Automating Cisco Security Solutions (SAUTO) v1.0
Question 1
FILL BLANK -
Fill in the blank to complete the statement with the correct technology.
Cisco __________ Investigate provides access to data that pertains to DNS security events and correlations collected by the Cisco security team.
Answer : Umbrella
Question 2
Refer to the exhibit. The script outputs too many results when it is queried against the Cisco Umbrella Reporting API.
Which two configurations restrict the returned result to only 10 entries? (Choose two.)
- A. Add params parameter in the get and assign in the {"return": "10"} value.
- B. Add ?limit=10 to the end of the URL string.
- C. Add params parameter in the get and assign in the {"limit": "10"} value.
- D. Add ?find=10 to the end of the URL string.
- E. Add ?return=10 to the end of the URL string.
Answer : BC
Question 3
DRAG DROP -
A Python script is being developed to return the top 10 identities in an organization that have made a DNS request to "www.cisco.com".
Drag and drop the code to complete the Cisco Umbrella Reporting API query to return the top identities. Not all options are used.
Select and Place:
Answer : 
Reference:
https://docs.umbrella.com/umbrella-api/docs/reporting-destinations-most-recent-requests
Question 4
Which two destinations are supported by the Cisco Security Management Appliance reporting APIs? (Choose two.)
- A. email
- B. Microsoft Word file
- C. FTP
- D. web
- E. csv file
Answer : AD
Question 5
What are two capabilities of Cisco Firepower Management Center eStreamer? (Choose two.)
- A. eStreamer is used to get sources for intelligence services.
- B. eStreamer is used to send malware event data.
- C. eStreamer is used to get a list of access control policies.
- D. eStreamer is used to send policy data.
- E. eStreamer is used to send intrusion event data.
Answer : BE
Question 6
Refer to the exhibit. A security engineer created a script and successfully executed it to retrieve all currently open alerts.
Which print command shows the first returned alert?
- A. print(response[data][0])
- B. print(response[results][0])
- C. print(response.json()[data][0])
- D. print(response.json()[results][0])
Answer : A
Question 7
Refer to the exhibit. A network operator must create a Python script that makes an API request to Cisco Umbrella to do a pattern search and return all matched
URLs with category information.
Which code completes the script?
- A. URL = BASE_URL + "/find/exa\[a-z\]ple.com" PARAMS = { "categoryinclude" : "true"}
- B. URL = BASE_URL + "/find/exa\[a-z\]ple.com" PARAMS = { "returncategory" : "true"}
- C. URL = BASE_URL + "/find/exa\[a-z\]ple.com" PARAMS = { "includeCategory" : "true"}
- D. URL = BASE_URL + "/find/exa\[a-z\]ple.com" PARAMS = { "returnCategory" : "true"}
Answer : D
Question 8
Which two statements describe the characteristics of API styles for REST and RPC? (Choose two.)
- A. REST-based APIs function in a similar way to procedures.
- B. REST-based APIs are used primarily for CRUD operations.
- C. REST and RPC API styles are the same.
- D. RPC-based APIs function in a similar way to procedures.
- E. RPC-based APIs are used primarily for CRUD operations.
Answer : BD
Question 9
What are two benefits of Ansible when managing security platforms? (Choose two.)
- A. End users can be identified and tracked across a network.
- B. Network performance issues can be identified and automatically remediated.
- C. Policies can be updated on multiple devices concurrently, which reduces outage windows.
- D. Anomalous network traffic can be detected and correlated.
- E. The time that is needed to deploy a change is reduced, compared to manually applying the change.
Answer : CE
Question 10
Refer to the exhibit.
What must be present in a Cisco Web Security Appliance before the script is run?
- A. reporting group with the name web_malware_category_malware_name_user_detail
- B. data for specified dates
- C. reporting group with the name blocked_malware
- D. data in the queried category
Answer : A
Question 11
The Cisco Security Management Appliance API is used to make a GET call using the URI /sma/api/v2.0/reporting/mail_incoming_traffic_summary/ detected_amp?startDate=2016-09-10T19:00:00.000Z&endDate=2018-09-24T23:00:00.000Z&device_type=esa&device_name=esa01.
What does this GET call return?
- A. values of all counters of a counter group, with the device group name and device type for web
- B. value of a specific counter from a counter group, with the device name and type for email
- C. value of a specific counter from a counter group, with the device name and type for web
- D. values of all counters of a counter group, with the device group name and device type for email
Answer : D
Question 12
Which two APIs are available from Cisco ThreatGRID? (Choose two.)
- A. Access
- B. User Scope
- C. Data
- D. Domains
- E. Curated Feeds
Answer : CE
Question 13
DRAG DROP -
Drag and drop the code to complete the Cisco Umbrella Investigate WHOIS query that returns a list of domains that are associated with the email address
"[email protected]". Not all options are used.
Select and Place:
Answer : 
Explanation:
https://docs.umbrella.com/investigate-api/docs/whois-information-for-a-domain-1
Question 14
Which two commands create a new local source code branch? (Choose two.)
- A. git checkout -b new_branch
- B. git branch -b new_branch
- C. git checkout -f new_branch
- D. git branch new_branch
- E. git branch -m new_branch
Answer : AD
Question 15
Which header set should be sent with all API calls to the Cisco Stealthwatch Cloud API?
A.
B.
C.
D.
Answer : B