Assessment - Authentication - Fresco Play HackerRank Solution Cyber Security

Q.1 Is an application required to generate a new session after authentication?

1) Mandatory if the application is deployed on multiple application servers.

2) Not required

3) Required

Ans: 3) Required

Q.2 In a typical SSO solution, what is a Service Provider?

1) A person who provides various business services.

2) A) A system or entity which provides business service(s) to users or other entities.

3) 1 and 4

4) The entity which receives the SSO token and queries the identity provider to validate the token, and then establishes the identity of the user being logged in before providing the requested business service(s).

Ans: 3) 1 and 4

Q.3 Authorization can be done only after completing the identification and authentication process.

1) True

2) False

Ans: 1) True

Q.4 What is SAML?

1) An open standard to securely exchange authentication/identity and authorization information between an identity provider and a service provider. An SAML token is based on XML.

2) Security And Markup Language

3) 1 and 2

4) A secure SSO specification from Microsoft.

Ans: 3) 1 and 2

Q.5 A JWT can be stored at which of the following locations?

1) localStorage

2) localStorage and sessionStorage

3) severStorage

4) sessionStorage

Ans: 2) localStorage and sessionStorage

Q.6 What is principal authentication?

1) All the above options

2) A) An authentication mechanism in which a user enters a principal value during authentication.

3) B) An entity that can be authenticated by a system by using the identifier associated with that entity.

4) C) A person, computer, printer, device, or a group of these. For example, a person can be given a user ID as an identifier, which can then be used by a system to authenticate the user.

5)B) and C)

Ans: 5)B) and C)

Q.7 If you have a set of SSO-enabled applications that are accessible via different smartphones, tablets, and other smart "mobile" devices, there is a relatively higher security risk associated with SSO as compared to accessing those applications via laptops or desktops only.

1) True

2) False

Ans: 1) True

Q.8 What is "credential stuffing"?

1) The process where users reuse the same username/password combination across multiple sites.

2) The process where stolen account credentials (usernames and/or email addresses and the corresponding passwords), mostly from a data breach are used to gain unauthorized access

3) The process wherein an application stores used passwords and prevents a user from using the last three passwords used.

Ans: 2) The process where stolen account credentials (usernames and/or email addresses and the corresponding passwords), mostly from a data breach are used to gain unauthorized access

Q.9 Is it okay to share a session ID via a URL?

1) Yes, sharing a session ID is okay, as it is going only to the intended user.

2) Yes, if the application is performing URL redirecting.

3) An application must not share a session ID via a URL.

Ans: 3) An application must not share a session ID via a URL.

Q.10 Which of the following is an advantage of using SSO?

1) Improved user experience as the user does not have to enter credentials to access every new application.

2) Reduces the number of passwords to remember, secure, and manage. With SSO, a single login with user ID and password enables secure access to multiple applications.

3) Simplifies identity and access management, because a single/same identity can be centrally managed, and securely propagated to all target applications or service providers.

4) All the above options

Ans: 4) All the above options

Q.11 Home Realm Discovery behavior provided by Azure Active Directory enables credentials to be stored in a corporate AD.

1) True

2) False

Ans: 1) True

Q.12 ____________ refers to the validity of a claimed identity.

1) Authentication

2) Identification

3) Authorization

Ans: 1) Authentication

Q.13 What is "SiteMinder Web Access Management"?

1) A product by CA Technologies used to access web sites without the need of a web browser.

2) A product by CA Technologies to ensure cross-browser compatibility and accessibility of web applications.

3) A product by CA Technologies which has cross-platform SSO, and other web access management capabilities like centralized authentication, authorization policy enforcement, etc.

4) All the above options

Ans: 3) A product by CA Technologies which has cross-platform SSO, and other web access management capabilities like centralized authentication, authorization policy enforcement, etc.

Q.14 Apart from typical SSO between browser-based web applications, where all can SSO be used?****

1) SSO between native mobile applications

2) SSO between multiple backend business services which do not have any presentation layer. For example, a web page calls service A on a server, which in turn calls service B on a different server in the same data center to perform a task. Service A has to p

3) SSO between a desktop (domain authentication) and other applications/systems accessible via web browsers from the same desktop. For example, Integrated Windows Authentication, where a user who is already logged in, can seamlessly access designated web app

4) All the above options

Ans: 4) All the above options

Q.15 Which of the following method is the best one to save a password?

1) Encrypted

2) Plain text

3) Salted hash

4) Hashed

Ans: 3) Salted hash