Authentication

Question 1

Define OAuth.

Answer 1

An open standard for access delegation commonly used for token-based authentication.

Question 2

What is a token in authentication?

Answer 2

A string of characters used to verify a user’s identity and permissions.

Question 3

True or false: JWT stands for JSON Web Token.

Answer 3

TRUE

Question 4

Fill in the blank: Sessions are used to store user data on the ______.

Answer 4

server

Question 5

What is the purpose of cookies in authentication?

Answer 5

To store user session information on the client side.

Question 6

Define access token.

Answer 6

A token that allows access to specific resources for a limited time.

Question 7

What does refresh token do?

Answer 7

It allows obtaining a new access token without re-authentication.

Question 8

True or false: Bearer tokens require additional authentication.

Answer 8

FALSE

Question 9

What is the authorization code flow?

Answer 9

A flow where the client receives an authorization code to obtain tokens.

Question 10

Define implicit flow.

Answer 10

A simplified OAuth flow for client-side applications without a backend.

Question 11

What is PKCE?

Answer 11

Proof Key for Code Exchange, enhancing security for public clients.

Question 12

Fill in the blank: Scopes define what ______ a token can access.

Answer 12

resources

Question 13

What is a state parameter?

Answer 13

A value used to maintain state between the request and callback.

Question 14

True or false: OAuth is only for web applications.

Answer 14

FALSE

Question 15

Define client credentials flow.

Answer 15

A flow where the client authenticates itself to obtain an access token.

Question 16

What is token expiration?

Answer 16

The time after which a token is no longer valid.

Question 17

Fill in the blank: CSRF stands for Cross-Site ______ Request Forgery.

Answer 17

Request

Question 18

What is CORS?

Answer 18

Cross-Origin Resource Sharing, a security feature for web applications.

Question 19

Define SAML.

Answer 19

Security Assertion Markup Language, used for exchanging authentication and authorization data.

Question 20

What is the role of identity provider?

Answer 20

To authenticate users and provide identity information to service providers.

Question 21

True or false: Single Sign-On (SSO) allows access to multiple applications with one login.

Answer 21

TRUE

Question 22

Fill in the blank: OAuth 2.0 is an ______ version of OAuth.

Answer 22

improved

Question 23

What is OpenID Connect?

Answer 23

An identity layer on top of OAuth 2.0 for user authentication.

Question 24

Define token revocation.

Answer 24

The process of invalidating a token before its expiration.

Question 25

What is a **nonce**?

Answer 25

A unique value used to prevent replay attacks in authentication.

Question 26

True or false: **OAuth** can be used for both authentication and authorization.

Answer 26

TRUE

Question 27

Fill in the blank: **JWT** consists of three parts: header, payload, and ______.

Answer 27

signature

Question 28

What is **token introspection**?

Answer 28

A method to validate and obtain information about a token.

Question 29

Define **user-agent**.

Answer 29

The software acting on behalf of the user, typically a web browser.

Question 30

What is the **resource owner**?

Answer 30

The user or entity that owns the data being accessed.

Question 31

True or false: **OAuth** requires user consent for access.

Answer 31

TRUE

Question 32

Fill in the blank: **Authorization** is the process of determining ______.

Answer 32

permissions

Question 33

What is a **service provider**?

Answer 33

An application or service that provides resources to clients.

Question 34

Define **API key**.

Answer 34

A unique identifier used to authenticate a client to an API.

Question 35

What does **scope creep** refer to?

Answer 35

The gradual expansion of access permissions beyond what was intended.

Question 36

True or false: **SSL** is essential for secure token transmission.

Answer 36

TRUE

Question 37

Fill in the blank: **OAuth** uses ______ tokens for authorization.

Answer 37

access

Question 38

What is **two-factor authentication**?

Answer 38

A security process requiring two forms of verification for access.

Question 39

Define **refresh token rotation**.

Answer 39

A security measure where refresh tokens are replaced after use.

Question 40

What is a **public client**?

Answer 40

An application that cannot securely store client secrets.

Question 41

True or false: **OAuth** is a protocol, not a standard.

Answer 41

FALSE

Question 42

Fill in the blank: **OAuth** 2.0 is designed for ______ applications.

Answer 42

web and mobile