Calvin D. answered • 08/25/21
Computer Scientist, Cyber Security Analyst USAF
A is true. HTTPS encrypts its communications while HTTP does not, which means HTTP communicates over plaintext. For basic information like HTML or pictures, this may not be such an issue, but passwords shouldn't be in plaintext, otherwise someone could read it!
B is false because HTTP lacks authentication at all. Authentication can technically happen at multiple layers of the OSI networking model, and HTTP / HTTPS exists at layer 7, or the application layer. Layer 7 authentication is usually done with something like TLS (Transport Layer Security, which is not actually on the transport layer) and can be applied to HTTP, but this is not default behavior. Additionally, Base64 encoding is just that - encoding! Not encryption. B64 was created to represent things like pictures or files in text, so it must be reversible if you want to get something out of the other side. You can even find Base64 encoding and decoding online, or do it by hand if you're so inclined.
C is also true because OAuth is designed to share tokens and access rather than sharing your credentials. That way, different apps like facebook or twitter can access different sites or resources and not have to give your password away. They can just define a set of actions that the other site can do, and monitor or edit that appropriately.
