350-401 · Question #1059
Which security option protects credentials from sniffer attacks in a basicAPI authentication?
The correct answer is B. TLS or SSL for communication. To protect credentials from sniffer attacks during basic API authentication, utilizing TLS or SSL encrypts the communication channel, making any intercepted data unreadable.
Question
Options
- Anext-generation firewall
- BTLS or SSL for communication
- CVPN connection between client and server
- DAAA services to authenticate the API
How the community answered
(41 responses)- B95% (39)
- C2% (1)
- D2% (1)
Why each option
To protect credentials from sniffer attacks during basic API authentication, utilizing TLS or SSL encrypts the communication channel, making any intercepted data unreadable.
A next-generation firewall offers various security functions such as intrusion prevention and application control, but it does not inherently encrypt the data in transit between endpoints to protect credentials from sniffer attacks.
TLS (Transport Layer Security) or its predecessor SSL (Secure Sockets Layer) encrypts the entire communication session between the API client and server. This ensures that even if network traffic containing authentication credentials is intercepted by a sniffer, the data remains encrypted and unreadable.
While a VPN creates an encrypted tunnel for network traffic, using TLS/SSL directly on the API communication provides application-layer encryption, which is the most direct and universally applicable method for protecting credentials specifically sent with basic API authentication.
AAA services are responsible for authenticating, authorizing, and accounting for user access, but they do not provide encryption for the credentials themselves during transmission across the network.
Concept tested: API security best practices (TLS/SSL for data in transit)
Source: https://developer.cisco.com/docs/api-security-guide/
Topics
Community Discussion
No community discussion yet for this question.