Lesson16

Question 1

What is the main purpose of macOS app security?

Answer 1

To ensure only trusted software runs while blocking malicious code.

Question 2

What layer of protection ensures only trusted apps from the App Store or signed developers can run?

Answer 2

Gatekeeper.

Question 3

What does notarization provide for apps distributed outside the App Store?

Answer 3

A malware-scan ticket confirming the app is free of known malware.

Question 4

What macOS feature regularly updates malware signatures to detect threats?

Answer 4

XProtect.

Question 5

What protection restricts root-level modifications to system files?

Answer 5

System Integrity Protection (SIP).

Question 6

What folders are protected by SIP?

Answer 6

/System, /usr, /bin, and /sbin.

Question 7

What tool helps check app installation status and processes?

Answer 7

Activity Monitor.

Question 8

What steps can you take to troubleshoot an unresponsive app?

Answer 8

Check status, force quit, restart, update, or reinstall.

Question 9

What macOS technology enforces verified code signatures at runtime?

Answer 9

Runtime protection.

Question 10

What triggers Gatekeeper to block an app?

Answer 10

Missing signature, revoked certificate, or failing notarization checks.

Question 11

How does XProtect remove malware?

Answer 11

Automatically quarantines or deletes it using updated signatures.

Question 12

What is the first layer of macOS app security?

Answer 12

App Store distribution of trusted, reviewed apps.

Question 13

What does SIP prevent users or apps from doing?

Answer 13

Modifying protected system files or processes.

Question 14

What is required before macOS allows an unsigned third-party app to run?

Answer 14

User approval in System Settings > Privacy & Security.

Question 15

Who issues the notarization ticket?

Answer 15

Apple’s notarization service.

Question 16

What happens if Apple later revokes a notarized app?

Answer 16

Gatekeeper blocks it from opening.

Question 17

Which technology prevents malicious code injection during runtime?

Answer 17

Runtime protection.

Question 18

What is the purpose of checking app processes?

Answer 18

To identify stalled, crashed, or resource-heavy processes.

Question 19

Where can you learn about Mac security fundamentals?

Answer 19

“Intro to Mac security” (SUPDAC107ADB).

Question 20

What does Gatekeeper check before allowing an app to launch?

Answer 20

Signature validity, notarization status, and security policy.

Question 21

How often does XProtect update malware signatures?

Answer 21

Automatically and silently as Apple publishes new ones.

Question 22

What is the benefit of notarization for enterprises?

Answer 22

Ensures external apps meet Apple’s malware scanning standards.

Question 23

What triggers the need to adjust Gatekeeper settings under IT guidance?

Answer 23

Enterprise workflows requiring external or developer apps.

Question 24

What setting must users modify to allow unidentified developer apps?

Answer 24

Privacy & Security → Allow apps from unidentified developers (if permitted).

Question 25

What is the main function of SIP?

Answer 25

Protect system integrity by restricting modifications.

Question 26

When troubleshooting a frozen app, what tool shows CPU impact?

Answer 26

Activity Monitor.

Question 27

What technology blocks known malware from executing?

Answer 27

XProtect.

Question 28

What is a signed app?

Answer 28

An app with a verified developer signature.

Question 29

What does notarization NOT verify?

Answer 29

Software quality—it only checks for known malware.

Question 30

What macOS feature checks downloaded apps before they run?

Answer 30

Gatekeeper.

Question 31

Where do malware alerts appear when XProtect detects threats?

Answer 31

System Notifications.

Question 32

Why would an app be blocked even if previously opened?

Answer 32

Signature or notarization was revoked by Apple.

Question 33

What technology prevents system files from being modified from recovery?

Answer 33

SIP.

Question 34

What kind of app issues cannot be fixed by force quitting?

Answer 34

Corrupt files or malware-related failures.

Question 35

What is runtime protection checking during execution?

Answer 35

Code integrity and code-signing compliance.

Question 36

How does macOS verify an app downloaded from the internet?

Answer 36

Gatekeeper evaluates its signature, notarization, and trust policies.

Question 37

CIP applies to which components?

Answer 37

System files, kernel extensions, and protected OS services.

Question 38

What is required for notarization to succeed?

Answer 38

Developer ID, valid signature, and malware-free scan results.

Question 39

Can users disable SIP?

Answer 39

Only in recoveryOS; not recommended.

Question 40

What happens if XProtect finds malware?

Answer 40

macOS isolates, blocks, or removes the malicious content.

Question 41

Which security layer protects users from malicious plug-ins?

Answer 41

Gatekeeper + notarization.

Question 42

What mechanism prevents unauthorized apps from accessing private data?

Answer 42

TCC (Transparency, Consent, and Control).

Question 43

What check must pass before a developer app can run on macOS?

Answer 43

Valid code signing.

Question 44

What is the role of Apple's multi-layer defense?

Answer 44

Combine protections to secure macOS from malware.

Question 45

What happens when app processes hang?

Answer 45

They show as "Not Responding" in Activity Monitor.

Question 46

What system tool helps review app diagnostics?

Answer 46

Console.

Question 47

What is the foundation of app trust on macOS?

Answer 47

Developer ID + notarization + signature validation.

Question 48

What issue can outdated runtime libraries cause?

Answer 48

Crashes or failure to launch.

Question 49

What is a quarantine attribute?

Answer 49

A tag indicating an app was downloaded and must be checked by Gatekeeper.

Question 50

What does SIP enforce to maintain system reliability?

Answer 50

Prevents unauthorized alterations to key system components.