1. What is the primary objective of reverse engineering a mobile application?
A) To improve its performance
B) To understand its internal logic and security vulnerabilities
C) To enhance user interface design
D) To reduce app size
Answer: B) To understand its internal logic and security vulnerabilities
Explanation: Reverse engineering is primarily used to analyze an app’s internal workings, identify security flaws, extract sensitive information, and understand obfuscation techniques.
2. Which tool is commonly used to decompile Android APKs into readable Java code?
A) Frida
B) JD-GUI
C) Burp Suite
D) Drozer
Answer: B) JD-GUI
Explanation: JD-GUI is a Java decompiler that allows analysts to inspect the original Java source code of an APK file after decompilation.
3. What is the purpose of the AndroidManifest.xml file in an APK?
A) It contains the UI components of the application
B) It stores user authentication details
C) It defines essential app configurations, permissions, and components
D) It is used to store user data
Answer: C) It defines essential app configurations, permissions, and components
Explanation: The AndroidManifest.xml file contains critical information such as app permissions, activities, services, and broadcast receivers.
4. Which of the following tools is used for dynamic analysis of mobile applications?
A) JADX
B) Frida
C) APKTool
D) Dex2Jar
Answer: B) Frida
Explanation: Frida is a powerful dynamic analysis tool that allows runtime manipulation of applications to analyze and bypass security mechanisms.
5. What is an Android DEX file?
A) A configuration file for app permissions
B) A compiled Java bytecode file for Dalvik/ART virtual machines
C) A digital certificate file used for app signing
D) A storage file for app assets
Answer: B) A compiled Java bytecode file for Dalvik/ART virtual machines
Explanation: DEX (Dalvik Executable) files contain compiled Java code that runs on Android’s Dalvik or ART virtual machine.
6. What is a common method to obfuscate Android applications?
A) Minification
B) Code encryption
C) ProGuard
D) Data compression
Answer: C) ProGuard
Explanation: ProGuard is a widely used tool to obfuscate and shrink Java code in Android applications, making it harder to reverse engineer.
7. Which iOS binary analysis tool is used to decompile and analyze iOS applications?
A) Hopper
B) APKTool
C) Dex2Jar
D) Ghidra
Answer: A) Hopper
Explanation: Hopper is a disassembler and decompiler used for reverse engineering iOS binaries and macOS applications.
8. What is the purpose of SSL pinning in mobile applications?
A) To increase network speed
B) To ensure secure communication by verifying server certificates
C) To reduce encryption overhead
D) To store sensitive information
Answer: B) To ensure secure communication by verifying server certificates
Explanation: SSL pinning prevents Man-in-the-Middle (MITM) attacks by ensuring that only predefined server certificates are accepted for communication.
9. What is the role of a Frida script in mobile app testing?
A) To test UI responsiveness
B) To automate functional testing
C) To hook into app processes and modify behavior
D) To compress app size
Answer: C) To hook into app processes and modify behavior
Explanation: Frida scripts allow runtime hooking into an app’s functions to intercept, modify, or bypass security mechanisms dynamically.
10. Which tool allows real-time traffic interception for mobile app security testing?
A) JADX
B) Burp Suite
C) Ghidra
D) ProGuard
Answer: B) Burp Suite
Explanation: Burp Suite is widely used to intercept and analyze HTTP/HTTPS traffic, making it useful for identifying API vulnerabilities.
11. What does an iOS app’s binary file usually have as an extension?
A) .apk
B) .dex
C) .ipa
D) .jar
Answer: C) .ipa
Explanation: iOS applications are packaged in IPA (iOS App Store Package) files, similar to Android APKs.
12. What is the main purpose of the ‘Keychain’ in iOS?
A) To manage app permissions
B) To securely store credentials and sensitive data
C) To optimize app performance
D) To store images and media
Answer: B) To securely store credentials and sensitive data
Explanation: The iOS Keychain securely stores passwords, certificates, and tokens to prevent unauthorized access.
13. Which of the following methods can be used to bypass root/jailbreak detection in mobile apps?
A) Code injection
B) Debugging the app manually
C) Hooking system calls with Frida
D) All of the above
Answer: D) All of the above
Explanation: Various techniques like code injection, modifying system properties, and function hooking using Frida can help bypass root/jailbreak detection.
14. What is an SMALI file in Android reverse engineering?
A) A compiled XML file
B) An assembly-like representation of Dalvik bytecode
C) A log file for app debugging
D) A network packet capture file
Answer: B) An assembly-like representation of Dalvik bytecode
Explanation: Smali files represent Dalvik bytecode in a human-readable format, useful for modifying and analyzing APKs.
15. Which command-line tool can be used to extract an APK from an Android device?
A) adb pull
B) burp extract
C) gdb extract
D) sqlmap
Answer: A) adb pull
Explanation: The adb pull command can be used to extract APK files from an Android device’s file system.
16. What is a common way to detect an emulator during mobile app analysis?
A) Checking for root access
B) Looking for specific device properties (e.g., ro.hardware = qemu)
C) Detecting packet sniffing tools
D) Scanning the app’s permissions
Answer: B) Looking for specific device properties (e.g., ro.hardware = qemu)
Explanation: Emulators have unique properties, such as ro.hardware = qemu, which can be checked to determine if an app is running in an emulator.
17. Which of the following techniques can help bypass SSL pinning in Android apps?
A) Using Frida hooks
B) Modifying the app’s source code
C) Patching the binary
D) All of the above
Answer: D) All of the above
Explanation: SSL pinning can be bypassed using Frida hooks, modifying smali files, or patching the binary.
18. What is the purpose of the OWASP Mobile Security Testing Guide (MSTG)?
A) To provide official app store policies
B) To define best practices for mobile security testing
C) To provide an SDK for secure app development
D) To optimize app performance
Answer: B) To define best practices for mobile security testing
Explanation: The OWASP MSTG is a comprehensive guide for security testers, developers, and researchers in mobile security.
19. What is the primary purpose of an obfuscated code in mobile apps?
A) To improve code readability
B) To prevent reverse engineering
C) To enhance performance
D) To speed up execution
Answer: B) To prevent reverse engineering
Explanation: Obfuscation makes it difficult for attackers to analyze and modify an app’s code.
20. Which tool can be used to dynamically analyze iOS apps?
A) LLDB
B) APKTool
C) JADX
D) Dex2Jar
Answer: A) LLDB
Explanation: LLDB is a low-level debugger used for analyzing and manipulating iOS applications dynamically.
21. What is the primary function of Dex2Jar in Android reverse engineering?
A) Converts DEX files into Java JAR files
B) Encrypts Android application source code
C) Bypasses SSL pinning in Android apps
D) Protects APKs from decompilation
Answer: A) Converts DEX files into Java JAR files
Explanation: Dex2Jar converts Dalvik Executable (DEX) files into Java JAR files, allowing easier analysis of decompiled Android applications.
22. Which method is commonly used to prevent dynamic analysis of an Android app?
A) Enforcing a complex password policy
B) Checking for the presence of debugging tools at runtime
C) Reducing the app’s APK file size
D) Using an SQLite database
Answer: B) Checking for the presence of debugging tools at runtime
Explanation: Many Android apps implement runtime checks to detect debuggers and prevent reverse engineering attempts.
23. In iOS apps, what is the Mach-O file format used for?
A) Storing SQLite database contents
B) Handling iOS system logs
C) Executable binary format for iOS applications
D) Encrypting network traffic
Answer: C) Executable binary format for iOS applications
Explanation: Mach-O is the executable format used by iOS and macOS applications, similar to ELF for Linux.
24. What is the purpose of a Plist file in iOS applications?
A) To store user authentication data
B) To define app settings and configurations
C) To manage app permissions
D) To encrypt stored files
Answer: B) To define app settings and configurations
Explanation: Property List (Plist) files are used in iOS apps to store app configurations, preferences, and metadata.
25. Which of the following tools can be used to extract sensitive data from an iOS app’s sandbox?
A) iExplorer
B) IDA Pro
C) Drozer
D) MobSF
Answer: A) iExplorer
Explanation: iExplorer allows access to an iOS app’s sandboxed data, including user credentials, logs, and cached files.
26. What is the main purpose of a mobile application’s signature verification process?
A) To encrypt application code
B) To verify the integrity and authenticity of the application
C) To prevent unauthorized network connections
D) To block malware from modifying system files
Answer: B) To verify the integrity and authenticity of the application
Explanation: Signature verification ensures that an app has not been tampered with and was signed by a trusted developer.
27. Which of the following is a common technique used to bypass SSL pinning in mobile applications?
A) Man-in-the-Middle attack
B) Modifying the app’s certificate trust store
C) Changing app UI components
D) Reducing app permissions
Answer: B) Modifying the app’s certificate trust store
Explanation: SSL pinning can be bypassed by modifying the trust store or using tools like Frida to disable certificate verification.
28. What is the purpose of the Drozer tool in Android security testing?
A) To automate UI testing
B) To analyze APK permissions
C) To identify and exploit security flaws in Android applications
D) To compress DEX files
Answer: C) To identify and exploit security flaws in Android applications
Explanation: Drozer is an Android security tool that allows testers to identify vulnerabilities and exploit insecure components.
29. In iOS reverse engineering, what is Cycript primarily used for?
A) Extracting encryption keys
B) Interacting with running iOS applications dynamically
C) Compiling iOS apps
D) Encrypting iOS source code
Answer: B) Interacting with running iOS applications dynamically
Explanation: Cycript is a tool that allows interaction with iOS applications at runtime, useful for testing and analysis.
30. What does a repackaged APK usually contain in a malicious attack?
A) Additional malicious code injected into the original application
B) Increased security features to prevent hacking
C) A duplicate, harmless version of the original APK
D) A compressed version of the original APK
Answer: A) Additional malicious code injected into the original application
Explanation: Repackaging an APK with malware allows attackers to distribute malicious versions of legitimate applications.
31. What is the purpose of a shellcode injection attack in mobile applications?
A) To inject arbitrary commands and gain control over the application
B) To reduce app memory usage
C) To compress executable files
D) To modify an app’s permissions
Answer: A) To inject arbitrary commands and gain control over the application
Explanation: Shellcode injection allows attackers to execute arbitrary code, potentially leading to remote code execution.
32. What is one way to identify hardcoded credentials in a mobile application?
A) Performing a static code analysis
B) Reducing app memory usage
C) Using UI testing tools
D) Deleting log files
Answer: A) Performing a static code analysis
Explanation: Static analysis tools like MobSF and JADX can help identify hardcoded credentials within an app’s source code.
33. Which tool can be used to perform mobile forensic analysis on Android devices?
A) Autopsy
B) SQLmap
C) Nikto
D) Aircrack-ng
Answer: A) Autopsy
Explanation: Autopsy is a forensic analysis tool that allows investigators to analyze Android device data, including logs and artifacts.
34. What is an Over-the-Air (OTA) update in mobile applications?
A) A software update delivered wirelessly
B) A network encryption protocol
C) A secure VPN service
D) A method to extract APK files
Answer: A) A software update delivered wirelessly
Explanation: OTA updates allow devices to receive firmware and software updates over a network.
35. What is the role of IDA Pro in mobile reverse engineering?
A) It compiles Android applications
B) It analyzes and disassembles binary executables
C) It encrypts mobile app source code
D) It generates API documentation
Answer: B) It analyzes and disassembles binary executables
Explanation: IDA Pro is a disassembler and debugger widely used for analyzing Android and iOS binaries.
36. Which technique helps bypass root detection in Android applications?
A) Using Magisk Hide
B) Running the app in a container
C) Modifying the APK’s root detection function
D) All of the above
Answer: D) All of the above
Explanation: Magisk Hide, app sandboxing, and modifying APKs are common techniques to bypass root detection.
37. What is a common security risk associated with exported Android components?
A) Unauthorized access and component exploitation
B) Increased app size
C) Faster app startup times
D) Better app performance
Answer: A) Unauthorized access and component exploitation
Explanation: Exported components (activities, services, content providers) can be exploited if not properly secured.
38. Which file contains the compiled iOS application binary?
A) Payload/Executable
B) AndroidManifest.xml
C) Assets/Resources
D) DEX
Answer: A) Payload/Executable
Explanation: In an IPA file, the Payload folder contains the compiled iOS binary executable.
39. What is the purpose of Frida’s Objection framework?
A) Automating reverse engineering tasks
B) Debugging network traffic
C) Encrypting app data
D) Modifying XML configurations
Answer: A) Automating reverse engineering tasks
Explanation: Objection is a powerful tool built on Frida to dynamically analyze and modify mobile applications.
40. What is the main risk of improperly implemented biometric authentication in mobile apps?
A) It can be bypassed using replay attacks or fake biometrics
B) It makes an app load slower
C) It consumes too much memory
D) It increases app permissions
Answer: A) It can be bypassed using replay attacks or fake biometrics
Explanation: Weak biometric implementations can be spoofed using fake fingerprints, face images, or bypassed via replay attacks.
41. What is a common security issue in mobile applications that store sensitive data locally?
A) Lack of UI responsiveness
B) Insecure data storage
C) High CPU usage
D) Increased network latency
Answer: B) Insecure data storage
Explanation: Storing sensitive data (e.g., passwords, tokens) without encryption in local storage (e.g., SharedPreferences, SQLite, Plist) can lead to data theft if an attacker gains access.
42. Which tool is commonly used to decompile iOS applications into readable source code?
A) class-dump
B) APKTool
C) Dex2Jar
D) JADX
Answer: A) class-dump
Explanation: class-dump is an iOS tool used to extract class structures and methods from Mach-O binaries.
43. What does the term “hooking” mean in mobile app reverse engineering?
A) Modifying an app’s UI elements
B) Injecting code into a running application to modify its behavior
C) Encrypting source code to prevent analysis
D) Bypassing SSL pinning
Answer: B) Injecting code into a running application to modify its behavior
Explanation: Hooking allows modifying an app’s functions and system calls at runtime, which is commonly done using tools like Frida and Xposed.
44. In Android, what is the role of the Smali code during reverse engineering?
A) It stores app permissions
B) It represents the intermediate Dalvik bytecode in human-readable format
C) It contains network logs
D) It encrypts app data
Answer: B) It represents the intermediate Dalvik bytecode in human-readable format
Explanation: Smali files are the disassembled representation of DEX bytecode, allowing modification of app logic before recompilation.
45. What is an ELF binary, and how does it relate to Android applications?
A) A binary format for executing Linux-based programs, including Android native libraries
B) A log file used for debugging Android apps
C) A special encryption file used in Android applications
D) A file format used for AndroidManifest.xml
Answer: A) A binary format for executing Linux-based programs, including Android native libraries
Explanation: ELF (Executable and Linkable Format) is the binary format used for Android’s native libraries (.so files).
46. Which iOS feature enforces code signing to prevent unauthorized modifications of applications?
A) ASLR (Address Space Layout Randomization)
B) Gatekeeper
C) Secure Enclave
D) Code Signing Enforced (CSE)
Answer: D) Code Signing Enforced (CSE)
Explanation: iOS Code Signing Enforced (CSE) ensures that only apps signed by Apple or a trusted developer can run on an iOS device.
47. What is the purpose of the ‘re-signing’ process in mobile app reverse engineering?
A) To recompile Java code in Android applications
B) To bypass code signing restrictions and modify an app
C) To improve an app’s performance
D) To store user credentials securely
Answer: B) To bypass code signing restrictions and modify an app
Explanation: Re-signing is required after modifying an app’s binary to allow it to run on a device without triggering security checks.
48. Which security feature helps protect Android applications from being debugged at runtime?
A) SELinux
B) Debuggable flag in the AndroidManifest.xml
C) Secure Boot
D) ASLR
Answer: B) Debuggable flag in the AndroidManifest.xml
Explanation: If the debuggable flag is set to true, an attacker can attach a debugger and analyze the app’s runtime behavior.
49. How can an attacker bypass Android app license verification checks?
A) By modifying the application’s network settings
B) By removing or modifying license validation code using Smali edits
C) By uninstalling and reinstalling the app
D) By changing the app’s permissions
Answer: B) By removing or modifying license validation code using Smali edits
Explanation: Attackers patch or modify Smali code to bypass Google Play License Verification checks.
50. Which tool can extract encryption keys from memory during a mobile app’s execution?
A) Ghidra
B) Mimikatz
C) Volatility
D) Radare2
Answer: C) Volatility
Explanation: Volatility is a memory forensics tool that can extract encryption keys, passwords, and other sensitive data from RAM.
51. What is the impact of failing to implement certificate pinning in a mobile app?
A) Increased CPU usage
B) Vulnerability to Man-in-the-Middle (MITM) attacks
C) Lower network latency
D) Better user experience
Answer: B) Vulnerability to Man-in-the-Middle (MITM) attacks
Explanation: Without certificate pinning, attackers can intercept and modify HTTPS traffic using fake certificates.
52. What is the purpose of the “objection” tool in reverse engineering?
A) To analyze network traffic
B) To automate mobile app security testing without needing a jailbreak/root
C) To extract files from an Android APK
D) To encrypt application data
Answer: B) To automate mobile app security testing without needing a jailbreak/root
Explanation: Objection (built on Frida) allows dynamic analysis, bypassing security controls, and dumping sensitive app data.
53. What is “instrumentation” in the context of mobile app security?
A) Attaching a debugger to an application to modify its runtime behavior
B) Encrypting network communication
C) Testing an app for UI responsiveness
D) Securing user authentication
Answer: A) Attaching a debugger to an application to modify its runtime behavior
Explanation: Instrumentation is a technique where tools like Frida or Xposed modify an app’s behavior at runtime.
54. What does an “overlay attack” target in mobile security?
A) UI components to trick users into entering sensitive information
B) Network communication to intercept packets
C) Battery consumption optimization
D) Root detection bypass
Answer: A) UI components to trick users into entering sensitive information
Explanation: Overlay attacks create a fake UI layer on top of an app to steal user credentials or sensitive information.
