[&] Why should sensitive data not be included in JWT payloads?
- Because it would make the token too large
- Because the payload is not encrypted by default
- Because sensitive data could be lost in transmission
- Because JWTs are publicly visible

[&] Which claim in a JWT indicates when the token expires?
- ISS
- IAT
- AUD
- EXP

[&] Which of the following is NOT a benefit of using JWTs for session management?
- Scalability with distributed systems
- Reduced server-side storage
- Stateless session information
- Enhanced token security

[&] What is the purpose of the signature part in a JWT?
- To encrypt the payload data
- To ensure the token's integrity and authenticity
- To specify the token's audience
- To define the token's expiration time

[&] What are the three parts of a JSON Web Token?
- Header, Body, Footer
- Header, Payload, Signature
- Header, Content, Hash
- Meta, Data, Sign

[&] In which section of a JWT would you primarily find claims about user roles?
- Header
- Footer
- Payload
- Signature