Certified Information Systems Auditor (CISA) — Question 851

Which of the following is the GREATEST risk when using application programming interfaces (APIS) in a third-party hosted virtual environment?

Answer options

• A. Data exfiltration
• B. Lack of accountability
• C. Inability to test third-party APIs
• D. Lack of redundancy

Correct answer: A

Explanation

Data exfiltration is the greatest risk because APIs can expose sensitive data if not properly secured, particularly in a third-party environment where control over the data may be limited. While lack of accountability, inability to test APIs, and lack of redundancy are concerns, they do not pose as immediate and severe a threat to data integrity and confidentiality as data exfiltration does.