ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 37 - MCPA - Level 1 discussion

Report
Export

What API policy would be LEAST LIKELY used when designing an Experience API that is intended to work with a consumer mobile phone or tablet application?

A.
OAuth 2.0 access token enforcement
Answers
A.
OAuth 2.0 access token enforcement
B.
Client ID enforcement
Answers
B.
Client ID enforcement
C.
JSON threat protection
Answers
C.
JSON threat protection
D.
IPwhitellst
Answers
D.
IPwhitellst
Suggested answer:

Explanation:

Answer: IP whitelist

*****************************************

>> OAuth 2.0 access token and Client ID enforcement policies are VERY common to apply on Experience APIs as API consumers need to register and access the APIs using one of these mechanisms

>> JSON threat protection is also VERY common policy to apply on Experience APIs to prevent bad or suspicious payloads hitting the API implementations.

>> IP whitelisting policy is usually very common in Process and System APIs to only whitelist the IP range inside the local VPC. But also applied occassionally on some experience APIs where the End User/ API Consumers are FIXED.

>> When we know the API consumers upfront who are going to access certain Experience APIs, then we can request for static IPs from such consumers and whitelist them to prevent anyone else hitting the API.

However, the experience API given in the question/ scenario is intended to work with a consumer mobile phone or tablet application. Which means, there is no way we can know all possible IPs that are to be whitelisted as mobile phones and tablets can so many in number and any device in the city/state/country/globe.

So, It is very LEAST LIKELY to apply IP Whitelisting on such Experience APIs whose consumers are typically Mobile Phones or Tablets.

asked 18/09/2024
JEAN-MARIE HERMANT
30 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first