Scribd
Upload
14K views

Authentication

A service provider is an application that relies on an identity provider for SSO authentication. Credential stuffing involves using stolen credentials from data breaches to gain unauthorized access. An identity provider verifies identities and generates SSO tokens, while SSO and IDM are related through centralized identity and access management. Multi-factor authentication prevents different types of attacks by requiring multiple verification factors.

Uploaded by

Cachues Profile
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14K views

Authentication

A service provider is an application that relies on an identity provider for SSO authentication. Credential stuffing involves using stolen credentials from data breaches to gain unauthorized access. An identity provider verifies identities and generates SSO tokens, while SSO and IDM are related through centralized identity and access management. Multi-factor authentication prevents different types of attacks by requiring multiple verification factors.

Uploaded by

Cachues Profile
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

DIGITAL SECURITY > Authentication

- In a typical SSO solution, what is a Service Provider?


A&C

- What is "credential stuffing"?


The process where stolen account credentials (usernames and/or email addresses and the
corresponding passwords), mostly from a data breach are used to gain unauthorized access

- Home Realm Discovery behavior provided by Azure Active Directory enables credentials to be
stored in a corporate AD.
False

- Is an application required to generate a new session after authentication?


Required

- What is principal authentication?


An authentication mechanism in which a user enters a principal value during authentication.

- What is "OAuth"?
An open standard that allows users to share personal resources stored on a site with another
site, without having to share their credentials.

- In an SSO solution, what is an identity provider?


A system or entity which can verify and prove identity to other systems/entities involved in the
SSO mechanism. Typically, this is also the entity that generates and verifies the SSO token.

- In an SSO solution developed for native iOS applications, one of the secure ways to share an
SSO token between multiple native iOS apps is to store the token in the device "keychain"
store, accessible only to the set of applications signed by a common Apple certificate.
True

- How are SSO and Identity Management (IDM) related to each other?
B&C

- Is it okay to share a session ID via a URL?


An application must not share a session ID via a URL.

- Which of the following method is the best one to save a password?


Salted hash

- Which of the following is an advantage of using SSO?


All of the options
- In the stateless JWT authentication method, user sessions are not stored at server side.
True

- ____________ refers to the validity of a claimed identity.


Identification

- Which of the following types of attack is prevented by multi-factor authentication?


All of the options

You might also like