350-401 · Question #1098
Which two mechanisms are used with OAuth 2.0 for enhanced validation? (Choose two.)
The correct answer is A. authorization D. authentication. OAuth 2.0 uses both authorization and authentication mechanisms to provide enhanced validation for delegated access to protected resources.
Question
Options
- Aauthorization
- Bcustom headers
- Crequest management
- Dauthentication
- Eaccounting
How the community answered
(48 responses)- A88% (42)
- B6% (3)
- C4% (2)
- E2% (1)
Why each option
OAuth 2.0 uses both authorization and authentication mechanisms to provide enhanced validation for delegated access to protected resources.
OAuth 2.0 is primarily an authorization framework, enabling a client application to obtain limited access to a user's protected resources on a resource server without exposing the user's credentials. The authorization process confirms what actions the client is permitted to perform.
Custom headers can be used in API calls but are not core mechanisms of OAuth 2.0 itself for enhanced validation, though they might carry tokens or other information.
Request management is a general term referring to how requests are handled, not a specific OAuth 2.0 mechanism for validation.
While OAuth 2.0 itself is an authorization protocol, it often relies on underlying authentication of the resource owner (user) to grant consent. OpenID Connect, built on top of OAuth 2.0, explicitly adds an authentication layer, providing enhanced validation by confirming the user's identity.
Accounting (tracking resource usage) is part of AAA (Authentication, Authorization, Accounting) but is not a direct validation mechanism within the OAuth 2.0 protocol itself.
Concept tested: OAuth 2.0 authorization and authentication
Source: https://www.rfc-editor.org/rfc/rfc6749
Topics
Community Discussion
No community discussion yet for this question.