Frequently Asked 30 Authentication Interview Questions & Answers

Authentication Interview Questions

Authentication MCQs Questions

Question#1 Which of the following are protocols used for SSO?

1)Kerberos

2)OAuth

3)SAML

4)OpenID

5)All the above options

Answer-All the above options

Question#2 In an SSO solution developed for native iOS applications, one of the secure ways to share an SSO token between multiple native iOS apps is to store the token in the device “keychain” store, accessible only to the set of applications signed by a common Apple certificate.

1)True

2)False

Answer-True

Question#3 What is “credential stuffing”?

1)The process wherein an application stores used passwords and prevents a user from using the last three passwords used

2)The process where stolen account credentials (usernames and/or email addresses and the corresponding passwords), mostly from a data breach are used to gain unauthorized access

Answer-The process where stolen account credentials (usernames and/or email addresses and the corresponding passwords), mostly from a data breach are used to gain unauthorized access

Question#4 If you have a set of SSO-enabled applications that are accessible via different smartphones, tablets, and other smart “mobile” devices, there is a relatively higher security risk associated with SSO as compared to accessing those applications via laptops or desktops only.

1)True

2)False

Answer-True

Question#5 The processes of identification and authentication are the same.

1)True

2)False

Answer-False

Question#6 Is an application required to generate a new session after authentication?

1)Mandatory if the application is deployed on multiple application servers.

2)Required

3)Not required

Answer-Required

Question#7 An SSO token is a master key to get access to multiple systems/applications with a “single” login. Therefore, it is very important to protect the master key from theft, spoofing, or forgery.
What are the typical methods to protect an SSO token from various threats?

1)Implement a “source IP check”, that is, the source IP of the end-client device which was used to provide the user credentials to generate the SSO token for the first time should match the source IP of the end client device for all subsequent requests cont

2)Digitally sign the SSO token to protect against man-in-the-middle manipulations, and encrypt the token with a time-variant encryption key/algorithm. Exchange the token over SSL

3)If the SSO token is being exchanged using an HTTP cookie, set the “HttpOnly” attribute of the cookie to prevent cookie access via client-side Javascript

4)Define a server-side “timeout” for the SSO token. The token should be invalid after the timeout period

5)All the above options

6)Invalidate the SSO token on server-side for subsequent use after the user logs off from any of the SSO-enabled applications/systems, that is, after Single Sign-Off

Answer-All the above options

Question#8 __ refers to the validity of a claimed identity.

1)Identification

2)Authentication

3)Authorization

Answer-Authentication

Question#9 What is “SiteMinder Web Access Management”?

1)A product by CA Technologies to ensure cross-browser compatibility and accessibility of web applications

2)A product by CA Technologies used to access web sites without the need of a web browser

3)A product by CA Technologies which has cross-platform SSO, and other web access management capabilities like centralized authentication, authorization policy enforcement, etc.

4)All the above options

Answer-A product by CA Technologies which has cross-platform SSO, and other web access management capabilities like centralized authentication, authorization policy enforcement, etc.

Question#10 A JWT can be stored at which of the following locations?

1)severStorage

2)sessionStorage

3)localStorage

4)localStorage and sessionStorage

Answer-localStorage and sessionStorage

Question#11 What is “OAuth”?

1)Authentication with an “O”

2)An open standard that allows users to securely share their credentials, typically username and password with other websites or entities

3)An open standard that allows users to share personal resources stored on a site with another site, without having to share their credentials

4)None of the above options

Answer-An open standard that allows users to share personal resources stored on a site with another site, without having to share their credentials

Question#12 How are SSO and Identity Management (IDM) related to each other?

1)D) B and C

2)B) SSO is a subset of IDM.

3)A) They are not related.

4)C) In SSO, the “identity/identifier” of a user/entity has to be securely propagated to multiple applications/systems/entities, and typically, the IDM system manages the “identity/identifier”.

Answer-D) B and C

Question#13 Is it okay to share a session ID via a URL?

1)Yes, if the application is performing URL redirecting.

2)An application must not share a session ID via a URL.

3)Yes, sharing a session ID is okay, as it is going only to the intended user.

Answer-An application must not share a session ID via a URL.

Question#14 In an SSO solution, what is an identity provider?

1)A system or entity which encrypts and provides the password of a user to other systems/entities involved in the SSO mechanism so that they can re-authenticate the user.

2)A system or entity which can verify and prove identity to other systems/entities involved in the SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.

Answer-A system or entity which can verify and prove identity to other systems/entities involved in the SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.

