Spring Security

What is Spring Security

1. What is the primary purpose of Spring Security?

o A) Logging
o B) Authentication and authorization
o C) Data persistence
o D) Dependency injection

Answer: B) Authentication and authorization

2. Which of the following is not a feature provided by Spring Security?

o A) Protection against CSRF attacks
o B) Built-in database management
o C) Authentication
o D) Authorization

Answer: B) Built-in database management

3. Which protocol is primarily secured by Spring Security for web applications?

o A) FTP
o B) HTTP
o C) SMTP
o D) SNMP

Answer: B) HTTP

Spring Security with Spring Boot

4. Which dependency is primarily added to a Spring Boot application to enable Spring Security?
o A) spring-boot-starter-web
o B) spring-boot-starter-data-jpa
o C) spring-boot-starter-security
o D) spring-boot-starter-thymeleaf

Answer: C) spring-boot-starter-security

5. In a Spring Boot application, how can you customize the default security configuration?
o A) By creating a class that extends WebSecurityConfigurerAdapter
o B) By creating a class that extends SpringBootApplication
o C) By modifying application.properties
o D) By creating a class that extends SpringApplication

Answer: A) By creating a class that extends WebSecurityConfigurerAdapter

6. What is the default behavior of Spring Security in a Spring Boot application without any custom configuration?
o A) No authentication required
o B) HTTP Basic Authentication
o C) Form-based login
o D) Token-based authentication

Answer: B) HTTP Basic Authentication

Basic Authentication

7. What does Basic Authentication use to authenticate users?

o A) Cookies
o B) JWT tokens
o C) Base64-encoded username and password
o D) OAuth tokens

Answer: C) Base64-encoded username and password

8. Which HTTP header is used to send the credentials in Basic Authentication?

o A) Authorization
o B) Authenticate
o C) Credentials
o D) Auth

Answer: A) Authorization

9. What type of security does Basic Authentication provide?

o A) Strong security because of password encryption
o B) Weak security, vulnerable to interception if not used with HTTPS
o C) Stateful authentication
o D) Token-based authentication

Answer: B) Weak security, vulnerable to interception if not used with HTTPS

Authentication with User Credentials from Database and Authorization

10. Which interface must be implemented to retrieve user details from a database in Spring Security?
o A) UserDetailsManager
o B) UserDetails
o C) UserDetailsService
o D) UserManager

Answer: C) UserDetailsService

11. Which component in Spring Security is used to encode passwords?

o A) PasswordEncoder
o B) PasswordHasher
o C) PasswordEncrypter
o D) PasswordManager

Answer: A) PasswordEncoder

12. Which annotation is used to specify security configurations at method level in Spring Security?
o A) @Secured
o B) @Security
o C) @Protected
o D) @RolesAllowed

Answer: A) @Secured
JWT Authorization

13. What does JWT stand for?

o A) Java Web Token
o B) Java Wide Token
o C) JSON Web Token
o D) JSON Wide Token

Answer: C) JSON Web Token

14. In JWT-based authentication, what component typically handles token creation and validation?
o A) TokenProvider
o B) TokenManager
o C) TokenEncoder
o D) TokenFactory

Answer: A) TokenProvider

15. Where is the JWT typically stored on the client side?

o A) Cookies
o B) Local Storage or Session Storage
o C) HTML Meta Tags
o D) CSS Files

Answer: B) Local Storage or Session Storage

16. Which HTTP header is commonly used to pass the JWT token in requests?
o A) Authorization
o B) Authenticate
o C) Token
o D) JWT

Answer: A) Authorization

17. What is a common structure of a JWT?

o A) Header, Payload, and Signature
o B) Username, Password, and Timestamp
o C) Token, Secret, and Timestamp
o D) Header, Token, and Footer

Answer: A) Header, Payload, and Signature