MockRounds Logo

API Authentication u0026 Authorization Checks Quiz Quiz

  1. Question 1

    Which HTTP header is commonly used to transmit authentication credentials in the Basic Authentication scheme?

    1. Authorization
    2. Authentication
    3. Credentials
    4. Auth
    5. Authorisation

  2. Question 2

    What is the primary function of authorization in the context of API security?

    1. Verifying the identity of the user or application
    2. Determining what resources a user or application is allowed to access
    3. Encrypting sensitive data transmitted over the network
    4. Preventing denial-of-service attacks
    5. Monitoring API usage patterns

  3. Question 3

    In OAuth 2.0, what is the purpose of an 'access token'?

    1. To identify the user making the request
    2. To grant temporary access to protected resources on behalf of the user
    3. To verify the client application's identity
    4. To refresh an expired token
    5. To store user preferences

  4. Question 4

    Which of the following is a common vulnerability that can arise from improperly implemented authorization checks?

    1. SQL Injection
    2. Cross-Site Scripting (XSS)
    3. Insecure Direct Object Reference (IDOR)
    4. Denial of Service (DoS)
    5. Server-Side Request Forgery (SSRF)

  5. Question 5

    Which of the following authentication methods is generally considered the most secure for API endpoints?

    1. Basic Authentication
    2. API Keys in the query string
    3. OAuth 2.0 with Proof Key for Code Exchange (PKCE)
    4. Cookies
    5. Bearer Tokens stored in local storage

  6. Question 6

    What does the acronym JWT stand for in the context of API security?

    1. JSON Web Token
    2. Java Web Token
    3. JavaScript Web Token
    4. JSON Wrapper Token
    5. JSON World Token

  7. Question 7

    Which component of a JWT is used to verify the token's integrity and authenticity?

    1. Header
    2. Payload
    3. Signature
    4. Algorithm
    5. Key

  8. Question 8

    What is the purpose of Role-Based Access Control (RBAC) in API authorization?

    1. To define access permissions based on user roles
    2. To track user activity on the API
    3. To enforce rate limiting
    4. To encrypt data in transit
    5. To generate API documentation

  9. Question 9

    If an API endpoint requires both authentication and authorization, which should typically be performed first?

    1. Authentication
    2. Authorization
    3. They can be performed in any order
    4. Neither is necessary
    5. Both simultaneously

  10. Question 10

    What is a common practice to protect API keys from exposure?

    1. Hardcoding them directly in the client-side code
    2. Storing them in environment variables on the server-side
    3. Sending them in the URL query parameters
    4. Using Base64 encoding without encryption
    5. Sharing them publicly
mockrounds.com Learn • Practice • Evaluate