nerdexam
Cisco

350-401 · Question #594

What is one primary REST security design principle?

The correct answer is A. fail-safe defaults. Fail-Safe Defaults as a REST Security Principle Fail-safe defaults is a foundational REST security design principle, meaning that access to resources should be denied by default, and permissions must be explicitly granted. This principle ensures that if something goes wrong or a

Submitted by ngozi_ng· Mar 6, 2026Security

Question

What is one primary REST security design principle?

Options

  • Afail-safe defaults
  • Bpassword hash
  • Cadding a timestamp in requests
  • DOAuth

How the community answered

(40 responses)
  • A
    95% (38)
  • B
    3% (1)
  • D
    3% (1)

Explanation

Fail-Safe Defaults as a REST Security Principle

Fail-safe defaults is a foundational REST security design principle, meaning that access to resources should be denied by default, and permissions must be explicitly granted. This principle ensures that if something goes wrong or a rule is not defined, the system defaults to a secure (restricted) state rather than an open one - minimizing accidental exposure of data.

Why the distractors are wrong:

  • B (Password hash) is a general security technique for storing credentials, not a REST-specific design principle.
  • C (Adding a timestamp) is a tactic sometimes used to prevent replay attacks, but it is not a recognized core REST security principle.
  • D (OAuth) is an authorization framework/protocol - a tool used to implement security - not a design principle itself.

Memory Tip: Think of "fail-safe" like a locked door - the default state is locked (safe), and you must actively unlock it. The classic REST security design principles (derived from Saltzer & Schroeder) include fail-safe defaults, least privilege, and separation of privilege - remember them as the rules, while OAuth and hashing are just tools that follow those rules.

Topics

#REST security#Security principles#API security#Fail-safe defaults

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice