dumpspedia logo
Challenge 1 - Task 5 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Challenge 3 - Task 3 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario
A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
• Configure a Virtual Cloud Network (VCN) and a Private Subnet.
• Provision a Compute Instance in the private subnet and enable Bastion Plugin.
• Create a Bastion and Bastion session.
• Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1
Complete the following tasks in the provisioned OCI environment:
1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01
[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13
2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"
Challenge 4 - Task 4 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack
Scenario
You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// ](http:// ) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1. Complete the following task in the provisioned OCI environment: Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01 Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02
Which statements are CORRECT about Multi-Factor Authentication in OCI ? Select TWO correct answers
Which two Cloud Guard tasks can be configured using API or Console? (Choose two.)
Challenge 3 - Task 2 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario
A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
• Configure a Virtual Cloud Network (VCN) and a Private Subnet.
• Provision a Compute Instance in the private subnet and enable Bastion Plugin.
• Create a Bastion and Bastion session.
• Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1
Complete the following tasks in the provisioned OCI environment:
Create a Compute Instance with the name PBT-BAS-VM-01, using the "Oracle Linux 8" image and shape "VM.Standard2.1", without SSH key and enable Bastion plugin.
Challenge 3 - Task 4 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario
A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
• Configure a Virtual Cloud Network (VCN) and a Private Subnet.
• Provision a Compute Instance in the private subnet and enable Bastion Plugin.
• Create a Bastion and Bastion session.
• Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1
Complete the following tasks in the provisioned OCI environment:
Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.
Challenge 4 - Task 5 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack
Scenario
You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// ](http:// ) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1. Complete the following task in the provisioned OCI environment: 1. Create a Protection Rule with name WAF-PBT-XSS-Protection against XSS attack. for protecting web server 2. Create a New Rule Action with name WAF-PBT-XSS-Action where http response code will be 503 (Service Unavailable).
Challenge 4 - Task 6 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack
Scenario
You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// ](http:// ) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1. Complete the following task in the provisioned OCI environment: You will connect to the web server and append an XSS script. The protection rule will evaluate the requests and respond accordingly.
Challenge 1 - Task 1 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario:
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured:
To complete this requirement, you are provided with:
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following tasks in the OCI environment provisioned:
For example: If your user name is 99346163-lab.user02, then the secret should be named as my-pbt-secret_99346163-lab.user02.
Challenge 2
Least-Privileged Model Enforcement Leveraging Custom Security Zones
Scenario
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the Security Zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You, therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
• Create a Custom Security Zone recipe to allow compute instances in the public subnet.
• Create a Security Zone using the Custom Security Zone recipe.
• Configure a Virtual Cloud Network (VCN) and Public Subnet.
• Provision a Compute Instance in the public subnet.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1
Complete the following tasks in the provisioned OCI environment:
Challenge 1 - Task 4 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following tasks in the OCI environment provisioned:
Provide your own public key to SSH the instance.
When creating an OCI Vault, which factors may lead to select the Virtual Private Vault? Select TWO correct answers
Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs do not support OCI's signature-based authentication, you want them to communicate with OCI resources Which authentication option should you use to ensure this? (Choose the best Answer.)
A company needs to have somebuckets as public in the compartment. You want Cloud Guard to ignore the problem associated with public bucket. Select TWO correct answers
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?
you want to create a stateless rule forSSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?
Which statement about Oracle Cloud Infrastructure Multi-Factor Authentication (MFA)is NOT valid?
Which two reasons would a crytpo admin have to select the Virtual Private Vault option when creating an Oracle Cloud Infrastructure Vault? (Choose two.)
Which securityissues can be identified by Oracle Vulnerability Scanning Service? Select TWO correct answers
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers
A company plans to use Oracle Cloud services for their production and development environments, but they have different security requirements. Their security policy forbids development environment users from having access to the production environment and requires separate administrators to manage each environment. The company has only one tenancy in Oracle Cloud. How can they ensure that their security requirements are met in Oracle Cloud? (Choose the best Answer.)
Which IAM policy should be created to give XYZ the ability to list contents of a resource excluding the fneeds to authenticatein prod compartment ? Principle of least priviledge should be used.
You configured the events service for your Cloud Guard problems to send email notifications, but you do not see any, which three things should you check to resolve this? (Choose three.)
Which are the two responsibilities of Oracle when you move your IT infrastructure to Oracle Cloud Infrastructure (OCI)?
Which storage type is most effective when you want to move some unstructured data, consisting of images and videos, to cloud storage?
Which two services can leverage Vault symmetric encryption keys for data-at-rest? (Choose two.) OR Which OCI services can encrypt all data-at-rest? (Choose two.)
A customer has multiple virtual machines in a subnet that require access to the public Internet. They want to implement URL filtering to restrict access to certain websites. They have identified the following requirements: All virtual machines should be able to access educational websites. Some virtual machines should not be able to access gaming websites. Some virtual machines should not be able to access social media websites. Which is the best method to implement these requirements? (Choose the best Answer.)
You subscribe to a PaaS service that follows the Shared Responsibility model.
Which type of security is your responsibility?
In Oracle Cloud Infrastructure (OCI) Secret management within OCI Vault, you have created a secret and rotated the secret one time. The current version state shows: Version Number | Status 2 (latest) | current 1 | Previous In order to rollback to version 1, What should the Administrator do? (Choose the best Answer.)
A number of malicious requests for a web application is coming from a set of IP addresses
originating from Antartica.
Which of the following statement will help to reduce these types of unauthorized requests ?
Challenge 1 - Task 3 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following task in the OCI environment provisioned:
Create a new VCN with the name PBT_SECRET_VCN01 and public subnet within your assigned compartment.
Challenge 1 - Task 2 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a good security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured:
To complete this requirement, you are provided with:
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following task:
In the field below, write the IAM policy, which allows a program running on a computer instance (principal instance) to retrieve a secret from the OCI Vault.
Challenge 4 - Task 1 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack
Scenario
You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// ](http:// ) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1. Complete the following task in the provisioned OCI environment: Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01
TESTED 18 Oct 2024
Graphical user interface, text, application, email Description automatically generated
Graphical user interface, text, application Description automatically generated
Graphical user interface, text, application, email Description automatically generated
Graphical user interface, text, application Description automatically generated
Graphical user interface, text, application Description automatically generated
Graphical user interface, text, application, email Description automatically generated
Table Description automatically generated
Graphical user interface, text, application Description automatically generated