Security

Question 1

Authentication

Answer 1

verifying the identity of something(user, system)

Question 2

Authorization

Answer 2

checking what permissions to give that entity

Question 3

Encryption

Answer 3

Transforming data so it is unreadable to people without the key. Turn plain text into cypher text.(Hash function)

Question 4

SSL and TLS do what

Answer 4

allow clients to create secured sessions. Encryption happens automatically

Question 5

describe the difference between the public and the private key

Answer 5

the public key is kept somewhere accessible by clients and used to encrypt data. the private key is kept secret and used to decrypt messages

Question 6

Digital certificate

Answer 6

data files used to establish the identity of users and electronic assests

Question 7

how does a digital certificate establish the secure connection

Answer 7

DS copied to CA. when client accesses the web app, CA sends DS. Client uses CA public key to decode the DS. once the client verifies the identity it can use the companies public key to encrypt/decrypt messages

Question 8

reasons to use OAuth2.0

Answer 8

don’t need to handle users and roles. good UI. and rely on well established services

Question 9

resource owner

Answer 9

the user giving access to some portion of their account

Question 10

resource server

Answer 10

the API server used to access the users info

Question 11

Authorisation server

Answer 11

the server that presents the interface where the user approves or denies the request

Question 12

client

Answer 12

the application attempting to access the users account

Question 13

what are the 3 grant types

Answer 13

authorization code, client credentials and password