Secure REST API: Authentication and Authorization Quiz Quiz

1. Token-Based Authentication Basics

   Which of the following best describes how token-based authentication works in REST APIs?

   1. Each client receives a token after logging in and sends it with subsequent requests.
   2. The client and server share a persistent database connection.
   3. Cookies are automatically set and sent with every request by the browser.
   4. A session is created and maintained on the server for each client.
   5. All requests from any client are automatically trusted unless blacklisted.

2. Role of OAuth 2.0

   In REST APIs, what is the primary purpose of using OAuth 2.0?

   1. To delegate user authentication and authorization to another service securely.
   2. To ensure data encryption during transmission.
   3. To store user passwords in a database.
   4. To prevent cross-site scripting attacks.
   5. To limit file upload sizes.

3. JWT Structure

   What are the three main components of a JSON Web Token (JWT)?

   1. Header, Payload, Signature
   2. Username, Password, Timestamp
   3. Key, Value, Expiry
   4. Header, Footer, Hash
   5. Algorithm, Data, Secret

4. API Key Vulnerabilities

   Which of the following is a common security risk when using API keys for authentication?

   1. Exposure of API keys in client-side code.
   2. API keys are encrypted and cannot be misused.
   3. API keys support complex access control lists.
   4. API keys automatically expire after each request.
   5. API keys only work with HTTPS.

5. Basic Authentication

   How are credentials typically transmitted in Basic Authentication for REST APIs?

   1. As a Base64-encoded username and password in the Authorization header.
   2. Through a multipart/form-data payload.
   3. Stored in a server-side session object.
   4. Encrypted in a JWT token.
   5. Sent via HTTP cookies.

6. OpenID Connect Extension

   OpenID Connect builds on top of which authentication protocol commonly used in REST APIs?

   1. OAuth 2.0
   2. SAML 2.0
   3. Kerberos
   4. HTTP Digest
   5. SOAP

7. Scopes in Authorization

   What does the 'scope' parameter define in an authorization request?

   1. The permissions or access levels being requested.
   2. The network address of the server.
   3. The security algorithm used to encrypt data.
   4. The timeout value for the user session.
   5. The number of tokens a user can request.

8. Token Expiry Handling

   Which is a recommended way to handle expired access tokens in REST APIs?

   1. Request a new token using a valid refresh token.
   2. Continue using the expired token until it is accepted.
   3. Switch to Basic Authentication automatically.
   4. Permanently disable the user's account.
   5. Increase the token lifetime in the client.

9. Authorization vs. Authentication

   Which statement best distinguishes authorization from authentication in REST APIs?

   1. Authorization determines what actions a user is allowed to perform after they are authenticated.
   2. Authentication provides encryption for HTTP requests.
   3. Authorization verifies the user's identity.
   4. Authentication grants access to resources.
   5. Authorization is not relevant in REST APIs.

10. CORS and Tokens

    Why is it important to configure CORS (Cross-Origin Resource Sharing) correctly when using token-based authentication in REST APIs?

    1. To control which domains can send authenticated requests to the API.
    2. Because CORS encrypts authentication tokens automatically.
    3. To prevent SQL injection in token payloads.
    4. Because CORS sets HTTP-only cookies for all requests.
    5. So that tokens can be exchanged for passwords.