A JWT token has an "iss" claim with the value "trusted_issuer". What happens if this value is tampered with?

The token will be rejected by the verifier

The token will lose its signature

The token will function normally

In a real-world scenario, how can a `kid` header in JWT be exploited?

By supplying an insecure key file path

By replacing the payload with invalid data

How can the `iat` claim in a JWT be used?

To indicate the creation time of the token

What is the risk of embedding sensitive data in the payload of a JWT?

Exposure due to lack of encryption

How can you verify the authenticity of a JWT?

By validating the signature using the secret or public key

By checking the algorithm field

A JWT token is signed with RS256. How can you validate it?

Using the corresponding public key

You modify the payload of a JWT and resend it to a server. The server still accepts the token. What does this indicate?

The server does not verify the signature

Which of the following mitigations can protect against JWT tampering?

Using asymmetric key signing with proper validation

Storing sensitive data in the payload

A JWT token has a `typ` field set to "JWT" and an `alg` field set to "RS256". What does this indicate?

The token uses asymmetric signing

What is the effect of including a very short expiration time (`exp`) in a JWT?

Reduces the risk of token misuse

Makes the token more secure against tampering

Removes the need for a signature

Why is it unsafe to use the same secret key across multiple applications for signing JWTs?

It exposes all applications if the key is compromised

It increases storage requirements

It slows down the signing process

It makes decoding more difficult

You find that the `jwk` header of a JWT contains base64-encoded RSA public key parameters. What does this imply?

The token can be verified using the included public key

The token's signature is not valid

How would an attacker use the `none` algorithm in a JWT exploit?

By bypassing signature validation

By brute-forcing the token payload

Which scenario indicates a secure JWT implementation?

The token is verified against a trusted public key

Sensitive data is stored in the payload

The `alg` field is set to `HS256` without a strong secret key

A web app accepts a JWT token with `alg` set to `none`. What should the server do?

Validate the token with a default secret

A JWT token has expired (`exp` claim). How should the server respond?

Prompt the user for reauthentication

Accept the token with a warning

Extend the token expiration time

Why is asymmetric key signing more secure for JWTs compared to symmetric signing?

It uses a unique public-private key pair

It eliminates the need for validation

A token with `iss` claim "api.example.com" is presented to "auth.example.com". What should the server do?

Reject the token as the issuer is invalid

Validate the token with a default key

WAPT 2 - JWT

Authored by Nafish Alam

Information Technology (IT)

Professional Development

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

31 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which part of a JWT is used to verify the token's integrity?

Header

Payload

Signature

None of the above

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the primary purpose of the payload in a JWT?

To encrypt sensitive data

To store claims or data

To verify the integrity of the token

To specify the algorithm used

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which algorithm is commonly used for signing JWTs?

MD5

RSA

HMAC-SHA256

AES-128

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What does "exp" claim in a JWT represent?

Issuer of the token

Expiry time of the token

Subject of the token

Not Before time

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which header field in JWT specifies the type of token?

typ

alg

kid

iss

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A JWT token is signed using HS256, and you don't have the secret key. What can you do?

Generate a new JWT with a random secret key

Modify the token without verifying the signature

Use a brute force attack to find the secret key

Modify the payload and it will work without the key

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You encounter a JWT where the `alg` field is set to `none`. What does this imply?

The token is invalid

The token is not signed

The token uses a custom algorithm

The token cannot be decoded

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

32 questions

Streaming into BigQuery and visualizing results

Quiz

•

Professional Development

31 questions

OTTT2

Quiz

•

Professional Development

30 questions

Windows and Azure Security Quiz

Quiz

•

Professional Development

31 questions

DP-300 Full MCQ Set

Quiz

•

Professional Development

35 questions

Protocols

Quiz

•

Professional Development

30 questions

Understanding NAT Concepts

Quiz

•

Professional Development

30 questions

Health Information Ethics Quiz

Quiz

•

Professional Development

32 questions

Paid Class Cybersecurity Quiz

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Information Technology (IT)

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

WAPT 2 - JWT

Which part of a JWT is used to verify the token's integrity?

What is the primary purpose of the payload in a JWT?

Which algorithm is commonly used for signing JWTs?

What does "exp" claim in a JWT represent?

Which header field in JWT specifies the type of token?

A JWT token is signed using HS256, and you don't have the secret key. What can you do?

You encounter a JWT where the `alg` field is set to `none`. What does this imply?

A web application allows you to manipulate the `sub` field of a JWT payload. What potential risk does this pose?

A JWT token has an "iss" claim with the value "trusted_issuer". What happens if this value is tampered with?

In a real-world scenario, how can a `kid` header in JWT be exploited?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)