CompTIA CASP+ (CAS-004) — Question 320

A security administrator is trying to securely provide public access to specific data from a web application. Clients who want to access the application will be required to:

• Only allow the POST and GET options.
• Transmit all data secured with TLS 1.2 or greater.
• Use specific URLs to access each type of data that is requested.
• Authenticate with a bearer token.

Which of the following should the security administrator recommend to meet these requirements?

Answer options

• A. API gateway
• B. Application load balancer
• C. Web application firewall
• D. Reverse proxy

Correct answer: A

Explanation

The correct answer is A, the API gateway, as it is designed to handle API requests, enforce security protocols like TLS, and manage authentication through bearer tokens. Options B and D do not specifically address the security requirements for public data access, while option C focuses on filtering and monitoring traffic rather than facilitating secure data access through APIs.