Search Tutorials


Spring Boot Security Quiz - MCQ - Multiple Choice Questions | JavaInUse

Spring Boot Security Quiz - MCQ - Multiple Choice Questions

Q. What does Spring Security provide?

A. Authentication and Authorization support
B. Logging support
C. Database connectivity
D. UI templates

Q. Which authentication mechanism does Spring Security support?

A. OAuth2
B. JWT
C. Basic Authentication
D. All of the above

Q. Which of the following is not a core concept of Spring Security?

A. Authentication
B. Authorization
C. Dependency Injection
D. Password Encryption

Q. Which annotation in Spring Security is used to secure a method or class?

@Secure
@Protect
@Secured
@Guarded

Q. Which interface in Spring Security is used to encode passwords?

PasswordEncoder
SecurityEncoder
CredentialEncoder
Encryptor

Q. Which authentication provider in Spring Security supports LDAP authentication?

DaoAuthenticationProvider
LdapAuthenticationProvider
InMemoryAuthenticationProvider
JdbcUserDetailsManager

Q. How can you configure method-level security in Spring Security?

Using configuration classes
Using @Secured annotation
Using XML configuration
All of the above

Q. What is CSRF protection in Spring Security?

Cross-Site Request Forgery protection
Cross-Site Scripting protection
Cross-Origin Resource Sharing protection
Cross-Site Replay protection

Q. What is the purpose of the Remember-Me functionality in Spring Security?

To remember user credentials
To remember user preferences
To remember user sessions
To remember secured resources

Q. Which authentication provider in Spring Security is suitable for custom authentication logic?

DaoAuthenticationProvider
InMemoryAuthenticationProvider
AbstractUserDetailsAuthenticationProvider
LdapAuthenticationProvider





Q. Which of the following code snippets demonstrates the correct configuration of Spring Security in a Spring Boot application?

A.
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/admin").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
            .formLogin();
    }
}
B.
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/admin").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
            .formLogin();
    }
}
C.
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/admin").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
            .formLogin();
    }
}
D.
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/admin").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin();
    }
}

Q. Which annotation is used to enable method-level security in a Spring Boot application using Spring Security?

A. @PreAuthorize
B. @Secured
C. @RoleAllowed
D. @Authorize

Q. Which of the following code snippets demonstrates the correct usage of @Secured annotation in a method for role-based security?

A.
@Secured("ROLE_ADMIN")
public void adminOperation() {
    // Admin operation logic
}
B.
@Secured({"ADMIN"})
public void adminOperation() {
    // Admin operation logic
}
C.
@Secured({"ROLE_ADMIN"})
public void adminOperation() {
    // Admin operation logic
}
D.
@Secured("ADMIN")
public void adminOperation() {
    // Admin operation logic
}

Q. Which of the following statements is true about CSRF protection in Spring Security?

A. CSRF protection is automatically enabled in Spring Security and does not require any additional configuration.
B. CSRF protection is disabled by default in Spring Security.
C. CSRF protection can be configured by adding @EnableCsrf annotation.
D. CSRF protection is only applicable to specific endpoints and does not affect the entire application.

Q. Which annotation is used to secure methods with both authentication and authorization in Spring Security?

A. @PreAuthorize
B. @Secured
C. @RolesAllowed
D. @Authenticate

Q. Which class needs to be extended to configure custom authentication logic in Spring Security?

A. WebMvcConfigurer
B. WebSecurityConfigurerAdapter
C. AuthenticationProvider
D. UserDetailsService

Q. How can you enable method security in a Spring Boot application using @EnableGlobalMethodSecurity annotation?

A. By adding @EnableGlobalMethodSecurity annotation to SecurityConfig class
B. By adding @EnableGlobalMethodSecurity annotation to WebMvcConfigurer class
C. By adding @EnableGlobalMethodSecurity annotation to WebSecurityConfigurerAdapter class
D. Method security is automatically enabled in Spring Boot

Q. Which authentication provider is commonly used with Spring Security for user authentication?

A. JDBC Authentication Provider
B. InMemory Authentication Provider
C. LDAP Authentication Provider
D. OAuth2 Authentication Provider

Q. How can you configure URL-based security in Spring Security to allow access to specific endpoints?

A. By configuring antMatchers() in HttpSecurity
B. By adding @Secured annotation to the controller methods
C. By configuring WebSecurityConfigurerAdapter class
D. By enabling method security using @EnableGlobalMethodSecurity

Q. Which annotation is used to secure a method with expression-based access control in Spring Security?

A. @Secured
B. @PreAuthorize
C. @RolesAllowed
D. @Authorize