CompTIA CASP+ (CAS-004) — Question 577

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.
Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Answer options

• A. Implement a VPN for all APIs.
• B. Sign the key with DSA.
• C. Deploy MFA for the service accounts.
• D. Utilize HMAC for the keys.

Correct answer: D

Explanation

Utilizing HMAC for the keys provides a secure way to ensure the integrity and authenticity of the request without exposing sensitive information like hard-coded strings. The other options either do not directly address the hard-coding issue (A and C) or do not enhance the security of the keys effectively in this context (B).