CISSP · Question #1531
Drag and Drop Question Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength. Drag the authentication type on the correct positions on the right ac
The correct answer is Basic; Digest; Integrated Windows Authentication; Client Certificate. The correct order from weakest to strongest is: Basic (sends credentials as Base64-encoded plaintext, easily decoded), Digest (uses MD5 hashing to avoid sending plaintext passwords, but vulnerable to replay attacks), Integrated Windows Authentication (uses Kerberos or NTLM, provi
Question
Exhibit
Answer Area
Drag items
Correct arrangement
- Basic
- Digest
- Integrated Windows Authentication
- Client Certificate
Explanation
The correct order from weakest to strongest is: Basic (sends credentials as Base64-encoded plaintext, easily decoded), Digest (uses MD5 hashing to avoid sending plaintext passwords, but vulnerable to replay attacks), Integrated Windows Authentication (uses Kerberos or NTLM, providing strong challenge-response authentication tied to Windows domain credentials), and Client Certificate (uses PKI-based mutual authentication with asymmetric cryptography, providing the strongest assurance by requiring a trusted digital certificate). Each successive method adds cryptographic complexity and resistance to interception or forgery.
Topics
Community Discussion
No community discussion yet for this question.
