nerdexam
(ISC)2

CISSP · Question #1531

Drag and Drop Question Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength. Drag the authentication type on the correct positions on the right ac

The correct answer is Basic; Digest; Integrated Windows Authentication; Client Certificate. The correct order from weakest to strongest is: Basic (sends credentials as Base64-encoded plaintext, easily decoded), Digest (uses MD5 hashing to avoid sending plaintext passwords, but vulnerable to replay attacks), Integrated Windows Authentication (uses Kerberos or NTLM, provi

Submitted by tunde_lagos· Mar 5, 2026Network Security / Web Application Security - Understanding authentication mechanisms and their relative security strengths, commonly tested in certifications such as CompTIA Security+, CEH, or CISSP under access control and identity management domains.

Question

Drag and Drop Question Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength. Drag the authentication type on the correct positions on the right according to strength from weakest to strongest. Answer:

Exhibit

CISSP question #1531 exhibit

Answer Area

Drag items

DigestIntegrated Windows AuthenticationBasicClient Certificate

Correct arrangement

  • Basic
  • Digest
  • Integrated Windows Authentication
  • Client Certificate

Explanation

The correct order from weakest to strongest is: Basic (sends credentials as Base64-encoded plaintext, easily decoded), Digest (uses MD5 hashing to avoid sending plaintext passwords, but vulnerable to replay attacks), Integrated Windows Authentication (uses Kerberos or NTLM, providing strong challenge-response authentication tied to Windows domain credentials), and Client Certificate (uses PKI-based mutual authentication with asymmetric cryptography, providing the strongest assurance by requiring a trusted digital certificate). Each successive method adds cryptographic complexity and resistance to interception or forgery.

Topics

#HTTP Authentication#Web Security#Authentication Protocols#Cryptography

Community Discussion

No community discussion yet for this question.

Full CISSP Practice