PCCSE · Question #42
Drag and Drop Question An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days In which order should the API calls be used to accomplish
The correct answer is GET https://api.prismacloud.io/access_keys; PATCH https://api.prismacloud.io/access_keys/<id>/status/<status>; POST https://api.prismacloud.io/login. The task requires ordering API calls to automate access key deactivation, which involves authenticating first, then retrieving the keys, and finally updating their status.
Question
Drag and Drop Question An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Answer:
Exhibit
Answer Area
Drag items
Correct arrangement
- GET https://api.prismacloud.io/access_keys
- PATCH https://api.prismacloud.io/access_keys/<id>/status/<status>
- POST https://api.prismacloud.io/login
Explanation
The task requires ordering API calls to automate access key deactivation, which involves authenticating first, then retrieving the keys, and finally updating their status.
Approach. The correct interaction is to drag the API calls into the 'Ordered Options' area in the following sequence:
POST https://api.prismacloud.io/login: This call is necessary as the first step to authenticate and obtain an authorization token. Access to any secure API endpoint requires prior authentication.GET https://api.prismacloud.io/access_keys: After successfully logging in, this call is used to retrieve a list of all access keys. This list will allow the script to identify which keys have not been used for 30 days, as per the problem statement.PATCH https://api.prismacloud.io/access_keys/<id>/status/<status>: Once the specific access keys to be deactivated are identified (from theGETcall), this call is used to update their status. The<id>placeholder would be replaced by the specific key's ID, and<status>would be set to 'inactive' or 'deactivated'. A PATCH request is appropriate for partially updating a resource's state.
Common mistakes.
- common_mistake. A common mistake, as shown in the second exhibit image, is to place
GET /access_keysorPATCH /access_keysbeforePOST /login. This is incorrect because API calls that retrieve or modify sensitive data (like access keys) typically require authentication. Without first logging in and obtaining a valid token (via the POST /login call), subsequent GET or PATCH requests would fail due to unauthorized access. Another mistake would be attempting toPATCHa resource beforeGETting it, as thePATCHoperation requires the specific<id>of the resource to be updated, which is typically obtained from a priorGETrequest listing available resources.
Concept tested. The core concept being tested is the standard workflow for interacting with RESTful APIs, specifically focusing on authentication, data retrieval, and data modification using appropriate HTTP methods (POST, GET, PATCH) in a programmatic scripting context.
Topics
Community Discussion
No community discussion yet for this question.
