350-401 · Question #1067
Which two actions are recommended as security best practices to protect REST API? (Choose two.)
The correct answer is B. Use a password hash C. Use SSL for encryption. To protect REST APIs, security best practices include using password hashing for stored credentials and employing SSL/TLS for encrypting data in transit.
Question
Which two actions are recommended as security best practices to protect REST API? (Choose two.)
Options
- AEnable dual authentication of the session
- BUse a password hash
- CUse SSL for encryption
- DUse TACACS+ authentication
- EEnable out-of-band authentication
How the community answered
(43 responses)- A7% (3)
- B88% (38)
- D2% (1)
- E2% (1)
Why each option
To protect REST APIs, security best practices include using password hashing for stored credentials and employing SSL/TLS for encrypting data in transit.
While multi-factor authentication is a strong security measure, 'dual authentication of the session' is not a standard or specific API security best practice term, and hashing and encryption are more fundamental.
Using a password hash ensures that user credentials are not stored in plaintext within the system, making them much harder to compromise even if the API's underlying database is breached.
SSL (Secure Sockets Layer), or more accurately TLS (Transport Layer Security), provides encryption for the communication channel between the client and the REST API, protecting sensitive data from eavesdropping and tampering during transmission over the network.
TACACS+ is an AAA protocol primarily used for authenticating, authorizing, and accounting device administration access (e.g., to routers/switches), not typically for securing application-level REST API endpoints.
Out-of-band authentication is a method of multi-factor authentication, but password hashing and SSL/TLS for transport encryption are more universally applicable and fundamental best practices for REST API security.
Concept tested: REST API security best practices
Source: https://developer.cisco.com/docs/api-security/
Topics
Community Discussion
No community discussion yet for this question.