55. Which of the following helps prevent reverse engineering of Android apps?
A) Using ProGuard or R8 for obfuscation
B) Disabling Secure Boot
C) Allowing root access by default
D) Keeping the app open-source
Answer: A) Using ProGuard or R8 for obfuscation
Explanation: ProGuard and R8 help obfuscate Java code, making it harder for attackers to reverse engineer an application.
56. What is the primary purpose of Frida’s spawn function?
A) To launch a new application process and attach Frida to it
B) To extract files from an APK
C) To inject malicious payloads
D) To remove root detection
Answer: A) To launch a new application process and attach Frida to it
Explanation: Frida’s spawn function allows analysts to start an app and attach Frida before execution, useful for bypassing security measures.
57. What is a common weakness in Android content providers?
A) Exposed sensitive data due to improper access control
B) Slow performance on low-end devices
C) High power consumption
D) Excessive API calls
Answer: A) Exposed sensitive data due to improper access control
Explanation: Misconfigured content providers can leak sensitive user data to unauthorized applications.
58. What is the role of logcat in Android reverse engineering?
A) Capturing runtime logs and debugging information
B) Encrypting application data
C) Extracting APK files
D) Detecting malware
Answer: A) Capturing runtime logs and debugging information
Explanation: logcat is used to analyze application logs, which may reveal sensitive data or security flaws.
59. What is the primary function of the adb shell command in Android debugging?
A) Encrypting application files
B) Accessing an Android device’s command-line interface
C) Optimizing app performance
D) Compiling APKs
Answer: B) Accessing an Android device’s command-line interface
Explanation: The adb shell command allows security analysts and developers to interact with an Android device’s shell, executing commands for debugging and analysis.
60. Which Android component is responsible for handling inter-process communication (IPC)?
A) Content Providers
B) Intent Filters
C) Binder
D) Activity Manager
Answer: C) Binder
Explanation: Binder is Android’s inter-process communication (IPC) mechanism, allowing apps and system services to communicate securely.
61. What is a major security risk when an Android app has an exported Activity without proper intent filtering?
A) Unauthorized external applications can launch the Activity
B) The app consumes excessive memory
C) The app experiences frequent crashes
D) The app requires additional permissions
Answer: A) Unauthorized external applications can launch the Activity
Explanation: If an Activity is marked as exported, other apps can directly invoke it, leading to unauthorized access or privilege escalation.
62. Which of the following is a common way to bypass root detection in iOS apps?
A) Using Liberty Lite tweak
B) Modifying iOS system logs
C) Disabling the Keychain
D) Enabling Secure Boot
Answer: A) Using Liberty Lite tweak
Explanation: Liberty Lite is a jailbreak detection bypass tweak that hides the presence of a jailbroken environment from apps.
63. In iOS, which directory typically contains sensitive app data?
A) /var/logs
B) /Library/Application Support
C) /var/mobile/Containers/Data/Application
D) /System/Applications
Answer: C) /var/mobile/Containers/Data/Application
Explanation: iOS apps store their sandboxed data inside /var/mobile/Containers/Data/Application/, making it a target for forensic analysis.
64. What is a common method used to analyze API requests made by a mobile app?
A) Enabling airplane mode
B) Using a network proxy like Burp Suite
C) Increasing screen brightness
D) Running the app in safe mode
Answer: B) Using a network proxy like Burp Suite
Explanation: Burp Suite intercepts and analyzes API requests, making it useful for testing mobile API security.
65. What is the primary function of the objdump command when analyzing iOS binaries?
A) Disassembling Mach-O binaries to inspect assembly code
B) Encrypting iOS application files
C) Extracting metadata from Plist files
D) Debugging iOS applications
Answer: A) Disassembling Mach-O binaries to inspect assembly code
Explanation: objdump is a disassembler that helps in reverse engineering iOS Mach-O binaries.
66. Which tool is commonly used to analyze memory dumps from mobile applications?
A) Frida
B) Volatility
C) jadx
D) APKTool
Answer: B) Volatility
Explanation: Volatility is a powerful memory forensics tool used to analyze memory dumps, revealing encryption keys, credentials, and runtime data.
67. What is a key risk of insecure direct object references (IDOR) in mobile applications?
A) Attackers can access unauthorized data by manipulating request parameters
B) The app crashes frequently
C) The app consumes excessive battery power
D) The app fails to load on older devices
Answer: A) Attackers can access unauthorized data by manipulating request parameters
Explanation: IDOR vulnerabilities occur when insufficient authorization checks allow attackers to access unintended resources.
68. Which encryption algorithm is considered weak and should not be used for securing sensitive data in mobile apps?
A) AES-256
B) RSA-2048
C) MD5
D) SHA-256
Answer: C) MD5
Explanation: MD5 is a cryptographically broken algorithm due to collision vulnerabilities, making it unsuitable for security purposes.
69. What is an “Xposed Module” used for in Android security testing?
A) To modify an app’s behavior at runtime without modifying the APK
B) To decompile APK files
C) To analyze network traffic
D) To secure an Android device against malware
Answer: A) To modify an app’s behavior at runtime without modifying the APK
Explanation: Xposed Framework allows runtime modifications to Android applications using custom modules.
70. What is the function of the frida-trace command in Frida?
A) To automatically generate hooks for function calls
B) To encrypt an Android APK
C) To extract user credentials from an application
D) To disassemble a DEX file
Answer: A) To automatically generate hooks for function calls
Explanation: frida-trace is used to intercept and hook function calls dynamically for analysis and exploitation.
71. What is a common way to prevent unauthorized tampering with an iOS app?
A) Using code signing and integrity verification
B) Increasing app permissions
C) Disabling app logging
D) Enabling Bluetooth
Answer: A) Using code signing and integrity verification
Explanation: Code signing and integrity checks prevent modification of iOS applications by ensuring they haven’t been tampered with.
72. In Android, which file stores encrypted application data such as login credentials?
A) SharedPreferences
B) AndroidManifest.xml
C) strings.xml
D) DEX
Answer: A) SharedPreferences
Explanation: SharedPreferences often store user authentication tokens and settings, making them a target for attackers.
73. What is the purpose of gdb in mobile reverse engineering?
A) To analyze and debug application binaries
B) To capture network traffic
C) To decompile Java classes
D) To encrypt files
Answer: A) To analyze and debug application binaries
Explanation: gdb (GNU Debugger) allows analysis and debugging of mobile applications, particularly in iOS and Linux environments.
74. What is an “arm64” binary in mobile applications?
A) A 64-bit architecture binary used in ARM-based devices
B) A special encryption method
C) A software update format
D) A decompiler tool
Answer: A) A 64-bit architecture binary used in ARM-based devices
Explanation: arm64 refers to 64-bit ARM architecture, which is commonly used in modern mobile processors.
75. What is the purpose of a “Jailbreak Detection Bypass” technique in iOS testing?
A) To disable Apple’s security restrictions for deeper analysis
B) To improve battery life
C) To increase app performance
D) To optimize graphics rendering
Answer: A) To disable Apple’s security restrictions for deeper analysis
Explanation: Jailbreak detection bypass techniques allow penetration testers to analyze iOS security mechanisms more thoroughly.
76. What is the primary risk of improper session management in mobile applications?
A) Session hijacking attacks
B) Higher app memory usage
C) Lower screen resolution
D) Increased boot time
Answer: A) Session hijacking attacks
Explanation: Weak session management can lead to session hijacking, where attackers impersonate legitimate users.
77. What does “base64 encoding” provide in mobile applications?
A) Obfuscation, not encryption
B) Secure encryption for sensitive data
C) Faster app performance
D) Improved UI design
Answer: A) Obfuscation, not encryption
Explanation: Base64 encoding is not encryption, it is just an encoding mechanism that can be easily reversed.
78. What is the primary function of the apktool d command?
A) Decompile an APK into Smali and extract resources
B) Encrypt an APK for secure storage
C) Debug network traffic from an Android app
D) Compile Java code into DEX format
Answer: A) Decompile an APK into Smali and extract resources
Explanation: The apktool d command decompiles an APK, extracting Smali code and app resources for reverse engineering.
79. What is the purpose of an “Entropy Test” in reverse engineering?
A) To detect compressed or encrypted data inside an application
B) To analyze battery consumption
C) To measure network performance
D) To detect app UI responsiveness
Answer: A) To detect compressed or encrypted data inside an application
Explanation: Entropy analysis is used to identify encrypted or compressed sections in binaries, which may hide critical code or sensitive data.
80. Which of the following is a dynamic analysis tool used for mobile application security testing?
A) Burp Suite
B) JADX
C) Dex2Jar
D) APKTool
Answer: A) Burp Suite
Explanation: Burp Suite is widely used for dynamic security testing, especially for intercepting and modifying API requests.
81. What is the main risk of exposing an Android app’s exported Service?
A) Unauthorized applications may interact with the service and execute actions
B) The app will consume excessive memory
C) The app will require additional permissions
D) The app’s UI may become unresponsive
Answer: A) Unauthorized applications may interact with the service and execute actions
Explanation: If an Android Service is exported, any application can interact with it, leading to unauthorized access or privilege escalation.
