Certified Information Systems Auditor (CISA) — Question 1067

Which of the following is MOST important to effectively manage risk associated with application programming interfaces (APIs) and third-party virtual environments?

Answer options

• A. Compliance monitoring
• B. Backups of virtual environments
• C. Inventory of APIs
• D. API single sign-on (SSO) capability

Correct answer: C

Explanation

Maintaining an inventory of APIs is crucial as it allows organizations to understand what APIs are in use, their functionalities, and associated risks. While compliance monitoring, backups, and SSO capabilities are important, they do not provide the foundational knowledge necessary to manage API-related risks effectively.