DIGITAL SECURITY > Authentication

- In a typical SSO solution, what is a Service Provider?

A&C

- What is "credential stuffing"?

The process where stolen account credentials (usernames and/or email addresses and the
corresponding passwords), mostly from a data breach are used to gain unauthorized access

- Home Realm Discovery behavior provided by Azure Active Directory enables credentials to be
stored in a corporate AD.
False

- Is an application required to generate a new session after authentication?

Required

- What is principal authentication?

An authentication mechanism in which a user enters a principal value during authentication.

- What is "OAuth"?
An open standard that allows users to share personal resources stored on a site with another
site, without having to share their credentials.

- In an SSO solution, what is an identity provider?

A system or entity which can verify and prove identity to other systems/entities involved in the
SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.

- In an SSO solution developed for native iOS applications, one of the secure ways to share an
SSO token between multiple native iOS apps is to store the token in the device "keychain"
store, accessible only to the set of applications signed by a common Apple certificate.
True

- How are SSO and Identity Management (IDM) related to each other?
B&C

- Is it okay to share a session ID via a URL?

An application must not share a session ID via a URL.

- Which of the following method is the best one to save a password?

Salted hash

- Which of the following is an advantage of using SSO?

All of the options
- In the stateless JWT authentication method, user sessions are not stored at server side.
True

- ____________ refers to the validity of a claimed identity.

Identification

- Which of the following types of attack is prevented by multi-factor authentication?

All of the options