---Advertisement---
Digital Security

Authentication Interview Question-Answer

By Smart Answer

Updated on:

---Advertisement---

User Authentication Interview Question-Answer part – 2

Q.1 Which of the following are protocols used for SSO?

       A. Kerberos

       B. OAuth

       C. SAML

       D. OpenID

       E. All the above options

Ans : All the above options


Q.2 In an SSO solution developed for native iOS applications, one of the secure ways to share an SSO token between multiple native iOS apps is to store the token in the device “keychain” store, accessible only to the set of applications signed by a common Apple certificate.

       A. True

       B. False

Ans : True


Q.3 What is “credential stuffing”?

       A. The process wherein an application stores used passwords and prevents a user from using the last three passwords used

       B. The process where stolen account credentials (usernames and/or email addresses and the corresponding passwords), mostly from a data breach are used to gain unauthorized access

Ans : The process where stolen account credentials (usernames and/or email addresses and the corresponding passwords), mostly from a data breach are used to gain unauthorized access


Q.4 If you have a set of SSO-enabled applications that are accessible via different smartphones, tablets, and other smart “mobile” devices, there is a relatively higher security risk associated with SSO as compared to accessing those applications via laptops or desktops only.

       A. True

       B. False

Ans : True


Q.5 The processes of identification and authentication are the same.

       A. True

       B. False

Ans : False


Q.6 Is an application required to generate a new session after authentication?

       A. Mandatory if the application is deployed on multiple application servers.

       B. Required

       C. Not required

Ans : Required


Q.7 An SSO token is a master key to get access to multiple systems/applications with a “single” login. Therefore, it is very important to protect the master key from theft, spoofing, or forgery.
What are the typical methods to protect an SSO token from various threats?

       A. Implement a “source IP check”, that is, the source IP of the end-client device which was used to provide the user credentials to generate the SSO token for the first time should match the source IP of the end client device for all subsequent requests cont

       B. Digitally sign the SSO token to protect against man-in-the-middle manipulations, and encrypt the token with a time-variant encryption key/algorithm. Exchange the token over SSL

       C. If the SSO token is being exchanged using an HTTP cookie, set the “HttpOnly” attribute of the cookie to prevent cookie access via client-side Javascript

       D. Define a server-side “timeout” for the SSO token. The token should be invalid after the timeout period

       E. All the above options

       F. Invalidate the SSO token on server-side for subsequent use after the user logs off from any of the SSO-enabled applications/systems, that is, after Single Sign-Off

Ans : All the above options


Q.8 ____________ refers to the validity of a claimed identity.

       A. Identification

       B. Authentication

       C. Authorization

Ans : Authentication


Q.9 What is “SiteMinder Web Access Management”?

       A. A product by CA Technologies to ensure cross-browser compatibility and accessibility of web applications

       B. A product by CA Technologies used to access web sites without the need of a web browser

       C. A product by CA Technologies which has cross-platform SSO, and other web access management capabilities like centralized authentication, authorization policy enforcement, etc.

       D. All the above options

Ans : A product by CA Technologies which has cross-platform SSO, and other web access management capabilities like centralized authentication, authorization policy enforcement, etc.


Q.10 A JWT can be stored at which of the following locations?

       A. severStorage

       B. sessionStorage

       C. localStorage

       D. localStorage and sessionStorage

Ans : localStorage and sessionStorage


Q.11 What is “OAuth”?

       A. Authentication with an “O”

       B. An open standard that allows users to securely share their credentials, typically username and password with other websites or entities

       C. An open standard that allows users to share personal resources stored on a site with another site, without having to share their credentials

       D. None of the above options

Ans : An open standard that allows users to share personal resources stored on a site with another site, without having to share their credentials


Q.12 How are SSO and Identity Management (IDM) related to each other?

       A. D) B and C

       B. B) SSO is a subset of IDM.

       C. A) They are not related.

       D. C) In SSO, the “identity/identifier” of a user/entity has to be securely propagated to multiple applications/systems/entities, and typically, the IDM system manages the “identity/identifier”.

Ans : D) B and C


Q.13 Is it okay to share a session ID via a URL?

       A. Yes, if the application is performing URL redirecting.

       B. An application must not share a session ID via a URL.

       C. Yes, sharing a session ID is okay, as it is going only to the intended user.

Ans : An application must not share a session ID via a URL.


Q.14 In an SSO solution, what is an identity provider?

       A. A system or entity which encrypts and provides the password of a user to other systems/entities involved in the SSO mechanism so that they can re-authenticate the user.

       B. A system or entity which can verify and prove identity to other systems/entities involved in the SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.

Ans : A system or entity which can verify and prove identity to other systems/entities involved in the SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.


Q.15 JWT tokens are prone to XSS attacks.

       A. True

       B. False

Ans : True


User Authentication Interview Question-Answer part – 2

Smart Answer

---Advertisement---

Related Post

Cyber Security Interview Question-Answer Part – 3

Cybersecurity Prologue Interview Question-Answer Cyber Security Interview Question-Answer Part – 1 Cyber Security Interview Question-Answer Part – 2 Q.1 Which of the following can also consider as the ...

Cyber Security Interview Question-Answer Part – 2

Cybersecurity Prologue Interview Question-Answer Cyber Security Interview Question- – 1 Cyber Security Interview Question- – 3 Q.1 Which of the following can be considered as the elements of ...

Cyber Security Interview Question-Answer

Cybersecurity Prologue Interview Question-Answer Cyber Security Interview Question-Answer Part – 2 Cyber Security Interview Question-Answer Part – 3 Q.1 Which of the following refers to stealing one’s idea ...

User Authentication Interview Question-Answer part – 2

Authentication Interview Question-Answer Q.1 Which of the following is a good practice?        A. Give full permission for remote transferring        B. Grant read ...

Leave a Comment