Get 1z0-1104-23 Dumps : Verified Oracle Cloud Infrastructure 2023 Security Professional

SOLUTION:

• From the navigation menu, select Networking and then click Virtual Cloud Network.
• In the left navigation pane, under List Scope, select from the drop-down menu.
• Click Start VCN Wizard.
• Select Create VCN with Internet Connectivity and click Start VCN Wizard.
• On the Configuration page, enter the following:

a) Name: IAD-WAF-PBT-VCN-01

b) Note: Leave all the other options in their default setting.

c) Click Next.

d) Verify the details on the Review and Create page.

• Click Create to start creating the VCN and its resources.
• Click View Virtual Cloud Network to verify the creation of the VCN and its resources.

You can now see that the VCN has been successfully created and is in the Available state, with the following components:

• uk.co.certification.simulator.questionpool.PList@1890f260

This format keeps the instructions intact while preserving the original content.

Solutions:

• From the navigation menu, select Compute and then click Instances.
• In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
• Click Create Instance. In the Create Instance dialogue box, provide the following details:a. Name: PBT-BAS-VM-01b. Placement: Select Availability Domain AD.c. Image: Select the image Oracle Linux 8.d. Shape: Click Change shape > Select Ampere shape series > Select VM.Standard2.1.e. Click Select Shape to return to the Create compute instance window.f. Networking: Pick your PBT-BAS-VCN-01 and Private Subnet.g. Public IP address: Do not assign a Public IPv4 address.h. Add SSH keys: Do not add any SSH key.i. Note: Leave all the other options in their default setting.j. Click Show Advanced Options.
• On the Oracle Cloud Agent tab, select Bastion.
• Click Create. (Click Yes, and create an instance on the “No SSH access” prompt)

After a few minutes, you can see that the instance has been successfully created, and the state is Running.

• Click the Oracle Cloud Agent tab on the instance details page.
• Toggle the Enable Plugin switch to Enable for the Bastion plug-in, if the switch is disabled.

It can take 5-10 minutes for the change to take effect. After a few moments, the status of the Running for the Bastion-enabled service will be displayed.

SOLUTION:Task 1: Create a Custom Security Zone recipe that permits the creation of a VCN with a public subnet, Internet Gateway, and a public bucket.

• Sign into your Oracle Cloud Infrastructure (OCI) account.
• From the navigation menu, click Identity & Security. Navigate to Security Zones and click Recipes.
• In the left navigation pane, under Scope, select from the drop-down menu.
• Click Create Recipe.
• On Create Recipe page, enter the following values: a. Recipe name: [Your Recipe Name] b. Description: My custom security zone recipe. c. Create for compartment: Select your compartment from the drop-down list. d. Click Next e. Policy type: All f. Resource type: VIRTUALNETWORK g. Uncheck
• Click create.

Task 2: Use the Custom Security Zone recipe created in Task 1 to create a Security Zone for your assigned compartment.

• From the navigation menu, select Identity & Security. Navigate to Security Zones and click Overview.
• In the left navigation pane, under Scope, select from the drop-down menu.
• Click Create Security Zone.
• On the Create Security Zone page, enter the following values: a. Security Zone Recipe: Select Customer-managed to use Custom Security Zone Recipe. b. Select Security Zone Recipe [Your Recipe Name] in the working compartment. c. Name: [Your Security Zone Name] d. Description: My Custom Security Zone. e. Create for compartment: Select the working compartment from the drop-down list.
• Click Create Security Zone. The new security zone is in the Creating state. It can take several minutes to associate the working compartment with the security zone. When finished, the security zone is in the Active state.
• On the Security Zone information tab, you can view the attached [Your Recipe Name] recipe.

Task 3: Use the VCN wizard to create a VCN and ensure that the Custom Security Zone recipe allows for the creation of a public subnet and Internet Gateway.

• From the navigation menu, select Networking, then click Virtual Cloud Network.
• In the left navigation pane, under List Scope, select from the drop-down menu.
• Click Create VCN.
• On the Configuration page, enter the following: a. Name: IAD-SP-PBT-VCN-01 b. IPv4 CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
• Click Create VNC.
• After Create VNC, click in Create Subnet
• On the Configuration page, enter the following: a. Name: IAD-SP-PBT-PUBSNET-01 b. Subnet Type: Regional c. IPv4 CIDR Blocks: 10.0.1.0/24 d. Subnet Access: Public Subnet e. Leave all the other options in their default setting.
• Click Create Subnet.

Task 4: Create a Computer Instance

• From the navigation menu, select Compute and then click Instances.
• Click Create Instance. In the Create Instance dialog box, provide the following details:
• Click create.

Note: After a couple of minutes, you can see that the instance has been successfully created and the status Running.

SOLUTION:

• Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
• Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
• Change the private key permissions by issuing the following command:
• Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
• After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
• After installing Python and the required dependencies, download the Python script to retrieve the secret.
• Open a Python file with a nano editor.
• To save the script hit:
• Make the getsecret .py script executable.
• Run the following command to retrieve the secret:

The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.

SOLUTION:

• From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.
• In the left navigation pane, under List Scope, select the working compartment from the drop-down menu.
• Click the IAD-SP-PBT-WAF-01_99233424-lab.user01 WAF policy to add a protection rule.
• On the policy details page, click Protections under Policy.
• In the Protection section on the console, click Manage request protection rules.
• Click Add Request Protection Rule.
• In the Add protection rule dialog box, enter the following details:a) Name: WAF-PBT-XSS-Protectionb) Conditions: Do not add any condition.c) Under Rule action - Action name: Select Create New Action from the drop-down menu.
• In the Add Action dialog box, enter the following details:a) Name: WAF-PBT-XSS-Actionb) Type: Return HTTP Responsec) Response code: Select “503 Service unavailable” from the drop-down menu.d) Response page body: Type “Service Unavailable: Web Server is secured against XSS attacks.”e) Click Add action.
• Under Protection Capabilities, click Choose protection capabilities.
• In the Choose protection capabilities dialog box, complete the following:a) Filter by tags: Type “xss” and press Enter.b) Filter by version: Latestc) Protection list: Check all protections. Select the check box in the header to add all.d) Click Choose protection capabilities.e) Review and click Add request protection rule.f) Click Save Changes in the Manage Request Protection Rules dialog box.

The rule you created appears in the list. The WAF policy will update and get back to Active state.