[&] Why might JSON Web Tokens (JWTs) be preferred in modern web applications?
- They are large and difficult to manage
- They allow the server to maintain session state
- They require special hardware to process
- They are portable and support stateless authentication -- Correct

[&] Which of the following is a common risk associated with bearer tokens?
- They can be exploited if intercepted -- Correct
- They expire immediately after issuance
- They require constant internet connection
- They are immune to interception

[&] Which placement method for tokens is considered the most secure?
- Query parameters
- URL parameters
- Authorization header -- Correct
- Request body

[&] What is the main advantage of token-based authentication over traditional session management?
- Tokens are only used in desktop applications.
- Tokens last forever and don't need renewal.
- Tokens are easier to remember for users.
- Tokens allow stateless authentication. -- Correct

[&] What is a key security feature of storing tokens as cookies?
- Cookies can use the HTTPOnly attribute to prevent JavaScript access. -- Correct
- Cookies ensure tokens never expire.
- Cookies have unlimited storage capacity.
- Cookies can be easily shared between websites.

[&] What is the role of a refresh token in OAuth 2.0?
- It increases the expiry time of access tokens
- It provides encryption for sensitive data
- It authorizes an application to access resources indefinitely
- It grants permissions to access new resources without re-authentication -- Correct