Your company is developing a Serverless application with Lambda Proxy Integration in API Gateway. Caching is also used for the Rest APIs. Your company is worried about the security of the APIs. Which of the following security considerations should you NOT recommend for your application? (Select TWO).

Answer options:

A.Suggest setting up API and user activity logging with AWS CloudTrail.
B.Suggest setting up AWS Inspector to perform security assessments on the Rest APIs.
C.Suggest creating private Rest APIs and using CloudWatch Logs or Amazon Kinesis Data Firehose to log requests to your APIs.
D.Use IAM policies to implement least privilege access for creating, reading, updating, or deleting Rest APIs in API Gateway.
E.Suggest using JSON Web Tokens (JWTs) for encrypting cache.

Answer: B and E
Option A is Incorrect as CloudTrail helps in logging the user and API Activity.
Option B is Correct because AWS Inspector is used for EC2 and cannot be used to inspect API Gateway.
Option C is Incorrect because creating Private Rest APIs and using CloudWatch logs or Amazon Kinesis Data Firehose helps with the logging and security.
Option D is Incorrect because implementing Least Privilege is the right security strategy.
Option E is Correct because JWTs are used for restricting client access to your APIs and cannot be used to encrypt cache.
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/security.html
https://d1.awsstatic.com/whitepapers/AWS_Serverless_Multi-Tier_Architectures.pdf