Free ISC2 CISSP Actual Exam Questions - Question 12 Discussion
as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to
the organization's services.
As part of the authentication process, which of the following must the end user provide?
Maybe B. The user has to prove who they are initially, and that usually means giving both a username and password. It’s not just a password or username alone since the service needs a way to identify the user before issuing tokens. A is definitely out since the token comes after login, not before. D alone can’t work without knowing which account the password belongs to, so B makes more sense overall.
Option B, users must provide credentials initially for OAuth to work.
D imo, because OAuth 2.0 itself doesn’t mandate a username—it’s the password that proves the user’s identity along with whatever other factors the provider uses. The username alone (C) isn’t enough.
It’s B since OAuth 2.0 requires initial user credentials, not just tokens.
It’s B because the user has to prove their identity first, usually by entering their username and password before getting any tokens. The access token (A) comes after authentication, so they don’t provide that initially.
This one seems straightforward: B. A username and password. OAuth 2.0 usually requires the user to enter their credentials first before the token is issued.