(ISC)2(ISC)2
CCSP · Question #77
CCSP Question #77: Real Exam Question with Answer & Explanation
The correct answer is C: Encryption. Encryption is the primary security mechanism for protecting data in transit to and from SOAP and REST APIs, typically implemented via TLS/SSL.
Submitted by anna_se· Apr 18, 2026Cloud Application Security
Question
What is the primary security mechanism used to protect SOAP and REST APIs?
Options
- AFirewalls
- BXML firewalls
- CEncryption
- DWAFs
Explanation
Encryption is the primary security mechanism for protecting data in transit to and from SOAP and REST APIs, typically implemented via TLS/SSL.
Common mistakes.
- A. While general network firewalls offer perimeter protection, they do not specifically secure the API communication payload itself or encrypt the data in transit.
- B. XML firewalls are specialized for XML-based SOAP APIs but are not universally applicable to all REST APIs (which often use JSON) and do not provide the foundational transport-level encryption.
- D. Web Application Firewalls (WAFs) protect against common web exploits and vulnerabilities, but they don't provide the primary transport-level encryption for API communication.
Concept tested. API security mechanisms (Encryption/TLS)
Reference. https://learn.microsoft.com/en-us/azure/architecture/framework/security/api-security#encryption
Topics
#API Security#Encryption#Data in Transit#Confidentiality
Community Discussion
No community discussion yet for this question.