1z0-1104-23 Practice Exam Questions with Answers Oracle Cloud Infrastructure 2023 Security Professional Certification

Question # 6

Challenge 3 - Task 2 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Create a Compute Instance with the name PBT-BAS-VM-01, using the "Oracle Linux 8" image and shape "VM.Standard2.1", without SSH key and enable Bastion plugin.

Full Access

Question # 7

Challenge 4 - Task 1 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01

Full Access

Question # 8

Challenge 4 - Task 3 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

1z0-1104-23 question answer

Complete the following task in the provisioned OCI environment:

Go to the VCN IAD-WAF-PBT-VCN-01.
Create a Security List with the name IAD-SP-PBT-LB-SL-01.
Create a Public subnet named LB-Subnet-IAD-SP-PBT-SNET-02 and attach the above-created security list.
Create a Load Balancer with the name IAD-SP-PBT-LB-01.
Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01.
Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet.

Full Access

Question # 9

Challenge 1 - Task 2 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a good security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

1z0-1104-23 question answer

Preconfigured:

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following task:

In the field below, write the IAM policy, which allows a program running on a computer instance (principal instance) to retrieve a secret from the OCI Vault.

Full Access

Question # 10

Challenge 3 - Task 4 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.

Full Access

Answer:

See the solution below in Explanation.

Explanation:

Solutions:

From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click the three dots next to the PBT-1-Session-01 managed SSH session to open the Actions menu and click the View SSH command.
Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file)
Use a Notepad text editor to replace with the private key of the SSH key pair that you provided when you created the session. a. For example:

Click the Cloud Shell icon at the right of the OCI console header.
Verify that you are in the home directory. a. cd ~
Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell.
The file will be named similarly to ssh-key-.key.
Locate and change the permission of the private key by executing the following commands: a. ls b. chmod 400
Run the SSH command to connect the compute instance in the private subnet. a. For example:

perl

ssh -i ssh-key-2023-08-02.key -o ProxyCommand="ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com" -p 22 opc@10.0.1.162

Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?” 13. Verify the connected instance's Private IP address. a. ifconfig

Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01.

Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.

Question # 11

Challenge 3 - Task 3 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01

[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13

2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"

Full Access

Answer:

See the solution below in Explanation.

Explanation:

Solutions:

Create Bastion:

From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click Create Bastion and enter the following details:a. Bastion name: SPPBTBASTION992831403labuser13b. Configure Networking:i. Target virtual cloud network: Select PBT-BAS-VCN-01ii. Target Subnet: Select PBT-BAS-SNET-01 (Private Subnet) Note: Click Change compartment and select the working compartment to locate VCN and Private subnet gateway.c. CIDR block allowlist: 0.0.0.0/0 (from anywhere) You can add one or more address ranges in the CIDR notation that you want to allow to connect to sessions hosted by this bastion.d. Click Create Bastion.

After a few minutes, you can see that the Bastion has been successfully created, and the state is Active.

Create a Bastion Session:

From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click Create a Session and enter the following details:a. Bastion name: PBT-1-Session-01b. Session type: Select Managed SSH session.c. Session name: PBT-1-Session-01 d. Username: Enter opc e. Compute instance in: Select PBT-BAS-VM-01.Note: Click Change compartment and select the working compartment to locate VCN for the compute instance.f. Add SSH keyg. Click Generate SSH key pair. h. Click Save private key. This will save the private key to your local workstation.i. Click Save public key. This will save the public key to your local workstation.j. Click Create session.

After a few minutes, you can see that the Bastion session has been successfully created, and the state is Active.

Question # 12

Challenge 4 - Task 2 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

1z0-1104-23 question answer

Complete the following task in the provisioned OCI environment:

Create a Compute Instance with the name IAD-SP-PBT-VM-01, using the Oracle Linux 8 image and VM.Standard2.1 shape.
SSH to the compute instance using Cloud Shell.
Install and configure Apache web server:a. Install Apache server:

sudo yum -y install httpd

b. Enable Apache and start Apache server:

bash

sudo systemctl enable httpd
sudo systemctl restart httpd

c. Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload

d. Create an index file for your web server:

vbnet

sudo bash -c 'echo You are visiting Web Server 1 >>
/var/www/html/index.html'

Full Access

Answer:

See the solution below in Explanation.

Explanation:

SOLUTION:

From the navigation menu, select Compute and then click Instances.
In the left navigation pane, under List Scope, select from the drop-down menu.
Click Create Instance. In the Create Instance dialogue box, provide the following details:a) Name: IAD-SP-PBT-VM-01b) Placement: ADIc) Note: If the Service Limit error is displayed, choose a different availability domain.d) Image: Oracle Linux 8e) Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.f) Networking: IAD-WAF-PBT-VCN-01 and Public Subnetg) Public Address: Assign a Public IPv4 address.h) Generate (or upload) SSH Keys:i) Click Generate a key pair for me.j) Click Save private key. This will save the private key to your local workstation.k) Click Save public key. This will save the public key to your local workstation.l) Click Create.Note: After a few minutes, you can see that the instance has been successfully created and the state is Running.
Under instance access, copy the Public IP address value to a Notepad file. We refer to it as the VM-O1-Public IP address.
Click the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell and use SSH to log in to your instance, IAD-SP-PBT-VM-01, by using the following command:

Reminders: a) Upload the private key to the Cloud Shell you downloaded to your workstation earlier. Change the permission of the private key file by executing chmod 400 . Reference to upload file to cloud shell b) is the full path and name of the file that contains the private key associated with the instance you want to access. c) is the default user opc. d) is the Public IP address of the instance. In our case, we refer to it as VM-01-Public IP. Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?" e) You are now connected to the instance IAD-SP-PBT-VM-01.

While connected to your compute instance via SSH, run the following commands to install and configure the Apache web server: a) Install Apache Server:

sudo yum -y install httpd.

b) Enable Apache and start Apache server:

bash

sudo systemctl enable httpd.sudo systemctl restart httpd

c) Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload

d) Create an index file for your web server:

sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html'

e) Exit the SSH connection:

bash

After executing all the commands successfully, open a browser in your local system and enter the URL http://.Note: Your browser will not return anything because port 80 is not opened yet for the instance subnet.

Question # 13

Challenge 3 - Task 1 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Create a Virtual Cloud Network (VCN) with the name PBT-BAS-VCN-01
Create a Private Subnet with the name PBT-BAS-SNET-01
Create a Service Gateway with the name PBT-BAS-SG-01, using the service "All IAD Services in Oracle Services Network"
Add Route Rules for Service Gateway

Full Access

Question # 14

Challenge 1 - Task 3 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

1z0-1104-23 question answer

Preconfigured

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Complete the following task in the OCI environment provisioned:

Create a new VCN with the name PBT_SECRET_VCN01 and public subnet within your assigned compartment.

Full Access

Question # 15

Challenge 1 - Task 4 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

1z0-1104-23 question answer

Preconfigured

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Complete the following tasks in the OCI environment provisioned:

Create a Linux Instance with the name [Provide Name Here] within the compartment.

Provide your own public key to SSH the instance.

Full Access

Question # 16

Challenge 4 - Task 6 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

1z0-1104-23 question answer

Complete the following task in the provisioned OCI environment:

You will connect to the web server and append an XSS script. The protection rule will evaluate the requests and respond accordingly.

Full Access

Question # 17

An automobile company needs to configure Bastion Managed SSH session to a compute

instance in a private subnet. What are the TWO prerequisites to configure successfully?

NAT or Service Gateway should be attached to the private subnet

There is no need for any gateway in private subnet

SSH port forwarding should be enabled

Route rule to a NAT or Service Gateway should be associated with the subnet of the route table

Full Access

Question # 18

You need to create matching rules for a conditional policy. Which TWO matching rules syntax can be used? (Choose two.)

namespace =| !='value'

any/all {, ,…}

variable =|!="value"

Key =| !='value'

Full Access

Question # 19

Which is NOT a compliance document?

Certificate

Penetration test report

Attestation

Bridge letter

Full Access

Question # 20

How can you convert a fixed load balancer to a flexible load balancer?

There is no way to covert the load balancer.

Use Update Shape workflows.

Delete the fixed load balancer and create a new one.

Using the Edit Listener option.

Full Access

Question # 21

Bot Management in OCI provides which of the features? Select TWO correct answers.

Bad Bot Denylist

CAPTCHA Challenge

IP Prefix Steering

Good Bot Allowlist

Full Access

Question # 22

You want to make API calls against other OCI services from your instance without configuring user credentials. How would you achieve this?

Create a dynamic group and add apolicy.

Create a dynamic group and add your instance.

Create a group and add a policy.

No configuration is required for making API calls.

Full Access

Question # 23

You want software that can automatically collect and aggregate log data generated throughout your organization's infrastructure, analyze it, and send alerts if it detects a deviation from the norm.

Which software must you use?

Security Information Management (SIM)

SecurityEvent Management (SEM)

Security Integration Management (SIM)

Security Information and Event Management (SIEM)

Full Access

Question # 24

Where are logs stored?

OCI Object Storage

OCI File Storage

OCI Block Storage

Cloud Agent

Full Access

Question # 25

You are responsible for managing a large number of compute instances running in Oracle Cloud Infrastructure. You need to ensure that all operating systems and software running on these instances are patched regularly to prevent security vulnerabilities. Which feature of Oracle Cloud Infrastructure would you use to accomplish this? (Choose the best Answer.)

OCI Threat Intelligence Service

OCI Security Advisor Service

OCI OS Management Service

OCI Vulnerability Scanning Service

Full Access

Weekend Sale Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

Contact Email:

Crack4sure Logo

Main Navigation

1z0-1104-23 PDF

$38.5

$109.99

1z0-1104-23 PDF + Testing Engine

$61.6

$175.99

1z0-1104-23 Engine

$46.2

$131.99

1z0-1104-23 Practice Exam Questions with Answers Oracle Cloud Infrastructure 2023 Security Professional Certification

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

QUICK LINKS

SUPPORT

PAYMENT METHOD

Site Secure

CONTACT US