82. What is the purpose of the frida-ps command in Frida?
A) To list all running processes on a device
B) To encrypt mobile application files
C) To extract credentials from memory
D) To analyze database files
Answer: A) To list all running processes on a device
Explanation: frida-ps is used to enumerate running processes, helping in attaching Frida to specific apps for analysis.
83. What is a common method for bypassing “SSL pinning” in iOS applications?
A) Using SSL Kill Switch
B) Disabling app notifications
C) Reducing app permissions
D) Modifying SQLite database files
Answer: A) Using SSL Kill Switch
Explanation: SSL Kill Switch is an iOS security tool that helps bypass SSL pinning and intercept network traffic.
84. What is the purpose of a “Native Debugger” in mobile reverse engineering?
A) To analyze and modify native code execution at runtime
B) To decrypt sensitive data stored in databases
C) To inspect Java source code
D) To analyze app metadata
Answer: A) To analyze and modify native code execution at runtime
Explanation: A native debugger (e.g., gdb or lldb) allows debugging of compiled native code, helping in analyzing native libraries (.so/.dylib).
85. What is “Side Loading” in mobile applications?
A) Installing applications from unofficial sources
B) Encrypting APK files before installation
C) Debugging apps using Frida
D) Optimizing app performance
Answer: A) Installing applications from unofficial sources
Explanation: Side loading refers to installing apps manually from APK/IPA files, bypassing official app stores.
86. What is the main advantage of using obfuscation in mobile applications?
A) Making reverse engineering more difficult
B) Improving CPU performance
C) Reducing app size
D) Increasing network speed
Answer: A) Making reverse engineering more difficult
Explanation: Obfuscation transforms code into a harder-to-understand format, preventing easy reverse engineering.
87. In Android applications, what is the role of the .so files?
A) They contain native shared library code
B) They store user preferences
C) They contain Java classes
D) They define app permissions
Answer: A) They contain native shared library code
Explanation: .so (shared object) files contain compiled native C/C++ code, often used for performance optimization and security.
88. What is a common technique to bypass certificate pinning in Android apps?
A) Using JustTrustMe Xposed module
B) Changing app background color
C) Disabling app logs
D) Compressing the app assets
Answer: A) Using JustTrustMe Xposed module
Explanation: JustTrustMe is an Xposed module that bypasses SSL pinning checks, allowing network traffic interception.
89. What is the primary security risk of storing API keys directly in a mobile app’s code?
A) Attackers can extract them and misuse the API
B) The app may consume more memory
C) The app may become slower
D) The app requires frequent updates
Answer: A) Attackers can extract them and misuse the API
Explanation: Hardcoded API keys can be extracted from the app’s code and used for unauthorized API access.
90. What is “dynamic instrumentation” in mobile security testing?
A) Modifying an app’s behavior at runtime
B) Decompiling an APK to inspect its source code
C) Extracting logs from an application
D) Encrypting mobile databases
Answer: A) Modifying an app’s behavior at runtime
Explanation: Dynamic instrumentation (e.g., using Frida) allows runtime modification of an app’s execution flow.
91. What is the role of keychain-dumper in iOS security testing?
A) Extracting stored credentials from iOS Keychain
B) Debugging iOS applications
C) Encrypting application data
D) Modifying Plist files
Answer: A) Extracting stored credentials from iOS Keychain
Explanation: keychain-dumper is a security tool used to extract credentials and sensitive data stored in iOS Keychain.
92. What does “path traversal” vulnerability allow an attacker to do in a mobile app?
A) Access unintended files by manipulating file paths
B) Modify the app’s permissions
C) Speed up app execution
D) Bypass UI restrictions
Answer: A) Access unintended files by manipulating file paths
Explanation: Path traversal allows attackers to access files outside the intended directory, which can lead to data leakage.
93. What is the main risk of failing to implement “secure logging” in mobile applications?
A) Sensitive information may be exposed in logs
B) The app will crash frequently
C) The app’s UI may freeze
D) The app will consume more memory
Answer: A) Sensitive information may be exposed in logs
Explanation: If an app logs sensitive data (e.g., credentials, API keys, tokens), attackers can extract them from logs.
94. What is the purpose of otool in iOS reverse engineering?
A) To analyze Mach-O binaries
B) To intercept network requests
C) To decrypt AES-encrypted files
D) To modify SQLite databases
Answer: A) To analyze Mach-O binaries
Explanation: otool is an iOS tool used to inspect Mach-O binaries, helping in reverse engineering iOS applications.
95. Which of the following is a common method for detecting an emulator in an Android app?
A) Checking for properties like ro.hardware = qemu
B) Monitoring battery temperature
C) Reducing app permissions
D) Increasing logging levels
Answer: A) Checking for properties like ro.hardware = qemu
Explanation: Apps detect emulators by checking system properties that are unique to virtualized environments.
96. What is the primary role of Ghidra in mobile application reverse engineering?
A) To disassemble and analyze binary executables
B) To encrypt mobile application files
C) To optimize mobile network communication
D) To perform API security testing
Answer: A) To disassemble and analyze binary executables
Explanation: Ghidra is a powerful reverse engineering tool developed by the NSA, used to analyze Android and iOS binaries.
97. What is the purpose of the dtrace tool in iOS security testing?
A) To monitor and analyze system calls and processes
B) To decompile iOS applications into readable source code
C) To extract stored user credentials
D) To bypass biometric authentication
Answer: A) To monitor and analyze system calls and processes
Explanation: dtrace is used for dynamic tracing of system calls, processes, and execution flow, aiding in reverse engineering.
98. How can attackers bypass local authentication mechanisms in mobile apps?
A) By intercepting API responses
B) By modifying authentication checks in the app’s code
C) By replacing the app’s certificate
D) By using low-power mode
Answer: B) By modifying authentication checks in the app’s code
Explanation: Attackers can bypass authentication by patching login checks or modifying authentication logic in Smali or native code.
99. What is an .ipa file in iOS applications?
A) A package format for iOS applications
B) A security log file
C) A configuration file for iOS devices
D) A type of cryptographic key
Answer: A) A package format for iOS applications
Explanation: .ipa (iOS App Store Package) files contain iOS applications, similar to .apk files for Android.
100. What is a primary risk of embedding sensitive API keys in mobile applications?
A) Attackers can extract and use them for unauthorized API access
B) The app may crash frequently
C) The app will consume excessive network bandwidth
D) The app will load slower
Answer: A) Attackers can extract and use them for unauthorized API access
Explanation: Hardcoded API keys can be extracted from decompiled applications, leading to unauthorized access or abuse of the API.
101. What is the role of dyld in iOS applications?
A) It is responsible for dynamic linking of libraries at runtime
B) It encrypts user credentials
C) It manages background application processes
D) It improves app launch speed
Answer: A) It is responsible for dynamic linking of libraries at runtime
Explanation: dyld (Dynamic Linker) in iOS is responsible for loading and linking shared libraries during app execution.
102. What is a common method for detecting a jailbroken iOS device?
A) Checking for the presence of system binaries like Cydia
B) Monitoring battery usage
C) Checking app permissions
D) Disabling Secure Boot
Answer: A) Checking for the presence of system binaries like Cydia
Explanation: Jailbreak detection often involves checking for common jailbreak files, such as /Applications/Cydia.app.
103. What is the function of lldb in iOS reverse engineering?
A) It is a debugger for analyzing and modifying application behavior
B) It compresses application binaries
C) It extracts SSL certificates from the device
D) It encrypts API responses
Answer: A) It is a debugger for analyzing and modifying application behavior
Explanation: lldb (Low-Level Debugger) is used in iOS reverse engineering to debug and modify runtime behavior.
104. Which of the following is a primary risk of insecure WebView implementation in mobile applications?
A) Cross-Site Scripting (XSS) attacks
B) Slower app performance
C) Higher data storage costs
D) Reduced battery life
Answer: A) Cross-Site Scripting (XSS) attacks
Explanation: Insecure WebView implementations can allow JavaScript injection (XSS attacks), leading to data theft or phishing attacks.
105. What is the purpose of the codesign command in iOS application security?
A) To verify the integrity of an iOS application’s signature
B) To decompile iOS apps into assembly code
C) To extract stored user credentials
D) To analyze memory dumps
Answer: A) To verify the integrity of an iOS application’s signature
Explanation: codesign ensures that an iOS application has not been modified and is signed by a trusted entity.
106. What is a common way to analyze encrypted application traffic in mobile security testing?
A) Using a proxy tool with custom CA certificates
B) Disabling app notifications
C) Using a screen recorder
D) Running the app in airplane mode
Answer: A) Using a proxy tool with custom CA certificates
Explanation: Intercepting encrypted traffic requires installing a custom CA certificate to decrypt SSL/TLS communications.
107. What is the risk of failing to properly configure Android Backup settings in an app?
A) Users’ sensitive data can be extracted via adb backup
B) The app may fail to update properly
C) The app will consume excessive battery power
D) The app will require frequent reinstallation
Answer: A) Users’ sensitive data can be extracted via adb backup
Explanation: If an app allows backups (android:allowBackup="true"), attackers can extract sensitive app data using adb backup.
