nerdexam
Cisco

350-401 · Question #921

What is one method for achieving REST API security?

The correct answer is B. using HTTPS and TLS encryption. A primary method for securing REST API communication is to utilize HTTPS, which encrypts the data in transit using Transport Layer Security (TLS).

Submitted by akirajp· Mar 6, 2026Automation

Question

What is one method for achieving REST API security?

Options

  • Ausing a combination of XML encryption and XML signatures
  • Busing HTTPS and TLS encryption
  • Cusing a MDS hash to verify the integrity
  • Dusing built-in protocols known as Web Services Security

How the community answered

(21 responses)
  • A
    5% (1)
  • B
    90% (19)
  • D
    5% (1)

Why each option

A primary method for securing REST API communication is to utilize HTTPS, which encrypts the data in transit using Transport Layer Security (TLS).

Ausing a combination of XML encryption and XML signatures

XML encryption and XML signatures are typically components of Web Services Security (WS-Security), which is a standard primarily used with SOAP-based web services for message-level security, not a common or native approach for securing REST APIs.

Busing HTTPS and TLS encryptionCorrect

HTTPS (Hypertext Transfer Protocol Secure) leverages Transport Layer Security (TLS) to encrypt the entire communication channel between the client and the REST API server. This ensures confidentiality by preventing eavesdropping, provides data integrity to protect against tampering, and offers server authentication through digital certificates.

Cusing a MDS hash to verify the integrity

Using a hash algorithm like MD5 (Message-Digest Algorithm 5) can provide data integrity checking, but MD5 is considered cryptographically insecure and does not provide confidentiality or authentication, which are crucial aspects of API security addressed by TLS.

Dusing built-in protocols known as Web Services Security

Web Services Security (WS-Security) is a set of extensions to SOAP for securing web services messages; it is not a built-in protocol for REST APIs, which are typically secured at the transport layer using HTTPS/TLS.

Concept tested: REST API security methods

Source: https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-design#security

Topics

#REST API#API security#HTTPS#TLS

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice