CCNP 350-401 ENCOR Question 628 DISCUSSION

  • 658 views
  • 2023-07-08
« Back to Main Menu

    How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API?

    A. Add a timestamp to the request In the API header.
    B. Use a password hash
    C. Add OAuth to the request in the API header.
    D. Use HTTPS

    « Previous Next »

    How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API?

    A. Add a timestamp to the request In the API header.
    B. Use a password hash
    C. Add OAuth to the request in the API header.
    D. Use HTTPS

    Correct Answer: A

    Here's the list of best practices in securing RESTful API.

    1. Always Use HTTPS - Traffic must be encrypted
    2. Never expose information on URLs - as this can be captured in web server logs, which makes them easily exploitable.
    3. Consider Oauth
    4. Adding Timestamp in Request - This will prevent very basic replay attacks from people who are trying to brute force your system
    5. Input Parameter Validation - Put strong validation checks and reject the request immediately if validation fails.
    6. 6. Use Auditing and Logging - Any subject or entity can be audited
    « Previous Next »

    Support AceITCert.com by buying stuff you need!

    0 Comments

    In order to participate in the comments you need to be logged-in.
    You can sign-up or login (it's free).