Exam CISSP topic 1 question 465 discussion

Options A and C are not considered secure primarily because: Option A uses HTTPS but improperly includes an API key as a query parameter in the URL, which can be exposed in server logs or browser histories, posing a security risk. Option C uses HTTP, not HTTPS, making the connection unsecured and susceptible to interception or manipulation. Option B, while using a path segment that suggests security (/SecureTLS//action), uses HTTP instead of HTTPS, negating any implication of security the path might suggest

D. https://url.com/Resources//action Option D represents a secure HTTPS connection to a REST API endpoint, which is commonly used for secure and encrypted communication in RESTful API scenarios. It's a clean and secure URL without any additional parameters or query strings, making it a suitable choice for a secure REST API connection, assuming no specific authentication details or query parameters are required based on the provided context.

for A, this option also starts with "https://" which indicates a secure connection. However, it also includes an API key in the URL. While using HTTPS is good for securing the communication channel, including sensitive information like API keys in the URL is generally not recommended for security reasons. API keys are better handled through headers or other secure methods. So, option A may be secure in terms of the communication channel (HTTPS), but including the API key in the URL raises security concerns. It's important to consider how sensitive information, like API keys, is transmitted and handled to ensure a robust and secure API implementation.

D) https://url.com/Resources//action This URL uses HTTPS, indicating the REST API connection is securely encrypted through TLS. The lack of querystring parameters also prevents the passing of an API key or other credentials in the URL, which is less secure. A) Contains an API key passed in the URL querystring, which is insecure. B) Uses unencrypted HTTP instead of HTTPS. C) Passes an API key over unencrypted HTTP.

The URL in option A uses HTTPS, which indicates a secure connection using SSL/TLS. The other options either use HTTP, which is not secure, or don't demonstrate a typical RESTful URL structure with an API key for authentication.

B and C is wrong, since it uses http - unsecure A exposes the Api Key via query string which can be manipulated by users D looks like it uses post method which may pass credentials and params via payload(hidden/secured) - this is more secure (Answer is C)

D is correct