🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional11 / 129
Question 11 of 129
A public-facing REST API exposes a customer-lookup endpoint that requires authentication. Security monitoring reveals that a small number of valid API keys are issuing thousands of sequential requests per minute, systematically enumerating account identifiers. Authorization checks are correctly enforced, and no single request is malformed. Which control would MOST directly mitigate this abuse while allowing legitimate clients to continue operating?
Reviewed for accuracy · Report an issueNext question