App Security Flashcards
what is the right way to communicate users and application with backend resources ?
Azure API
How API can securely authentication with resources ?
Oauth 2.0
When to use Delegated Permission and Application Permission ?
Delegated Permissions used with Signed In user present. User or Administrator can make the consent.
Application permission used when signed in users is not precent and only application is present. Only Administrators can delegate application permissions.
What is most secure way to secure APIs ?
Registering a application and proving what’s scope and user have to provide the consent. If user does not have enough permission, that will not work.
What does mean by effective permission ?
Effective permissions are the permissions that your app has when it makes requests to the target resource.
How des effective permission differ by Application permission and Delegated permission ?
When have delegated permission, can do only signed in user authorized permissions only.
Application permission, can user can perform based on the permission on effective permission.
What SKU support HSM level keys in key vault ?
Premium SKU
How to retain the deleted Key Vault ?
Enable Purge protection and set the retention days.
