최신 1z0-1104-23 무료덤프 - Oracle Cloud Infrastructure 2023 Security Professional
What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You need to create matching rules for a conditional policy. Which TWO matching rules syntax can be used? (Choose two.)
정답: B,D
You know that a few buckets in your compartment should stay public, and you do not want Cloud Guard to detect these as problems. In which two ways would you address this? (Choose two.)
정답: B,D
"Jazz Clothing" is an e-commerce company that wants to secure their in-transit communication to online store's hosted on Oracle Cloud Infrastructure (OCI) by ensuring secure Transport Layer Security (TLS) connections. They plan to automate the process of creating and rotating certificates using the OCI Certificates service to avoid outages due to expired certificates. What is a key benefit that Jazz Clothing will gain by automating their certificate management for TLS connections in OCI? (Choose the best Answer.)
정답: D
Challenge 1 - Task 5 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
정답:
See the solution below in Explanation
Explanation:
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400 <private key name>.key
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i <private key name> opc<public IP address of instance>
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id> For example: Secret id = "ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.
Explanation:
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400 <private key name>.key
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i <private key name> opc<public IP address of instance>
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id> For example: Secret id = "ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.
Which Oracle Data Safe feature minimizes the amount of personal data and allows internal test, development, and analytics teams to operate with reduced risk?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Which statement is not true about Cloud Security Posture?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You create a new compartment, "apps," to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?
What would you do to ensure the users have access to the apps compartment?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Which of these protects customer data at rest and in transit in a way that allows customers to meet their security and compliance requirements forcryptographic algorithms and key management?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Challenge 4 - Task 4 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01 Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01 Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02
정답:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.
From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Create WAF Policy.
The Create WAF Policy dialogue box appears. Creating a WAF policy consists of the following sections accessible from the left-side navigation:
a) Basic information
b) Access control
c) Rate limiting
d) Protections
e) Select enforcement point
f) Review and create.
In the Basic Information section:
a) Name: IAD-SP-PBT-WAF-01_99233424-lab.user01
b) WAF Policy Compartment: Select your working compartment
c) Action: Keep the default preconfigured actions; do not edit.
d) Click the Select enforcement point section accessible from the left-side navigation.
Note: You will configure the other section later in this practice. You will directly configure the Enforcement point.
In the Select enforcement point section: a) Add Firewalls: Select a load balancer IAD-SP-PBT-LB-01 in your current compartment from the list. b) Click Next for Review and Create.
Under the Review and Create Section: a) Verify the enforcement point added in the previous step.
Click Create WAF Policy.
The Create WAF Policy dialogue box closes, and you are returned to the WAF Policy page. The WAF policy you created is listed.
Explanation:
SOLUTION:
From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.
From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Create WAF Policy.
The Create WAF Policy dialogue box appears. Creating a WAF policy consists of the following sections accessible from the left-side navigation:
a) Basic information
b) Access control
c) Rate limiting
d) Protections
e) Select enforcement point
f) Review and create.
In the Basic Information section:
a) Name: IAD-SP-PBT-WAF-01_99233424-lab.user01
b) WAF Policy Compartment: Select your working compartment
c) Action: Keep the default preconfigured actions; do not edit.
d) Click the Select enforcement point section accessible from the left-side navigation.
Note: You will configure the other section later in this practice. You will directly configure the Enforcement point.
In the Select enforcement point section: a) Add Firewalls: Select a load balancer IAD-SP-PBT-LB-01 in your current compartment from the list. b) Click Next for Review and Create.
Under the Review and Create Section: a) Verify the enforcement point added in the previous step.
Click Create WAF Policy.
The Create WAF Policy dialogue box closes, and you are returned to the WAF Policy page. The WAF policy you created is listed.