108. How can an attacker exploit an insecure Android BroadcastReceiver?
A) By sending a crafted intent to trigger unauthorized actions
B) By increasing app permissions
C) By modifying SQLite database entries
D) By deleting app logs
Answer: A) By sending a crafted intent to trigger unauthorized actions
Explanation: If a BroadcastReceiver is not properly secured, attackers can send unauthorized intents to execute privileged actions.
109. What is the primary function of Radare2 in reverse engineering?
A) Disassembling and analyzing binary executables
B) Encrypting mobile app data
C) Extracting API keys from memory
D) Debugging Java applications
Answer: A) Disassembling and analyzing binary executables
Explanation: Radare2 (r2) is a powerful open-source reverse engineering framework used for binary analysis.
110. What is the risk of storing OAuth tokens persistently in SharedPreferences in Android applications?
A) They can be extracted by attackers with root access
B) They increase the app’s launch time
C) They slow down network requests
D) They reduce the app’s memory usage
Answer: A) They can be extracted by attackers with root access
Explanation: SharedPreferences is not secure for storing sensitive data like OAuth tokens, as attackers with root access can extract them.
111. What is the primary function of the frida-server binary in Frida?
A) It enables Frida to hook into processes on a device
B) It encrypts APK files
C) It speeds up app execution
D) It extracts SQLite database files
Answer: A) It enables Frida to hook into processes on a device
Explanation: frida-server is installed on a rooted/jailbroken device to allow Frida to inject and modify process behavior dynamically.
112. What is the purpose of the adb forward command?
A) To forward traffic from an Android device to a local port
B) To extract an APK file from a device
C) To encrypt local network communication
D) To disable root access
Answer: A) To forward traffic from an Android device to a local port
Explanation: The adb forward command is used to redirect ports between a host machine and an Android device, useful for debugging and traffic analysis.
113. What is a common method used to analyze an iOS app’s keychain data?
A) Using keychain-dumper
B) Using otool
C) Using apktool
D) Using frida-ps
Answer: A) Using keychain-dumper
Explanation: keychain-dumper is used to extract stored credentials and sensitive data from an iOS device’s keychain.
114. Which Android security feature prevents an attacker from extracting an APK from a device?
A) Play Protect
B) Secure Boot
C) App Signing with Google Play
D) SELinux Enforced
Answer: C) App Signing with Google Play
Explanation: Google Play App Signing ensures that an APK is securely signed and protected from unauthorized extraction or modification.
115. What is a common technique to bypass two-factor authentication (2FA) in a mobile app?
A) Intercepting API requests and modifying responses
B) Increasing screen brightness
C) Running the app in offline mode
D) Changing the app’s icon
Answer: A) Intercepting API requests and modifying responses
Explanation: Attackers can use tools like Burp Suite to intercept API responses and bypass 2FA authentication checks.
116. What is the primary function of gdbserver in mobile debugging?
A) To allow remote debugging of a process
B) To encrypt Android application files
C) To optimize CPU performance
D) To bypass SSL pinning
Answer: A) To allow remote debugging of a process
Explanation: gdbserver is a tool that enables remote debugging of applications running on Android or iOS devices.
117. What is the risk of using a WebView to load arbitrary URLs in a mobile app?
A) The app may become vulnerable to phishing or JavaScript injection attacks
B) The app will consume excessive memory
C) The app’s UI will become unresponsive
D) The app will fail to load on older devices
Answer: A) The app may become vulnerable to phishing or JavaScript injection attacks
Explanation: Unsecured WebView implementations can allow attackers to inject malicious JavaScript or trick users into phishing attacks.
118. What is the role of dylib files in iOS applications?
A) They are dynamic libraries used for app execution
B) They store user authentication data
C) They act as encryption keys
D) They manage application permissions
Answer: A) They are dynamic libraries used for app execution
Explanation: dylib (Dynamic Library) files are shared libraries used by iOS applications for loading external functionality at runtime.
119. What is a “Repackaged Malware” attack in mobile security?
A) When an attacker modifies a legitimate app to inject malicious code and redistributes it
B) When an attacker deletes app permissions
C) When an attacker prevents an app from running in an emulator
D) When an attacker increases the app’s launch time
Answer: A) When an attacker modifies a legitimate app to inject malicious code and redistributes it
Explanation: Repackaged malware attacks involve attackers modifying legitimate APKs or IPAs to include malicious code before distributing them.
120. What is the purpose of dexdump in Android reverse engineering?
A) To analyze and extract information from DEX files
B) To decompile an APK into Java source code
C) To encrypt an Android application
D) To bypass network security restrictions
Answer: A) To analyze and extract information from DEX files
Explanation: dexdump is used to analyze Dalvik Executable (DEX) files inside APKs, helping in reverse engineering efforts.
121. What is “Hooking” in the context of mobile security?
A) The process of intercepting and modifying function calls at runtime
B) The process of compressing an APK
C) The process of encrypting Java source code
D) The process of modifying SQLite databases
Answer: A) The process of intercepting and modifying function calls at runtime
Explanation: Hooking (e.g., using Frida or Xposed) allows security analysts to intercept, modify, and analyze application functions at runtime.
122. What is a common sign that an Android application is running inside an emulator?
A) The presence of ro.hardware = goldfish or ro.hardware = qemu
B) The app takes longer to load
C) The app has a larger APK size
D) The app does not support background processes
Answer: A) The presence of ro.hardware = goldfish or ro.hardware = qemu
Explanation: Many applications check for emulator-specific system properties, such as “goldfish” or “qemu”, to detect if they are running in a virtualized environment.
123. What is the purpose of ldid in iOS reverse engineering?
A) To sign unsigned binaries for execution on jailbroken devices
B) To extract encryption keys
C) To modify SQLite databases
D) To intercept network packets
Answer: A) To sign unsigned binaries for execution on jailbroken devices
Explanation: ldid (Link Identity Editor) is used in jailbroken iOS environments to sign modified or custom binaries for execution.
124. What is a potential security risk of failing to implement session expiration in a mobile app?
A) Attackers may reuse stolen session tokens to access user accounts
B) The app may consume excessive CPU power
C) The app will fail to connect to the internet
D) The app will require frequent updates
Answer: A) Attackers may reuse stolen session tokens to access user accounts
Explanation: Session expiration prevents session hijacking by ensuring that stolen tokens expire after a certain period.
125. How can attackers extract sensitive data from an unprotected mobile application’s memory?
A) By using memory forensics tools like Volatility
B) By increasing app permissions
C) By enabling airplane mode
D) By uninstalling the app
Answer: A) By using memory forensics tools like Volatility
Explanation: Memory forensics tools (e.g., Volatility) allow attackers to extract sensitive data such as encryption keys, passwords, and session tokens from RAM.
126. What is the primary function of Frida Gadget?
A) A pre-compiled Frida binary that allows injecting Frida into non-rooted devices
B) A network sniffer for mobile applications
C) A logging tool for Android applications
D) A tool for encrypting mobile application data
Answer: A) A pre-compiled Frida binary that allows injecting Frida into non-rooted devices
Explanation: Frida Gadget is a precompiled Frida binary that can be embedded into an APK or iOS app, allowing dynamic instrumentation without requiring root/jailbreak.
127. What is the purpose of the adb logcat command in Android security testing?
A) To capture real-time application logs for debugging
B) To encrypt log files for security
C) To analyze APK metadata
D) To decompile an Android application
Answer: A) To capture real-time application logs for debugging
Explanation: adb logcat captures runtime logs from an Android application, which may reveal sensitive information or security flaws.
128. What is an “Unsigned APK” and why is it significant in reverse engineering?
A) An APK that has been modified but not signed, allowing further modifications
B) An APK that is protected against tampering
C) A compressed version of an Android application
D) A beta version of an Android app
Answer: A) An APK that has been modified but not signed, allowing further modifications
Explanation: Unsigned APKs are often used in reverse engineering because they allow modifications without breaking signature verification.
129. What is a “Smali patch” in Android reverse engineering?
A) Modifying the Smali code to alter app behavior before recompilation
B) Encrypting an APK to protect it from reverse engineering
C) Extracting strings from an AndroidManifest.xml file
D) Optimizing an APK for better performance
Answer: A) Modifying the Smali code to alter app behavior before recompilation
Explanation: Smali patches modify disassembled DEX (Dalvik Executable) code, allowing reverse engineers to change app logic before recompiling the APK.
130. What is the purpose of jtool in iOS reverse engineering?
A) To analyze and manipulate Mach-O binaries
B) To debug network connections
C) To scan for malware in iOS applications
D) To encrypt iOS application data
Answer: A) To analyze and manipulate Mach-O binaries
Explanation: jtool is an advanced Mach-O analysis tool used for analyzing and modifying iOS binaries.
131. What is the risk of exposing “Implicit Intents” in Android applications?
A) Attackers can send unauthorized intents to trigger application actions
B) The app may run slower
C) The app will require more permissions
D) The app will consume more battery
Answer: A) Attackers can send unauthorized intents to trigger application actions
Explanation: Implicit intents may allow untrusted applications to trigger sensitive actions if not properly secured.
