최신 1z0-1104-23 무료덤프 - Oracle Cloud Infrastructure 2023 Security Professional
In which two ways can you improve data durability in Oracle Cloud Infrastructure (OCI) Object Storage? (Choose two.)
정답: A,C
Which value must an application have to retrieve a secret bundle from Oracle Cloud Infrastructure? (Choose the best Answer.)
정답: A
You have subscribed to a tenancy, in which you want to isolate the OCI resources from different users logically for governance. Which OCI resource will help you achieve logical separation? (Choose the best Answer.)
정답: D
Challenge 1 - Task 4 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following tasks in the OCI environment provisioned:
Create a Linux Instance with the name [Provide Name Here] within the compartment.
Under placement, select the availability domain AD2.
Select Shape as VM.Standard2.1.
Provide your own public key to SSH the instance.
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following tasks in the OCI environment provisioned:
Create a Linux Instance with the name [Provide Name Here] within the compartment.
Under placement, select the availability domain AD2.
Select Shape as VM.Standard2.1.
Provide your own public key to SSH the instance.
정답:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Compute and then click Instances.
From the left navigation pane, under List Scope, select your working compartment from the drop-down menu.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Name: my_pbt_linux
Create in compartment: Select your work compartment name.
Placement: Select AD2.
Image: Oracle Linux 8
Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.
Networking: Pick your PBT_SECRET_VCN01 and Public Subnet.
Public IP address: Assign a Public IPv4 address.
Generate SSH Keys.
Click Generate a key pair for me.
Click Save private key (This will save the private key to your local workstation).
Click create.
Note: After a couple of minutes, you can see that the instance has been successfully created and the status is Running.
After the instances are provisioned, details about it appear in the instance list. Copy and save the Public IP addresses, which will be required to connect to the instance using SSH.
Explanation:
SOLUTION:
From the navigation menu, select Compute and then click Instances.
From the left navigation pane, under List Scope, select your working compartment from the drop-down menu.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Name: my_pbt_linux
Create in compartment: Select your work compartment name.
Placement: Select AD2.
Image: Oracle Linux 8
Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.
Networking: Pick your PBT_SECRET_VCN01 and Public Subnet.
Public IP address: Assign a Public IPv4 address.
Generate SSH Keys.
Click Generate a key pair for me.
Click Save private key (This will save the private key to your local workstation).
Click create.
Note: After a couple of minutes, you can see that the instance has been successfully created and the status is Running.
After the instances are provisioned, details about it appear in the instance list. Copy and save the Public IP addresses, which will be required to connect to the instance using SSH.
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Which statement about Oracle Cloud Infrastructure Multi-Factor Authentication (MFA)is NOT valid?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Which type of file system does file storage use?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have configured Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance for log Ingestion purposes. OR When using Management Agent to collect logs continuously. Which is required configuration for OCI Logging Analytics service to collect data from multiple logs of this Instance? (Choose the best Answer.)
정답: D
Which is NOT a part of Observability and Management Services?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Challenge 4 - Task 1 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01
정답:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
a) Name: IAD-WAF-PBT-VCN-01
b) Note: Leave all the other options in their default setting.
c) Click Next.
d) Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components:
VCN
Public subnet
Private subnet
Internet gateway
NAT gateway
Service gateway
This format keeps the instructions intact while preserving the original content.
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
a) Name: IAD-WAF-PBT-VCN-01
b) Note: Leave all the other options in their default setting.
c) Click Next.
d) Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components:
VCN
Public subnet
Private subnet
Internet gateway
NAT gateway
Service gateway
This format keeps the instructions intact while preserving the original content.