Question

A web developers improves client access to the company's REST API. Authentication needs to

be tokenized but not expose the client's password.

Which of the following methods would BEST meet the developer's requirements?

A. SAML

B. LDAP

C. OAuth

D. Shibboleth

A vulnerability scan is being conducted against a desktop system. The scan is looking for

files, versions, and registry values known to be associated with system vulnerabilities. Which of

the following BEST describes the type of scan being performed?

A. Non-intrusive

B. Authenticated

C. Credentialed

D. Active

Answer 1

ANSWER 1: Option (C) OAuth Explanation: Since the question is about being authorization and we use Open ID connect with OAuth for both authentication and authorization. OAuth = REST API and it does not expose password. ANSWER 2: Option (C) Credential Explanation: Since the scan is looking for files, versions, and registry values known to be associated with system vulnerabilities a credential scan provides detailed information about potential vulnerabilities.

*NOTE: Drop comments for queries.