132. What is the purpose of the chmod 777 command in Android shell?
A) It gives full read, write, and execute permissions to a file or directory
B) It encrypts system files
C) It removes root access from the device
D) It disables network communication
Answer: A) It gives full read, write, and execute permissions to a file or directory
Explanation: chmod 777 makes a file or directory fully accessible, which may lead to security vulnerabilities if misused.
133. What is “dynamic binary instrumentation” (DBI) in mobile app security testing?
A) Injecting code at runtime to modify app behavior
B) Decompiling an APK into Smali code
C) Extracting user data from an application
D) Signing an iOS application for distribution
Answer: A) Injecting code at runtime to modify app behavior
Explanation: DBI tools like Frida and DynamoRIO allow modifying an app’s execution flow in real-time for analysis.
134. How can an attacker exploit an unprotected Android ContentProvider?
A) By accessing and modifying stored data without proper permissions
B) By modifying the app’s background color
C) By bypassing biometric authentication
D) By uninstalling the application
Answer: A) By accessing and modifying stored data without proper permissions
Explanation: Improperly secured ContentProviders may expose sensitive data, allowing unauthorized read/write access.
135. What is a common method to bypass Android app root detection?
A) Using Magisk Hide to mask root status
B) Increasing the app’s priority in task manager
C) Changing the app’s UI elements
D) Disabling network connections
Answer: A) Using Magisk Hide to mask root status
Explanation: Magisk Hide is a feature in Magisk that allows hiding root status from security-sensitive applications.
136. What is an ELF file in Android applications?
A) A binary file containing compiled native code
B) A configuration file for network security settings
C) An XML file storing app preferences
D) A database file used for storing user data
Answer: A) A binary file containing compiled native code
Explanation: ELF (Executable and Linkable Format) files contain compiled native code used in Android shared libraries (.so files).
137. What is “Method Swizzling” in iOS applications?
A) Changing method implementations at runtime
B) Encrypting method calls in Objective-C code
C) Disabling app logs during debugging
D) Modifying an app’s package name
Answer: A) Changing method implementations at runtime
Explanation: Method swizzling is an Objective-C runtime feature that allows changing method implementations dynamically, often used in reverse engineering and security bypasses.
138. What is “binary patching” in reverse engineering?
A) Modifying an application’s compiled binary to change its behavior
B) Extracting API keys from source code
C) Increasing an app’s execution speed
D) Encrypting APK files for security
Answer: A) Modifying an application’s compiled binary to change its behavior
Explanation: Binary patching allows modifying compiled binaries (DEX, ELF, Mach-O) to bypass security checks or unlock features.
139. What is the primary function of Burp Collaborator in mobile app security testing?
A) To detect out-of-band vulnerabilities
B) To optimize web performance
C) To compress HTTP requests
D) To automate API documentation
Answer: A) To detect out-of-band vulnerabilities
Explanation: Burp Collaborator helps identify out-of-band (OAST) vulnerabilities, such as blind SSRF, DNS exfiltration, and external interactions.
140. What is the purpose of an iOS “Mobile Provisioning Profile”?
A) To define app entitlements and permissions for execution on iOS devices
B) To store user session tokens
C) To encrypt app logs
D) To manage cloud storage access
Answer: A) To define app entitlements and permissions for execution on iOS devices
Explanation: Mobile provisioning profiles contain entitlements, signing certificates, and device restrictions, ensuring iOS apps run securely on permitted devices.
141. What is the primary function of otool -l in iOS reverse engineering?
A) To display the load commands of a Mach-O binary
B) To encrypt an iOS application
C) To analyze SQLite database files
D) To extract API keys from an IPA file
Answer: A) To display the load commands of a Mach-O binary
Explanation: otool -l prints load commands of a Mach-O binary, revealing linked libraries, sections, and segments, useful for binary analysis.
142. How can an attacker exploit an insecure mobile API?
A) By intercepting API requests and manipulating parameters
B) By reducing the app’s background processes
C) By optimizing app permissions
D) By increasing the app’s screen brightness
Answer: A) By intercepting API requests and manipulating parameters
Explanation: Insecure APIs are vulnerable to manipulation, replay attacks, and unauthorized access, often exploited using tools like Burp Suite.
143. What is a common use case for dyld_shared_cache in iOS applications?
A) To store commonly used shared libraries for faster app execution
B) To encrypt user credentials
C) To store local application logs
D) To manage network communication
Answer: A) To store commonly used shared libraries for faster app execution
Explanation: dyld_shared_cache improves iOS app performance by caching frequently used shared libraries.
144. What is a common method used to bypass Face ID or Touch ID authentication in a reverse-engineered iOS app?
A) Hooking authentication functions using Frida
B) Changing the app’s UI components
C) Deleting biometric data from Keychain
D) Increasing screen timeout settings
Answer: A) Hooking authentication functions using Frida
Explanation: Frida can hook biometric authentication functions, allowing attackers to bypass Face ID or Touch ID validation in an app.
145. What is the risk of failing to implement proper access control in mobile applications?
A) Unauthorized users may access restricted functionalities or data
B) The app’s UI may become unresponsive
C) The app may consume excessive storage
D) The app may require frequent updates
Answer: A) Unauthorized users may access restricted functionalities or data
Explanation: Improper access control can lead to privilege escalation, unauthorized API calls, and data leaks.
146. What is the purpose of the frida -U -n app_name command?
A) To attach Frida to a running application on a connected device
B) To compile an iOS application
C) To bypass network encryption
D) To delete application logs
Answer: A) To attach Frida to a running application on a connected device
Explanation: frida -U -n app_name attaches Frida to a running process on a USB-connected device, allowing real-time analysis and manipulation.
147. What is a common technique to detect if an Android app is running in an emulator?
A) Checking for specific device properties like ro.product.model = sdk
B) Monitoring user interactions
C) Increasing the app’s CPU usage
D) Enabling airplane mode
Answer: A) Checking for specific device properties like ro.product.model = sdk
Explanation: Many anti-emulation techniques check system properties (ro.product.model, ro.hardware, etc.) to detect if an app is running on an emulator.
148. What does the gdb attach command do in mobile reverse engineering?
A) Attaches a debugger to a running process for analysis
B) Encrypts API requests
C) Extracts user credentials from an application
D) Bypasses root detection
Answer: A) Attaches a debugger to a running process for analysis
Explanation: gdb attach allows analysts to attach a debugger to a running application, useful for inspecting memory and modifying execution flow.
149. What is a “Man-in-the-Disk” attack in mobile security?
A) Exploiting insecure external storage usage to modify app behavior
B) Stealing biometric authentication data
C) Redirecting network traffic from an application
D) Injecting malicious JavaScript into a WebView
Answer: A) Exploiting insecure external storage usage to modify app behavior
Explanation: Man-in-the-Disk (MitD) attacks target insecure external storage usage, allowing attackers to modify app data and cause security breaches.
150. What is the purpose of a “Runtime Application Self-Protection” (RASP) mechanism in mobile apps?
A) To detect and prevent real-time attacks on an application
B) To reduce app launch time
C) To optimize app memory usage
D) To improve user interface responsiveness
Answer: A) To detect and prevent real-time attacks on an application
Explanation: RASP (Runtime Application Self-Protection) helps identify and block threats like code injection, hooking, and tampering in real time.
151. What is the risk of hardcoding encryption keys in a mobile app?
A) Attackers can extract them and decrypt sensitive data
B) The app will require more frequent updates
C) The app’s UI will not function correctly
D) The app will consume more memory
Answer: A) Attackers can extract them and decrypt sensitive data
Explanation: Hardcoded encryption keys can be extracted from decompiled APKs/IPAs, allowing attackers to decrypt sensitive data.
152. What is the role of ld_preload in mobile reverse engineering?
A) To preload shared libraries and override default functions
B) To compress APK files for better performance
C) To enable root access in a mobile application
D) To remove logs from an application
Answer: A) To preload shared libraries and override default functions
Explanation: LD_PRELOAD allows attackers to inject custom shared libraries and override application functions during execution.
153. How can an attacker extract sensitive data from a mobile application’s heap memory?
A) Using memory analysis tools like Volatility
B) Increasing the app’s network speed
C) Disabling background processes
D) Changing the app’s icon
Answer: A) Using memory analysis tools like Volatility
Explanation: Memory analysis tools (e.g., Volatility) can extract sensitive data like encryption keys, passwords, and API tokens from memory dumps.
154. What is a potential risk of failing to validate SSL certificates in a mobile app?
A) Vulnerability to Man-in-the-Middle (MITM) attacks
B) Increased application startup time
C) Decreased app performance
D) Increased battery consumption
Answer: A) Vulnerability to Man-in-the-Middle (MITM) attacks
Explanation: Without SSL certificate validation, attackers can intercept and modify encrypted network traffic.
155. What is the purpose of the codesign --verify command in iOS?
A) To check if an app’s code signature is valid
B) To extract stored credentials
C) To bypass SSL pinning
D) To enable root access
Answer: A) To check if an app’s code signature is valid
Explanation: codesign --verify ensures that an iOS app has a valid signature and has not been tampered with.
156. What is the purpose of dtrace -n 'syscall::open:entry' in iOS analysis?
A) To monitor file system access in real-time
B) To decrypt network traffic
C) To disable root detection
D) To modify an app’s package name
Answer: A) To monitor file system access in real-time
Explanation: DTrace can be used to track system calls, such as file access attempts, in real-time for security analysis.
157. What is a common method to bypass in-app purchases in mobile applications?
A) Modifying the app’s purchase verification logic using Frida or Xposed
B) Disabling background processes
C) Changing the app’s resolution
D) Enabling airplane mode
Answer: A) Modifying the app’s purchase verification logic using Frida or Xposed
Explanation: Attackers can use Frida, Xposed, or Lucky Patcher to intercept and modify in-app purchase validation logic to bypass payments.
158. What does an attacker achieve by modifying a mobile application’s “Shared Preferences” file?
A) Changing stored configurations or authentication tokens
B) Increasing application speed
C) Improving network performance
D) Optimizing battery usage
Answer: A) Changing stored configurations or authentication tokens
Explanation: Shared Preferences often store app settings, authentication tokens, or user preferences, which attackers can modify for exploiting security weaknesses.
159. What is the role of the ptrace system call in mobile application security?
A) It prevents debuggers from attaching to the application
B) It encrypts the application source code
C) It speeds up network requests
D) It modifies API responses
Answer: A) It prevents debuggers from attaching to the application
Explanation: ptrace is commonly used as an anti-debugging mechanism to prevent security researchers or attackers from debugging an application.
160. What is an “Intent Hijacking” attack in Android applications?
A) An attacker intercepts and manipulates an app’s intents to gain unauthorized access
B) An attacker slows down an app’s performance
C) An attacker modifies app permissions remotely
D) An attacker enables root access on the device
Answer: A) An attacker intercepts and manipulates an app’s intents to gain unauthorized access
Explanation: Intent hijacking occurs when unprotected intents allow an attacker to modify or intercept sensitive data exchanged between components.
161. What does the frida-trace -i open command do?
A) Hooks into file system function calls to monitor file access
B) Extracts an APK file from a mobile device
C) Encrypts mobile application traffic
D) Disables root detection in an Android application
Answer: A) Hooks into file system function calls to monitor file access
Explanation: frida-trace -i open hooks into file system functions to monitor and analyze file access in a running application.
162. What is the primary purpose of Radare2 in mobile application security analysis?
A) It provides a disassembler, debugger, and binary analysis toolkit
B) It optimizes mobile application performance
C) It modifies app permissions
D) It speeds up API requests
Answer: A) It provides a disassembler, debugger, and binary analysis toolkit
Explanation: Radare2 is an open-source reverse engineering framework used for disassembling, debugging, and analyzing binary files.
163. What is the security risk of exposing a mobile application’s “debug logs” in production?
A) Sensitive information may be exposed to attackers
B) The app may crash more frequently
C) The app will use more storage space
D) The app’s UI may load slower
Answer: A) Sensitive information may be exposed to attackers
Explanation: Excessive logging in production can expose sensitive information like API keys, session tokens, and user credentials.
164. What is an effective way to prevent mobile application tampering?
A) Implement integrity checks and signature verification
B) Reduce the app’s APK size
C) Increase the app’s network latency
D) Remove UI animations
Answer: A) Implement integrity checks and signature verification
Explanation: Integrity checks and signature verification ensure that the application has not been modified, helping to prevent tampering and repackaging attacks.
165. What is a “Timing Attack” in mobile security?
A) An attack that exploits differences in processing times to infer sensitive information
B) A technique to slow down a mobile application’s execution
C) An attack that modifies SQLite database entries
D) A vulnerability that occurs due to outdated API versions
Answer: A) An attack that exploits differences in processing times to infer sensitive information
Explanation: Timing attacks measure execution time variations to infer encryption keys, passwords, or sensitive operations.
166. What is a common way to bypass biometric authentication in mobile applications?
A) Hooking authentication libraries using Frida
B) Changing the application theme
C) Disabling network requests
D) Increasing app permissions
Answer: A) Hooking authentication libraries using Frida
Explanation: Frida can hook biometric authentication functions, allowing attackers to bypass Face ID, Touch ID, or fingerprint verification.
167. What is the purpose of the strings command in mobile reverse engineering?
A) To extract human-readable strings from binary files
B) To encrypt API requests in a mobile application
C) To disable network communication in an Android application
D) To modify an application’s package name
Answer: A) To extract human-readable strings from binary files
Explanation: strings extracts readable text from binary files, which can reveal API keys, credentials, and debug information.
168. How can attackers exploit insecure WebSockets in mobile applications?
A) By intercepting and modifying real-time communication messages
B) By increasing app permissions
C) By enabling airplane mode
D) By changing the app’s background color
Answer: A) By intercepting and modifying real-time communication messages
Explanation: Insecure WebSockets can be exploited to intercept, replay, or manipulate real-time communication in an application.
169. What is a common way to prevent “Clickjacking” attacks in mobile applications?
A) Implementing X-Frame-Options in WebView components
B) Increasing app font size
C) Using a dark theme for the UI
D) Disabling background processes
Answer: A) Implementing X-Frame-Options in WebView components
Explanation: Clickjacking attacks trick users into clicking on invisible elements. Implementing X-Frame-Options prevents malicious iframe embedding.
170. What is a “Dex Class Loader Injection” attack in Android applications?
A) Injecting a malicious DEX file at runtime to modify an application’s behavior
B) Modifying the app’s UI elements
C) Disabling network encryption
D) Increasing the app’s launch speed
Answer: A) Injecting a malicious DEX file at runtime to modify an application’s behavior
Explanation: Dex Class Loader Injection allows attackers to load and execute malicious code dynamically, bypassing static code analysis.
171. What is “Frida Code Injection” used for in mobile app reverse engineering?
A) To hook into an app’s runtime and modify function behavior
B) To encrypt an Android application
C) To compress an IPA file for faster execution
D) To remove ads from a mobile application
Answer: A) To hook into an app’s runtime and modify function behavior
Explanation: Frida Code Injection allows analysts to modify function execution, intercept API calls, and bypass security mechanisms in real-time.
172. What is the primary function of Magisk in Android security?
A) To enable systemless root and bypass security checks
B) To optimize battery usage in mobile applications
C) To encrypt SQLite database files
D) To modify WebView settings
Answer: A) To enable systemless root and bypass security checks
Explanation: Magisk provides systemless root, allowing users to modify the system without triggering security checks or detection mechanisms.
173. What is a “Cold Boot Attack” in mobile security?
A) Extracting sensitive data from RAM by rebooting a device
B) Slowing down a mobile application’s startup time
C) Bypassing biometric authentication
D) Modifying an application’s API responses
Answer: A) Extracting sensitive data from RAM by rebooting a device
Explanation: Cold Boot Attacks exploit residual data in RAM, allowing attackers to recover encryption keys and sensitive data after a reboot.
174. What is a common technique to bypass an Android application’s root detection?
A) Hiding root access using Magisk Hide
B) Increasing the app’s CPU priority
C) Reducing the app’s permissions
D) Enabling airplane mode
Answer: A) Hiding root access using Magisk Hide
Explanation: Magisk Hide masks root access from security-sensitive applications, helping bypass root detection mechanisms.
175. How can attackers exploit an insecure IPC (Inter-Process Communication) mechanism in Android apps?
A) By sending malicious intents to trigger unauthorized actions
B) By modifying the app’s manifest file
C) By changing the device’s display settings
D) By reducing the app’s memory usage
Answer: A) By sending malicious intents to trigger unauthorized actions
Explanation: Insecure IPC mechanisms can allow attackers to send malicious intents to manipulate an application’s behavior.
176. What is a “Repackaging Attack” in mobile security?
A) Modifying and redistributing an APK/IPA with injected malicious code
B) Encrypting an app’s source code for security
C) Reducing an application’s size
D) Optimizing an app’s network requests
Answer: A) Modifying and redistributing an APK/IPA with injected malicious code
Explanation: Repackaging attacks involve modifying a legitimate application to include malware before redistributing it.
177. What is a “TOCTOU” vulnerability in mobile applications?
A) A time-of-check to time-of-use (TOCTOU) race condition allowing unauthorized access
B) A slow network connection causing an application crash
C) A memory optimization technique
D) A data encryption mechanism
Answer: A) A time-of-check to time-of-use (TOCTOU) race condition allowing unauthorized access
Explanation: TOCTOU vulnerabilities occur when an attacker manipulates a resource between the time it is checked and used, leading to privilege escalation.
178. What is the risk of improper broadcast receiver configuration in Android?
A) Unauthorized applications can intercept or send broadcasts
B) The app may crash due to memory leaks
C) The app’s battery consumption may increase
D) The app’s UI elements may fail to load
Answer: A) Unauthorized applications can intercept or send broadcasts
Explanation: Insecure broadcast receivers can be intercepted or manipulated by attackers, leading to unauthorized actions.
