean proceed?

Answer 13

Design a solution that keeps track of dates, times, locations of transactions, and geolocation of the authorized cell phone. When a user makes a purchase at a store, the bank can immediately check that the cell phone and the bank card are in the same place. If they are, the purchase is considered legitimate. But if they are not, then the payment is rejected

This solution is based on geolocation to reduce the chances of bank card fraud. Geolocation can also help prevent the rejection of valid purchases. As per a credit card issuer, the design solutions can reduce unnecessary declines by as much as 30 percent

Question 14

James is a black hat hacker employed as an authorized officer at Apple. He has credentials and signed a non-disclosure agreement to perform advanced penetration testing on the iOS 6.1.6 operating system, and has already gained low-level access to the mobile device using a backdoor. Which of the following actions should James take to design/create his own custom firmware to exploit underlying vulnerabilities and gain a higher level of access to a UNIX shell with root privileges, essentially allowing them to do anything on the device?

Answer 14

Clone and inherit the source code of the open-source software “P0sixspwn”

Users can circumvent built-in installation limitations on their smartphone to download an app from an unofficial third-party app store, which can be used to access the mobile device’s underlying OS and file system with full permissions. This is called jailbreaking. For example, a jailbreak on an Apple iPhone gives users access to a UNIX shell with root privileges, essentially allowing them to do anything on the device. P0sixspwn is an open-source jailbreaking software used to jailbreak iOS 6.1.3-iOS 6.1.6 operating system. This is the most appropriate software James can clone and inherit to build his own custom firmware

Question 15

Which of the following mobile device enterprise deployment models are implemented so that employees in an organization are offered a suite of security, reliability, and durability choices that the company has already approved?

Answer 15

Choose your own device (CYOD)

In the CYOD model, employees are offered a suite of security, reliability, and durability choices that the company has already approved

Question 16

Kelly is asked to choose a mobile management tool that provides a single management interface for all applications, content, and device management. Which of the following is the best one-step solution?

Answer 16

Unified environment management (UEM) tool

The unified endpoint management (UEM) has the capabilities of MDM, MAM, and MCM unified as a group or class of software tools with a single management interface for mobile devices and computer devices. It provides capabilities for managing and securing mobile devices, applications, and content

Question 17

Simon is working in a telecom firm. Being an HOD, he was asked to suggest a lock pattern for their mobile devices with the following features:

The device should have a prerecord of its user’s walking and other body movement patterns, and on sensing any change in the regular movements, should be able to lock the device.

Which lock pattern should Simon suggest?

Answer 17

On-body detection

On-body detection learns the user’s walking patterns, and if it detects a different walking style, it locks the device

Question 18

Which of the following are categories of vulnerabilities in mobile device connections that can also be exploited by threat actors?

Answer 18

Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots

Tethering, USB-on-the-go (OTG), malicious USB cable, and hotspots are all categories of vulnerabilities in mobile device connections that can also be exploited by threat actors

Question 19

Which of the following vulnerabilities involves connecting a flash drive infected with malware to a mobile device?

Answer 19

USB-on-the-go (OTG)

Connecting a malicious flash drive infected with malware to a mobile device could result in an infection, just as using a device as a peripheral while connected to an infected computer could allow malware to be sent to the device

Question 20

Jordan has been asked by his organization to help them choose a mobile device communication channel for their new mobile device build. Which of the following mobile device communication channels should Jordan NOT suggest to his company?

Answer 20

Infrared

Instead of using radio frequency (RF) as the communication media, some devices can use light. All types of light travel from the sun to the Earth make up the light spectrum, and visible light is a small part of that entire spectrum. This channel is rarely found today because of its slow speed

Question 21

Photoplethysmography uses which type of light to measure heart rate on a wearable device?

Answer 21

Green

Green LED lights are used when the wearer is exercising by flashing green light onto the wrist hundreds of times per second. Human blood absorbs the green light. The heart rate can be determined by measuring the changes found in the green light absorption, and this method is called photoplethysmography

Question 22

Which alert utility can identify theft in a smart meter?

Answer 22

Tamper protection

Tamper protection can alert a utility in the event of tampering or theft

Question 23

Which of the following is the most secure encryption solution to adopt for a Google Android mobile device?

Answer 23

File-based encryption

Android provides an encryption option called file-based encryption, which is considered more secure than full disk encryption. File-based encryption encrypts each file with a different key so that files can be unlocked independently without decrypting the entire partition. The device can decrypt and use files needed to boot the system and process critical notifications while not decrypting personal apps and data

Question 24

Alpha Tech started a charitable competition in which every team is asked to submit a proposal for a public health contract asking for a new viral transmission mitigation app.

Which team has selected the correct option?

Answer 24

Team B has selected BAN

IoT BAN is a wireless network of wearable computing devices. Sensors that continuously monitor body temperature are being proposed to help stem the transmission of viruses among humans. The sensors could help shut down emerging viruses before a pandemic can take hold

Question 25

Zyan works for ABC Technology. The enterprise wants to provide smartphones to all its employees. They can choose from a limited list of approved mobile devices. But they need to pay for the device themselves. The company will pay them a monthly stipend. Which deployment method should Zyan suggest to meet his company’s needs?

Answer 25

Choose your own device (CYOD)

In choose your own device (CYOD), employees choose from a limited selection of approved devices but pay the upfront cost of the device while the business owns the contract

Question 26

Which of the following sensors help generate security alerts to physicians regarding patient health?

Answer 26

BAN

A body area network (BAN) can monitor electrocardiogram (EKG) impulses, blood pressure, glucose, and other human biological functions and alert physicians to any anomalies

Question 27

Which of the following devices is similar to Raspberry Pi?

Answer 27

Arduino

A device similar to the Raspberry Pi is the Arduino. Unlike the Raspberry Pi, which can function as a complete computer, the Arduino is designed to control other devices; it has an 8-bit microcontroller, compared to the 64-bit microprocessor on the Raspberry Pi, a limited amount of
RAM, and no operating system

Question 28

Which of the following tools allow a mobile device to be managed remotely by an organization and typically involve a server sending out management commands to mobile devices?

Answer 28

MDM

Mobile device management (MDM) tools allow a device to be managed remotely by an organization. MDM provides a high degree of control over the device

Question 29

Sara is asked to create a controller for light sensors. When the light falls on the sensor, it needs to indicate when a particular object is moved from its original position. For this, she needs a credit card-sized motherboard with a microcontroller on it. Which option should she select?

Answer 29

Arduino

The Arduino is a controller for other devices; it has an 8-bit microcontroller instead of a 64-bit microprocessor like the Raspberry Pi, limited RAM, and no operating system

Question 30

John is asked to design a specialized device that does not have any security features but operates on the basis of trust that assumes all other devices or users can be trusted. Which security constraint for the embedded system should John use?

Answer 30

Implied trust

Many devices are designed without any security features but operate on an “implied trust” basis that assumes all other devices or users can be trusted