350-501 Question #612: Real Exam Question with Answer & Explanation

Question

When implementing a REST API, how does an engineer mitigate security risks?

Options

• Aby configuring the system to authenticate the client's identity and avoid broken authentication
• Bby configuring object properties to protect data
• Cby configuring separate authorization schemes to securely compartmentalize different areas of the
• Dby configuring rate limiting to reduce the risk of DOS and DDOS attacks against the system

Explanation

To mitigate security risks when implementing a REST API, engineers should configure rate limiting, a crucial defense against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

Common mistakes.

• A. Authenticating the client's identity is vital for preventing broken authentication vulnerabilities but does not directly mitigate DoS or DDoS attacks, which target API availability rather than unauthorized access.
• B. Configuring object properties to protect data typically refers to data validation, serialization, and integrity, which safeguards data but does not prevent the API service from being overwhelmed by traffic.
• C. Configuring separate authorization schemes is essential for controlling access to different API resources and preventing broken access control, but it does not protect against the volume-based attacks like DoS or DDoS.

Concept tested. REST API security- DoS/DDoS mitigation

Reference. https://owasp.org/www-project-api-security/

No community discussion yet for this question.