Exam CNX-001 Topic 3 Question 73 Discussion
Actual exam question for CompTIA's CNX-001 exam
Question #: 73
Topic #: 3
Question #: 73
Topic #: 3
A developer reports errors when trying to access a web application. The developer uses Postman to troubleshoot and receives the following error:
* HTTP Status: 403 Forbidden
* Headers include authentication-related variables such as access_key, signature, salt, and timestamp
* The request is a GET request to a payment methods API

Which of the following is the cause of the issue?
* HTTP Status: 403 Forbidden
* Headers include authentication-related variables such as access_key, signature, salt, and timestamp
* The request is a GET request to a payment methods API

Which of the following is the cause of the issue?
Suggested Answer: B Vote an answer
Comprehensive and Detailed Explanation From Exact Extract:
A 403 Forbidden error indicates that the request was understood by the server but is refusing to fulfill it due to insufficient authorization. The developer is attempting to call a protected API that requires valid credentials such as an access key and signature (often used in HMAC-based APIs), but the values appear as Postman variables (e.g., {{rapyd_access_key}}), which suggests they were not replaced with actual credentials.
This typically means that the request lacks proper authentication or authorization headers, or the keys
/signature are incorrect or missing. The presence of access_key, signature, salt, and timestamp in the request implies the API requires authentication, but the variables were not resolved or valid.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "API Security and Authentication":
"A 403 error typically results from failed authentication or lack of proper authorization. Developers must ensure that tokens or signatures are valid, not missing, and properly injected." Other options:
* A. 404 is the code for a missing resource, not 403.
* C. A firewall rule would block the request entirely (e.g., no response or a 0 status), not result in a 403 from the server.
* D. HTTP redirection issues typically result in 3xx codes, not 403.
A 403 Forbidden error indicates that the request was understood by the server but is refusing to fulfill it due to insufficient authorization. The developer is attempting to call a protected API that requires valid credentials such as an access key and signature (often used in HMAC-based APIs), but the values appear as Postman variables (e.g., {{rapyd_access_key}}), which suggests they were not replaced with actual credentials.
This typically means that the request lacks proper authentication or authorization headers, or the keys
/signature are incorrect or missing. The presence of access_key, signature, salt, and timestamp in the request implies the API requires authentication, but the variables were not resolved or valid.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "API Security and Authentication":
"A 403 error typically results from failed authentication or lack of proper authorization. Developers must ensure that tokens or signatures are valid, not missing, and properly injected." Other options:
* A. 404 is the code for a missing resource, not 403.
* C. A firewall rule would block the request entirely (e.g., no response or a 0 status), not result in a 403 from the server.
* D. HTTP redirection issues typically result in 3xx codes, not 403.
by Verna at May 18, 2026, 08:24 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).