nerdexam
Isaca

CDPSE · Question #298

Which of the following is the BEST control to mitigate a distributed denial of service (DDoS) attack on an application programming interface (API)?

The correct answer is A. Impose rate limiting through quotas and throttling.. Rate limiting via quotas and throttling directly counters DDoS attacks on APIs by restricting the volume of requests any client or source can make in a given period.

Privacy Architecture

Question

Which of the following is the BEST control to mitigate a distributed denial of service (DDoS) attack on an application programming interface (API)?

Options

  • AImpose rate limiting through quotas and throttling.
  • BLog all API activity.
  • CProvide specific training on API security.
  • DImplement authentication and authorization.

How the community answered

(27 responses)
  • A
    85% (23)
  • B
    4% (1)
  • C
    4% (1)
  • D
    7% (2)

Why each option

Rate limiting via quotas and throttling directly counters DDoS attacks on APIs by restricting the volume of requests any client or source can make in a given period.

AImpose rate limiting through quotas and throttling.Correct

DDoS attacks function by overwhelming an API with a volume of requests that exhausts resources such as CPU, memory, or connection pools. Rate limiting enforces request quotas per client, IP, or API key and throttles traffic that exceeds defined thresholds, preventing any single source from monopolizing capacity. This control directly addresses the mechanism of a DDoS attack rather than addressing a different threat vector.

BLog all API activity.

Logging API activity creates an audit trail useful for forensic analysis after an attack but does not reduce the volume of incoming requests or mitigate the impact of a DDoS attack in progress.

CProvide specific training on API security.

Security training improves developer and operator awareness but is not a technical control and cannot mitigate an active volumetric attack against an API.

DImplement authentication and authorization.

Authentication and authorization prevent unauthorized users from accessing API resources but do not limit the rate of requests from authenticated sources, leaving the API still vulnerable to volumetric attacks.

Concept tested: API DDoS mitigation using rate limiting and throttling

Source: https://learn.microsoft.com/en-us/azure/api-management/api-management-sample-flexible-throttling

Topics

#API Security#DDoS Mitigation#Rate Limiting

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice