1z0-1104-23試験無料問題集「Oracle Cloud Infrastructure 2023 Security Professional 認定」
As a cloud network administrator, you have been tasked with defining ingress and egress access rules for microservices deployed as functions in Oracle Functions. In addition to defining some general access rules in the subnet's security list, you define more fine-grained rules for different functions using Oracle Cloud Infrastructure (OCI) Network Security Groups (NSGs). Once the NSGs are created, where should they be attached in order to apply to a specific deployed function? (Choose the best Answer.)
正解:D
解答を投票する
Challenge 4 - Task 1 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01
正解:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
a) Name: IAD-WAF-PBT-VCN-01
b) Note: Leave all the other options in their default setting.
c) Click Next.
d) Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components:
VCN
Public subnet
Private subnet
Internet gateway
NAT gateway
Service gateway
This format keeps the instructions intact while preserving the original content.
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
a) Name: IAD-WAF-PBT-VCN-01
b) Note: Leave all the other options in their default setting.
c) Click Next.
d) Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components:
VCN
Public subnet
Private subnet
Internet gateway
NAT gateway
Service gateway
This format keeps the instructions intact while preserving the original content.
Your company will transfer a fleet of 12 servers from on-premises to Oracle Cloud Infra-structure (OCI). The fleet will include two webservers. All 12 servers will be in the same sub-net, and share the exact same security permissions, with the only exception being the two web servers. In addition to the same permissions of the other 10 servers, they will have ports 80 and 443 enabled. The security policy must be hardened to ensure that only those two servers have those ports open. What should your configuration actions be for this scenario? (Choose the best Answer.)
正解:D
解答を投票する
You have created several Oracle Cloud Infrastructure Groups with the prefix of 'Test' in your tenancy. For example TestECommerce, TestCatalog, and TestAdministration. You want to create another group called TestGroupsAdmin to manage all the groups that start with "Test" except for the group TestAdministration.? (Choose the best Answer.)
正解:A
解答を投票する