1.REST does provide administrative access, and its accessibility represents a vulnerability in a secure environment
2.REST API does provide any support for insert, update, or remove operations
3.The net.http.RESTInterfaceEnabled configuration makes the http status interface, which is read-only by default, fully interactive
4. none of the mentioned