API API Authentication and Security 2

Question 1

What is rate limiting in API security?

Accepted Answer

Restricting the number of requests a client can make in a time window

Answer

Encrypting API traffic

Answer

Validating response schemas

Answer

Checking SSL certificates

Question 2

What does HTTPS provide that HTTP does not?

Accepted Answer

Encrypted transmission of data

Answer

Faster data transfer

Answer

Better caching

Answer

Stateful connections

Question 3

Which OWASP API vulnerability involves an API returning more data than the client needs?

Accepted Answer

Excessive Data Exposure

Answer

Broken Object Level Authorization

Answer

Security Misconfiguration

Answer

Injection

Question 4

What is CORS in the context of API security?

Accepted Answer

A cross-origin resource sharing policy controlling browser requests

Answer

A caching mechanism

Answer

An encryption standard

Answer

A token format

Question 5

What is SQL injection in API testing?

Accepted Answer

Injecting malicious SQL through API inputs to manipulate the database

Answer

Inserting valid SQL into the database

Answer

A method for seeding test data

Answer

Optimizing SQL queries in API calls

Question 6

Which grant type in OAuth 2.0 is recommended for server-to-server API communication?

Accepted Answer

Client Credentials

Answer

Authorization Code

Answer

Implicit

Answer

Password