
Authentication MCQs Questions
Question#1 Which of the following are protocols used for SSO?
1)Kerberos
2)OAuth
3)SAML
4)OpenID
5)All the above options
Answer-All the above options
Question#2 In an SSO solution developed for native iOS applications, one of the secure ways to share an SSO token between multiple native iOS apps is to store the token in the device “keychain” store, accessible only to the set of applications signed by a common Apple certificate.
1)True
2)False
Answer-True
Question#3 What is “credential stuffing”?
1)The process wherein an application stores used passwords and prevents a user from using the last three passwords used
2)The process where stolen account credentials (usernames and/or email addresses and the corresponding passwords), mostly from a data breach are used to gain unauthorized access
Answer-The process where stolen account credentials (usernames and/or email addresses and the corresponding passwords), mostly from a data breach are used to gain unauthorized access
Question#4 If you have a set of SSO-enabled applications that are accessible via different smartphones, tablets, and other smart “mobile” devices, there is a relatively higher security risk associated with SSO as compared to accessing those applications via laptops or desktops only.
1)True
2)False
Answer-True
Question#5 The processes of identification and authentication are the same.
1)True
2)False
Answer-False
Question#6 Is an application required to generate a new session after authentication?
1)Mandatory if the application is deployed on multiple application servers.
2)Required
3)Not required
Answer-Required
Question#7 An SSO token is a master key to get access to multiple systems/applications with a “single” login. Therefore, it is very important to protect the master key from theft, spoofing, or forgery.
What are the typical methods to protect an SSO token from various threats?
1)Implement a “source IP check”, that is, the source IP of the end-client device which was used to provide the user credentials to generate the SSO token for the first time should match the source IP of the end client device for all subsequent requests cont
2)Digitally sign the SSO token to protect against man-in-the-middle manipulations, and encrypt the token with a time-variant encryption key/algorithm. Exchange the token over SSL
3)If the SSO token is being exchanged using an HTTP cookie, set the “HttpOnly” attribute of the cookie to prevent cookie access via client-side Javascript
4)Define a server-side “timeout” for the SSO token. The token should be invalid after the timeout period
5)All the above options
6)Invalidate the SSO token on server-side for subsequent use after the user logs off from any of the SSO-enabled applications/systems, that is, after Single Sign-Off
Answer-All the above options
Question#8 __ refers to the validity of a claimed identity.
1)Identification
2)Authentication
3)Authorization
Answer-Authentication
Question#9 What is “SiteMinder Web Access Management”?
1)A product by CA Technologies to ensure cross-browser compatibility and accessibility of web applications
2)A product by CA Technologies used to access web sites without the need of a web browser
3)A product by CA Technologies which has cross-platform SSO, and other web access management capabilities like centralized authentication, authorization policy enforcement, etc.
4)All the above options
Answer-A product by CA Technologies which has cross-platform SSO, and other web access management capabilities like centralized authentication, authorization policy enforcement, etc.
Question#10 A JWT can be stored at which of the following locations?
1)severStorage
2)sessionStorage
3)localStorage
4)localStorage and sessionStorage
Answer-localStorage and sessionStorage
Question#11 What is “OAuth”?
1)Authentication with an “O”
2)An open standard that allows users to securely share their credentials, typically username and password with other websites or entities
3)An open standard that allows users to share personal resources stored on a site with another site, without having to share their credentials
4)None of the above options
Answer-An open standard that allows users to share personal resources stored on a site with another site, without having to share their credentials
Question#12 How are SSO and Identity Management (IDM) related to each other?
1)D) B and C
2)B) SSO is a subset of IDM.
3)A) They are not related.
4)C) In SSO, the “identity/identifier” of a user/entity has to be securely propagated to multiple applications/systems/entities, and typically, the IDM system manages the “identity/identifier”.
Answer-D) B and C
Question#13 Is it okay to share a session ID via a URL?
1)Yes, if the application is performing URL redirecting.
2)An application must not share a session ID via a URL.
3)Yes, sharing a session ID is okay, as it is going only to the intended user.
Answer-An application must not share a session ID via a URL.
Question#14 In an SSO solution, what is an identity provider?
1)A system or entity which encrypts and provides the password of a user to other systems/entities involved in the SSO mechanism so that they can re-authenticate the user.
2)A system or entity which can verify and prove identity to other systems/entities involved in the SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.
