New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

1z0-1104-23 Exam Questions Tutorials

Page: 2 / 6
Question 8

Challenge 3 - Task 4 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

 

Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.

Options:

Question 9

Challenge 4 - Task 2 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script:  /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

  • Create a Compute Instance with the name IAD-SP-PBT-VM-01, using the Oracle Linux 8 image and VM.Standard2.1 shape.
  • SSH to the compute instance using Cloud Shell.
  • Install and configure Apache web server:a. Install Apache server:
  • sudo yum -y install httpd

b. Enable Apache and start Apache server:

  • bash
  • sudo systemctl enable httpd
  • sudo systemctl restart httpd

c. Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:

  • css
  • sudo firewall-cmd --permanent --add-port=80/tcp
  • sudo firewall-cmd --reload

d. Create an index file for your web server:

  • vbnet
  • sudo bash -c 'echo You are visiting Web Server 1 >>
  • /var/www/html/index.html'

Options:

Question 10

Challenge 4 - Task 5 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script:  /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

1. Create a Protection Rule with name WAF-PBT-XSS-Protection against XSS attack. for protecting web server

2. Create a New Rule Action with name WAF-PBT-XSS-Action where http response code will be 503 (Service Unavailable).

Options:

Question 11

Challenge 2

Least-Privileged Model Enforcement Leveraging Custom Security Zones

Scenario

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the Security Zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You, therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Create a Custom Security Zone recipe to allow compute instances in the public subnet.

• Create a Security Zone using the Custom Security Zone recipe.

• Configure a Virtual Cloud Network (VCN) and Public Subnet.

• Provision a Compute Instance in the public subnet.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

  • Create a Custom Recipe with the name
  • Create a Security Zone with the name
  • Create a VCN with the name IAD-SP-PBT-VCN-01
  • Create a Public Subnet with the name IAD-SP-PBT-PUBSNET-01
  • Create a Compute Instance with the name IAD-SP-PBT-1-VM-01, using the "Oracle Linux 8" image and "VM.Standard2.1" as shape

Options:

Page: 2 / 6
Exam Code: 1z0-1104-23
Exam Name: Oracle Cloud Infrastructure 2023 Security Professional
Last Update: Dec 22, 2024
Questions: 167
1z0-1104-23 pdf

1z0-1104-23 PDF

$25.5  $84.99
1z0-1104-23 Engine

1z0-1104-23 Testing Engine

$28.5  $94.99
1z0-1104-23 PDF + Engine

1z0-1104-23 PDF + Testing Engine

$40.5  $134.99