Copy and Edit

Authentication and Authorization

Description

Authentication and Authorization
Carlos Veliz
Quiz by Carlos Veliz, updated more than 1 year ago
Carlos Veliz
Created by Carlos Veliz almost 10 years ago
188
0
0
1 2 3 4 5 (0)

Resource summary

Question 1

Question
Which of the following statements is not part of the types of authentication mechanisms?
Answer
  • HTTP Basic Authentication
  • Form-Based Authentication
  • Authentication 802.1x
  • Client/Server Mutual Authentication

Question 2

Question
Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?
Answer
  • Requests a protected resource
  • Request username password
  • Redirect to login page
  • Returns request resource
  • Sends username password

Question 3

Question
Indicate whether the following definition is true or false for form-based authentication: "SSL can be added to part or whole of the web application"
Answer
  • True
  • False

Question 4

Question
It is not part of the job overview of Kerberos:
Answer
  • Key Distribution Centre in Kerberos stores account information and client passwords
  • Working proccess is invisible to the user
  • This mechanism issues tickets containing user identity, encrypted password, encrypted data
  • Client authentication ensures that the users are legitimate or not

Question 5

Question
It is not a way to prevent Web-based enumeration attack:
Answer
  • Lock out targeted account access after a certain restricted failed attempts
  • Web applications need to respond with similar error messages to all authentication failures
  • Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage
  • Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage

Question 6

Question
Authorization is the proccess that control access rights of principals to system resources that include:
Answer
  • Access to users
  • Access to proccess
  • Access to machines
  • All of the above
  • None of the above

Question 7

Question
Which is the fifth step in implementing authorization?
Answer
  • Defining roles to users
  • check for user authentication for the application
  • Apply the constrains which are accessible by role
  • Define security roles of an application to roles defined in memory realm

Question 8

Question
It is not part of the access control model:
Answer
  • System Domain
  • AWT
  • Printer
  • Database Server
  • File I/O

Question 9

Question
Which of the following statements is not part of the principles of least privilege?
Answer
  • User account should have enongh privileges according to their task
  • Evaluate and implement code access permissions
  • Save sensitive files with random names and clean temporay files
  • Enable web applications access to database through limited accounts only
  • Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.

Question 10

Question
Which of the following is not a best practice in the management of sessions?
Answer
  • Make use of SSL
  • Do not add sensitive data in security token
  • Impose concurrent login limits
  • Regenerate session IDs upon privilege changes
  • A user has access to resources based on the role assigned
Show full summary Hide full summary

0 comments

There are no comments, be the first and leave one below:

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

Introduction to Java Security
Carlos Veliz
Java Mix Test 42p
Carlos Veliz
ECSP JAVA: JAAS
Carlos Veliz
Criptography
Carlos Veliz
Java - Mix
Carlos Veliz
Java Application Vulnerabilities
Carlos Veliz
Java Concurrency and Session Management
Jose Luis Vasquez Galvez
Java Mix Test 42p
Jose Luis Vasquez Galvez
Bay of Pigs Invasion : April 1961
Alina A
1PR101 2.test - Část 10.
Nikola Truong
Browse Library