[&] What tool can be used to decode a JWT token's payload and header?
- JQ
- curl
- JWT.io -- Correct
- ifconfig

[&] What is a potential risk of storing sensitive information like passwords in the payload section of a JWT token?
- It makes the JWT token invalid
- It increases the token expiration time
- It encrypts the data automatically
- It can be easily decrypted and accessed by unauthorized users -- Correct

[&] In a lab scenario, why might a 'flag' be found in the JWT payload?
- To simulate sensitive data exposure -- Correct
- To set the token expiration time
- To authenticate the network connection
- To encrypt the user credentials

[&] Which method is used to improve the readability of JSON responses in the terminal?
- JQ command -- Correct
- HTTPS protocol
- Base64 utility
- JWT.io

[&] What is the default port used for the API endpoint in the lab environment discussed?
- 8080
- 443
- 80
- 1337 -- Correct

[&] Why is it important to review the claims in the payload of a JWT token?
- To reduce the API response time
- To automatically renew the token
- To ensure sensitive information is not exposed -- Correct
- To authenticate the server request