A company plans to deploy the Postman application as a tool to manage network devices. Which two security related best practices should be considered? (Choose two.)

A company plans to deploy the Postman application as a tool to manage network devices. Which two security related best practices should be considered? (Choose two.)

• An SSH connection should be used to connect to the Postman application.
• User accesses must be authenticated to make API calls.
• A dedicated instance for development should be used to ensure that device configurations are valid.
• AAA service should be deployed for user authorization.
• ACLs should be used to verify and filter different types of RUSTFul API calls.

Explanation: RESTful APIs are software interfaces into an application or a controller. For security considerations, access to APIs should require authentication such that an API is considered just like any other device to which a user needs to authenticate to gain access to utilize the APIs. A developer who is authenticated has access to making changes using the API, changes that can affect that application. It is best practice to use a dedicated development instance of the application to test change codes to avoid accidental impact to a production environment.

Exam with this question: CCNPv8 ENCOR (Version 8.0) - CCNP ENCOR (350-401) Certification Practice Exam