Authentication - Quiz

  • AInvalidate the SSO token on server-side for subsequent use after the user logs off from any of the SSO-enabled applications/systems, that is, after Single Sign-Off.
  • BDigitally sign the SSO token to protect against man-in-the- middle manipulations, and encrypt the token with a time-variant encryption key/algorithm. Exchange the token over SSL.
  • CIf the SSO token is being exchanged using an HTTP cookie, set the "HttpOnly" attribute of the cookie to prevent cookie access via client-side Javascript.
  • DAll the above options
  • AA mechanism of digitally "signing" the information exchanged between applications/systems.
  • BA mechanism which enables using single physical "signature" to do all banking transactions!
  • CA mechanism that enables a user to sign-in/login/authenticate to an application/system with their credentials only once, and then seamlessly access other applications/systems available in the same domain of trust (e.g. intranet portal of an organization),
  • DNone of the above options.
  • AA system or entity which can verify and prove identity to other systems/entities involved in the SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.
  • BA system or entity which encrypts and provides the password of a user to other systems/entities involved in the SSO mechanism so that they can re-authenticate the user.
  • CNone of the above options
  • AOAuth
  • BKerberos
  • COpenID,SAML
  • DAll the above options
  • ASQL injection
  • BCross-origin information leakage
  • CServer misconfiguration issues
  • DXSS
  • AThe process where users reuse the same username/password combination across multiple sites.
  • BThe process where stolen account credentials (usernames and/or email addresses and the corresponding passwords). mostly from a data breach are used to gain unauthorized access
  • CThe process wherein an application stores used passwords and prevents a user from using the last three passwords used.
  • AIdentification
  • BAuthorization
  • CAuthentication
  • AMandatory if the application is deployed on multiple application servers.
  • BRequired
  • CNot required