CompTIA SecurityX (CAS-005) — Question 152

An organization is deploying a new data lake that will centralize records from several applications. During the design phase, the security architect identifies the following requirements:

• The sensitivity levels of the data is different.
• The data must be accessed through stateless API calls after authentication.
• Different users will have access to different data sets.

Which of the following should the architect implement to best meet these requirements?

Answer options

• A. Directory services
• B. 802.1X with EAP-TLS
• C. OpenID Connect
• D. CASB

Correct answer: C

Explanation

OpenID Connect is the most suitable choice as it provides a standardized way to manage authentication and authorization, enabling stateless API access while accommodating different user permissions. Directory services and CASB do not directly address the stateless API requirement, and 802.1X with EAP-TLS is primarily focused on network access control rather than API access management.