nerdexam
Isaca

CDPSE · Question #272

An organization wants to implement a cloud application with a REST application programming interface (API). Which of the following BEST protects against unauthorized access to the API?

The correct answer is C. Access authentication via API key. API key authentication directly addresses unauthorized access by requiring callers to present a unique credential that the server validates before granting access. This is a standard authentication control for REST APIs. IP whitelisting (option B) is a network-layer restriction t

Privacy Architecture

Question

An organization wants to implement a cloud application with a REST application programming interface (API). Which of the following BEST protects against unauthorized access to the API?

Options

  • AUse of a trusted API framework
  • BRestriction of API access to whitelisted IP addresses
  • CAccess authentication via API key
  • DThrottling of access requests to the API

How the community answered

(20 responses)
  • A
    5% (1)
  • B
    5% (1)
  • C
    90% (18)

Explanation

API key authentication directly addresses unauthorized access by requiring callers to present a unique credential that the server validates before granting access. This is a standard authentication control for REST APIs. IP whitelisting (option B) is a network-layer restriction that can be circumvented if an attacker operates from an allowed IP. Throttling (option D) limits abuse and rate-based attacks but does not prevent unauthorized access. A trusted framework (option A) improves code security but is not itself an access control mechanism.

Topics

#API Security#Authentication#Cloud Security#Access Control

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice