PT0-002 · Question #196
PT0-002 Question #196: Real Exam Question with Answer & Explanation
The correct answer is C: Decode the authorization header using Base64.. Authorization headers in web traffic, particularly those using Basic authentication or JWTs, typically contain credentials or tokens that are Base64 encoded. Decoding the header content with Base64 is the correct method to visualize the underlying authorization information.
Question
A penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted?
Options
- ADecode the authorization header using UTF-8.
- BDecrypt the authorization header using bcrypt.
- CDecode the authorization header using Base64.
- DDecrypt the authorization header using AES.
Explanation
Authorization headers in web traffic, particularly those using Basic authentication or JWTs, typically contain credentials or tokens that are Base64 encoded. Decoding the header content with Base64 is the correct method to visualize the underlying authorization information.
Common mistakes.
- A. UTF-8 is a character encoding standard; it is used to represent characters, not to decode an already encoded authorization string that uses schemes like Base64.
- B. bcrypt is a password hashing algorithm used to securely store passwords, not for decrypting or decoding authorization headers transmitted over a network.
- D. AES is a symmetric encryption algorithm; while theoretically possible to encrypt parts of a web request, it's not a standard mechanism for the primary Authorization header, and decryption would require a known key which an attacker would typically not possess.
Concept tested. Web authentication, Base64 decoding
Topics
Community Discussion
No community discussion yet for this question.