CompTIA CySA+ (CS0-002) — Question 96

Clients are unable to access a company’s API to obtain pricing data. An analyst discovers sources other than clients are scraping the API for data, which is causing the servers to exceed available resources. Which of the following would be BEST to protect the availability of the APIs?

Answer options

• A. IP whitelisting
• B. Certificate-based authentication
• C. Virtual private network
• D. Web application firewall

Correct answer: D

Explanation

A Web Application Firewall (WAF) can help filter and monitor incoming traffic, blocking malicious requests that could overload the server. IP whitelisting would restrict access too much, while certificate-based authentication and a VPN do not specifically address the issue of excessive scraping from unauthorized sources.