nerdexam
Palo_Alto_Networks

PCCSE · Question #42

Drag and Drop Question An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days In which order should the API calls be used to accomplish

The correct answer is GET https://api.prismacloud.io/access_keys; PATCH https://api.prismacloud.io/access_keys/<id>/status/<status>; POST https://api.prismacloud.io/login. The task requires ordering API calls to automate access key deactivation, which involves authenticating first, then retrieving the keys, and finally updating their status.

Cloud Infrastructure Entitlement Management (CIEM)

Question

Drag and Drop Question An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Answer:

Exhibit

PCCSE question #42 exhibit

Answer Area

Drag items

POST https://api.prismacloud.io/loginGET https://api.prismacloud.io/access_keysPATCH https://api.prismacloud.io/access_keys/<id>/status/<status>

Correct arrangement

Explanation

The task requires ordering API calls to automate access key deactivation, which involves authenticating first, then retrieving the keys, and finally updating their status.

Approach. The correct interaction is to drag the API calls into the 'Ordered Options' area in the following sequence:

  1. POST https://api.prismacloud.io/login: This call is necessary as the first step to authenticate and obtain an authorization token. Access to any secure API endpoint requires prior authentication.
  2. GET https://api.prismacloud.io/access_keys: After successfully logging in, this call is used to retrieve a list of all access keys. This list will allow the script to identify which keys have not been used for 30 days, as per the problem statement.
  3. PATCH https://api.prismacloud.io/access_keys/<id>/status/<status>: Once the specific access keys to be deactivated are identified (from the GET call), this call is used to update their status. The <id> placeholder would be replaced by the specific key's ID, and <status> would be set to 'inactive' or 'deactivated'. A PATCH request is appropriate for partially updating a resource's state.

Common mistakes.

  • common_mistake. A common mistake, as shown in the second exhibit image, is to place GET /access_keys or PATCH /access_keys before POST /login. This is incorrect because API calls that retrieve or modify sensitive data (like access keys) typically require authentication. Without first logging in and obtaining a valid token (via the POST /login call), subsequent GET or PATCH requests would fail due to unauthorized access. Another mistake would be attempting to PATCH a resource before GETting it, as the PATCH operation requires the specific <id> of the resource to be updated, which is typically obtained from a prior GET request listing available resources.

Concept tested. The core concept being tested is the standard workflow for interacting with RESTful APIs, specifically focusing on authentication, data retrieval, and data modification using appropriate HTTP methods (POST, GET, PATCH) in a programmatic scripting context.

Topics

#Access Key Management#API Automation#Identity and Access Management (IAM)#Security Automation

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice