350-401 · Question #1214
Which method ensures the confidentiality of data exchanged over a REST API?
The correct answer is B. Use TLS to secure the underlying HTTP session.. Ensuring the confidentiality of data exchanged over a REST API requires encrypting the communication channel to protect information from eavesdropping.
Question
Which method ensures the confidentiality of data exchanged over a REST API?
Options
- AUse the POST method instead of URL-encoded GET to pass parameters.
- BUse TLS to secure the underlying HTTP session.
- CDeploy digest-based authentication to protect the access to the API.
- DEncode sensitive data using Base64 encoding.
How the community answered
(34 responses)- A3% (1)
- B88% (30)
- C3% (1)
- D6% (2)
Why each option
Ensuring the confidentiality of data exchanged over a REST API requires encrypting the communication channel to protect information from eavesdropping.
Using the POST method instead of URL-encoded GET may prevent parameters from being exposed in URLs or logs, but it does not encrypt the data during transmission, thus failing to ensure confidentiality over the wire.
Using TLS (Transport Layer Security) encrypts the entire HTTP session, securing all data transmitted between the client and the server, including request headers, body, and response content, thereby ensuring confidentiality during exchange.
Digest-based authentication provides secure credential exchange and integrity but does not encrypt the actual data payload of API requests and responses, thus not ensuring confidentiality of the data itself.
Base64 encoding converts binary data into an ASCII string format and is not an encryption mechanism; it is easily reversible and offers no protection against unauthorized data access.
Concept tested: REST API data confidentiality (TLS)
Source: https://learn.microsoft.com/en-us/windows-server/security/tls/tls-ssl-protocols-in-windows
Topics
Community Discussion
No community discussion yet for this question.