Ethical Hacking Essentials Practice Test

What mobile security risk is identified when two-factor authentication is disabled before deployment?

• A. Weak encryption
• B. Extraneous functionality
• C. Insecure APIs
• D. Insufficient logging

The correct answer is: Extraneous functionality

The identification of extraneous functionality as a mobile security risk when two-factor authentication (2FA) is disabled before deployment highlights the importance of maintaining strict controls and minimizing potential vulnerabilities. Extraneous functionality refers to features or capabilities that are not essential to an application's primary purpose, which could inadvertently introduce security weaknesses or provide additional attack surfaces for malicious users. When 2FA is disabled, the application relies solely on a single method of authentication, increasing the potential impact of any extraneous functionality that might be included. If attackers exploit these non-essential features, they could gain unauthorized access to sensitive data or undermine the application's security model. Effective security practices advocate for the elimination of such extraneous features to streamline the application and reduce the risk landscape, especially in scenarios where heightened security measures like 2FA are not in place. While weak encryption, insecure APIs, and insufficient logging are all significant security concerns, they do not directly relate to the scenario of disabling 2FA and increasing exposure through unnecessary functionalities. Focusing on reducing extraneous elements assists in creating a more robust security posture in the context of mobile applications.