_______ is used in REST to request the server to accept the entity enclosed in the request as a new subordinate of the web resource.
- DELETE
- PATCH
- POST
- PUT
In REST, the POST method is used to request the server to accept the entity enclosed in the request as a new subordinate of the web resource. It is often used for creating a new resource or submitting data to be processed, and the server responds with the details of the newly created resource.
_______ is a protocol used in SAML to pass the authentication and authorization decisions.
- Secure Authentication Protocol
- Secure Authorization Markup Language
- Security Assertion Markup Language
- Simple Authentication and Authorization Protocol
SAML uses the Security Assertion Markup Language protocol to pass authentication and authorization decisions.
How does an API Gateway assist in implementing authentication and authorization for APIs?
- It centralizes authentication and authorization logic, acting as a security guard for APIs
- It encrypts the data exchanged between APIs
- It only authenticates users and does not handle authorization
- It provides a platform for developing APIs but does not handle authentication and authorization
An API Gateway assists by centralizing authentication and authorization logic, serving as a security layer for APIs, ensuring secure access and controlled permissions.
For secure token-based authentication in web services, which encryption technique is most effective?
- AES (Advanced Encryption Standard)
- DES (Data Encryption Standard)
- HMAC (Hash-based Message Authentication Code)
- RSA (Rivest–Shamir–Adleman)
HMAC (Hash-based Message Authentication Code) is commonly used for secure token-based authentication in web services, providing an effective way to ensure data integrity and authentication.
How does GDPR affect web services that handle personal data of EU citizens?
- It encourages unlimited data sharing
- It mandates the use of proprietary encryption algorithms
- It only applies to non-EU citizens
- It requires explicit consent for data processing
GDPR (General Data Protection Regulation) requires explicit consent for processing personal data of EU citizens, emphasizing user privacy and control.
What advanced feature of API Gateways can be used for aggregating responses from multiple services?
- Data Merging
- Response Composition
- Result Concatenation
- Service Aggregation
API Gateways can use Response Composition as an advanced feature to aggregate responses from multiple services.
The process of converting encrypted data back into its original form is called _________.
- Decryption
- Encoding
- Encryption
- Hashing
Decryption is the process of converting encrypted data back into its original, readable form.
During a security audit, a tester is able to execute a script in the database input field. What type of vulnerability does this indicate?
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Insecure Direct Object References (IDOR)
- SQL Injection
The ability to execute a script in the database input field points to a SQL Injection vulnerability, where malicious SQL queries can be injected and executed.
REST APIs commonly use which method to retrieve data without affecting the resource?
- DELETE
- GET
- POST
- PUT
REST APIs commonly use the GET method to retrieve data without affecting the resource, emphasizing the idempotent nature of the operation.
In the context of web services, serverless computing primarily means what?
- Direct server control for applications
- Graphic design for server architecture
- Load balancing for web servers
- Running applications without managing server infrastructure
Serverless computing in web services means running applications without managing server infrastructure, allowing developers to focus on code rather than server management.