1z0-1104-23 Exam Questions Tutorials

Solutions:

• From the navigation menu, select Identity & Security and then click Bastion.
• In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
• Click the SPPBTBASTION992831403labuser13 bastion.
• Click the three dots next to the PBT-1-Session-01 managed SSH session to open the Actions menu and click the View SSH command.
• Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file)
• Use a Notepad text editor to replace with the private key of the SSH key pair that you provided when you created the session. a. For example:

• Click the Cloud Shell icon at the right of the OCI console header.
• Verify that you are in the home directory. a. cd ~
• Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell.
• The file will be named similarly to ssh-key-.key.
• Locate and change the permission of the private key by executing the following commands: a. ls b. chmod 400
• Run the SSH command to connect the compute instance in the private subnet. a. For example:

• perl

• ssh -i ssh-key-2023-08-02.key -o ProxyCommand="ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com" -p 22 opc@10.0.1.162

Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?” 13. Verify the connected instance's Private IP address. a. ifconfig

Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01.

Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.

SOLUTION:

• From the navigation menu, select Compute and then click Instances.
• In the left navigation pane, under List Scope, select from the drop-down menu.
• Click Create Instance. In the Create Instance dialogue box, provide the following details:a) Name: IAD-SP-PBT-VM-01b) Placement: ADIc) Note: If the Service Limit error is displayed, choose a different availability domain.d) Image: Oracle Linux 8e) Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.f) Networking: IAD-WAF-PBT-VCN-01 and Public Subnetg) Public Address: Assign a Public IPv4 address.h) Generate (or upload) SSH Keys:i) Click Generate a key pair for me.j) Click Save private key. This will save the private key to your local workstation.k) Click Save public key. This will save the public key to your local workstation.l) Click Create.Note: After a few minutes, you can see that the instance has been successfully created and the state is Running.
• Under instance access, copy the Public IP address value to a Notepad file. We refer to it as the VM-O1-Public IP address.
• Click the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell and use SSH to log in to your instance, IAD-SP-PBT-VM-01, by using the following command:

Reminders: a) Upload the private key to the Cloud Shell you downloaded to your workstation earlier. Change the permission of the private key file by executing chmod 400 . Reference to upload file to cloud shell b)  is the full path and name of the file that contains the private key associated with the instance you want to access. c)  is the default user opc. d)  is the Public IP address of the instance. In our case, we refer to it as VM-01-Public IP. Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?" e) You are now connected to the instance IAD-SP-PBT-VM-01.

• While connected to your compute instance via SSH, run the following commands to install and configure the Apache web server: a) Install Apache Server:

• sudo yum -y install httpd.

b) Enable Apache and start Apache server:

• bash

• sudo systemctl enable httpd.sudo systemctl restart httpd

c) Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:

• css

• sudo firewall-cmd --permanent --add-port=80/tcp
• sudo firewall-cmd --reload

d) Create an index file for your web server:

• css

• sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html'

e) Exit the SSH connection:

• bash

• After executing all the commands successfully, open a browser in your local system and enter the URL http://.Note: Your browser will not return anything because port 80 is not opened yet for the instance subnet.

SOLUTION:

• From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.
• In the left navigation pane, under List Scope, select the working compartment from the drop-down menu.
• Click the IAD-SP-PBT-WAF-01_99233424-lab.user01 WAF policy to add a protection rule.
• On the policy details page, click Protections under Policy.
• In the Protection section on the console, click Manage request protection rules.
• Click Add Request Protection Rule.
• In the Add protection rule dialog box, enter the following details:a) Name: WAF-PBT-XSS-Protectionb) Conditions: Do not add any condition.c) Under Rule action - Action name: Select Create New Action from the drop-down menu.
• In the Add Action dialog box, enter the following details:a) Name: WAF-PBT-XSS-Actionb) Type: Return HTTP Responsec) Response code: Select “503 Service unavailable” from the drop-down menu.d) Response page body: Type “Service Unavailable: Web Server is secured against XSS attacks.”e) Click Add action.
• Under Protection Capabilities, click Choose protection capabilities.
• In the Choose protection capabilities dialog box, complete the following:a) Filter by tags: Type “xss” and press Enter.b) Filter by version: Latestc) Protection list: Check all protections. Select the check box in the header to add all.d) Click Choose protection capabilities.e) Review and click Add request protection rule.f) Click Save Changes in the Manage Request Protection Rules dialog box.

The rule you created appears in the list. The WAF policy will update and get back to Active state.

SOLUTION:Task 1: Create a Custom Security Zone recipe that permits the creation of a VCN with a public subnet, Internet Gateway, and a public bucket.

• Sign into your Oracle Cloud Infrastructure (OCI) account.
• From the navigation menu, click Identity & Security. Navigate to Security Zones and click Recipes.
• In the left navigation pane, under Scope, select from the drop-down menu.
• Click Create Recipe.
• On Create Recipe page, enter the following values: a. Recipe name: [Your Recipe Name] b. Description: My custom security zone recipe. c. Create for compartment: Select your compartment from the drop-down list. d. Click Next e. Policy type: All f. Resource type: VIRTUALNETWORK g. Uncheck
• Click create.

Task 2: Use the Custom Security Zone recipe created in Task 1 to create a Security Zone for your assigned compartment.

• From the navigation menu, select Identity & Security. Navigate to Security Zones and click Overview.
• In the left navigation pane, under Scope, select from the drop-down menu.
• Click Create Security Zone.
• On the Create Security Zone page, enter the following values: a. Security Zone Recipe: Select Customer-managed to use Custom Security Zone Recipe. b. Select Security Zone Recipe [Your Recipe Name] in the working compartment. c. Name: [Your Security Zone Name] d. Description: My Custom Security Zone. e. Create for compartment: Select the working compartment from the drop-down list.
• Click Create Security Zone. The new security zone is in the Creating state. It can take several minutes to associate the working compartment with the security zone. When finished, the security zone is in the Active state.
• On the Security Zone information tab, you can view the attached [Your Recipe Name] recipe.

Task 3: Use the VCN wizard to create a VCN and ensure that the Custom Security Zone recipe allows for the creation of a public subnet and Internet Gateway.

• From the navigation menu, select Networking, then click Virtual Cloud Network.
• In the left navigation pane, under List Scope, select from the drop-down menu.
• Click Create VCN.
• On the Configuration page, enter the following: a. Name: IAD-SP-PBT-VCN-01 b. IPv4 CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
• Click Create VNC.
• After Create VNC, click in Create Subnet
• On the Configuration page, enter the following: a. Name: IAD-SP-PBT-PUBSNET-01 b. Subnet Type: Regional c. IPv4 CIDR Blocks: 10.0.1.0/24 d. Subnet Access: Public Subnet e. Leave all the other options in their default setting.
• Click Create Subnet.

Task 4: Create a Computer Instance

• From the navigation menu, select Compute and then click Instances.
• Click Create Instance. In the Create Instance dialog box, provide the following details:
• Click create.

Note: After a couple of minutes, you can see that the instance has been successfully created and the status Running.