Forums Register Login

authentication mechanism in mini-browsers

+Pie Number of slices to send: Send
Test Question 39

Online music sales company Flash and Sizzle, Inc. is planning to develop several Internet applications that will be accessed by the new handheld mobile devices they have just released. These devices have tight security requirements in their mini-browsers with locked down policies and certs.
For these devices, which authentication mechanism is most secure?(Choose one)

A. HTTP Basic
B. Form Based
C. HTTP Digest
D. HTTPS Client

Source: SAI

What's your take?
+Pie Number of slices to send: Send
Hi Parth,

The first three options are amongst the four possible authentication ways (Basic, Form, Digest, Client Cert), so I would choose Digest where the username and password are encrypted.

Https is about having a secure layer between the client and server, on that layer you can even use basic authentication....

Regards,
Frits
+Pie Number of slices to send: Send
Hi Frits,

Your answer was right according to SAI but explaination was not the same.

I had marked the answer as D as I read the line

These devices have tight security requirements in their mini-browsers with locked down policies and certs.




SAI says


Java Servlet Specification, Version 2.4 (SRV.12.5)

Option A is incorrect because the user's credentials are sent in a simple base64 encoding in a request header.

Option B is incorrect because the user's credentials are sent in plain text in the request body or query string.

Option C is correct because the user's credentials are sent in a digest that is a stronger encoding than base64.

Option D is incorrect because this authentication mechanism requires the "user" to have a public key authentication. The devices will not allow them to add the SSL certs.



So what do you think?

+Pie Number of slices to send: Send
Ok, I looked it up: HTTPS Client means Client Cert authentication (I didn't know that) which uses HTTP over SSL.

Then it makes sense given that Client Cert doesn't work because of the given phrase

devices have tight security requirements in their mini-browsers with locked down policies and certs.



Regards,
Frits
+Pie Number of slices to send: Send
So by this

devices have tight security requirements in their mini-browsers with locked down policies and certs.



they mean that devices certs are locked and they cannot accept any new ones.

Ok.. thanks..



I once met a man from Nantucket. He had a tiny ad
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 678 times.
Similar Threads
Mock Exam Quesion
Q64 HFSJ Mock exam
Simple login to web service
SCMAD v2.0?
a vague question
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 16:39:00.