[&] Why is it crucial to understand the distinction between authentication and authorization in web app security?
- To improve the user interface design
- To enhance data encryption protocols
- To identify different types of vulnerabilities more accurately
- To allocate resources more efficiently

[&] What does authorization in web applications determine?
- How an authenticated user's session data is stored
- When an authenticated user's session will expire
- The identity of an authenticated user
- What an authenticated user is allowed to do or access

[&] What is the primary purpose of authentication in web applications?
- To assign roles and permissions to users for accessing various resources
- To verify the identity of users to ensure only legitimate users can access protected resources
- To encrypt user data for security purposes
- To log all user activities within the application

[&] Which of the following is an example of authentication?
- Verifying that a user has proper encryption keys
- Assigning a user to a specific role
- Logging in with a username and password
- Checking if a user can access the admin panel

[&] How are authentication and authorization related in web applications?
- Authentication and authorization are unrelated processes
- Authentication determines user permissions directly
- Authorization typically follows successful authentication
- Authorization precedes authentication in all cases

[&] Which analogy best explains the difference between authentication and authorization?
- Verifying identity compared to allowing actions within a room
- Encrypting data compared to decrypting data
- Logging a user in compared to saving a user's preferences
- Locking a door compared to opening a window