nerdexam
Cisco

350-401 · Question #1214

Which method ensures the confidentiality of data exchanged over a REST API?

The correct answer is B. Use TLS to secure the underlying HTTP session.. Ensuring the confidentiality of data exchanged over a REST API requires encrypting the communication channel to protect information from eavesdropping.

Submitted by jakub_pl· Mar 6, 2026Security

Question

Which method ensures the confidentiality of data exchanged over a REST API?

Options

  • AUse the POST method instead of URL-encoded GET to pass parameters.
  • BUse TLS to secure the underlying HTTP session.
  • CDeploy digest-based authentication to protect the access to the API.
  • DEncode sensitive data using Base64 encoding.

How the community answered

(34 responses)
  • A
    3% (1)
  • B
    88% (30)
  • C
    3% (1)
  • D
    6% (2)

Why each option

Ensuring the confidentiality of data exchanged over a REST API requires encrypting the communication channel to protect information from eavesdropping.

AUse the POST method instead of URL-encoded GET to pass parameters.

Using the POST method instead of URL-encoded GET may prevent parameters from being exposed in URLs or logs, but it does not encrypt the data during transmission, thus failing to ensure confidentiality over the wire.

BUse TLS to secure the underlying HTTP session.Correct

Using TLS (Transport Layer Security) encrypts the entire HTTP session, securing all data transmitted between the client and the server, including request headers, body, and response content, thereby ensuring confidentiality during exchange.

CDeploy digest-based authentication to protect the access to the API.

Digest-based authentication provides secure credential exchange and integrity but does not encrypt the actual data payload of API requests and responses, thus not ensuring confidentiality of the data itself.

DEncode sensitive data using Base64 encoding.

Base64 encoding converts binary data into an ASCII string format and is not an encryption mechanism; it is easily reversible and offers no protection against unauthorized data access.

Concept tested: REST API data confidentiality (TLS)

Source: https://learn.microsoft.com/en-us/windows-server/security/tls/tls-ssl-protocols-in-windows

Topics

#TLS#REST API security#Data confidentiality

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice