1z0-1104-23 Exam Dumps - Oracle Cloud Infrastructure 2023 Security Professional

Question # 4

Which two are monitored by Cloud Guard in OCI, which can help with the overall security posture? (Choose two.)

prevents you from creating misconfigurations on your resources in OCI

monitors user activity that can be unauthorized or suspicious

helps detects misconfigured resources, such as publicly accessible storage buckets, in-stances, and restricted ports on security lists

masks sensitive data and monitors security controls on your Databases

Full Access

Question # 5

Which value must an application have to retrieve a secret bundle from Oracle Cloud Infrastructure? (Choose the best Answer.)

Bundle OCID

Secret OCID

Vault OCID

Key OCID

Full Access

Question # 6

Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?

URL_PART_CONTAINS

URL_IS

URL_PART_ENDS_WITH

URL_STARTS_WITH

Full Access

Question # 7

Which Oracle Cloud Service provides restricted accessto target resources?

Bastion

Internet Gateway

Load balancer

SSL certificate

Full Access

Question # 8

As a security architect, how can you preventunwanted bots while desirable bots are allowed to enter?

Data Guard

Vault

Compartments

Web Application Firewall (WAF)

Full Access

Question # 9

Which two reasons would a crytpo admin have to select the Virtual Private Vault option when creating an Oracle Cloud Infrastructure Vault? (Choose two.)

to scale to over 10,000 keys

ability to back up and restore the Vault for redundancy.

ability to export keys from the vault

banking requirements, including chip card reloading and PIN Processing

more isolation for encryption keys with a dedicated HSM partition

Full Access

Question # 10

A company needs to have somebuckets as public in the compartment. You want Cloud Guard to ignore the problem associated with public bucket. Select TWO correct answers

Dismiss the issues associated with these resources

Make the bucket private so that Cloud Guard won't detectit

Configure Conditional groups for the detector to fix base line

First make the bucket private and after few days make the bucket public again

Full Access

Question # 11

How can you limit access to an Oracle Cloud Infrastructure (OCI) Object Storage bucket to only the users Hark for within the corporate network? (Choose the best Answer.)

Create pre authenticated request (PAR) that limits access to the corporate network CIDRS.

Create an Identity and Access Management (TAM) policy and add a group that contains all the Internal computers

Create an identity and Access Management (IAM) policy and add a network source that has the corporate network classless inter-domain routings (CIDR).

Make the bucket private and limit the access using Security Lists

Full Access

Question # 12

What are Virtual Cloud Network (VCN) flow logs record details about traffic that has been accepted or rejected, based on? (Choose the best Answer.)

Route Rules in the VCN default Route Table

Instance Principals governing all compute Distances in a given compartment

Security Rules on Security List and Network Security Groups (NSGA)

Full Access

Question # 13

How do you enable server-side encryption in an Oracle Cloud Infrastructure (OCI) Object Storage bucket? (Choose the best Answer.)

By uploading your encryption key to OCI Vault and associating it with the bucket you want to encrypt.

By updating the buckets metadata value for encrypted_bucket to "true"

By default, server-side encryption is enabled and requires no user action.

By uploading encrypted objects will enable the encryption in the objects.

Full Access

Question # 14

Your company will transfer a fleet of 12 servers from on-premises to Oracle Cloud Infra-structure (OCI). The fleet will include two webservers. All 12 servers will be in the same sub-net, and share the exact same security permissions, with the only exception being the two web servers. In addition to the same permissions of the other 10 servers, they will have ports 80 and 443 enabled. The security policy must be hardened to ensure that only those two servers have those ports open. What should your configuration actions be for this scenario? (Choose the best Answer.)

Configure a Network Security Group that includes all necessary permissions for all 12 servers Then configure the Security List that grants access to ports 80 and 443. Assign the Security List to the VNICS of the web servers.

Configure a Security List that includes all necessary permissions for all 12 servers. Then configure a Network Security Group that grants access to ports 80 and 443. As-sign the. Network Security Group to the VNICs of the two web servers.

Configure an OCI Load Balancer that has the two web servers as the backend servers with a health check policy that constantly monitors port 80 and port 443.

In the OCI Web Application Firewall, configure a traffic steering policy that grants access to ports 80 and 443 to the two web servers.

Full Access

Question # 15

Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?

Windows Servers that does not have the minimum agent version does not require an agent update or installation.

Windows Servers that already has the minimum agent version does not require an agent update or installation.

Windows Servers that already has the minimum agent version requires an agent update or installation.

Windows Servers that does not have the minimum agent version requires an agent update or installation.

Full Access

Question # 16

With regard to vulnerability and cloud penetration testing, which rules of engagement apply? Select TWO correct answers.

Any port scanning must be performed in an aggressive mode

Physical penetration and vulnerability testing of Oraclefacilities is prohibited

Testing should target any other subscription or any other Oracle Cloud customer resources

You are responsible for any damages to Oracle Cloud customers that are caused by your testing activities

Full Access

Question # 17

What are the two items required to create a rule for the Oracle Cloud Infrastructure (OCI) Events Service? (Choose two.)

Management Agent Cloud Service

Service Connector

Rule Conditions

Install key

Actions

Full Access

Question # 18

An automobile company needs to configure Bastion Managed SSH session to a compute

instance in a private subnet. What are the TWO prerequisites to configure successfully?

NAT or Service Gateway should be attached to the private subnet

There is no need for any gateway in private subnet

SSH port forwarding should be enabled

Route rule to a NAT or Service Gateway should be associated with the subnet of the route table

Full Access

Question # 19

Logical isolation for resources is provided by which OCI feature?

Tenancy

Availability Zone

Region

Compartments

Full Access

Question # 20

As a security administrator, you want to create cloud resources that alignwith Oracle's security principles and best practices. Which security service should you use?

Identity and Access Management

Cloud Guard

Security Advisor

Web Application Firewall (WAF)

Full Access

Question # 21

What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?

Policies

Users

Dynamic groups

Groups

Full Access

Question # 22

What information do youget by using the Network Visualizer tool?

State of subnets in a VCN

Interconnectivity of VCNs

Routes defined between subnets and gateways

Organization of subnets and VLANs across availability domains

Full Access

Question # 23

You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the Internet and therefore wants to add a higher level of security to the website. How would you architect the solution in Oracle Cloud Infrastructure (OCI) to meet the security requirements defined by your organization? (Choose the best Answer.)

Deploy at least three web servers, each in different faut domain using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all the web servers. \

Deploy Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.

Deploy at least three web servers, each in a different fault domain in a public subnet. Ensure that each web server is assigned a public IP address. Depley Web Application Firewall (WAS) and configure one origin for each public P address.

Deploy at least three web servers, each in a different faut domain in a private subnet. Place a public load balancer in a public subnet and create a backend set for all the web servers Create Geolocation steering policy in OCI Traffic Management and add an answer pool that directs to the public IP address of the load balancer.

Deploy at least three web servers, each in a different fault domain in a public subnet. Use OCI Traffic Management service to create a load balancing policy to resolve DNS evenly between all web servers.

Full Access

Question # 24

Which are the three prerequisites for successfully configuring a Bastion managed SSH ses-sion to a compute instance in a private subnet? (Choose three.)

The compute instance must have the Bastion cloud agent enabled.

The private subnet must have a service or NAT gateway.

The private subret must not have any gateway in it

The SSH port forwarding feature needs to be enabled

The compute instance must have the Bastion cloud agent disabled

The route table associated with the subnet needs to have a route rule to a service or NAT gateway.

Full Access

Question # 25

Which of the following is necessary step when creating a secret in vault?

Vault-managed key is necessary to encrypt the secret

Digest Hash shouldbe created of the secret value

Object Storage must be created to run secret service

Shamir's secret sharing algorithm should be used to unseal the vault

Full Access

Question # 26

You want to create a stateless rule for SSH in a security list, and the Ingress rule has al-ready been properly configured. Which combination should you use on the egress rule? (Choose the best Answer.)

Select TCP for Protocol; enter 22 for Source Port; and ALL for Destination Port.

Select UDP for Protocol; enter 22 for Source Part; and ALL for Destination Port.

Select TCP for Protocol enter ALL for Source Port; and 22 for Destination Port.

Select TCP for Protocol; enter 22 for Source Port; and 22 for Destination Port.

Full Access

Question # 27

Challenge 3 - Task 3 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

â€¢ Configure a Virtual Cloud Network (VCN) and a Private Subnet.

â€¢ Provision a Compute Instance in the private subnet and enable Bastion Plugin.

â€¢ Create a Bastion and Bastion session.

â€¢ Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

1.Â Â Â Â Â Create a Bastion with the name SPPBTBASTION99233424-lab.user01

[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13

2.Â Â Â Â Â Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"

Full Access

Question # 28

Challenge 1 - Task 1 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario:

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured:

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following tasks in the OCI environment provisioned:

Create Master Encryption Key with the name my_pbt_msk with 256 bits shape.
Create a Secret with the name my-pbt-secret_99234021-lab.user01 and secret content.

For example: If your user name is 99346163-lab.user02, then the secret should be named as my-pbt-secret_99346163-lab.user02.

Full Access

Question # 29

Challenge 3 - Task 4 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

â€¢ Configure a Virtual Cloud Network (VCN) and a Private Subnet.

â€¢ Provision a Compute Instance in the private subnet and enable Bastion Plugin.

â€¢ Create a Bastion and Bastion session.

â€¢ Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.

Full Access

Question # 30

Challenge 1 - Task 2 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a good security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured:

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following task:

In the field below, write the IAM policy, which allows a program running on a computer instance (principal instance) to retrieve a secret from the OCI Vault.

Full Access

Question # 31

Challenge 2

Least-Privileged Model Enforcement Leveraging Custom Security Zones

Scenario

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the Security Zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You, therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

â€¢ Create a Custom Security Zone recipe to allow compute instances in the public subnet.

â€¢ Create a Security Zone using the Custom Security Zone recipe.

â€¢ Configure a Virtual Cloud Network (VCN) and Public Subnet.

â€¢ Provision a Compute Instance in the public subnet.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Create a Custom Recipe with the name
Create a Security Zone with the name
Create a VCN with the name IAD-SP-PBT-VCN-01
Create a Public Subnet with the name IAD-SP-PBT-PUBSNET-01
Create a Compute Instance with the name IAD-SP-PBT-1-VM-01, using the "Oracle Linux 8" image and "VM.Standard2.1" as shape

Full Access

Answer:

Explanation:

SOLUTION:Task 1: Create a Custom Security Zone recipe that permits the creation of a VCN with a public subnet, Internet Gateway, and a public bucket.

Sign into your Oracle Cloud Infrastructure (OCI) account.
From the navigation menu, click Identity & Security. Navigate to Security Zones and click Recipes.
In the left navigation pane, under Scope, select from the drop-down menu.
Click Create Recipe.
On Create Recipe page, enter the following values: a. Recipe name: [Your Recipe Name] b. Description: My custom security zone recipe. c. Create for compartment: Select your compartment from the drop-down list. d. Click Next e. Policy type: All f. Resource type: VIRTUALNETWORK g. Uncheck
Click create.

Task 2: Use the Custom Security Zone recipe created in Task 1 to create a Security Zone for your assigned compartment.

From the navigation menu, select Identity & Security. Navigate to Security Zones and click Overview.
In the left navigation pane, under Scope, select from the drop-down menu.
Click Create Security Zone.
On the Create Security Zone page, enter the following values: a. Security Zone Recipe: Select Customer-managed to use Custom Security Zone Recipe. b. Select Security Zone Recipe [Your Recipe Name] in the working compartment. c. Name: [Your Security Zone Name] d. Description: My Custom Security Zone. e. Create for compartment: Select the working compartment from the drop-down list.
Click Create Security Zone. The new security zone is in the Creating state. It can take several minutes to associate the working compartment with the security zone. When finished, the security zone is in the Active state.
On the Security Zone information tab, you can view the attached [Your Recipe Name] recipe.

Task 3: Use the VCN wizard to create a VCN and ensure that the Custom Security Zone recipe allows for the creation of a public subnet and Internet Gateway.

From the navigation menu, select Networking, then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select from the drop-down menu.
Click Create VCN.
On the Configuration page, enter the following: a. Name: IAD-SP-PBT-VCN-01 b. IPv4 CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
Click Create VNC.
After Create VNC, click in Create Subnet
On the Configuration page, enter the following: a. Name: IAD-SP-PBT-PUBSNET-01 b. Subnet Type: Regional c. IPv4 CIDR Blocks: 10.0.1.0/24 d. Subnet Access: Public Subnet e. Leave all the other options in their default setting.
Click Create Subnet.

Task 4: Create a Computer Instance

From the navigation menu, select Compute and then click Instances.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Click create.

Note: After a couple of minutes, you can see that the instance has been successfully created and the status Running.

Question # 32

Challenge 4 - Task 1 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script:Â [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note:Â You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01

Full Access

Question # 33

Challenge 1 - Task 5 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

Preconfigured

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Full Access

Question # 34

Challenge 4 - Task 2 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

To ensure that the configured WAF blocks the XSS attack, run the following script:Â [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Complete the following task in the provisioned OCI environment:

Create a Compute Instance with the nameÂ IAD-SP-PBT-VM-01, using theÂ Oracle Linux 8Â image andÂ VM.Standard2.1Â shape.
SSH to the compute instance using Cloud Shell.
Install and configure Apache web server:a. Install Apache server:

sudo yum -y install httpd

b. Enable Apache and start Apache server:

bash

sudo systemctl enable httpd
sudo systemctl restart httpd

c. Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload

d. Create an index file for your web server:

vbnet

sudo bash -c 'echo You are visiting Web Server 1 >>
/var/www/html/index.html'

Full Access

Answer:

Explanation:

SOLUTION:

From the navigation menu, select Compute and then click Instances.
In the left navigation pane, under List Scope, select from the drop-down menu.
Click Create Instance. In the Create Instance dialogue box, provide the following details:a) Name: IAD-SP-PBT-VM-01b) Placement: ADIc) Note: If the Service Limit error is displayed, choose a different availability domain.d) Image: Oracle Linux 8e) Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.f) Networking: IAD-WAF-PBT-VCN-01 and Public Subnetg) Public Address: Assign a Public IPv4 address.h) Generate (or upload) SSH Keys:i) Click Generate a key pair for me.j) Click Save private key. This will save the private key to your local workstation.k) Click Save public key. This will save the public key to your local workstation.l) Click Create.Note: After a few minutes, you can see that the instance has been successfully created and the state is Running.
Under instance access, copy the Public IP address value to a Notepad file. We refer to it as the VM-O1-Public IP address.
Click the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell and use SSH to log in to your instance, IAD-SP-PBT-VM-01, by using the following command:

Reminders: a) Upload the private key to the Cloud Shell you downloaded to your workstation earlier. Change the permission of the private key file by executingÂ chmod 400 . Reference to upload file to cloud shell b)Â Â is the full path and name of the file that contains the private key associated with the instance you want to access. c)Â Â is the default user opc. d)Â Â is the Public IP address of the instance. In our case, we refer to it as VM-01-Public IP. Note: Enter yes in response to â€œAre you sure you want to continue connecting (yes/no)?" e) You are now connected to the instance IAD-SP-PBT-VM-01.

While connected to your compute instance via SSH, run the following commands to install and configure the Apache web server: a) Install Apache Server:

sudo yum -y install httpd.

b) Enable Apache and start Apache server:

bash

sudo systemctl enable httpd.sudo systemctl restart httpd

c) Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload

d) Create an index file for your web server:

sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html'

e) Exit the SSH connection:

bash

After executing all the commands successfully, open a browser in your local system and enter the URL http://.Note: Your browser will not return anything because port 80 is not opened yet for the instance subnet.

Question # 35

Challenge 4 - Task 3 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

To ensure that the configured WAF blocks the XSS attack, run the following script:Â [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Complete the following task in the provisioned OCI environment:

Go to the VCN IAD-WAF-PBT-VCN-01.
Create a Security List with the name IAD-SP-PBT-LB-SL-01.
Create a Public subnet named LB-Subnet-IAD-SP-PBT-SNET-02 and attach the above-created security list.
Create a Load Balancer with the name IAD-SP-PBT-LB-01.
Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01.
Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet.

Full Access

Question # 36

Challenge 1 - Task 3 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

Preconfigured

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Complete the following task in the OCI environment provisioned:

Create a new VCNÂ with the nameÂ PBT_SECRET_VCN01Â andÂ public subnetÂ within your assigned compartment.

Full Access

Question # 37

Challenge 3 - Task 2 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

â€¢ Configure a Virtual Cloud Network (VCN) and a Private Subnet.

â€¢ Provision a Compute Instance in the private subnet and enable Bastion Plugin.

â€¢ Create a Bastion and Bastion session.

â€¢ Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Create a Compute Instance with the name PBT-BAS-VM-01, using the "Oracle Linux 8" image and shape "VM.Standard2.1", without SSH key and enable Bastion plugin.

Full Access

Question # 38

Challenge 1 - Task 4 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

Preconfigured

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Complete the following tasks in the OCI environment provisioned:

Create a Linux Instance with the nameÂ [Provide Name Here]Â within the compartment.

Provide your own public key to SSH the instance.

Full Access

Question # 39

Challenge 4 - Task 6 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

To ensure that the configured WAF blocks the XSS attack, run the following script:Â [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Complete the following task in the provisioned OCI environment:

You will connect to the web server and append an XSS script. The protection rule will evaluate the requests and respond accordingly.

Full Access

Question # 40

Challenge 3 - Task 1 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

â€¢ Configure a Virtual Cloud Network (VCN) and a Private Subnet.

â€¢ Provision a Compute Instance in the private subnet and enable Bastion Plugin.

â€¢ Create a Bastion and Bastion session.

â€¢ Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Create a Virtual Cloud Network (VCN) with the name PBT-BAS-VCN-01
Create a Private Subnet with the name PBT-BAS-SNET-01
Create a Service Gateway with the name PBT-BAS-SG-01, using the service "All IAD Services in Oracle Services Network"
Add Route Rules for Service Gateway

Full Access

Question # 41

Challenge 4 - Task 5 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

To ensure that the configured WAF blocks the XSS attack, run the following script:Â [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Complete the following task in the provisioned OCI environment:

1. Create a Protection Rule with nameÂ WAF-PBT-XSS-ProtectionÂ against XSS attack. for protecting web server

2. Create a New Rule Action with nameÂ WAF-PBT-XSS-ActionÂ where http response code will be 503 (Service Unavailable).

Full Access

Hot Exams

ADM-201 Dumps

Sales-Cloud-Consultant Dumps

Service-Cloud-Consultant Dumps

Platform-App-Builder Dumps

AZ-500 Dumps

Associate-Cloud-Engineer Dumps

350-701 Dumps

CKA Dumps

SY0-601 Dumps

NCSE-Core Dumps

PDP9 Dumps

DP-203 Dumps

11.11 Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

1z0-1104-23 Exam Dumps - Oracle Cloud Infrastructure 2023 Security Professional

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Hot Exams