Which statement correctly describes the difference between authentication and authorization?
Think about logging in versus accessing resources.
Authentication confirms user identity, while authorization controls access rights.
In a typical web application architecture, which component is primarily responsible for authorization decisions?
Authorization controls access to resources after identity is confirmed.
The resource server or API gateway checks permissions before allowing access to resources.
Which approach best supports scaling authentication in a large distributed system with many users?
Consider reducing bottlenecks and network calls.
Stateless tokens allow local validation without contacting a central server for each request, improving scalability.
What is a common tradeoff when increasing authentication strength in a system?
Think about multi-factor authentication and user effort.
Adding steps like multi-factor authentication increases security but may make login slower or harder for users.
A system has 1 million active users. Each user makes 10 resource requests per minute. If each request requires an authorization check, estimate the number of authorization checks per second the system must handle.
Calculate total requests per minute, then convert to per second.
1,000,000 users * 10 requests = 10,000,000 requests per minute. Divide by 60 seconds = 166,666.67 checks per second.