Exam CAS-004 topic 1 question 55 discussion

Since the clients are reporting slowness and the servers hosting the APIs are showing heavy CPU utilization, it is likely that the performance issue is caused by excessive API requests being made by the clients, rather than an attack or vulnerability that needs to be mitigated. Therefore, the best solution to remedy the performance issues would be to implement rate limiting on the API, which would limit the number of requests made to the APIs per client, and prevent excessive requests from overloading the servers. So, the correct answer is A. Implement rate limiting on the API.

Keyword here is that the API does not require authentication. OAUTH 2.0 solves that and will improve performance by only processing authenticated calls.

Voted for A. Rationale: Key phrase for me that stood out in the question is: "remedy the performance issues in a timely manner." My mind was telling me to already ignore B & C and look at A and D. D - Implement input validation would have taken a lot longer in terms of time to reduce the heavy CPU utilization. This would have required testing the code and validating it through a code development lifecycle.

To me the key words here are "remedy performance issues", so A. is the only one that makes sense.

This approach controls the number of requests a client can make to the API within a certain timeframe. By limiting the request rate, you can prevent excessive usage from any single client or group of clients, which can help reduce the CPU load on the servers. This can be implemented relatively quickly and can provide immediate relief to the performance issues. Implementing OAuth 2.0 is used for authentication and authorization, which is not necessary for APIs that do not require authentication. Moreover, adding OAuth 2.0 can increase complexity and may not directly address the root cause of the CPU utilization issue.

In this case, since the servers are showing heavy CPU utilization, implementing rate limiting can help manage the load on the servers and improve performance1. However, it’s also important to consider other performance optimization techniques and security measures to ensure the overall health and efficiency of the API2

we want to focus on the utilization

Implement Rate Limiting: Rate limiting involves controlling the rate at which incoming requests are processed. By implementing rate limiting on the API, the system can restrict the number of requests from a single client or IP address within a specified time period. This can help mitigate the impact of excessive requests, prevent abuse, and alleviate the heavy CPU utilization on the servers. OAuth 2.0 is an authentication and authorization framework, and implementing it on the API may not directly address the reported performance issues unless authentication overhead is a significant factor, which is not mentioned in the scenario.

The answer is C - great security issue the authentication.

Authentication! answer is C

OAUTH 2.0 will just increase the load on the API Rate limiting shall reduce the number of processed requests

Chat GPT is not as accurate he changes his answer & is unsure of his answers be careful

OAuth does not mean that it will be secure because OAuth=Authorization rate limiting is the quick fix to address the direct problem of too many tasks. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

For me this is C C means that they will only process authenticated calls. I see the argument for A however my i don't think it's right. The loads are balanced therefore the system itself is running as efficiently as it can and yet you are still getting performance issues. Limiting them further will not improve performace. However ensuring that there is less unnecerssary traffic will. That's why i'm going with C

Given that the APIs do not require authentication, implementing OAuth 2.0 would likely not resolve the performance issues. Similarly, implementing input validation would not necessarily address the CPU utilization. Geoblocking may prevent some traffic, but may not resolve the root cause of the issue. Therefore, the BEST recommendation would be to implement rate limiting on the API, which can help regulate the amount of traffic and reduce the load on the servers. This would help address the performance issues in a timely manner.

A. Implementing rate limiting on the API is the best solution to remedy the performance issues in a timely manner. Rate limiting can help mitigate the heavy CPU utilization and ensure that the APIs are not overwhelmed with requests, which can cause slowness for clients. It limits the number of requests that can be made within a certain time period, preventing excessive traffic from consuming all of the server's resources. Geoblocking (B) may be useful for blocking traffic from certain countries, but it is unlikely to solve the performance issue in this scenario. OAuth 2.0 (C) is an authentication and authorization framework and would not address the performance issues described. Input validation (D) is important for preventing attacks that leverage malicious input, but it is not likely to address the performance issues in this scenario.

A. Rate limiting. This is a tough one. I think we can rule out OAuth, as it says that the API does not require authentication (so why add it?) and OAuth will be more difficult to implement than rate limiting. They asked for a quick fix. https://nordicapis.com/everything-you-need-to-know-about-api-rate-limiting/