CISSP · Question #128
Which of the following methods provides the MOST protection for user credentials?
The correct answer is B. Digest authentication. This question tests knowledge of web authentication methods and their relative security levels for protecting user credentials in transit.
Question
Which of the following methods provides the MOST protection for user credentials?
Options
- AForms-based authentication
- BDigest authentication
- CBasic authentication
- DSelf-registration
How the community answered
(31 responses)- A19% (6)
- B71% (22)
- C3% (1)
- D6% (2)
Why each option
This question tests knowledge of web authentication methods and their relative security levels for protecting user credentials in transit.
Forms-based authentication transmits credentials in plaintext via HTTP POST unless TLS/SSL is explicitly implemented, meaning the protection level depends entirely on the underlying transport security rather than the authentication method itself.
Digest authentication provides the most protection among the listed options because it uses a challenge-response mechanism with MD5 hashing, meaning the actual password is never transmitted over the network. Instead, a hashed value derived from the credentials and a server-provided nonce is sent, preventing credentials from being intercepted in plaintext.
Basic authentication encodes credentials using Base64 rather than encrypting or hashing them, making it trivially easy to decode intercepted credentials since Base64 is not a security mechanism.
Self-registration is a user account creation process, not an authentication method, and provides no inherent protection for credentials during the login process.
Concept tested: Comparing web authentication methods and credential security
Source: https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/digestauthentication
Topics
Community Discussion
No community discussion yet for this question.