GIAC Mobile Device Security Analyst (GMOB) Free Practice Test

Question 1

What is the purpose of using tools like Hopper or IDA Pro in the context of mobile app reverse engineering?
Response:

A. To enhance the app's performance

B. To analyze compiled binaries

C. To debug the application code

D. To increase app deployment speed

Correct Answer: B

Question 2

Which of the following techniques is used to bypass root detection in mobile applications?
Response:

A. Code Injection

B. Root Cloaking

C. Certificate Pinning

D. SSL/TLS Pinning

Correct Answer: B

Question 3

How does rooting or jailbreaking affect an app developer's ability to secure their application?
Response:

A. It has no effect on app security

B. It simplifies the implementation of security features

C. It complicates the enforcement of security measures within the app

D. It automatically secures the app against external threats

Correct Answer: C

Question 4

Which iOS security layer is primarily responsible for encrypting data stored on the device?
Response:

A. Application layer

B. Kernel layer

C. Secure Enclave

D. Hardware layer

Correct Answer: C

Question 5

What is the significance of using SSL/TLS interception in network security testing?
Response:

A. To increase the encryption level

B. To streamline network traffic

C. To validate the strength of encryption algorithms

D. To decrypt and inspect SSL/TLS encrypted traffic

Correct Answer: D

Question 6

What is the first step in a mobile app security assessment?
Response:

A. Testing user input validation

B. Auditing the backend server

C. Reverse engineering the app

D. Reviewing the app's permissions

Correct Answer: D

Question 7

What technique involves modifying the execution flow of an application while it is running to observe its behavior?
Response:

A. Code signing

B. Asset bundling

C. Runtime manipulation

D. Resource optimization

Correct Answer: C

Question 8

What is meant by "unlocking" a mobile device?
Response:

A. Uninstalling pre-installed applications

B. Removing carrier restrictions to use the device with other networks

C. Freeing up storage space on the device

D. Breaking the device's password

Correct Answer: B

Question 9

What technique is specifically designed to analyze and manipulate the traffic of Android applications using SSL/TLS encryption?
(Choose Two)
Response:

A. APK reverse engineering

B. Certificate authority spoofing

C. Network sniffer setup

D. SSL pinning bypass

Correct Answer: B,D

Welcome to TestSimulate

GIAC Mobile Device Security Analyst (GMOB) Free Practice Test