Free Isaca Cybersecurity Audit Certificate Actual Exam Questions - Question 3 Discussion
programming interface (API). Which of the following is MOST important for the auditor to consider in
an assessment of the potential risk factors?
B/C? The API’s biggest risk is probably identity spoofing since attackers can pretend to be legit users, but overall CIA (C) still matters because a breach usually hits all three areas.
I’m thinking B could be more critical since a poorly secured API often means attackers can impersonate users or apps easily, leading to identity spoofing. That risk feels more direct than resource contention or just availability.
D I get why C is popular, but denial of service is a really pressing risk with unsecured APIs because attackers can flood the service, making it unavailable. While confidentiality and integrity matter, availability often gets hit hardest by these API vulnerabilities. So, thinking about the impact on the system’s uptime and reliability seems crucial here.
C The main concern with unsecured APIs is the broad impact on confidentiality, integrity, and availability. It covers all critical security aspects without focusing on just one attack type.
I think C makes the most sense since APIs directly affect confidentiality, integrity, and availability of data and services.