CiscoCisco
350-401 · Question #1199
350-401 Question #1199: Real Exam Question with Answer & Explanation
The correct answer is A: OAuth 2 tokens. Stateless authentication and authorization for REST API calls primarily rely on OAuth 2 tokens to establish identity and grant access without maintaining server-side session state.
Submitted by carlos_mx· Mar 6, 2026
Question
Which security feature does stateless authentication and authorization use for REST API calls?
Options
- AOAuth 2 tokens
- BAPI keys
- CSSL/TLS certificate encryption
- Dcookie-based session authentication
Explanation
Stateless authentication and authorization for REST API calls primarily rely on OAuth 2 tokens to establish identity and grant access without maintaining server-side session state.
Common mistakes.
- B. While API keys are used for authentication, they are often simpler and less robust than OAuth 2 tokens for authorization, and can sometimes be managed in a stateful manner for rate limiting or tracking.
- C. SSL/TLS certificate encryption provides secure communication over the wire by encrypting data and verifying server identity, but it is a transport-layer security feature, not an authentication or authorization mechanism for the application layer itself.
- D. Cookie-based session authentication is inherently stateful, as the server typically stores session information linked to the cookie, which contradicts the requirement for stateless authentication.
Concept tested. Stateless REST API authentication/authorization
Topics
#OAuth 2.0#REST API security#Stateless authentication#API authorization
Community Discussion
No community discussion yet for this question.