Security question

Whiz labs question
Which of the authentication mechanism use the same transmission mechanism.
a) BASIC & DIGEST
b) BASIC & FORM
c) FORM and DIGEST.
D) CLIENT-CERT and DIGEST
e) None of above.

answer: b.
I think the answer is e.
BASIC: UserName/Password is encoded in BASe64 format and trasmitted.
DIGEST: UserName/Password is encoded in MD5 format and trasmitted.
FORM: UserName/Password is trasmitted in plain text.
CLIENT_CERT: SSL security mecanism is used to transmit UserName/Password.

Please clarify.

The answer depends on how "transmission mechanism" is defined. Since that's not a term with a commonly agreed upon precise definition, several answers are possible.

If "transmission mechanism" means "HTTP", then A, B and C are correct.

If it means "HTTP headers", then A is correct.

If it means "something that is cryptologically secure", then D is correct.

If it means "something that is not cryptologically secure", then B is correct.

So I'd say the question is not worded well.

The answer is b is just because BASIC and FORM are both not encrypted, at the same security level. No need to think in other ways like HTTP protocol since that is not what the question about.

since that is not what the question about

How do you know that? Do you have the book so that you can look up what it means by "transmission mechanism"? I maintain that -without further context- the question is ill-posed.

The answer is b is just because BASIC and FORM are both not encrypted, at the same security level. No need to think in other ways like HTTP protocol since that is not what the question about.

BASIC uses BAe64 encoding to encrypt the credentials. Base64 is well known. But its better than plain text.
FORM uses plain text,

So how can answer B be correct?

So how can answer B be correct?

This question, too, can only be answered if everyone agrees to a precise definition of "transmission mechanism". Barring that, it seems futile to me to try to reason about this.

If "transmission mechanism" means "HTTP", then A, B and C are correct.

If it means "HTTP headers", then A is correct.

If it means "something that is cryptologically secure", then D is correct.

If it means "something that is not cryptologically secure", then B is correct.

a) BASIC & DIGEST
b) BASIC & FORM
c) FORM and DIGEST.
D) CLIENT-CERT and DIGEST
e) None of above

If "transmission mechanism" means "HTTP", then A, B and C are correct.
Yes i agree to this since Basic,Digest and Form all use Http protocol. Client-Cert uses HttpS protocol.

If it means "HTTP headers", then A is correct.
Can you please elaborate on this one?

If it means "something that is cryptologically secure", then D is correct.
Client-Cert uses PKC and Digest uses MD5. Correct me if am wrong.

If it means "something that is not cryptologically secure", then B is correct. Basic uses Base64 which is well known to all hackers and Form uses plain text.

If it means "HTTP headers", then A is correct.
Can you please elaborate on this one?

BASIC and DIGEST information is transported in the HTTP headers, which is different from FORM, which is part of the HTTP body.

There is one more which is Built in meachanism of HTTP

which is DIGEST and BASIC