Free Cisco 350-901 Actual Exam Questions - Question 2 Discussion
on behalf of an end user.
Which two parameters are specified in the HTTP request coming back to the application as the end
user grants access? (Choose two.)
D/E for sure. The code is what the app needs next, and state matches the response to the request, stopping attacks. Access tokens come later after exchanging the code, so A or B don’t fit here.
D imo, the code is definitely returned so the app can get tokens. E makes sense too since the state helps prevent CSRF attacks and ties the response to the original request.
D The response definitely includes the authorization code for the app to exchange later. E is usually there too to prevent CSRF attacks, so those two make the most sense here.
E imo, the state parameter is important for security and matching the response to the original request, so it’s included along with the code (D) when the user grants access.
D/E. The code is the key for getting tokens later, while state keeps the request secure and matches it to the app’s session. Access tokens only come after you exchange that code.
It’s definitely D and E. The code is what you exchange for tokens, and state helps prevent CSRF attacks. The redirect URI isn’t returned after consent, just used to send the response back.
It’s D and E.