Certified Information Systems Auditor (CISA) — Question 815

Which of the following is an IS auditor's BEST recommendation to mitigate the risk of eavesdropping associated with an application programming interface (API) integration implementation?

Answer options

• A. Implement Simple Object Access Protocol (SOAP).
• B. Encrypt the extensible markup language (XML) file.
• C. Mask the API endpoints.
• D. Implement Transport Layer Security (TLS).

Correct answer: D

Explanation

Implementing Transport Layer Security (TLS) is the best recommendation as it provides a secure channel over an unsecured network, effectively protecting data from eavesdropping. The other options, while they may contribute to security, do not provide the same level of encryption and protection for data in transit as TLS does.