[&] Which OAuth flow involves the client obtaining an access token directly without an authorization code?
- Resource owner password credentials grant
- Client credentials grant
- Implicit grant
- Authorization code grant

[&] Which of the following is a common OAuth attack?
- Denial of Service
- Unvalidated redirect URI
- Buffer overflow
- SQL injection

[&] What is the role of the authorization server in OAuth?
- To issue access tokens after authentication
- To host the protected resources
- To serve web content
- To request access on behalf of the resource owner

[&] In OAuth, what does the scope determine?
- The permissions and actions allowed by the access token
- The user's authentication level
- The encryption method for data transmission
- The user interface style

[&] What is the primary purpose of OAuth?
- To authenticate users for web applications
- To encrypt user data during transmission
- To authorize third-party applications to access user data
- To provide user interface design standards

[&] Which entity in OAuth is responsible for granting access to protected resources?
- Resource server
- Authorization server
- Resource owner
- Client