What are two benefits to utilizing OAuth because the authentication technique for an Android software to entry an online software or service? (Choose TWO).
OAuth integrates seamlessly right into a cellular software, by no means requiring the person to work together with the online software or service in query
OAuth solely maintains lengthy and complicated passwords for customers of the Android software so the customers don’t have to recollect them.
The appliance doesn’t have to ever know the person’s login credentials.
Within the occasion the machine working the appliance is misplaced or stolen, the OAuth credentials issued to it may be revoked by the purposes server.
OAuth allows each ends of an SSL tunnel to authenticate one another.
When an app logs out of a again finish system the developer also needs to guarantee:
app jumps to machine house display screen, clearing the information from the earlier session.
GUI parts displaying knowledge whereas logged in are destroyed as Android doesn’t do that.
app switches again to login display screen forcing the person to re-login to view the information.
app maintains the state of the session ID in the important thing chain.
As a basic finest apply when logging software knowledge which of the next is the BEST method?
Log verbosely to the syslog.
Log every part in order that the safety workforce can determine what occurred.
Log the operationally essential knowledge, whereas stopping personal knowledge from being logged.
Log the essential knowledge and quarantine something delicate in a separate log file.
Which of the next describes a course of by which one occasion confirms the identification of one other occasion?
Diffie-Hellman key change
The digital certificates used to signal the manufacturing launch needs to be:
regenerated for every model of the app.
saved contained in the app bundle earlier than deployment.
saved in a safe location separate from the passphrase.
saved with the supply code so all builders can construct the app.
When an app creates a configuration file in its personal knowledge listing the developer ought to guarantee:
that the file path is set with get Exterior Storage Listing().
that the file is created world writable.
that file possession is ready to system.
that the file will not be created world readable.
Which of the next offers an enumeration of software program weaknesses to be prevented?
Open IOC (MANDIANT)
Metasploit Framework (RAPID7)