Which of the following methods is most suitable for authenticating microservices communicating within a trusted internal network?
Think about secure identity verification between services without relying on user context.
Mutual TLS (mTLS) provides strong cryptographic authentication between services by verifying certificates on both ends. Static API keys are less secure and lack rotation. IP whitelisting alone is weak and can be spoofed. User session tokens are meant for user-to-service authentication, not service-to-service.
In a microservices architecture, which sequence correctly describes a typical OAuth 2.0 client credentials flow for service-to-service authentication?
Consider which service obtains the token and who validates it.
In OAuth 2.0 client credentials flow, the calling service (Service A) obtains an access token from the authorization server and presents it to the called service (Service B) for authentication. Direct calls without tokens or user credentials are insecure or incorrect.
To reduce latency and load on the authorization server, a microservice caches access tokens. Which approach best balances security and performance?
Think about token validity and avoiding unnecessary calls.
Caching tokens until expiry reduces calls to the authorization server while ensuring tokens are valid. Ignoring expiry risks using invalid tokens. Requesting tokens every call increases latency and load.
Which statement best describes a tradeoff when choosing between mutual TLS (mTLS) and OAuth 2.0 token-based authentication for service-to-service security?
Consider management complexity and security features.
mTLS offers strong cryptographic identity but managing certificates can be complex. Tokens simplify rotation and revocation but add validation overhead. The other options contain incorrect statements about security properties.
A system has 100 microservices, each making 50 authenticated calls per second to other services using OAuth 2.0 tokens. If each token validation takes 5 milliseconds on average, estimate the total CPU time spent per second on token validation across the system.
Calculate total calls per second and multiply by validation time.
Total calls = 100 services * 50 calls = 5000 calls/sec. Each call validation takes 5 ms = 0.005 sec. Total CPU time = 5000 * 0.005 = 25 seconds per second. But since CPU time can be parallel, the question asks for total CPU time spent, which is 25 seconds. However, option D says 25 seconds, option D says 2.5 seconds. The correct calculation is 25 seconds, so option D is correct.