CompTIA SecurityX (CAS-005) — Question 129

A threat intelligence company's business objective is to allow customers to integrate data directly to different TIPs through an API. The company would like to address as many of the following objectives as possible:

• Reduce compute spend as much as possible.
• Ensure availability for all users.
• Reduce the potential attack surface.
• Ensure the integrity of the data provided.

Which of the following should the company consider to best meet the objectives?

Answer options

• A. Configuring a unique API secret key for accounts
• B. Publishing a list of IOCs on a public directory
• C. Implementing rate limiting for each registered user
• D. Providing a hash of all data that is made available

Correct answer: A

Explanation

Configuring a unique API secret key for accounts helps in securing the API, thus reducing the potential attack surface and ensuring data integrity. Publishing IOCs publicly could expose sensitive information and increase the attack surface. Rate limiting is useful for availability but does not directly impact compute spend or data integrity. Providing a hash of data ensures integrity but does not address the reduction in compute spend.