nerdexam
Isaca

CDPSE · Question #51

Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?

The correct answer is C. Restricting access to authorized users. Restricting access to authorized users is the best control to secure application programming interfaces (APIs) that may contain personal information, as it would prevent unauthorized access, modification or disclosure of the personal information by third parties or intermediaries

Privacy Architecture

Question

Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?

Options

  • AEncrypting APIs with the organization's private key
  • BRequiring nondisclosure agreements (NDAs) when sharing APIs
  • CRestricting access to authorized users
  • DSharing only digitally signed APIs

How the community answered

(44 responses)
  • A
    5% (2)
  • B
    14% (6)
  • C
    75% (33)
  • D
    7% (3)

Explanation

Restricting access to authorized users is the best control to secure application programming interfaces (APIs) that may contain personal information, as it would prevent unauthorized access, modification or disclosure of the personal information by third parties or intermediaries. Restricting access to authorized users can be achieved by using various methods, such as authentication, authorization, encryption, tokens or certificates. The other options are not effective controls to secure APIs that may contain personal information. Encrypting APIs with the organization's private key is not a feasible or desirable method, as it would make the APIs unreadable by anyone who does not have the corresponding public key, which would defeat the purpose of using APIs for interoperability and integration. Requiring nondisclosure agreements (NDAs) when sharing APIs is not a reliable or enforceable method, as it would depend on the compliance and cooperation of the parties who receive the APIs, and it would not prevent unauthorized access, modification or disclosure of the personal information by third parties or intermediaries who are not bound by the NDAs. Sharing only digitally signed APIs is not a sufficient method, as it would only ensure the authenticity and integrity of the APIs, but it would not prevent unauthorized access, modification or disclosure of the personal information by third parties or intermediaries who can read or intercept the APIs.

Topics

#API security#Access control#Data protection#Authentication and authorization

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice