Jailbreaking an Apple iOS device or rooting on Android devices opens opportunities that allow the user to download and install apps from a larger pool of available sources. What are the risks, if any, associated with this type of activity?

Downloaded apps may contain malware that bypass the phone's security.

Apps downloaded from unofficial sites will void the warranty and risk not receiving OS updates.

It gives the user too much access and they may accidentally corrupt the OS.

There are no significant risks due to the built-in security protections.

A commuter sees a flyer on a train with a QR code advertising high interest rates at an online bank. The commuter scans the code, but the website indicates the promotion has ended. Within a few days the commuter's phone starts sending messages to everyone in the contacts with a malicious link. How could this have been prevented?

Do not scan QR codes from unfamiliar sources.

Ensure the antivirus software installed on the phone is up to date.

Open a browser in private mode before scanning the QR code.

Download and install a secure browser before scanning the QR code.

Guang buys a mobile device at an Apple store. He wants to harden the device using two strong methods of authentication. Which of the following would you advise Guang to use? Select two.

A PIN with at least four digits

A company uses the COPE enterprise deployment model. Every six months they delete outdated sales data from the mobile devices. However, sometimes users submit a help desk ticket to restore personal data that was accidentally deleted. How could this problem be prevented?

Use a sandbox to separate corporate and personal data.

Use a folder for corporate data and another for personal data.

Which of the following are features typically available when enabling loss or theft services on a mobile device? Select two.

Ability to remotely erase sensitive data stored on the device.

Ability to remotely lock the device.

Ability to use a very-low-power GPS tracking mode even after the battery dies.

Ability to remotely change the password.

Ability to remotely spy on the thief.

Which of the following represents capabilities that UEM provides? Select all that apply.

Record changes to digital documents.

Which of the following best describes characteristics of embedded systems? Select two.

They are designed for specific tasks.

They are general-purpose computers.

They often have real-time constraints.

They require large amounts of memory.

Which of the following statements are true about embedded systems? Select all that apply.

They are designed for a specific function.

They are contained within a larger system.

They have specialized ports used for direct human input.

They are fully functional computers integrated into a single chip.

Due to their size and degree of difficulty to access, they are easier to secure.

Identify the differences or similarities between the Raspberry Pi and the Arduino. Select three.

ICs on the Raspberry Pi and Arduino are not user programmable.

The Raspberry Pi has more processing power than the Arduino.

The Arduino is designed as a controller for other devices.

Both have strong built-in native security features.

The Raspberry Pi has an FPGA, and the Arduino has an SoC.

Which of the following statements best describe why it is beneficial to use a RTOS in a SoC?

A RTOS can handle very large amounts of data very quickly.

A RTOS is tuned to endure extreme environmental conditions.

It has many configurable security features that are embedded.

It orchestrates communication between IC chips very efficiently.

Horacio is on a space team developing a RTOS for a mission-critical device that may be exposed to radiation. Which of the following best describes ways in which the team can improve the functionality and security of the RTOS? Select two.

Create a complex and encrypted password that is burned in.

Which of the following statements are true relative to security constraints and cryptography regarding embedded systems and specialized devices? Select two.

A cryptographic algorithm should have low latency.

Decreasing latency in a cryptographic algorithm makes it run faster.

Which of the following statements are true?

It is better to apply complex and comprehensive security measures to small devices.

Decreasing latency in a cryptographic algorithm speeds up normal operations of low-power devices.

Which statement best describes why devices and systems that are optimized to draw very low levels of power lack the ability to perform strong security measures?

The batteries do not supply enough energy.

The device would heat up too quickly.

The battery would heat up too much.

Which of the following statements represents steps that can be taken to harden SCADA systems? Select two.

Disconnect unnecessary connections to the SCADA network.

Identify all connections to SCADA networks.

Make sure proprietary protocols used to protect the network are secure.

Do not use security features provided by devices because they are typically weak.

A senior software engineer starts working at a small company that wants to incorporate secure coding practices. Quality assurance currently begins after the application has been tested but before production. The engineer sees an opportunity and recommends adopting a method that breaks down the project into smaller biweekly development "bursts" that include testing. Which of the following statements are true? Select two.

The engineer prefers using the agile model.

The company is currently using the waterfall model.

The engineer is suggesting the iterative model.

The engineer is advocating for the waterfall model.

The model suggested by the engineer uses a system that has sequential characteristics.

You are hired as a consultant to create a SecDevOps program at a software development firm. Which of the following are you most likely to implement? Select two.

Dedicate human resources (a team of individuals) to monitor the process.

Ensure repetitive tasks that are not necessarily easy to automate are well documented.

Mod 06 Mobile and Embedded Device Security Select all that apply:

Employ automation wherever possible.

Embrace continuous modifications through the process with provision to roll back as needed.

Ensure modifications to immutable systems use the agile model.

Use a hybrid model that employs elements of both the waterfall and agile model.

Kaven, an app developer, works for an organization that requires the implementation of dead code. Why would the organization have such a policy?

To provide an unnecessary attack vector for attackers.

Because it is one of the secure coding techniques the organization uses.

Because the dead code serves as a placeholder for secure third-party libraries.

To further obfuscate or camouflage the code, making it difficult for attackers to understand.

To store the digital signature in a concealed location that is only accessible by the organization.

At a software development company, team Alpha is responsible for static code analysis while team Beta is responsible for dynamic code analysis. Which of the following statements accurately describes the differences or similarities relative to how the teams conduct their analysis? Select two.

Static code analysis may include actively examining each line of code visually.

Dynamic code analysis is performed while the code is running.

Dynamic code analysis uses an automated process before the code is compiled.

Static code analysis is performed on executable files while they are not running.

Fuzzing provides random input to a program in an attempt to trigger exceptions, such as memory corruption, program crashes, or security breaches. What is an advantage of fuzzing?

It produces a record of what input triggered the exception so it can be reproduced to track down the problem within the code.

It prevents all security breaches automatically.

It eliminates the need for any other security testing.

It guarantees that no program crashes will occur.

Mod 06 Mobile and Embedded Device Security

Authored by willie reynolds

Instructional Technology

Vocational training

Mod 06 Mobile and Embedded Device Security

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

37 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Why has there been a heightened interest by threat actors toward attacking mobile devices?

They have limited OTA capabilities.

They have access to sensitive data.

They use wireless technology.

They are easy to steal.

Answer explanation

Threat actors are increasingly targeting mobile devices because they contain sensitive data, such as personal information and financial details, making them lucrative targets for attacks.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A parent, who is a small business owner, takes their child on a business trip. The child uses the parent's phone during the flight. Unfortunately, the child leaves the phone on the plane, but the parent realizes it after it is too late to retrieve it. What kind of security could have prevented this type of vulnerability?

Screen lock

Remote wipe

Physical security

Location tracking

Answer explanation

Physical security could have prevented the child from leaving the phone on the plane by ensuring the device was securely attached or stored, reducing the risk of loss during travel.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A small company decides to adopt the COPE enterprise deployment model and supplies Android devices to its employees. Due to a significant downturn in the economy, they have not upgraded the devices in five years. What should the company do to limit the risk relative to the mobile devices?

Use the CYOD enterprise deployment model instead.

Ensure devices are not used for personal activities.

Ensure OTA updates are being applied.

Replace the devices with newer models.

Answer explanation

Replacing the devices with newer models is essential to mitigate security risks and ensure compatibility with current applications. Older devices may lack necessary updates and features, increasing vulnerability.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An elderly person withdraws money from an ATM at a bus terminal. They are speaking on their cell phone and overlook retrieving the bank card from the card reader. A malicious actor is watching and steals the card. Unfortunately, the card has a small piece of tape with the PIN. The attacker waits a couple of hours after the elderly person has boarded a bus and goes to the ATM to withdraw money. Even though the elderly person has not yet realized their card is missing, the attacker is unsuccessful. Which of the following most likely thwarted the attacker's intent?

