GIAC GCFR Exam - Topic 8 Question 55 Discussion

Actual exam question for GIAC's GCFR exam

Question #: 55
Topic #: 8

[All GCFR Questions]

At what point of the OAuth delegation process does the Resource Owner approve the scope of access to be allowed?

AAfter user credentials are accepted by the Authorization Server

BOnce the OAuth token is accepted by the Application

CWhen the Resource Server receives the OAuth token

DBefore user credentials are sent to the Authentication Server

Show Suggested Answer

Suggested Answer: A

by Kerrie at Apr 09, 2026, 11:54 AM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

18 days ago

I thought it was D at first, but A makes more sense.

upvoted 0 times

...

23 days ago

It's definitely A! The user approves access before credentials are sent.

upvoted 0 times

...

1 month ago

I feel like it has to be before the credentials are sent, so D seems right, but I wish I had reviewed this section more.

upvoted 0 times

...

1 month ago

I'm a bit confused; I thought the approval happened after the user logged in, which could point to A again.

upvoted 0 times

...

2 months ago

I remember a practice question that mentioned the approval happens before any tokens are exchanged, which makes me lean towards D.

upvoted 0 times

...

2 months ago

I think the Resource Owner approves the scope right after they enter their credentials, so maybe it's A? But I'm not entirely sure.

upvoted 0 times

...