350-401 · Question #968
Which security measure mitigates a man-in-the-middle attack of a REST API?
The correct answer is B. SSL certificates. SSL/TLS certificates are critical for mitigating man-in-the-middle attacks on REST APIs by authenticating the server and encrypting the communication channel.
Question
Which security measure mitigates a man-in-the-middle attack of a REST API?
Options
- Apassword hash
- BSSL certificates
- Cnonrepudiation feature
- Dbiometric authentication
How the community answered
(62 responses)- A2% (1)
- B94% (58)
- C3% (2)
- D2% (1)
Why each option
SSL/TLS certificates are critical for mitigating man-in-the-middle attacks on REST APIs by authenticating the server and encrypting the communication channel.
Password hashing protects passwords stored in a database from compromise but does not secure the communication channel itself against interception during an active transaction.
SSL (Secure Sockets Layer) or TLS (Transport Layer Security) certificates enable server authentication and encrypt the data exchanged between the client and the REST API server. This prevents attackers from intercepting, reading, or modifying the communication without being detected, effectively mitigating man-in-the-middle attacks.
Non-repudiation typically ensures that an action cannot be denied by the sender or receiver, often via digital signatures, but it doesn't primarily prevent the real-time interception and modification of data in transit.
Biometric authentication verifies a user's identity based on physical attributes, but it does not secure the actual communication channel over which the REST API operates.
Concept tested: REST API man-in-the-middle protection
Source: https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-security
Topics
Community Discussion
No community discussion yet for this question.