CSCI 6013 Final Review - Security in
Mobile Computing
The first step in formulating ______ is to ask questions such as "What constraints
prevent you from protecting an asset?" and "Is broad access required?"
A) accountability
B) confidentiality
C) a security plan
D) integrity - ans C) a security plan
Most companies employ a practice whereby personnel are given the rights and
permissions to perform their jobs and nothing more. This is called:
A) access control.
B) confidentiality.
C) least privilege.
D) system access - ans C) least privilege.
Which of the following is a threat that puts personally identifiable information (PII) at
risk?
A) data theft
B) Bring Your Own Device (BYOD)
C) hashing
D) denial of service (DoS) attack - ans A) data theft
Miriam has decided to download and install a third-party app onto her Android device.
The app is not normally supported. What method does she most likely use?
A) browser exploit
B) jailbreaking
C) rooting
D) wireless phishing - ans C) rooting
Devaki has been advised by her company's cybersecurity expert to employ the "first line
of defense against unauthorized access to business data" on her personal device. What
does this refer to?
A) mobile device screen locks and password protection
B) mobile GPS location and tracking
,C) remote locks and data wipes for mobile devices
D) stored data encryption - ans A) mobile device screen locks and password protection
Sheldon is an infrastructure engineer for his company's IT department. He is currently
creating a procedure for applying a security policy within Active Directory. Which
defense method is Sheldon employing?
A) technical control
B) administrative control
C) logical control
D) physical control - ans B) administrative control
Authorization is described as:
A) a chronological record of system activity that can be forensically examined to
reconstruct a sequence of system events.
B) a process that works in conjunction with another method to grant access rights to a
user, group, system, or application.
C) the process of preventing the denial that an action has been taken.
D) the process of validating a claimed identity, whether a user, device, or application -
ans B) a process that works in conjunction with another method to grant access rights
to a user, group, system, or application.
Which regulatory standard was enacted to address investor confidence and corporate
financial fraud through reporting standards for public companies?
A) Gramm-Leach-Bliley Act (GLBA)
B) Health Insurance Portability and Accountability Act (HIPAA)
C) Payment Card Industry Data Security Standard (PCI DSS)
D) Sarbanes-Oxley Act (SOX) - ans D) Sarbanes-Oxley Act (SOX)
This principle of information security that applies to both the privacy of information
(protecting data from being seen) and its secrecy (hiding knowledge of data's existence
or whereabouts) is:
A) confidentiality.
B) integrity.
C) availability.
D) nonrepudiation. - ans A) confidentiality.
Which of the following is not an example of personally identifiable information (PII)?
A) credentials for personal or business accounts
B) credentials for remote access software for business networks
C) access to data and phone services
D) a list of passwords - ans D) a list of passwords
Common threats, such as browser exploits, snooping radio-based communications, and
stolen devices, fall under what type of threat?
A) system access threats
B) device control threats
C) data theft threats
, D) administrative threats - ans C) data theft threats
Which of the following best describes defense in depth?
A) granting personnel only those rights and permissions needed to perform their jobs
B) granting user access to the root account of Linux
C) providing a central point of control and policy from which to enhance the functionality
and efficiency of mobile communications while reducing costs and risk
D) deploying multiple forms of security to reduce the risk of deep penetration from
unauthorized users - ans D) deploying multiple forms of security to reduce the risk of
deep penetration from unauthorized users
Defense in depth is a known practice to mitigate the extent of unauthorized access.
Which of the following illustrates defense in depth?
A) IPv6, tunneling, front-end server
B) policies, firewalls, intrusion prevention system
C) database server, database authorization, database authentication
D) risk identification, risk assessment, risk mitigation - ans B) policies, firewalls,
intrusion prevention system
Which of the following sends over-the-air signals to mobile devices to distribute
configuration settings and provides a central point of control and policy?
A) the PDCA cycle
B) an intrusion prevention system
C) mobile device management (MDM)
D) rooting - ans C) mobile device management (MDM)
Employees bringing and using their own devices at work is increasingly common.
Advanced technology permits specific authorization when users use their own devices.
A context-aware firewall grants the administrator special granularity compared to other
firewalls, allowing rules to prevent:
A) users from authenticating with someone's stolen credentials
B) users taking confidential data outside the physical building
C) access specific to a certain IP address or port number
D) user access outside of normal work hours - ans D) user access outside of normal
work hours
True or False? Few threats that exist on wired networks also exist on wireless and
mobile networks. - ans False
True or False? Lily padding describes a situation in which a hacker "hops" from one
device to another, with each hop getting the hacker closer to the target. - ans True
True or False? "Rooting" modifies the Apple iOS to allow unsigned code to run on Apple
devices. - ans False
True or False? Like Bluetooth, the pairing process for near field communication (NFC)
requires user input. - ans False
Mobile Computing
The first step in formulating ______ is to ask questions such as "What constraints
prevent you from protecting an asset?" and "Is broad access required?"
A) accountability
B) confidentiality
C) a security plan
D) integrity - ans C) a security plan
Most companies employ a practice whereby personnel are given the rights and
permissions to perform their jobs and nothing more. This is called:
A) access control.
B) confidentiality.
C) least privilege.
D) system access - ans C) least privilege.
Which of the following is a threat that puts personally identifiable information (PII) at
risk?
A) data theft
B) Bring Your Own Device (BYOD)
C) hashing
D) denial of service (DoS) attack - ans A) data theft
Miriam has decided to download and install a third-party app onto her Android device.
The app is not normally supported. What method does she most likely use?
A) browser exploit
B) jailbreaking
C) rooting
D) wireless phishing - ans C) rooting
Devaki has been advised by her company's cybersecurity expert to employ the "first line
of defense against unauthorized access to business data" on her personal device. What
does this refer to?
A) mobile device screen locks and password protection
B) mobile GPS location and tracking
,C) remote locks and data wipes for mobile devices
D) stored data encryption - ans A) mobile device screen locks and password protection
Sheldon is an infrastructure engineer for his company's IT department. He is currently
creating a procedure for applying a security policy within Active Directory. Which
defense method is Sheldon employing?
A) technical control
B) administrative control
C) logical control
D) physical control - ans B) administrative control
Authorization is described as:
A) a chronological record of system activity that can be forensically examined to
reconstruct a sequence of system events.
B) a process that works in conjunction with another method to grant access rights to a
user, group, system, or application.
C) the process of preventing the denial that an action has been taken.
D) the process of validating a claimed identity, whether a user, device, or application -
ans B) a process that works in conjunction with another method to grant access rights
to a user, group, system, or application.
Which regulatory standard was enacted to address investor confidence and corporate
financial fraud through reporting standards for public companies?
A) Gramm-Leach-Bliley Act (GLBA)
B) Health Insurance Portability and Accountability Act (HIPAA)
C) Payment Card Industry Data Security Standard (PCI DSS)
D) Sarbanes-Oxley Act (SOX) - ans D) Sarbanes-Oxley Act (SOX)
This principle of information security that applies to both the privacy of information
(protecting data from being seen) and its secrecy (hiding knowledge of data's existence
or whereabouts) is:
A) confidentiality.
B) integrity.
C) availability.
D) nonrepudiation. - ans A) confidentiality.
Which of the following is not an example of personally identifiable information (PII)?
A) credentials for personal or business accounts
B) credentials for remote access software for business networks
C) access to data and phone services
D) a list of passwords - ans D) a list of passwords
Common threats, such as browser exploits, snooping radio-based communications, and
stolen devices, fall under what type of threat?
A) system access threats
B) device control threats
C) data theft threats
, D) administrative threats - ans C) data theft threats
Which of the following best describes defense in depth?
A) granting personnel only those rights and permissions needed to perform their jobs
B) granting user access to the root account of Linux
C) providing a central point of control and policy from which to enhance the functionality
and efficiency of mobile communications while reducing costs and risk
D) deploying multiple forms of security to reduce the risk of deep penetration from
unauthorized users - ans D) deploying multiple forms of security to reduce the risk of
deep penetration from unauthorized users
Defense in depth is a known practice to mitigate the extent of unauthorized access.
Which of the following illustrates defense in depth?
A) IPv6, tunneling, front-end server
B) policies, firewalls, intrusion prevention system
C) database server, database authorization, database authentication
D) risk identification, risk assessment, risk mitigation - ans B) policies, firewalls,
intrusion prevention system
Which of the following sends over-the-air signals to mobile devices to distribute
configuration settings and provides a central point of control and policy?
A) the PDCA cycle
B) an intrusion prevention system
C) mobile device management (MDM)
D) rooting - ans C) mobile device management (MDM)
Employees bringing and using their own devices at work is increasingly common.
Advanced technology permits specific authorization when users use their own devices.
A context-aware firewall grants the administrator special granularity compared to other
firewalls, allowing rules to prevent:
A) users from authenticating with someone's stolen credentials
B) users taking confidential data outside the physical building
C) access specific to a certain IP address or port number
D) user access outside of normal work hours - ans D) user access outside of normal
work hours
True or False? Few threats that exist on wired networks also exist on wireless and
mobile networks. - ans False
True or False? Lily padding describes a situation in which a hacker "hops" from one
device to another, with each hop getting the hacker closer to the target. - ans True
True or False? "Rooting" modifies the Apple iOS to allow unsigned code to run on Apple
devices. - ans False
True or False? Like Bluetooth, the pairing process for near field communication (NFC)
requires user input. - ans False
