Certified Information Systems Auditor (CISA) — Question 607

Which of the following metrics would be MOST useful to an IS auditor when assessing the resilience of an application programming interface (API)?

Answer options

• A. Number of patches released within a time interval for the API
• B. Number of defects logged during development compared to other APIs
• C. Number of API calls expected versus actually received within a time interval
• D. Number of developers adopting the API for their applications

Correct answer: C

Explanation

The correct answer is C because it directly measures the API's performance and capacity to handle requests, which is critical for assessing its resilience. Options A and B focus on maintenance and development issues rather than operational effectiveness, while D does not provide insight into the API's performance under load.