GIAC Exam GCFR Topic 1 Question 38 Discussion

Actual exam question for GIAC's GCFR exam

Question #: 38
Topic #: 1

[All GCFR Questions]

At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

AAfter user credentials are accepted by the Authorization Server

BOnce the OAuth token is accepted by the Application

CWhen the Resource Server receives the OAuth token

DBefore user credentials are sent to the Authentication Server

Show Suggested Answer

Suggested Answer: C

by Lashaun at Feb 12, 2025, 03:14 AM

Limited Time Offer

25%

Off

Get Premium GCFR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Chara

1 months ago

If I was the resource owner, I'd approve any scope the app wanted. Who needs privacy anyway?

upvoted 0 times

Gerardo

20 days ago

C) When the Resource Server receives the OAuth token

upvoted 0 times

...

Theron

26 days ago

That's when the Resource Owner approves the scope.

upvoted 0 times

...

Lashandra

1 months ago

A) After user credentials are accepted by the Authorization Server

upvoted 0 times

...

Tracey

2 months ago

A for sure. The resource owner doesn't wait until the very end to decide what the app can access, that would be silly.

upvoted 0 times

Roy

20 days ago

C) When the Resource Server receives the OAuth token

upvoted 0 times

...

Arlene

25 days ago

I agree, the resource owner needs to approve the scope of access early on.

upvoted 0 times

...

Trinidad

1 months ago

A) After user credentials are accepted by the Authorization Server

upvoted 0 times

...

Curtis

2 months ago

Hold up, isn't the resource owner the one who's actually granting access? I'm pretty sure the answer is A.

upvoted 0 times

Wenona

11 days ago

Yes, the resource owner plays a key role in determining the level of access granted during the OAuth delegation process.

upvoted 0 times

...

Latanya

18 days ago

That makes sense, the resource owner needs to approve the scope of access before it is granted.

upvoted 0 times

...

Shoshana

1 months ago

So, the OAuth delegation process involves the resource owner granting access after their credentials are accepted.

upvoted 0 times

...

Harrison

1 months ago

I think you're right, the resource owner approves the scope after user credentials are accepted by the Authorization Server.

upvoted 0 times

...

Sherita

2 months ago

I think B is the correct answer. The resource owner approves the scope when the application accepts the OAuth token.

upvoted 0 times

Felicitas

1 months ago

Yes, the resource owner approves the scope when the application accepts the OAuth token.

upvoted 0 times

...

Bulah

1 months ago

I think B is the correct answer.

upvoted 0 times

...

Denae

2 months ago

Definitely option A. The resource owner approves the scope of access before the authorization server accepts the user credentials.

upvoted 0 times

Vincenza

22 days ago

Exactly. It's an important step in ensuring security and privacy in OAuth delegation.

upvoted 0 times

...

Lashon

24 days ago

So, the Resource Owner has control over what access is allowed to their resources.

upvoted 0 times

...

Elke

1 months ago

Yes, that's correct. The approval happens at that point in the OAuth delegation process.

upvoted 0 times

...

Vincent

2 months ago

I think it's option A. The resource owner approves the scope of access after user credentials are accepted by the Authorization Server.

upvoted 0 times

...

Shayne

2 months ago

That makes sense, as the Resource Owner needs to give consent before the process can continue.

upvoted 0 times

...

Shala

3 months ago

I believe it's after user credentials are accepted by the Authorization Server.

upvoted 0 times

...

Shayne

3 months ago

I think the Resource Owner approves the scope of access before user credentials are sent to the Authentication Server.

upvoted 0 times

...