nerdexam
(ISC)2

CISSP · Question #128

Which of the following methods provides the MOST protection for user credentials?

The correct answer is B. Digest authentication. This question tests knowledge of web authentication methods and their relative security levels for protecting user credentials in transit.

Submitted by jakub_pl· Mar 5, 2026Identity and Access Management

Question

Which of the following methods provides the MOST protection for user credentials?

Options

  • AForms-based authentication
  • BDigest authentication
  • CBasic authentication
  • DSelf-registration

How the community answered

(31 responses)
  • A
    19% (6)
  • B
    71% (22)
  • C
    3% (1)
  • D
    6% (2)

Why each option

This question tests knowledge of web authentication methods and their relative security levels for protecting user credentials in transit.

AForms-based authentication

Forms-based authentication transmits credentials in plaintext via HTTP POST unless TLS/SSL is explicitly implemented, meaning the protection level depends entirely on the underlying transport security rather than the authentication method itself.

BDigest authenticationCorrect

Digest authentication provides the most protection among the listed options because it uses a challenge-response mechanism with MD5 hashing, meaning the actual password is never transmitted over the network. Instead, a hashed value derived from the credentials and a server-provided nonce is sent, preventing credentials from being intercepted in plaintext.

CBasic authentication

Basic authentication encodes credentials using Base64 rather than encrypting or hashing them, making it trivially easy to decode intercepted credentials since Base64 is not a security mechanism.

DSelf-registration

Self-registration is a user account creation process, not an authentication method, and provides no inherent protection for credentials during the login process.

Concept tested: Comparing web authentication methods and credential security

Source: https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/digestauthentication

Topics

#authentication methods#user credentials#digest authentication

Community Discussion

No community discussion yet for this question.

Full CISSP Practice