Question#15 JWT tokens are prone to XSS attacks.

1)True

2)False

Answer-True

Question#1 Which of the following is a good practice?

1)Give full permission for remote transferring

2)Grant read only permission

3)Grant limited permission to specified account

4)Give both read and write permission but not execute

Answer-Grant limited permission to specified account

Question#2 What are the common security threats?

1)File Shredding

2)File sharing and permission

3)File corrupting

4)File integrity

Answer-File sharing and permission

Question#3 Which of the following are forms of malicious attack?

1)Theft of information

2)Modification of data

3)Wiping of information

4)All of the mentioned

Answer-All of the mentioned

Question#4 From the following, which is not a common file permission?

1)Write

2)Execute

3)Stop

4)Read

Answer-Stop

Question#5 What is characteristics of Authorization ?

1)RADIUS and RSA

2)3 way handshaking with syn and fin

3)Multilayered protection for securing resources

4)Deals with privileges and rights

Answer-Deals with privileges and rights

Question#6 In which of the following, a person is constantly followed/chased by another person or group of several peoples?

1)Phishing

2)Bulling

3)Stalking

4)Identity theft

Answer-Stalking

Question#7 Which one of the following can be considered as the class of computer threats?

1)Dos Attack

2)Phishing

3)Soliciting

4)Both A and C

Answer-Dos Attack

Question#8 Which of the following is considered as the unsolicited commercial email?

1)Virus

2)Malware

3)Spam

4)All of the above

Answer-Spam

Question#9 What is characteristic of RADIUS system?

1)It is essential for centralized encryption and authentication

2)It works on Network layer to deny access to unauthorized people

3)It provides centralized authentication mechanism via network devices

4)It’s a strong File access system

Answer-It provides centralized authentication mechanism via network devices

Question#10 Why is one time password safe ?

1)It is easy to generated

2)It cannot be shared

3)It is different for every access

4)It is a complex encrypted password

Answer-It is different for every access

Question#11 Which of the following is least secure method of authentication ?

1)Key card

2)fingerprint

3)retina pattern

4)Password

Answer-Password

Question#12 Which of the following is a good practice?

1)Give full permission for remote transferring

2)Grant read only permission

3)Grant limited permission to specified account

4)Give both read and write permission but not execute

Answer-Grant limited permission to specified account

Question#13 Which of the following usually observe each activity on the internet of the victim, gather all information in the background, and send it to someone else

1)Malware

2)Spyware

3)Adware

4)All of the above

Answer-Spyware

Question#14 _ is a type of software designed to help the user’s computer detect viruses and avoid them.

1)Malware

2)Adware

3)Antivirus

4)Both B and C

Answer-Antivirus

Question#15 What is not a good practice for user administration?

1)Isolating a system after a compromise

2)Perform random auditing procedures

3)Granting privileges on a per host basis

4)Using telnet and FTP for remote access

Answer-Using telnet and FTP for remote access

Question#16 Which of the following is a strong password?

1)19thAugust88

2)Delhi88

3)P@assw0rd

4)!augustdelhi

Answer-P@assw0rd

Question#17 What does Light Directory Access Protocol (LDAP) doesn’t store?

1)Users

2)Address

3)Passwords

4)Security Keys

Answer-Security Keys

Question#18 Grant limited permission to specified account

1)File Shredding

2)File sharing and permission

3)File corrupting

4)File integrity

Answer-File sharing and permission

Question#19 Which happens first authorization or authentication?

1)Authorization

2)Authentication

3)Authorization & Authentication are same

4)None of the mentioned

Answer-Authorization

Question#20 What forces the user to change password at first login?

1)Default behavior of OS

2)Part of AES encryption practice

3)Devices being accessed forces the user

4)Account administrator

Answer-Account administrator

Question#21 What is not a best practice for password policy?

1)Deciding maximum age of password

2)Restriction on password reuse and history

3)Password encryption

4)Having change password every 2 years

Answer-Having change password every 2 years

Question#22 Which one of the following is a type of antivirus program?

1)Quick heal

2)Mcafee

3)Kaspersky

4)All of the above

Answer-All of the above

Question#23 It can be a software program or a hardware device that filters all data packets coming through the internet, a network, etc. it is known as the_______:

1)Antivirus

2)Firewall

3)Cookies

4)Malware

Answer-Firewall

About Author


After years of Technical Work, I feel like an expert when it comes to Develop wordpress website. Check out How to Create a Wordpress Website in 5 Mins, and Earn Money Online Follow me on Facebook for all the latest updates.

Leave a Comment