🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional2 / 124
Question 2 of 124

A financial services company exposes internal microservices to trusted partner banks through a cloud API gateway. Security requires that both the calling partner service AND the receiving API prove their identities cryptographically before any request payload is processed, preventing spoofed clients even if a partner's API key were leaked. Which control best satisfies this requirement?

Reviewed for accuracy · Report an issueNext question