Answer-A system or entity which can verify and prove identity to other systems/entities involved in the SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.
Question#15 JWT tokens are prone to XSS attacks.
1)True
2)False
Answer-True
Question#1 Which of the following is a good practice?
1)Give full permission for remote transferring
2)Grant read only permission
3)Grant limited permission to specified account
4)Give both read and write permission but not execute
Answer-Grant limited permission to specified account
Question#2 What are the common security threats?
1)File Shredding
2)File sharing and permission
3)File corrupting
4)File integrity
Answer-File sharing and permission
Question#3 Which of the following are forms of malicious attack?
1)Theft of information
2)Modification of data
3)Wiping of information
4)All of the mentioned
Answer-All of the mentioned
Question#4 From the following, which is not a common file permission?
1)Write
2)Execute
3)Stop
4)Read
Answer-Stop
Question#5 What is characteristics of Authorization ?
1)RADIUS and RSA
2)3 way handshaking with syn and fin
3)Multilayered protection for securing resources
4)Deals with privileges and rights
Answer-Deals with privileges and rights
Question#6 In which of the following, a person is constantly followed/chased by another person or group of several peoples?
1)Phishing
2)Bulling
3)Stalking
4)Identity theft
Answer-Stalking
Question#7 Which one of the following can be considered as the class of computer threats?
1)Dos Attack
2)Phishing
3)Soliciting
4)Both A and C
Answer-Dos Attack
Question#8 Which of the following is considered as the unsolicited commercial email?
1)Virus
2)Malware
3)Spam
4)All of the above
Answer-Spam
Question#9 What is characteristic of RADIUS system?
1)It is essential for centralized encryption and authentication
2)It works on Network layer to deny access to unauthorized people
3)It provides centralized authentication mechanism via network devices
4)It’s a strong File access system
Answer-It provides centralized authentication mechanism via network devices
Question#10 Why is one time password safe ?
1)It is easy to generated
2)It cannot be shared
3)It is different for every access
4)It is a complex encrypted password
Answer-It is different for every access
Question#11 Which of the following is least secure method of authentication ?
1)Key card
2)fingerprint
3)retina pattern
4)Password
Answer-Password
Question#12 Which of the following is a good practice?
1)Give full permission for remote transferring
2)Grant read only permission
3)Grant limited permission to specified account
4)Give both read and write permission but not execute
Answer-Grant limited permission to specified account
Question#13 Which of the following usually observe each activity on the internet of the victim, gather all information in the background, and send it to someone else
1)Malware
2)Spyware
3)Adware
4)All of the above
Answer-Spyware
Question#14 _ is a type of software designed to help the user’s computer detect viruses and avoid them.
1)Malware
2)Adware
3)Antivirus
4)Both B and C
Answer-Antivirus
Question#15 What is not a good practice for user administration?
1)Isolating a system after a compromise
2)Perform random auditing procedures
3)Granting privileges on a per host basis
4)Using telnet and FTP for remote access
Answer-Using telnet and FTP for remote access
Question#16 Which of the following is a strong password?
1)19thAugust88
2)Delhi88
3)P@assw0rd
4)!augustdelhi
Answer-P@assw0rd
Question#17 What does Light Directory Access Protocol (LDAP) doesn’t store?
1)Users
2)Address
3)Passwords
4)Security Keys
Answer-Security Keys
Question#18 Grant limited permission to specified account
1)File Shredding
2)File sharing and permission
3)File corrupting
4)File integrity
Answer-File sharing and permission
Question#19 Which happens first authorization or authentication?
1)Authorization
2)Authentication
3)Authorization & Authentication are same
4)None of the mentioned
Answer-Authorization
Question#20 What forces the user to change password at first login?
1)Default behavior of OS
2)Part of AES encryption practice
3)Devices being accessed forces the user
4)Account administrator
Answer-Account administrator
Question#21 What is not a best practice for password policy?
1)Deciding maximum age of password
2)Restriction on password reuse and history
3)Password encryption
4)Having change password every 2 years
Answer-Having change password every 2 years
Question#22 Which one of the following is a type of antivirus program?
1)Quick heal
2)Mcafee
3)Kaspersky
4)All of the above
Answer-All of the above
Question#23 It can be a software program or a hardware device that filters all data packets coming through the internet, a network, etc. it is known as the_______:
1)Antivirus
2)Firewall
3)Cookies
4)Malware
Answer-Firewall