Geolocation

Face recognition

Answer explanation

Face recognition likely thwarted the attacker's intent by verifying the identity of the person attempting to withdraw money, preventing unauthorized access despite having the card and PIN.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Geolocation can identify the location of an individual. It can also be used to reduce bank card fraud. When a user makes a transaction at a specific location, the bank can immediately check the location of the user's authorized cell phone. If the cell phone and the bank card are in the same place, then that can be one item of several to validate the legitimacy of the purchase; however, if the cell phone is in a distant location, the transaction may be rejected. Which of the following is NOT a reason a bank transaction may be rejected?

The cell phone is in a distant location

The cell phone is not authorized

The PIN was incorrect

An incorrect quick-response OTP

Answer explanation

The cell phone being in a distant location is a reason for potential rejection, but it is not a definitive reason like an incorrect PIN or OTP. Thus, it is the correct choice as it does not guarantee rejection.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Excel is watching a game with friends in a public forum. He is an avid fan and enjoys debating how his favorite player happens to be the best player in the league. Shortly after the game he receives a message on his mobile device with a link purporting to be advertising T-shirts and other merchandise with his favorite player. What may have caused this to happen?

Malware on his phone turned on the geotracking app.

Malware on his phone was engaged in unauthorized recording.

Someone in the public forum who knows Excel is a threat actor.

The Bluetooth-enabled television heard his conversation.

Answer explanation

The correct choice is that malware on Excel's phone was engaged in unauthorized recording. This could have allowed the malware to capture his conversation about his favorite player, leading to targeted advertisements.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An individual places a new USB cable near one of the charging stations at a busy airport. They wait from a nearby distance hoping someone will use the cable. What is the intent of the individual?

To send malicious commands to the device.

To be able to use someone else's internet connection.

To use the cable as a tracking device.

To use the cable as an antenna to intercept traffic.

Answer explanation

The individual likely intends to send malicious commands to a device that connects to the USB cable, exploiting it for unauthorized access or control, which aligns with common tactics used in cyber attacks.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Mod 06 Mobile and Embedded Device Security

Why has there been a heightened interest by threat actors toward attacking mobile devices?

Threat actors are increasingly targeting mobile devices because they contain sensitive data, such as personal information and financial details, making them lucrative targets for attacks.

Physical security could have prevented the child from leaving the phone on the plane by ensuring the device was securely attached or stored, reducing the risk of loss during travel.

A small company decides to adopt the COPE enterprise deployment model and supplies Android devices to its employees. Due to a significant downturn in the economy, they have not upgraded the devices in five years. What should the company do to limit the risk relative to the mobile devices?

Replacing the devices with newer models is essential to mitigate security risks and ensure compatibility with current applications. Older devices may lack necessary updates and features, increasing vulnerability.

Face recognition likely thwarted the attacker's intent by verifying the identity of the person attempting to withdraw money, preventing unauthorized access despite having the card and PIN.

The cell phone being in a distant location is a reason for potential rejection, but it is not a definitive reason like an incorrect PIN or OTP. Thus, it is the correct choice as it does not guarantee rejection.

The correct choice is that malware on Excel's phone was engaged in unauthorized recording. This could have allowed the malware to capture his conversation about his favorite player, leading to targeted advertisements.

An individual places a new USB cable near one of the charging stations at a busy airport. They wait from a nearby distance hoping someone will use the cable. What is the intent of the individual?

The individual likely intends to send malicious commands to a device that connects to the USB cable, exploiting it for unauthorized access or control, which aligns with common tactics used in cyber attacks.

Jailbreaking an Apple iOS device or rooting on Android devices opens opportunities that allow the user to download and install apps from a larger pool of available sources. What are the risks, if any, associated with this type of activity?

Jailbreaking or rooting allows installation of apps from unofficial sources, increasing the risk of downloading malware that can bypass security measures, potentially compromising the device.

The correct choice is to not scan QR codes from unfamiliar sources, as they can lead to malicious websites. This would have prevented the commuter from inadvertently exposing their contacts to harmful links.

Guang buys a mobile device at an Apple store. He wants to harden the device using two strong methods of authentication. Which of the following would you advise Guang to use? Select two.

Using a password and facial recognition provides strong authentication. A password is a traditional method, while facial recognition adds a biometric layer, enhancing security significantly.

Access all questions and much more by creating a free account

Popular Resources on Wayground