Authentication and Authorization

Description

Authentication and Authorization
Carlos Veliz
Quiz by Carlos Veliz, updated more than 1 year ago
Carlos Veliz
Created by Carlos Veliz over 9 years ago
180
0

Resource summary

Question 1

Question
Which of the following statements is not part of the types of authentication mechanisms?
Answer
  • HTTP Basic Authentication
  • Form-Based Authentication
  • Authentication 802.1x
  • Client/Server Mutual Authentication

Question 2

Question
Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?
Answer
  • Requests a protected resource
  • Request username password
  • Redirect to login page
  • Returns request resource
  • Sends username password

Question 3

Question
Indicate whether the following definition is true or false for form-based authentication: "SSL can be added to part or whole of the web application"
Answer
  • True
  • False

Question 4

Question
It is not part of the job overview of Kerberos:
Answer
  • Key Distribution Centre in Kerberos stores account information and client passwords
  • Working proccess is invisible to the user
  • This mechanism issues tickets containing user identity, encrypted password, encrypted data
  • Client authentication ensures that the users are legitimate or not

Question 5

Question
It is not a way to prevent Web-based enumeration attack:
Answer
  • Lock out targeted account access after a certain restricted failed attempts
  • Web applications need to respond with similar error messages to all authentication failures
  • Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage
  • Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage

Question 6

Question
Authorization is the proccess that control access rights of principals to system resources that include:
Answer
  • Access to users
  • Access to proccess
  • Access to machines
  • All of the above
  • None of the above

Question 7

Question
Which is the fifth step in implementing authorization?
Answer
  • Defining roles to users
  • check for user authentication for the application
  • Apply the constrains which are accessible by role
  • Define security roles of an application to roles defined in memory realm

Question 8

Question
It is not part of the access control model:
Answer
  • System Domain
  • AWT
  • Printer
  • Database Server
  • File I/O

Question 9

Question
Which of the following statements is not part of the principles of least privilege?
Answer
  • User account should have enongh privileges according to their task
  • Evaluate and implement code access permissions
  • Save sensitive files with random names and clean temporay files
  • Enable web applications access to database through limited accounts only
  • Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.

Question 10

Question
Which of the following is not a best practice in the management of sessions?
Answer
  • Make use of SSL
  • Do not add sensitive data in security token
  • Impose concurrent login limits
  • Regenerate session IDs upon privilege changes
  • A user has access to resources based on the role assigned
Show full summary Hide full summary

Similar

Java Concurrency and Session Management
Carlos Veliz
Introduction to Java Security
Carlos Veliz
Java Mix Test 42p
Carlos Veliz
ECSP JAVA: JAAS
Carlos Veliz
Criptography
Carlos Veliz
Java - Mix
Carlos Veliz
Java Application Vulnerabilities
Carlos Veliz
Java Concurrency and Session Management
Jose Luis Vasquez Galvez
Java Mix Test 42p
Jose Luis Vasquez Galvez
Forces and Acceleration
Adam Collinge
The Many Conjugations of Spanish! Wow!
hannahkathryn5