All Practice Exams
100+ Free eMAPT Practice Questions
INE Security eMAPT Mobile Application Penetration Tester practice questions are available now; exam metadata is being verified.
✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0
Which Frida script pattern correctly hooks an iOS Objective-C method on the NSURLSession class to intercept network requests at runtime?
A
B
C
D
to track
Same family resources
Explore More INE Security (eLearnSecurity) Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
2026 Statistics
Key Facts: eMAPT Exam
12 hours
Total Exam Window
INE Security
Dual Format
MCQ + Practical Lab
INE Security
3 years
Certification Validity
INE Security
Android + iOS
Both Platforms Tested
INE Security
8 domains
Content Areas
INE Security eMAPT Syllabus
INE Premium
Required Access Level
INE Security
The eMAPT from INE Security (formerly eLearnSecurity) certifies mobile application penetration testing skills across both Android and iOS platforms. The enhanced exam features a dual format: knowledge MCQs plus practical live app assessments to be completed within a 12-hour window. Core skills tested include APK/IPA static analysis, Frida/Objection dynamic instrumentation, SSL pinning bypass, root/jailbreak detection bypass, OWASP Mobile Top 10 exploitation, and security report writing. Exam access requires an INE Premium subscription.
Sample eMAPT Practice Questions
Try these sample questions to test your eMAPT exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.
1Which command using apktool correctly decodes an Android APK file named 'target.apk' into a directory called 'output'?
A.apktool d target.apk -o output
B.apktool b target.apk -o output
C.apktool u target.apk output
D.apktool decode target.apk --dir output
Explanation: The 'd' (decode) flag in apktool decodes the APK into human-readable resources and smali code. The '-o' flag specifies the output directory. This is the standard command for static analysis of Android applications.
2In an Android APK's AndroidManifest.xml, which attribute on a component (activity, service, or receiver) makes it accessible to external applications without any permission check?
A.android:sharedUserId="android.uid.system"
B.android:exported="false"
C.android:exported="true"
D.android:permission="android.permission.INTERNET"
Explanation: Setting android:exported="true" on an Android component exposes it to any other application on the device without requiring the caller to hold a specific permission. This is a common misconfiguration that allows unauthorised components to be invoked from third-party apps.
3Which Frida command attaches to a running Android process named 'com.example.app' and loads a JavaScript hook script named 'hook.js'?
A.frida -D emulator-5554 --spawn com.example.app hook.js
B.frida -U -f com.example.app -l hook.js
C.frida -U -n com.example.app -l hook.js
D.frida --attach com.example.app hook.js
Explanation: The '-n' flag attaches Frida to an already-running process by name. '-U' targets a USB-connected device. '-l' loads the specified script. Use '-f' instead of '-n' to spawn (start) the process fresh, which is needed when you want to instrument from app launch.
4An Android application stores the user's authentication token in SharedPreferences without encryption. According to OWASP Mobile Top 10 (2024), which category best describes this vulnerability?
A.M1 — Improper Credential Usage
B.M2 — Inadequate Supply Chain Security
C.M9 — Insecure Data Storage
D.M4 — Insufficient Input/Output Validation
Explanation: OWASP Mobile Top 10 (2024) M9 — Insecure Data Storage covers scenarios where sensitive data such as authentication tokens are stored in plaintext in locations like SharedPreferences, SQLite databases, or log files. Attackers with physical or root access can trivially extract these values.
5You want to list all classes loaded in a running Android app using Objection. Which command should you run inside an Objection session?
A.android hooking list classes
B.android hooking search classes
C.frida list classes --all
D.android intent list classes
Explanation: Inside an Objection session, 'android hooking list classes' enumerates all Java classes currently loaded by the target application's JVM. This is essential for identifying class names before writing Frida hooks targeting specific methods.
6During iOS static analysis, which file inside an IPA archive contains the compiled Objective-C / Swift binary for the application?
A.Payload/<AppName>.app/Assets.car
B.Payload/<AppName>.app/Info.plist
C.Payload/<AppName>.app/<AppName>
D.Payload/<AppName>.app/embedded.mobileprovision
Explanation: The Mach-O binary — the compiled executable containing all Objective-C and Swift code — is located at Payload/<AppName>.app/<AppName> inside the IPA archive. This is the file you analyse with tools like Ghidra, Hopper, or otool for reverse engineering.
7Which JADX-GUI feature is most useful for quickly locating hardcoded API keys or passwords in a decompiled Android APK?
A.DEX bytecode disassembler
B.Class hierarchy viewer
C.Full-text search (Find in Code)
D.Call graph analysis
Explanation: JADX-GUI's full-text 'Find in Code' search (Ctrl+Shift+F) lets you search for patterns such as 'password', 'api_key', 'Bearer', or 'SECRET' across all decompiled Java source. This is the fastest way to identify hardcoded credentials in a large codebase.
8What does the Drozer command 'run app.package.attacksurface com.example.app' specifically report?
A.The list of shared libraries loaded by the application
B.A list of all permissions declared in the AndroidManifest
C.The number and type of exported components (activities, services, receivers, providers)
D.All network connections made by the application
Explanation: The Drozer 'app.package.attacksurface' module reports the total number of exported activities, services, broadcast receivers, and content providers. This gives a quick summary of the application's IPC attack surface accessible to other apps without elevated permissions.
9A mobile app implements SSL pinning by comparing the server's certificate hash at runtime. Which Objection command can be used to bypass this protection on Android?
A.android ssl unpin --all
B.android network disable ssl
C.android sslpinning disable
D.android network bypass pinning
Explanation: The Objection command 'android sslpinning disable' hooks common SSL pinning implementations (OkHttp, TrustManager, Conscrypt) at runtime using Frida. This disables certificate validation checks so that Burp Suite proxy certificates are accepted by the app.
10Which Frida API method is used inside a JavaScript hook script to intercept a specific Java method call on Android and print its arguments?
A.Java.perform() wrapping Java.use('<class>').method.implementation
B.Java.intercept('<class>', 'method')
C.Frida.hook('<class>', '<method>')
D.Java.attach('<class>').monitor('<method>')
Explanation: The correct pattern is Java.perform() wrapping Java.use('<ClassName>') to get a class reference, then overriding .implementation on the target method. This is the standard Frida idiom for hooking Java methods on Android and grants access to 'this', arguments, and the return value.
About the eMAPT Practice Questions
Verified exam format metadata for INE Security eMAPT Mobile Application Penetration Tester is pending. The practice questions above remain available while official exam length, timing, passing score, fee, and administrator details are reviewed.