1z0-1104-23 試験問題 31
What is a prerequisite for creating a secret in OCI Vault? (Choose the best Answer.)
1z0-1104-23 試験問題 32
As a security architect, how can you preventunwanted bots while desirable bots are allowed to enter?
1z0-1104-23 試験問題 33
what is the use case for Oracle cloudinfrastructure logging analytics service?
1z0-1104-23 試験問題 34
Challenge 4 - Task 5 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
1. Create a Protection Rule with name WAF-PBT-XSS-Protection against XSS attack. for protecting web server
2. Create a New Rule Action with name WAF-PBT-XSS-Action where http response code will be 503 (Service Unavailable).
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
1. Create a Protection Rule with name WAF-PBT-XSS-Protection against XSS attack. for protecting web server
2. Create a New Rule Action with name WAF-PBT-XSS-Action where http response code will be 503 (Service Unavailable).
1z0-1104-23 試験問題 35
With regard to vulnerability and cloud penetration testing, which rules of engagement apply? Select TWO correct answers.
