A real estate group has a listing service used by internal customers, but they discover that external queries can view confidential property data without logging in. Which solution helps prevent this data exposure?
Enforce a request token policy that verifies user rights for each property lookup
Write all connection attempts to activity logs for later investigation
Stop all network paths from reaching the service interface
Keep credentials in the application code for enhanced verification
Introducing a token-based step for requests validates that clients have the right privileges before accessing data. Logging activity provides an audit trail but does not prohibit external calls. Storing credentials in source code is risky, exposing them if the code is leaked. Shutting down outside connections will stop legitimate users from using the service. Enforcing a request token policy ensures valid callers while preventing unauthorized ones.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a request token policy, and how does it validate user privileges?
Open an interactive chat with Bash
How does a token-based approach differ from activity logging in securing data?
Open an interactive chat with Bash
Why is storing credentials in application code considered a poor security practice?