nerdexam
Isaca

CDPSE · Question #340

Which of the following is the BEST way to protect the confidentiality of the information returned by a new application programming interface (API) integration?

The correct answer is C. Ensure all API traffic is encrypted in transit.. Encrypting all API traffic in transit (e.g., via TLS/HTTPS) directly protects data confidentiality by ensuring that any information transmitted between the API and its consumers cannot be intercepted and read by third parties. Monitoring requests (A) is a detective control, not a

Privacy Architecture

Question

Which of the following is the BEST way to protect the confidentiality of the information returned by a new application programming interface (API) integration?

Options

  • ARequire all API requests to be monitored.
  • BUpdate the privacy policy to include use of the API.
  • CEnsure all API traffic is encrypted in transit.
  • DUse only APIs with de-identified data.

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    8% (2)
  • C
    88% (22)

Explanation

Encrypting all API traffic in transit (e.g., via TLS/HTTPS) directly protects data confidentiality by ensuring that any information transmitted between the API and its consumers cannot be intercepted and read by third parties. Monitoring requests (A) is a detective control, not a preventive one. Updating the privacy policy (B) is a legal/compliance action that doesn't technically protect the data. Using only de-identified data (D) may not always be feasible and limits the API's usefulness; encryption is a universal, practical solution regardless of data type.

Topics

#API Security#Encryption#Confidentiality#Data in Transit

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice