CISSP PRACTICE QUESTIONS – 20210621

Effective CISSP Questions

Which of the following RESTful API operations least hinders the integrity of data? (Wentz QOTD)
A. POST
B. GET
C. PUT
D. DELETE

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. GET.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.

RESTful HTTP Methods
RESTful HTTP Methods

The HTTP method/verb, GET, is typically used to retrieve data, which affects confidentiality.

HTTP Methods

+---------+-------------------------------------------------+-------+
| Method  | Description                                     | Sec.  |
+---------+-------------------------------------------------+-------+
| GET     | Transfer a current representation of the target | 4.3.1 |
|         | resource.                                       |       |
| HEAD    | Same as GET, but only transfer the status line  | 4.3.2 |
|         | and header section.                             |       |
| POST    | Perform resource-specific processing on the     | 4.3.3 |
|         | request payload.                                |       |
| PUT     | Replace all current representations of the      | 4.3.4 |
|         | target resource with the request payload.       |       |
| DELETE  | Remove all current representations of the       | 4.3.5 |
|         | target resource.                                |       |
| CONNECT | Establish a tunnel to the server identified by  | 4.3.6 |
|         | the target resource.                            |       |
| OPTIONS | Describe the communication options for the      | 4.3.7 |
|         | target resource.                                |       |
| TRACE   | Perform a message loop-back test along the path | 4.3.8 |
|         | to the target resource.                         |       |
+---------+-------------------------------------------------+-------+
Semantics of HTTP methods (Source: RFC 7231)

RESTful Style Architecture

The term representational state transfer was introduced and defined in 2000 by Roy Fielding in his doctoral dissertation. Fielding’s dissertation explained the REST principles that were known as the “HTTP object model” beginning in 1994, and were used in designing the HTTP 1.1 and Uniform Resource Identifiers (URI) standards. The term is intended to evoke an image of how a well-designed Web application behaves: it is a network of Web resources (a virtual state-machine) where the user progresses through the application by selecting resource identifiers such as http://www.example.com/articles/21 and resource operations such as GET or POST (application state transitions), resulting in the next resource’s representation (the next application state) being transferred to the end user for their use.

Source: Wikipedia

Reference


以下哪項 RESTful API操作對數據完整性的影響最小? (Wentz QOTD)
A. POST
B. GET
C. PUT
D. DELETE


2 thoughts on “CISSP PRACTICE QUESTIONS – 20210621

  1. Pingback: RESTful API 操作對數據完整性的影響最小-Get – Choson資安大小事

Leave a Reply