Oracle Cloud Infrastructure 2023 Security Professional (1z0-1104-23) Free Practice Test
Question 1
Which are the three rules of engagement that apply to cloud penetration and vulnerability testing in Oracle Cloud Infrastructure (OCI)? (Choose three.)
Correct Answer: A,B,C
Question 2
You need to create matching rules for a conditional policy. Which TWO matching rules syntax can be used? (Choose two.)
Correct Answer: B,C
Question 3
Which two reasons would a crytpo admin have to select the Virtual Private Vault option when creating an Oracle Cloud Infrastructure Vault? (Choose two.)
Correct Answer: C,E
Question 4
Select the component that encompasses the overall configuration of your WAF service on OCI.
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 5
Which type of FastConnect supports configuring Oracle Cloud Infrastructure (OCI) Site-to-Site VPN for encryption? (Choose the best Answer.)
Correct Answer: D
Question 6
For how long are API calls audited and available?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 7
Challenge 3 - Task 1 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Create a Virtual Cloud Network (VCN) with the name PBT-BAS-VCN-01
Create a Private Subnet with the name PBT-BAS-SNET-01
Create a Service Gateway with the name PBT-BAS-SG-01, using the service "All IAD Services in Oracle Services Network" Add Route Rules for Service Gateway
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Create a Virtual Cloud Network (VCN) with the name PBT-BAS-VCN-01
Create a Private Subnet with the name PBT-BAS-SNET-01
Create a Service Gateway with the name PBT-BAS-SG-01, using the service "All IAD Services in Oracle Services Network" Add Route Rules for Service Gateway
Correct Answer:
See the solution below in Explanation
Explanation:
Solutions:
Sign in to your OCI free tier account.
Select Networking from the navigation menu and click Virtual Cloud Networks (VCNs).
Select your working compartment under List Scope from the drop-down menu in the left navigation pane.
Click Create VCN.
In the Create a Virtual Cloud Network dialogue box, enter the following details:
a. Name: PBT-BAS-VCN-01
b. IPV4CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
d. Click Create VCN. You can now see that the VCN has been created successfully.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following details:
a. Name: PBT-BAS-SNET-01
b. Subnet Type: Regional
c. IPV4CIDR Blocks: 10.01.0/24 d. Subnet Access: Private Subnet
e. Note: Leave all the other options in their default setting.
f. Click Create Subnet. You can see that the subnet has been created successfully.
Under Resources, click Service Gateways in the left navigation pane.
Click Create Service Gateway and enter the following details:
a. Name: PBT-BAS-SG-01
b. Services: All <region> Services in Oracle Services Network.
c. Click Create Service Gateway. You can see that the service gateway has been created successfully.
d. Click Close.
Under Resources, click Route Tables in the left navigation pane.
Click the Default Route Table from the list.
Click Add Route Rules and enter the following values:
a. Target Type: Service Gateway
b. Destination Service: All <region> Services in Oracle Services Network.
c. Target Service Gateway: PBT-BAS-SG-01
d. Description: Description for Service gateway route rule e. Click Add Route Rules
Explanation:
Solutions:
Sign in to your OCI free tier account.
Select Networking from the navigation menu and click Virtual Cloud Networks (VCNs).
Select your working compartment under List Scope from the drop-down menu in the left navigation pane.
Click Create VCN.
In the Create a Virtual Cloud Network dialogue box, enter the following details:
a. Name: PBT-BAS-VCN-01
b. IPV4CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
d. Click Create VCN. You can now see that the VCN has been created successfully.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following details:
a. Name: PBT-BAS-SNET-01
b. Subnet Type: Regional
c. IPV4CIDR Blocks: 10.01.0/24 d. Subnet Access: Private Subnet
e. Note: Leave all the other options in their default setting.
f. Click Create Subnet. You can see that the subnet has been created successfully.
Under Resources, click Service Gateways in the left navigation pane.
Click Create Service Gateway and enter the following details:
a. Name: PBT-BAS-SG-01
b. Services: All <region> Services in Oracle Services Network.
c. Click Create Service Gateway. You can see that the service gateway has been created successfully.
d. Click Close.
Under Resources, click Route Tables in the left navigation pane.
Click the Default Route Table from the list.
Click Add Route Rules and enter the following values:
a. Target Type: Service Gateway
b. Destination Service: All <region> Services in Oracle Services Network.
c. Target Service Gateway: PBT-BAS-SG-01
d. Description: Description for Service gateway route rule e. Click Add Route Rules
Question 8
Which OCI cloud service lets you centrally manage the encryption keys thatprotect your data and the secret credentials that you use to securely access resources?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 9
As a security architect, how can you preventunwanted bots while desirable bots are allowed to enter?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 10
Which OCI service canindex, enrich, aggregate, explore, search, analyze, correlate, visualize and monitor data?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 11
With regard to OCI Audit Log Service, which of the statement is INCORRECT?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 12
Which type of file system does file storage use?
Correct Answer: E
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 13
Challenge 4 - Task 4 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01 Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01 Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02
Correct Answer:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.
From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Create WAF Policy.
The Create WAF Policy dialogue box appears. Creating a WAF policy consists of the following sections accessible from the left-side navigation:
a) Basic information
b) Access control
c) Rate limiting
d) Protections
e) Select enforcement point
f) Review and create.
In the Basic Information section:
a) Name: IAD-SP-PBT-WAF-01_99233424-lab.user01
b) WAF Policy Compartment: Select your working compartment
c) Action: Keep the default preconfigured actions; do not edit.
d) Click the Select enforcement point section accessible from the left-side navigation.
Note: You will configure the other section later in this practice. You will directly configure the Enforcement point.
In the Select enforcement point section: a) Add Firewalls: Select a load balancer IAD-SP-PBT-LB-01 in your current compartment from the list. b) Click Next for Review and Create.
Under the Review and Create Section: a) Verify the enforcement point added in the previous step.
Click Create WAF Policy.
The Create WAF Policy dialogue box closes, and you are returned to the WAF Policy page. The WAF policy you created is listed.
Explanation:
SOLUTION:
From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.
From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Create WAF Policy.
The Create WAF Policy dialogue box appears. Creating a WAF policy consists of the following sections accessible from the left-side navigation:
a) Basic information
b) Access control
c) Rate limiting
d) Protections
e) Select enforcement point
f) Review and create.
In the Basic Information section:
a) Name: IAD-SP-PBT-WAF-01_99233424-lab.user01
b) WAF Policy Compartment: Select your working compartment
c) Action: Keep the default preconfigured actions; do not edit.
d) Click the Select enforcement point section accessible from the left-side navigation.
Note: You will configure the other section later in this practice. You will directly configure the Enforcement point.
In the Select enforcement point section: a) Add Firewalls: Select a load balancer IAD-SP-PBT-LB-01 in your current compartment from the list. b) Click Next for Review and Create.
Under the Review and Create Section: a) Verify the enforcement point added in the previous step.
Click Create WAF Policy.
The Create WAF Policy dialogue box closes, and you are returned to the WAF Policy page. The WAF policy you created is listed.