Loading [MathJax]/jax/output/HTML-CSS/fonts/TeX/fontdata.js
Kopieren und bearbeiten

Authentication and Authorization

Beschreibung

Authentication and Authorization
Carlos Veliz
Quiz von Carlos Veliz, aktualisiert more than 1 year ago
Carlos Veliz
Erstellt von Carlos Veliz vor fast 10 Jahre
190
0
0
1 2 3 4 5 (0)

Zusammenfassung der Ressource

Frage 1

Frage
Which of the following statements is not part of the types of authentication mechanisms?
Antworten
  • HTTP Basic Authentication
  • Form-Based Authentication
  • Authentication 802.1x
  • Client/Server Mutual Authentication

Frage 2

Frage
Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?
Antworten
  • Requests a protected resource
  • Request username password
  • Redirect to login page
  • Returns request resource
  • Sends username password

Frage 3

Frage
Indicate whether the following definition is true or false for form-based authentication: "SSL can be added to part or whole of the web application"
Antworten
  • True
  • False

Frage 4

Frage
It is not part of the job overview of Kerberos:
Antworten
  • Key Distribution Centre in Kerberos stores account information and client passwords
  • Working proccess is invisible to the user
  • This mechanism issues tickets containing user identity, encrypted password, encrypted data
  • Client authentication ensures that the users are legitimate or not

Frage 5

Frage
It is not a way to prevent Web-based enumeration attack:
Antworten
  • Lock out targeted account access after a certain restricted failed attempts
  • Web applications need to respond with similar error messages to all authentication failures
  • Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage
  • Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage

Frage 6

Frage
Authorization is the proccess that control access rights of principals to system resources that include:
Antworten
  • Access to users
  • Access to proccess
  • Access to machines
  • All of the above
  • None of the above

Frage 7

Frage
Which is the fifth step in implementing authorization?
Antworten
  • Defining roles to users
  • check for user authentication for the application
  • Apply the constrains which are accessible by role
  • Define security roles of an application to roles defined in memory realm

Frage 8

Frage
It is not part of the access control model:
Antworten
  • System Domain
  • AWT
  • Printer
  • Database Server
  • File I/O

Frage 9

Frage
Which of the following statements is not part of the principles of least privilege?
Antworten
  • User account should have enongh privileges according to their task
  • Evaluate and implement code access permissions
  • Save sensitive files with random names and clean temporay files
  • Enable web applications access to database through limited accounts only
  • Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.

Frage 10

Frage
Which of the following is not a best practice in the management of sessions?
Antworten
  • Make use of SSL
  • Do not add sensitive data in security token
  • Impose concurrent login limits
  • Regenerate session IDs upon privilege changes
  • A user has access to resources based on the role assigned
Zusammenfassung anzeigen Zusammenfassung ausblenden

0 Kommentare

There are no comments, be the first and leave one below:

Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.

ähnlicher Inhalt

Introduction to Java Security
Carlos Veliz
Java Mix Test 42p
Carlos Veliz
ECSP JAVA: JAAS
Carlos Veliz
Criptography
Carlos Veliz
Java - Mix
Carlos Veliz
Java Application Vulnerabilities
Carlos Veliz
Java Mix Test 42p
Jose Luis Vasquez Galvez
Java Concurrency and Session Management
Jose Luis Vasquez Galvez
Tipps zum Erstellen von Mindmaps
JohannesK
Vetie - spez Patho 2019
Johanna Tr
Bibliothek durchsuchen