179. What is “Symbolication” in iOS application reverse engineering?
A) Converting raw memory addresses into human-readable function names
B) Encrypting an iOS application’s binary
C) Removing logs from an iOS application
D) Modifying WebView security settings
Answer: A) Converting raw memory addresses into human-readable function names
Explanation: Symbolication helps in debugging and reverse engineering by mapping memory addresses to function names.
180. What is the purpose of SSL Strip in mobile application security testing?
A) Downgrading HTTPS connections to HTTP to capture unencrypted traffic
B) Encrypting API requests for security
C) Reducing application startup time
D) Improving biometric authentication speed
Answer: A) Downgrading HTTPS connections to HTTP to capture unencrypted traffic
Explanation: SSL Strip attacks downgrade HTTPS to HTTP, allowing attackers to intercept and modify sensitive network communications.
181. What is a common way to bypass App Transport Security (ATS) in iOS applications?
A) Modifying the app’s Info.plist file to allow non-secure connections
B) Increasing the app’s background execution time
C) Disabling biometric authentication
D) Enabling offline mode
Answer: A) Modifying the app’s Info.plist file to allow non-secure connections
Explanation: ATS (App Transport Security) enforces secure HTTPS connections, but developers can bypass it by modifying Info.plist.
182. What is the primary function of ida -A in IDA Pro?
A) To perform an automatic analysis of a binary file
B) To encrypt the disassembled file
C) To extract API keys from an Android application
D) To remove an application’s root detection
Answer: A) To perform an automatic analysis of a binary file
Explanation: IDA Pro’s -A flag enables automatic analysis, helping in reverse engineering complex binaries.
183. How can an attacker exploit an insecure Android ContentProvider?
A) By extracting and modifying sensitive database entries
B) By increasing the app’s battery consumption
C) By changing the app’s UI color scheme
D) By disabling app logs
Answer: A) By extracting and modifying sensitive database entries
Explanation: Unprotected ContentProviders can allow unauthorized read/write access to sensitive data stored in an application.
184. What is a common defense mechanism against runtime hooking in mobile applications?
A) Implementing integrity checks and runtime self-protection
B) Increasing an application’s frame rate
C) Reducing an application’s background processes
D) Modifying the application’s splash screen
Answer: A) Implementing integrity checks and runtime self-protection
Explanation: Runtime self-protection (RASP) detects code injection, function hooking, and tampering attempts.
185. What does “Certificate Pinning Bypass” allow attackers to do?
A) Intercept and modify encrypted HTTPS traffic
B) Improve application security
C) Increase app performance
D) Enable additional API calls
Answer: A) Intercept and modify encrypted HTTPS traffic
Explanation: Certificate pinning bypass enables MITM attacks, allowing attackers to decrypt and modify secure communications.
186. What is the function of dumpsys in Android reverse engineering?
A) Extracting detailed system and application information
B) Encrypting an APK for security
C) Optimizing API response times
D) Reducing the app’s memory usage
Answer: A) Extracting detailed system and application information
Explanation: dumpsys provides in-depth system and app information, useful for debugging and security testing.
187. What is the purpose of the logcat -b radio command in Android debugging?
A) To capture logs related to network communication and radio events
B) To extract stored user credentials from an application
C) To encrypt log files for security
D) To improve the battery performance of an Android device
Answer: A) To capture logs related to network communication and radio events
Explanation: The logcat -b radio command is used to capture logs related to cellular, Wi-Fi, and other network communication events, which can be helpful in security analysis.
188. What is the risk of using WebView with setJavaScriptEnabled(true) in Android applications?
A) It increases the risk of JavaScript injection attacks
B) It disables SSL/TLS security
C) It prevents debugging of the application
D) It increases the app’s startup time
Answer: A) It increases the risk of JavaScript injection attacks
Explanation: Enabling JavaScript in WebView without proper security controls can lead to XSS (Cross-Site Scripting) and other JavaScript-based attacks.
189. What is the primary role of dex2oat in Android applications?
A) Converts DEX files into OAT files for optimized execution on Android Runtime (ART)
B) Decompiles an APK into Smali code
C) Encrypts an Android application for secure distribution
D) Reduces the memory footprint of an application
Answer: A) Converts DEX files into OAT files for optimized execution on Android Runtime (ART)
Explanation: dex2oat converts DEX files into OAT (Optimized Android Runtime) format, improving execution speed on ART-based Android devices.
190. What is the purpose of “Stack Canary” protection in mobile applications?
A) To prevent buffer overflow attacks by detecting memory corruption
B) To encrypt stored credentials in an application
C) To increase the execution speed of an application
D) To allow privilege escalation for administrators
Answer: A) To prevent buffer overflow attacks by detecting memory corruption
Explanation: Stack Canary is a security mechanism that places a small value (canary) in memory, detecting buffer overflows before they can be exploited.
191. What is a common use case for objection in mobile security testing?
A) To dynamically analyze and bypass security mechanisms in mobile applications
B) To extract SMS logs from an Android device
C) To encrypt the application’s API requests
D) To modify network traffic encryption
Answer: A) To dynamically analyze and bypass security mechanisms in mobile applications
Explanation: Objection is a tool built on Frida, allowing dynamic analysis, SSL bypass, root detection bypass, and runtime patching.
192. What is the risk of using weak hashing algorithms like MD5 or SHA-1 in mobile applications?
A) They are vulnerable to collision and brute-force attacks
B) They slow down the application’s network requests
C) They cause the application to crash frequently
D) They require more storage space
Answer: A) They are vulnerable to collision and brute-force attacks
Explanation: MD5 and SHA-1 are considered cryptographically weak due to their susceptibility to hash collisions and brute-force attacks.
193. What does the adb shell pm list packages command do?
A) Lists all installed packages (applications) on an Android device
B) Extracts API keys from an Android application
C) Encrypts SQLite database files
D) Modifies application permissions
Answer: A) Lists all installed packages (applications) on an Android device
Explanation: adb shell pm list packages lists all installed apps (packages) on an Android device, useful for security analysis and debugging.
194. How does an attacker exploit “Heap Spray” in a mobile application?
A) By injecting malicious data into heap memory to manipulate execution flow
B) By disabling background processes
C) By modifying the application’s splash screen
D) By increasing the screen brightness
Answer: A) By injecting malicious data into heap memory to manipulate execution flow
Explanation: Heap Spray attacks flood heap memory with malicious payloads, increasing the chance of successful exploitation.
195. What is the purpose of the adb backup command?
A) To create a full backup of installed applications and their data
B) To extract encryption keys from an Android application
C) To disable application logging
D) To modify SSL certificate validation
Answer: A) To create a full backup of installed applications and their data
Explanation: adb backup allows creating backups of installed apps, their data, and configurations, which can be analyzed for sensitive information.
196. What is a common way to bypass iOS application sandboxing?
A) Using a jailbreak to gain unrestricted file system access
B) Modifying the app’s icon and re-signing it
C) Reducing the app’s permissions
D) Enabling “Developer Mode” on the device
Answer: A) Using a jailbreak to gain unrestricted file system access
Explanation: Jailbreaking bypasses Apple’s sandbox restrictions, allowing attackers to access restricted app files and modify system behavior.
197. How can an attacker exploit an insecurely implemented Firebase database in a mobile app?
A) By accessing and modifying the database directly if it is publicly exposed
B) By modifying the application’s background color
C) By changing the app’s CPU usage settings
D) By disabling biometric authentication
Answer: A) By accessing and modifying the database directly if it is publicly exposed
Explanation: Misconfigured Firebase databases may allow unauthenticated access, leading to data leaks or unauthorized modifications.
198. What is the purpose of the checkra1n tool in iOS security research?
A) It is a jailbreak tool that exploits hardware vulnerabilities in iOS devices
B) It encrypts iOS applications for security
C) It modifies an iOS device’s CPU settings
D) It prevents debugging of iOS applications
Answer: A) It is a jailbreak tool that exploits hardware vulnerabilities in iOS devices
Explanation: checkra1n is an iOS jailbreak tool that exploits bootrom vulnerabilities, making it difficult for Apple to patch on affected devices.
199. What is the risk of exposing debugging symbols in a mobile application release build?
A) Attackers can easily reverse engineer the application’s internal logic
B) The app may consume more storage space
C) The app will fail to connect to the internet
D) The app’s UI elements may not load properly
Answer: A) Attackers can easily reverse engineer the application’s internal logic
Explanation: Debugging symbols contain function names and code structure, making it easier for attackers to reverse engineer the application.
200. What does the frida -U -n target_app command do?
A) Attaches Frida to a running application on a connected USB device
B) Encrypts API requests in a mobile application
C) Extracts authentication tokens from an Android application
D) Bypasses application root detection
Answer: A) Attaches Frida to a running application on a connected USB device
Explanation: frida -U -n target_app attaches Frida to a running application on a connected USB device, allowing dynamic analysis and function hooking.
201. What is the risk of using eval() in a mobile application?
A) It can lead to remote code execution vulnerabilities
B) It slows down the application
C) It increases the memory footprint of an application
D) It disables background execution
Answer: A) It can lead to remote code execution vulnerabilities
Explanation: Using eval() in mobile apps can lead to code injection vulnerabilities, allowing attackers to execute arbitrary commands.