Which API capability is available on Cisco Firepower devices?

A. Firepower Management Center – Sockets API

B. Firepower Management Center – eStreamer API

C. Firepower Management Center – Camera API

D. Firepower Management Center – Host Output API

Which two statements describe the characteristics of API styles for REST and RPC? (Choose two.)

A. REST-based APIs function in a similar way to procedures.

B. REST-based APIs are used primarily for CRUD operations.

C. REST and RPC API styles are the same.

D. RPC-based APIs function in a similar way to procedures.

E. RPC-based APIs are used primarily for CRUD operations.

Which two commands create a new local source code branch? (Choose two.)

A. git checkout -b new_branch

B. git branch -b new_branch

C. git checkout -f new_branch

D. git branch new_branch

E. git branch -m new_branch

Which API is used to query if the domain "example.com" has been flagged as malicious by the Cisco Security Labs team?

A. https://s-platform.api.opendns.com/1.0/events?example.com

B. https://investigate.api.umbrella.com/domains/categorization/example.com

C. https://investigate.api.umbrella.com/domains/volume/example.com

D. https://s-platform.api.opendns.com/1.0/domains?example.com

Refer to the exhibit. A security engineer attempts to query the Cisco Security Management appliance to retrieve details of a specific message.
What must be added to the script to achieve the desired result?

A. Add message ID information to the URL string as a URI.

B. Run the script and parse through the returned data to find the desired message.

C. Add message ID information to the URL string as a parameter.

D. Add message ID information to the headers.

DRAG DROP -
Drag and drop the code to complete the Cisco Umbrella Investigate WHOIS query that returns a list of domains that are associated with the email address
"
admin@example.com
". Not all options are used.
Select and Place:
 

Which header set should be sent with all API calls to the Cisco Stealthwatch Cloud API?
A.
 
B.
 
C.
 
D.
 

DRAG DROP -
Drag and drop the code to complete the curl command to query the Cisco Umbrella Investigate API for the umbrella popularity list. Not all options are used.
Select and Place:
 

DRAG DROP -
Drag and drop the items to complete the curl request to the ThreatGRID API. The API call should request the first 10 IP addresses that ThreatGRID saw samples communicate with during analysis, in the first two hours of January 18
(UTC time), where those communications triggered a Behavior Indicator that had a th confidence equal to or higher than 75 and a severity equal to or higher than 95.
Select and Place:
 

Which snippet describes the way to create an URL object in Cisco FDM using FDM REST APIs with curl?
A.
 
B.
 
C.
 
D.
 

Which two API capabilities are available on Cisco Identity Services Engine? (Choose two.)

A. Platform Configuration APIs

B. Monitoring REST APIs

C. Performance Management REST APIs

D. External RESTful Services APIs

E. Internal RESTful Services APIs

DRAG DROP -
Drag and drop the items to complete the ThreatGRID API call to return a curated feed of sinkholed-ip-dns in stix format. Not all options are used.
Select and Place:
 

If the goal is to create an access policy with the default action of blocking traffic, using Cisco Firepower Management Center REST APIs, which snippet is used?
A.
 
B.
 
C.
 
D.
 

Refer to the exhibit. A Python function named "query" has been developed and the goal is to use it to query the service "com.cisco.ise.session" via Cisco pxGrid
2.0 APIs.
How is the function called, if the goal is to identify the sessions that are associated with the IP address 10.0.0.50?

A. query(config, secret, “getSessionByIpAddress/10.0.0.50”, “ipAddress”)

B. query(config, “10.0.0.50”, url, payload)

C. query(config, secret, url, “10.0.0.50”)

D. query(config, secret, url, ‘{“ipAddress”: “10.0.0.50”}’)

Which request searches for a process window in Cisco ThreatGRID that contains the word "secret"?

A. /api/v2/search/submissions?term=processwindow&title=secret

B. /api/v2/search/submissions?term=processwindow&q=secret

C. /api/v2/search/submissions?term=window&title=secret

D. /api/v2/search/submissions?term=process&q=secret

DRAG DROP -
Drag and drop the code to complete the script to search Cisco ThreatGRID and return all public submission records associated with cisco.com. Not all options are used.
Select and Place:
 

Which two APIs are available from Cisco ThreatGRID? (Choose two.)

A. Access

B. User Scope

C. Data

D. Domains

E. Curated Feeds

DRAG DROP -
Drag and drop the code to complete the API call to query all Cisco Stealthwatch Cloud observations. Not all options are used.
Select and Place:
 

A security network engineer must implement intrusion policies using the Cisco Firepower Management Center API.
Which action does the engineer take to achieve the goal?

A. Make a PATCH request to the URI /api/fmc_config/v1/domain/{DOMAIN_UUID}/policy/intrusionpolicies.

B. Make a POST request to the URI /api/fmc_config/v1/domain/{DOMAIN_UUID}/policy/intrusionpolicies.

C. Intrusion policies can be read but not configured using the Cisco Firepower Management Center API.

D. Make a PUT request to the URI /api/fmc_config/v1/domain/{DOMAIN_UUID}/policy/intrusionpolicies.

DRAG DROP -
 
Refer to the exhibit.
Drag and drop the elements from the left onto the script on the right that queries Cisco ThreatGRID for indications of compromise.
Select and Place:
 

Refer to the exhibit. A security engineer created a script and successfully executed it to retrieve all currently open alerts.
Which print command shows the first returned alert?

A. print(response[data][0])

B. print(response[results][0])

C. print(response.json()[data][0])

D. print(response.json()[results][0])

Refer to the exhibit. A network operator wrote a Python script to retrieve events from Cisco AMP.
 
Against which API gateway must the operator make the request?

A. BASE_URL = “https://api.amp.cisco.com”

B. BASE_URL = “https://amp.cisco.com/api”

C. BASE_URL = “https://amp.cisco.com/api/”

D. BASE_URL = “https://api.amp.cisco.com/”

Which query parameter is required when using the reporting API of Cisco Security Management Appliances?

A. device_type

B. query_type

C. filterValue

D. startDate + endDate

Refer to the exhibit. A network operator must create a Python script that makes an API request to Cisco Umbrella to do a pattern search and return all matched
URLs with category information.
Which code completes the script?

A. URL = BASE_URL + “/find/exa[a-z]ple.com” PARAMS = { “categoryinclude” : “true”}

B. URL = BASE_URL + “/find/exa[a-z]ple.com” PARAMS = { “returncategory” : “true”}

C. URL = BASE_URL + “/find/exa[a-z]ple.com” PARAMS = { “includeCategory” : “true”}

D. URL = BASE_URL + “/find/exa[a-z]ple.com” PARAMS = { “returnCategory” : “true”}

Refer to the exhibit. A network operator must generate a daily flow report and learn how to act on or manipulate returned data. When the operator runs the script, it returns an enormous amount of information.
Which two actions enable the operator to limit returned data? (Choose two.)

A. Add recordLimit. followed by an integer (key:value) to the flow_data.

B. Add a for loop at the end of the script, and print each key value pair separately.

C. Add flowLimit, followed by an integer (key:value) to the flow_data.

D. Change the startDateTime and endDateTime values to include smaller time intervals.

E. Change the startDate and endDate values to include smaller date intervals.

Which description of synchronous calls to an API is true?

A. They can be used only within single-threaded processes.

B. They pause execution and wait for the response.

C. They always successfully return within a fixed time.

D. They can be used only for small requests.

Which step is required by Cisco pxGrid providers to expose functionality to consumer applications that are written in Python?

A. Look up the existing service using the /pxgrid/control/ServiceLookup endpoint.

B. Register the service using the /pxgrid/control/ServiceRegister endpoint.

C. Configure the service using the /pxgrid/ise/config/profiler endpoint.

D. Expose the service using the /pxgrid/ise/pubsub endpoint.

Which two URI parameters are needed for the Cisco Stealthwatch Top Alarm Host v1 API? (Choose two.)

A. startAbsolute

B. externalGeos

C. tenantId

D. intervalLength

E. tagID

In Cisco AMP for Endpoints, which API queues to find the list of endpoints in the group "Finance Hosts," which has a GUID of 6c3c2005-4c74-4ba7-8dbb- c4d5b6bafe03?

A. https://api.amp.cisco.com/v1/endpoints?group[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

B. https://api.amp.cisco.com/v1/computers?group_guid[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

C. https://api.amp.cisco.com/v1/computers?group_guid-6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

D. https://api.amp.cisco.com/v1/endpoints?group-6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

Which curl command lists all tags (host groups) that are associated with a tenant using the Cisco Stealthwatch Enterprise API?

A. curl -X PUT”Cookie:{Cookie Data}”https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/{tenant_id}/tags

B. curl -X POST -H”Cookie:{Cookie Data}”https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/tags

C. curl -X GET -H”Cookie:{Cookie Data}”https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/{tenant_id}/tags

D. curl -X GET -H”Cookie:{Cookie Data}”https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/tags

Refer to the exhibit.
What does the response from the API contain when this code is executed?

A. error message and status code of 403

B. newly created domains in Cisco Umbrella Investigate

C. updated domains in Cisco Umbrella Investigate

D. status and security details for the domains

Refer to the exhibit. A network operator wants to add a certain IP to a DMZ tag.
Which code segment completes the script and achieves the goal?
A.
 
B.
 
C.
 
D.
 

Refer to the exhibit. The security administrator must temporarily disallow traffic that goes to a production web server using the Cisco FDM REST API. The administrator sends an API query as shown in the exhibit.
What is the outcome of that action?

A. The given code does not execute because the mandatory parameters, source, destination, and services are missing.

B. The given code does not execute because it uses the HTTP method “PUT”. It should use the HTTP method “POST”.

C. The appropriate rule is updated with the source, destination, services, and other fields set to “Any” and the action set to “DENY”. Traffic to the production web server is disallowed, as expected.

D. A new rule is created with the source, destination, services, and other fields set to “Any” and the action set to “DENY”. Traffic to the production web server is disallowed, as expected.

DRAG DROP -
Drag and drop the code to complete the curl query to the Cisco Umbrella Investigate API for the Latest Malicious Domains for the IP address 10.10.20.50. Not all options are used.
Select and Place:
 

Refer to the exhibit.
Which expression prints the text "802.1x"?

A. print(quiz[0][‘choices’][‘b’])

B. print(quiz[‘choices’][‘b’])

C. print(quiz[0][‘choices’][‘b’][‘802.1x’])

D. print(quiz[0][‘question’][‘choices’][‘b’])

What is the purpose of the snapshot APIs exposed by Cisco Stealthwatch Cloud?

A. Report on flow data during a customizable time period.

B. Operate and return alerts discovered from infrastructure observations.

C. Return current configuration data of Cisco Stealthwatch Cloud infrastructure.

D. Create snapshots of supported Cisco Stealthwatch Cloud infrastructure.

What are two advantages of Python virtual environments? (Choose two.)

A. Virtual environments can move compiled modules between different platforms.

B. Virtual environments permit non-administrative users to install packages.

C. The application code is run in an environment that is destroyed upon exit.

D. Virtual environments allow for stateful high availability.

E. Virtual environments prevent packaging conflicts between multiple Python projects.

What are two capabilities of Cisco Firepower Management Center eStreamer? (Choose two.)

A. eStreamer is used to get sources for intelligence services.

B. eStreamer is used to send malware event data.

C. eStreamer is used to get a list of access control policies.

D. eStreamer is used to send policy data.

E. eStreamer is used to send intrusion event data.

DRAG DROP -
Drag and drop the code to complete the URL for the Cisco AMP for Endpoints API POST request so that it will add a sha256 to a given file_list using file_list_guid.
Select and Place:
 

Refer to the exhibit.
What is the purpose of the API represented by this URL?

A. Getting or setting intrusion policies in FMC

B. Creating an intrusion policy in FDM

C. Updating access policies

D. Getting the list of intrusion policies configured in FDM

Which URI string is used to create a policy that takes precedence over other applicable policies that are configured on Cisco Stealthwatch?

A. /tenants/{tenantId}/policy/system/host-policy

B. /tenants/{tenantId}/policy/system/role-policy

C. /tenants/{tenantId}/policy/system

D. /tenants/{tenantId}/policy/system/{policyId}

When the URI "/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies" is used to make a POST request, what does
"e276abec-e0f2-11e3-8169-6d9ed49b625f" represent?

A. API token

B. domain UUID

C. access policy UUID

D. object UUID

Refer to the exhibit.
Which URL returned the data?

A. https://api.amp.cisco.com/v1/computers

B. https://api.amp.cisco.com/v0/computers

C. https://amp.cisco.com/api/v0/computers

D. https://amp.cisco.com/api/v1/computers

DRAG DROP -
A Python script is being developed to return the top 10 identities in an organization that have made a DNS request to "www.cisco.com".
Drag and drop the code to complete the Cisco Umbrella Reporting API query to return the top identities. Not all options are used.
Select and Place:
 

DRAG DROP -
 
Refer to the exhibit. A Python function named "query" has been developed, and will be used to query the service "com.cisco.ise.session" via Cisco pxGrid 2.0
APIs.
Drag and drop the code to construct a Python call to the "query" function to identify the user groups that are associated with the user "fred". Not all options are used.
Select and Place:
 

DRAG DROP -
Drag and drop the items to complete the pxGrid script to retrieve all Adaptive Network Control policies. Assume that username, password, and base URL are correct. Not all options are used.
Select and Place:
 

Refer to the exhibit.
What must be present in a Cisco Web Security Appliance before the script is run?

A. reporting group with the name web_malware_category_malware_name_user_detail

B. data for specified dates

C. reporting group with the name blocked_malware

D. data in the queried category

Which two destinations are supported by the Cisco Security Management Appliance reporting APIs? (Choose two.)

A. email

B. Microsoft Word file

C. FTP

D. web

E. csv file

Which two event types can the eStreamer server transmit to the requesting client from a managed device and a management center? (Choose two.)

A. user activity events

B. intrusion events

C. file events

D. intrusion event extra data

E. malware events

DRAG DROP -
Drag and drop the code to complete the curl query to the Umbrella Reporting API that provides a detailed report of blocked security activity events from the organization with an organizationId of "12345678" for the last 24 hours. Not all options are used.
Select and Place: