Authentication and Authorization

Beschreibung

Authentication and Authorization
Carlos Veliz
Quiz von Carlos Veliz, aktualisiert more than 1 year ago
Carlos Veliz
Erstellt von Carlos Veliz vor fast 10 Jahre
189
0
1 2 3 4 5 (0)

Zusammenfassung der Ressource

Frage 1

Frage
Which of the following statements is not part of the types of authentication mechanisms?
Antworten
  • HTTP Basic Authentication
  • Form-Based Authentication
  • Authentication 802.1x
  • Client/Server Mutual Authentication

Frage 2

Frage
Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?
Antworten
  • Requests a protected resource
  • Request username password
  • Redirect to login page
  • Returns request resource
  • Sends username password

Frage 3

Frage
Indicate whether the following definition is true or false for form-based authentication: "SSL can be added to part or whole of the web application"
Antworten
  • True
  • False

Frage 4

Frage
It is not part of the job overview of Kerberos:
Antworten
  • Key Distribution Centre in Kerberos stores account information and client passwords
  • Working proccess is invisible to the user
  • This mechanism issues tickets containing user identity, encrypted password, encrypted data
  • Client authentication ensures that the users are legitimate or not

Frage 5

Frage
It is not a way to prevent Web-based enumeration attack:
Antworten
  • Lock out targeted account access after a certain restricted failed attempts
  • Web applications need to respond with similar error messages to all authentication failures
  • Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage
  • Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage

Frage 6

Frage
Authorization is the proccess that control access rights of principals to system resources that include:
Antworten
  • Access to users
  • Access to proccess
  • Access to machines
  • All of the above
  • None of the above

Frage 7

Frage
Which is the fifth step in implementing authorization?
Antworten
  • Defining roles to users
  • check for user authentication for the application
  • Apply the constrains which are accessible by role
  • Define security roles of an application to roles defined in memory realm

Frage 8

Frage
It is not part of the access control model:
Antworten
  • System Domain
  • AWT
  • Printer
  • Database Server
  • File I/O

Frage 9

Frage
Which of the following statements is not part of the principles of least privilege?
Antworten
  • User account should have enongh privileges according to their task
  • Evaluate and implement code access permissions
  • Save sensitive files with random names and clean temporay files
  • Enable web applications access to database through limited accounts only
  • Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.

Frage 10

Frage
Which of the following is not a best practice in the management of sessions?
Antworten
  • Make use of SSL
  • Do not add sensitive data in security token
  • Impose concurrent login limits
  • Regenerate session IDs upon privilege changes
  • A user has access to resources based on the role assigned
Zusammenfassung anzeigen Zusammenfassung ausblenden

0 Kommentare

There are no comments, be the first and leave one below:

ähnlicher Inhalt

Introduction to Java Security
Carlos Veliz
Java Mix Test 42p
Carlos Veliz
ECSP JAVA: JAAS
Carlos Veliz
Criptography
Carlos Veliz
Java - Mix
Carlos Veliz
Java Application Vulnerabilities
Carlos Veliz
Java Mix Test 42p
Jose Luis Vasquez Galvez
Java Concurrency and Session Management
Jose Luis Vasquez Galvez
Deutsch-Abitur-Basiswissen für Gedichts- & Lektürenvergleich
danastone
Sachversicherungen
Christine Zehnder