ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A financial services firm is exposing an internal payment-processing REST API to an external billing partner. The partner's workloads run in several public cloud regions, so their source IP addresses can change without notice. Corporate policy requires least privilege, minimal credential exposure, and the ability to revoke the partner's access quickly if a breach is suspected. Which approach BEST satisfies these requirements?
Permit anonymous calls to the API but enforce strict custom rate limiting on sensitive endpoints.
Use OAuth 2.0 with an authorization server to issue scoped, short-lived bearer tokens and enforce TLS for every API call.
Create a site-to-site IPsec VPN and restrict traffic to the partner's public IP address ranges.
Provide the partner a long-lived shared API key that is embedded in their application code.
OAuth 2.0 allows the firm to issue scoped, short-lived access tokens over TLS, granting only the required API rights. Because tokens expire automatically and can be revoked at the authorization server, the firm can quickly cut off compromised credentials. Static shared secrets embedded in code are hard to rotate and often over-privileged. A site-to-site VPN combined with IP filtering fails when the partner's cloud IP ranges shift and does not address credential theft. Anonymous access with rate limiting provides no authentication or authorization and violates least-privilege policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OAuth 2.0 and how does it work?
Open an interactive chat with Bash
Why are short-lived bearer tokens preferred over long-lived shared API keys?
Open an interactive chat with Bash
How does enforcing TLS improve API call security?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .