Which two URI parameters are needed for the Cisco Stealthwatch Top Alarm Host v1 API? (Choose two.)

A. startAbsolute

B. externalGeos

C. tenantId

D. intervalLength

E. tagID

What is the purpose of the snapshot APIs exposed by Cisco Stealthwatch Cloud?

A. Report on flow data during a customizable time period.

B. Operate and return alerts discovered from infrastructure observations.

C. Return current configuration data of Cisco Stealthwatch Cloud infrastructure.

D. Create snapshots of supported Cisco Stealthwatch Cloud infrastructure.

DRAG DROP -
 
Refer to the exhibit. A Python function named "query" has been developed, and will be used to query the service "com.cisco.ise.session" via Cisco pxGrid 2.0
APIs.
Drag and drop the code to construct a Python call to the "query" function to identify the user groups that are associated with the user "fred". Not all options are used.
Select and Place:
 

DRAG DROP -
Drag and drop the code to complete the script to search Cisco ThreatGRID and return all public submission records associated with cisco.com. Not all options are used.
Select and Place:
 

If the goal is to create an access policy with the default action of blocking traffic, using Cisco Firepower Management Center REST APIs, which snippet is used?
A.
 
B.
 
C.
 
D.
 

After changes are made to the Cisco Firepower Threat Defense configuration using the Cisco Firepower Device Manager API, what must be done to ensure that the new policy is activated?

A. Submit a POST to the /api/fdm/latest/operational/deploy URI.

B. Submit a GET to the /api/fdm/latest/operational/deploy URI.

C. Submit a PUT to the /api/fdm/latest/devicesettings/pushpolicy URI.

D. Submit a POST to the /api/fdm/latest/devicesettings/pushpolicy URI.

Which two API capabilities are available on Cisco Identity Services Engine? (Choose two.)

A. Platform Configuration APIs

B. Monitoring REST APIs

C. Performance Management REST APIs

D. External RESTful Services APIs

E. Internal RESTful Services APIs

Refer to the exhibit. A network operator wrote a Python script to retrieve events from Cisco AMP.
 
Against which API gateway must the operator make the request?

A. BASE_URL = “https://api.amp.cisco.com”

B. BASE_URL = “https://amp.cisco.com/api”

C. BASE_URL = “https://amp.cisco.com/api/”

D. BASE_URL = “https://api.amp.cisco.com/”

What are two advantages of Python virtual environments? (Choose two.)

A. Virtual environments can move compiled modules between different platforms.

B. Virtual environments permit non-administrative users to install packages.

C. The application code is run in an environment that is destroyed upon exit.

D. Virtual environments allow for stateful high availability.

E. Virtual environments prevent packaging conflicts between multiple Python projects.

Which header set should be sent with all API calls to the Cisco Stealthwatch Cloud API?
A.
 
B.
 
C.
 
D.
 

DRAG DROP -
A Python script is being developed to return the top 10 identities in an organization that have made a DNS request to "www.cisco.com".
Drag and drop the code to complete the Cisco Umbrella Reporting API query to return the top identities. Not all options are used.
Select and Place:
 

DRAG DROP -
Drag and drop the code to complete the API call to query all Cisco Stealthwatch Cloud observations. Not all options are used.
Select and Place:
 

Refer to the exhibit. The script outputs too many results when it is queried against the Cisco Umbrella Reporting API.
Which two configurations restrict the returned result to only 10 entries? (Choose two.)

A. Add params parameter in the get and assign in the {“return”: “10”} value.

B. Add ?limit=10 to the end of the URL string.

C. Add params parameter in the get and assign in the {“limit”: “10”} value.

D. Add ?find=10 to the end of the URL string.

E. Add ?return=10 to the end of the URL string.

Refer to the exhibit. A security engineer attempts to query the Cisco Security Management appliance to retrieve details of a specific message.
What must be added to the script to achieve the desired result?

A. Add message ID information to the URL string as a URI.

B. Run the script and parse through the returned data to find the desired message.

C. Add message ID information to the URL string as a parameter.

D. Add message ID information to the headers.

Refer to the exhibit. A network operator must create a Python script that makes an API request to Cisco Umbrella to do a pattern search and return all matched
URLs with category information.
Which code completes the script?

A. URL = BASE_URL + “/find/exa[a-z]ple.com” PARAMS = { “categoryinclude” : “true”}

B. URL = BASE_URL + “/find/exa[a-z]ple.com” PARAMS = { “returncategory” : “true”}

C. URL = BASE_URL + “/find/exa[a-z]ple.com” PARAMS = { “includeCategory” : “true”}

D. URL = BASE_URL + “/find/exa[a-z]ple.com” PARAMS = { “returnCategory” : “true”}

The Cisco Security Management Appliance API is used to make a GET call using the URI /sma/api/v2.0/reporting/mail_incoming_traffic_summary/ detected_amp?startDate=2016-09-10T19:00:00.000Z&endDate=2018-09-24T23:00:00.000Z&device_type=esa&device_name=esa01.
What does this GET call return?

A. values of all counters of a counter group, with the device group name and device type for web

B. value of a specific counter from a counter group, with the device name and type for email

C. value of a specific counter from a counter group, with the device name and type for web

D. values of all counters of a counter group, with the device group name and device type for email

Refer to the exhibit. A network operator wants to add a certain IP to a DMZ tag.
Which code segment completes the script and achieves the goal?
A.
 
B.
 
C.
 
D.
 

DRAG DROP -
Drag and drop the code to complete the curl query to the Umbrella Reporting API that provides a detailed report of blocked security activity events from the organization with an organizationId of "12345678" for the last 24 hours. Not all options are used.
Select and Place:
 

Refer to the exhibit. A security engineer created a script and successfully executed it to retrieve all currently open alerts.
Which print command shows the first returned alert?

A. print(response[data][0])

B. print(response[results][0])

C. print(response.json()[data][0])

D. print(response.json()[results][0])

Which snippet describes the way to create an URL object in Cisco FDM using FDM REST APIs with curl?
A.
 
B.
 
C.
 
D.
 

Which two destinations are supported by the Cisco Security Management Appliance reporting APIs? (Choose two.)

A. email

B. Microsoft Word file

C. FTP

D. web

E. csv file

Which description of synchronous calls to an API is true?

A. They can be used only within single-threaded processes.

B. They pause execution and wait for the response.

C. They always successfully return within a fixed time.

D. They can be used only for small requests.

Which URI string is used to create a policy that takes precedence over other applicable policies that are configured on Cisco Stealthwatch?

A. /tenants/{tenantId}/policy/system/host-policy

B. /tenants/{tenantId}/policy/system/role-policy

C. /tenants/{tenantId}/policy/system

D. /tenants/{tenantId}/policy/system/{policyId}

Which query parameter is required when using the reporting API of Cisco Security Management Appliances?

A. device_type

B. query_type

C. filterValue

D. startDate + endDate

Which two statements describe the characteristics of API styles for REST and RPC? (Choose two.)

A. REST-based APIs function in a similar way to procedures.

B. REST-based APIs are used primarily for CRUD operations.

C. REST and RPC API styles are the same.

D. RPC-based APIs function in a similar way to procedures.

E. RPC-based APIs are used primarily for CRUD operations.

DRAG DROP -
Drag and drop the items to complete the ThreatGRID API call to return a curated feed of sinkholed-ip-dns in stix format. Not all options are used.
Select and Place:
 

Refer to the exhibit. The security administrator must temporarily disallow traffic that goes to a production web server using the Cisco FDM REST API. The administrator sends an API query as shown in the exhibit.
What is the outcome of that action?

A. The given code does not execute because the mandatory parameters, source, destination, and services are missing.

B. The given code does not execute because it uses the HTTP method “PUT”. It should use the HTTP method “POST”.

C. The appropriate rule is updated with the source, destination, services, and other fields set to “Any” and the action set to “DENY”. Traffic to the production web server is disallowed, as expected.

D. A new rule is created with the source, destination, services, and other fields set to “Any” and the action set to “DENY”. Traffic to the production web server is disallowed, as expected.

For which two programming languages does Cisco offer an SDK for Cisco pxGrid 1.0? (Choose two.)

A. Python

B. Perl

C. Java

D. C

E. JavaScript

DRAG DROP -
Drag and drop the items to complete the pxGrid script to retrieve all Adaptive Network Control policies. Assume that username, password, and base URL are correct. Not all options are used.
Select and Place:
 

Which API capability is available on Cisco Firepower devices?

A. Firepower Management Center – Sockets API

B. Firepower Management Center – eStreamer API

C. Firepower Management Center – Camera API

D. Firepower Management Center – Host Output API

A security network engineer must implement intrusion policies using the Cisco Firepower Management Center API.
Which action does the engineer take to achieve the goal?

A. Make a PATCH request to the URI /api/fmc_config/v1/domain/{DOMAIN_UUID}/policy/intrusionpolicies.

B. Make a POST request to the URI /api/fmc_config/v1/domain/{DOMAIN_UUID}/policy/intrusionpolicies.

C. Intrusion policies can be read but not configured using the Cisco Firepower Management Center API.

D. Make a PUT request to the URI /api/fmc_config/v1/domain/{DOMAIN_UUID}/policy/intrusionpolicies.

Which step is required by Cisco pxGrid providers to expose functionality to consumer applications that are written in Python?

A. Look up the existing service using the /pxgrid/control/ServiceLookup endpoint.

B. Register the service using the /pxgrid/control/ServiceRegister endpoint.

C. Configure the service using the /pxgrid/ise/config/profiler endpoint.

D. Expose the service using the /pxgrid/ise/pubsub endpoint.

DRAG DROP -
Drag and drop the code to complete the URL for the Cisco AMP for Endpoints API POST request so that it will add a sha256 to a given file_list using file_list_guid.
Select and Place:
 

DRAG DROP -
Drag and drop the code to complete the curl query to the Cisco Umbrella Investigate API for the Latest Malicious Domains for the IP address 10.10.20.50. Not all options are used.
Select and Place:
 

Which curl command lists all tags (host groups) that are associated with a tenant using the Cisco Stealthwatch Enterprise API?

A. curl -X PUT”Cookie:{Cookie Data}”https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/{tenant_id}/tags

B. curl -X POST -H”Cookie:{Cookie Data}”https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/tags

C. curl -X GET -H”Cookie:{Cookie Data}”https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/{tenant_id}/tags

D. curl -X GET -H”Cookie:{Cookie Data}”https://{stealthwatch_host}/smc-configuration/rest/v1/tenants/tags

When the URI "/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies" is used to make a POST request, what does
"e276abec-e0f2-11e3-8169-6d9ed49b625f" represent?

A. API token

B. domain UUID

C. access policy UUID

D. object UUID

Refer to the exhibit.
What does the response from the API contain when this code is executed?

A. error message and status code of 403

B. newly created domains in Cisco Umbrella Investigate

C. updated domains in Cisco Umbrella Investigate

D. status and security details for the domains

Which API is used to query if the domain "example.com" has been flagged as malicious by the Cisco Security Labs team?

A. https://s-platform.api.opendns.com/1.0/events?example.com

B. https://investigate.api.umbrella.com/domains/categorization/example.com

C. https://investigate.api.umbrella.com/domains/volume/example.com

D. https://s-platform.api.opendns.com/1.0/domains?example.com

In Cisco AMP for Endpoints, which API queues to find the list of endpoints in the group "Finance Hosts," which has a GUID of 6c3c2005-4c74-4ba7-8dbb- c4d5b6bafe03?

A. https://api.amp.cisco.com/v1/endpoints?group[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

B. https://api.amp.cisco.com/v1/computers?group_guid[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

C. https://api.amp.cisco.com/v1/computers?group_guid-6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

D. https://api.amp.cisco.com/v1/endpoints?group-6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

Refer to the exhibit.
Which expression prints the text "802.1x"?

A. print(quiz[0][‘choices’][‘b’])

B. print(quiz[‘choices’][‘b’])

C. print(quiz[0][‘choices’][‘b’][‘802.1x’])

D. print(quiz[0][‘question’][‘choices’][‘b’])

What are two benefits of Ansible when managing security platforms? (Choose two.)

A. End users can be identified and tracked across a network.

B. Network performance issues can be identified and automatically remediated.

C. Policies can be updated on multiple devices concurrently, which reduces outage windows.

D. Anomalous network traffic can be detected and correlated.

E. The time that is needed to deploy a change is reduced, compared to manually applying the change.

Refer to the exhibit.
What is the purpose of the API represented by this URL?

A. Getting or setting intrusion policies in FMC

B. Creating an intrusion policy in FDM

C. Updating access policies

D. Getting the list of intrusion policies configured in FDM

DRAG DROP -
Drag and drop the code to complete the Cisco Umbrella Investigate WHOIS query that returns a list of domains that are associated with the email address
"
admin@example.com
". Not all options are used.
Select and Place:
 

Refer to the exhibit. A network operator must generate a daily flow report and learn how to act on or manipulate returned data. When the operator runs the script, it returns an enormous amount of information.
Which two actions enable the operator to limit returned data? (Choose two.)

A. Add recordLimit. followed by an integer (key:value) to the flow_data.

B. Add a for loop at the end of the script, and print each key value pair separately.

C. Add flowLimit, followed by an integer (key:value) to the flow_data.

D. Change the startDateTime and endDateTime values to include smaller time intervals.

E. Change the startDate and endDate values to include smaller date intervals.

DRAG DROP -
Drag and drop the items to complete the curl request to the ThreatGRID API. The API call should request the first 10 IP addresses that ThreatGRID saw samples communicate with during analysis, in the first two hours of January 18
(UTC time), where those communications triggered a Behavior Indicator that had a th confidence equal to or higher than 75 and a severity equal to or higher than 95.
Select and Place:
 

Refer to the exhibit. A Python function named "query" has been developed and the goal is to use it to query the service "com.cisco.ise.session" via Cisco pxGrid
2.0 APIs.
How is the function called, if the goal is to identify the sessions that are associated with the IP address 10.0.0.50?

A. query(config, secret, “getSessionByIpAddress/10.0.0.50”, “ipAddress”)

B. query(config, “10.0.0.50”, url, payload)

C. query(config, secret, url, “10.0.0.50”)

D. query(config, secret, url, ‘{“ipAddress”: “10.0.0.50”}’)

DRAG DROP -
 
Refer to the exhibit.
Drag and drop the elements from the left onto the script on the right that queries Cisco ThreatGRID for indications of compromise.
Select and Place:
 

Which snippet is used to create an object for network 10.0.69.0/24 using Cisco Firepower Management Center REST APIs?
A.
 
B.
 
C.
 
D.
 

DRAG DROP -
Drag and drop the code to complete the curl command to query the Cisco Umbrella Investigate API for the umbrella popularity list. Not all options are used.
Select and Place:
 

Which two event types can the eStreamer server transmit to the requesting client from a managed device and a management center? (Choose two.)

A. user activity events

B. intrusion events

C. file events

D. intrusion event extra data

E. malware events