nerdexam
Cisco

350-401 · Question #978

Which authorization framework gives third-party applications limited access to HTTP services?

The correct answer is D. OAuth 2.0. OAuth 2.0 is an authorization framework specifically designed to allow third-party applications to obtain limited access to HTTP services on behalf of a user, without exposing the user's credentials. It works by issuing access tokens that define the scope and duration of access,

Submitted by jian89· Mar 6, 2026Security

Question

Which authorization framework gives third-party applications limited access to HTTP services?

Options

  • AIPsec
  • BGRE
  • CBasic Auth
  • DOAuth 2.0

How the community answered

(63 responses)
  • A
    2% (1)
  • B
    8% (5)
  • C
    3% (2)
  • D
    87% (55)

Explanation

OAuth 2.0 is an authorization framework specifically designed to allow third-party applications to obtain limited access to HTTP services on behalf of a user, without exposing the user's credentials. It works by issuing access tokens that define the scope and duration of access, making it the industry standard for delegated authorization (e.g., "Sign in with Google").

Why the others are wrong:

  • IPsec (A) is a network-layer security protocol used to encrypt and authenticate IP communications, not for application-level authorization.
  • GRE (B) (Generic Routing Encapsulation) is a tunneling protocol used to encapsulate network packets, with no authentication or authorization functionality.
  • Basic Auth (C) is a simple HTTP authentication scheme that transmits credentials (username/password), but it does not provide delegated or limited third-party access - it gives full credential-level access.

Memory Tip: Think of OAuth as an "Open Authorization" ticket system - like giving a valet only your car key, not your house key. The "2.0" version is the modern standard you'll see referenced on exams involving APIs and HTTP services.

Topics

#OAuth 2.0#Authorization Framework#API Security#HTTP Services

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice