JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.
CASE .NET M5 Exam Prep
Secure Coding Practices for Authentication & Authorization
* Indicates required question
Email
*
Your email
Name
*
Your answer
Which of the following statements are correct?
*
1 point
Authentication is the process of verifying a user's identity.
Authorization is the process of verifying a user's credentials.
Authorization is the process of giving a specific rights to the authenticated users to perform all tasks.
Authentication is always performed before authorization.
Required
Where is the
ASP.NET
authentication modes specified?
*
1 point
In the Home.aspx file
In the style.css file
In the Web.config file
In the Startup.cs file
All of the above
None of the above
Users who are already signed in to passport are considered authenticated and are directed to the site, other users are redirected to the passport server to log in.
*
1 point
True
False
Which of the following statement is incorrect about Windows Authentication?
*
1 point
Windows authentication is the default mode of authentication.
Windows authentication can only be used when a secure channel is used.
In Windows authentication,
ASP.NET
relies on the SQL Server to authenticate.
Windows authentication uses client certificates to prove their identity.
Which of the following options are provided by
ASP.NET
to authorize the client?
*
1 point
URL Authorization
Folder Authorization
Code-based Authorization
.NET Roles
All of the Above
Required
Impersonation is enabled by default.
ASP.NET
impersonates the authentication token from IIS. The user may be either the authenticated user or an anonymous user.
*
1 point
True
False
Which of the following are valid third party authentication services available in ASP.NET.Security.OAuthProviders?
*
1 point
Facebook
Google
LinkedIn
Twitter
Microsoft
All of the above
Required
When creating JSON Web Token (JWT) authentication, the API used to create a JWT token should not allow anonymous access to users.
*
1 point
True
False
Which of the following are IdentityServer4 features in
ASP.NET
Core 2?
*
1 point
Centralize login logic for your applications
Single sign-on
Issues access tokens for APIs
Gateway to external identity providers like Google, Facebook, etc.
Customizable
All of the above
Where do you need to modify configuration settings when implementing [Authorize] attribute with windows authentication?
*
1 point
In Program.cs file
In launchSettings.json file
In Config.cs file
In Startup.cs file
When creating a custom policy based authorization, for a policy to be satisfied, each requirement defined in the policy should be satisfied.
*
1 point
True
False
Which of the following statements on MVC Authentication Filter is true?
*
1 point
Authentication filter is used to authenticate a user.
Authentication filter is the first filter executed for any request.
Authentication filter is used for both authentication and authorization.
All of the above
Required
Use strong hashing algorithm such as MD5 or SHA1 instead of HIMACSHA-256 in the validation attribute of <machineKey> settings to enhance the level of security.
*
1 point
True
False
AES encryption algorithm provides higher level of security than DES or 3DES.
*
1 point
True
False
If passwordFormat is set to clear in Web.config file, then the password will not appear in the text format that can easily be stolen.
*
1 point
True
False
Which of the following settings can help to avoid cookie persistence?
*
1 point
Set the RedirectFromLoginPage method of the FormsAuthentication class to false.
Set the SetAuthCookie method of the FormsAuthentication class to false.
Pass in a true to the FormsAuthenticationTicket constructor.
Set the GetRedirectUrl method of the FormsAuthentication class to false.
Set the DisplayRememberMe property of the login control to false.
Required
Whenever the code redirects to the secure page from a login page of the application, it should use the relative path to avoid giving direct access to the restricted area of the application.
*
1 point
True
False
Which of the following method should be used for redirecting to the page that requires specific authorization privileges?
*
1 point
Server.Redirect()
Server.Transfer()
HttpResponse.Redirect()
HttpResponse.Post()
Which of the following is not a recommended setting for password policy?
*
1 point
RequireNonAlphanumeric: True
RequireLowercase: True
RequireUppercase: True
RequireDigit: True
RequiredUniqueChars: 1
RequiredLength: 4
Which of the following settings are effective at protecting against brute force attacks?
*
1 point
Higher DefaultAccountLockouTimeSpan
Lower DefaultAccountLockouTimeSpan
Higher MaxFailedAccessAttemptsBeforeLockout
Lower MaxFailedAccessAttemptsBeforeLockout
Submit
Page 1 of 1
Clear form
Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google.
Report Abuse
-
Terms of Service
-
Privacy Policy
Forms
