Which of the following statements is not part of the types of authentication mechanisms?
HTTP Basic Authentication
Client/Server Mutual Authentication
Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?
Requests a protected resource
Request username password
Redirect to login page
Returns request resource
Sends username password
Indicate whether the following definition is true or false for form-based authentication:
"SSL can be added to part or whole of the web application"
It is not part of the job overview of Kerberos:
Key Distribution Centre in Kerberos stores account information and client passwords
Working proccess is invisible to the user
This mechanism issues tickets containing user identity, encrypted password, encrypted data
Client authentication ensures that the users are legitimate or not
It is not a way to prevent Web-based enumeration attack:
Lock out targeted account access after a certain restricted failed attempts
Web applications need to respond with similar error messages to all authentication failures
Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage
Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage
Authorization is the proccess that control access rights of principals to system resources that include:
Access to users
Access to proccess
Access to machines
All of the above
None of the above
Which is the fifth step in implementing authorization?
Defining roles to users
check for user authentication for the application
Apply the constrains which are accessible by role
Define security roles of an application to roles defined in memory realm
It is not part of the access control model:
Which of the following statements is not part of the principles of least privilege?
User account should have enongh privileges according to their task
Evaluate and implement code access permissions
Save sensitive files with random names and clean temporay files
Enable web applications access to database through limited accounts only
Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.
Which of the following is not a best practice in the management of sessions?
Make use of SSL
Do not add sensitive data in security token
Impose concurrent login limits
Regenerate session IDs upon privilege changes
A user has access to resources based on the role assigned