CompTIA SecurityX (CAS-005) — Question 141

An organization must provide access to its internal system data. The organization requires that this access complies with the following:

• Access must be automated.
• Data confidentiality must be preserved.
• Access must be authenticated.
• Data must be preprocessed before it is retrieved.

Which of the following actions should the organization take to meet these requirements?

Answer options

• A. Configure a reverse proxy to protect the data.
• B. Implement an on-demand VPN connection.
• C. Deploy an API gateway protected with access tokens.
• D. Continually publish all relevant data to a CDN.

Correct answer: C

Explanation

The correct answer is C, as deploying an API gateway with access tokens allows for automated access, preserves data confidentiality, ensures authentication, and can preprocess data before retrieval. Option A, while it protects data, does not fulfill the requirement for automated access. Option B provides secure access but does not directly address the need for preprocessing data. Option D is not suitable as it involves publishing data rather than controlling access to internal systems.