CAS-003 Question #926: Real Exam Question with Answer & Explanation

Question

Options

• AImplement long-lived refresh tokens when the application is opened with OAuth support of beater
• BRefresh a new access token when the application is opened and OAuth device flow registration is
• CImplement a content-aware security risk engine with push notification tokens
• DRequest a new bearer token from the token service when the application is opened and OAuth
• EImplement a user and entity behavioral analytics detection engine with a one-time magic link.
• FImplement a rules-based security engine with software OTP tokens.

Explanation

The home assistant requirements call for: (1) step-up re-authentication when sensitive data is accessed or device state changes, (2) full re-authentication every three months and at registration, and (3) seamless multi-channel access. Options A and D together satisfy these needs: (A) Long-lived refresh tokens with OAuth bearer support address the three-month re-authentication cycle-the refresh token expires after 90 days, requiring re-authentication, while bearer tokens enable seamless, stateless access across channels without repeated login prompts. (D) OAuth device flow registration is specifically designed for home assistants and IoT devices with limited input capabilities (no keyboard/browser), enabling secure device registration and new bearer token issuance when the app opens. Options C and F (content-aware engines, rules-based engines with OTP) add complexity without directly meeting the OAuth-based seamless multi-channel requirement; Option E's behavioral analytics with magic links doesn't support the three-month cycle cleanly.

No community discussion yet for this question.