Challenge 4 - Task 2 of 6 Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross -site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error. To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Configure a Virtual Cloud Network (VCN) Create a Compute Instance and install the Web Server Create a Load Balancer and update Security List Create a WAF policy Configure Protection Rules against XSS attacks Verify the created environment against XSS attacks Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1. Complete the following task in the provisioned OCI environment: Create a Compute Instance with the name IAD-SP-PBT-VM-01, using the Oracle Linux 8 image and VM.Standard2.1 shape. SSH to the compute instance using Cloud Shell. Install and configure Apache web server: a. Install Apache server: sudo yum -y install httpd b. Enable Apache and start Apache server: bash sudo systemctl enable httpd sudo systemctl restart httpd c. Create a firewall rule to enable HTTP connection through port 80 and reload the firewall: css sudo firewall -cmd --permanent --add-port=80/tcp sudo firewall -cmd --reload d. Create an index file for your web server: vbnet sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html' ee the solution below in Explanation. Explanation: SOLUTION: From the navigation menu, select Compute and then click Instances. In the left navigation pane, under List Scope, select <your assigned compartment> from the drop - down menu. Click Create Instance. In the Create Instance dialogue box, provide the following details: a) Name: IAD-SP-PBT-VM-01 b) Placement: ADI c) Note: If the Service Limit error is displayed, choose a different availability domain. d) Image: Oracle Linux 8 e) Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1. f) Networking: IAD-WAF -PBT-VCN-01 and Public Subnet g) Public Address: Assign a Public IPv4 address. h) Generate (or upload) SSH Keys: i) Click Generate a key pair for me. j) Click Save private key. This will save the private key to your local workstation. k) Click Save public key. This will save the public key to your local workstation. l) Click Create. Note: After a few minutes, you can see that the instance has been successfully created and the state is Running. Under instance access, copy the Public IP address value to a Notepad file. We refer to it as the VM- O1-Public IP address. Click the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell and use SSH to log in to your instance, IAD-SP-PBT-VM-01, by using the following command: php ssh -i <private key file> <username>&<public -ip-address of VM-01> Reminders: a) Upload the private key to the Cloud Shell you downloaded to your workstation earlier. Change the permission of the private key file by executing chmod 400 <private key file>. Reference to upload file to cloud shell b) <private key file> is the full path and name of the file that contains the private key associated with the instance you want to access. c) <username> is the default user opc. d) <public -ip-address> is the Public IP address of the instance. In our case, we refer to it as VM-01- Public IP. Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?" e) You are now connected to the instance IAD-SP-PBT-VM-01. While connected to your compute instance via SSH, run the following commands to install and configure the Apache web server: a) Install Apache Server: sudo yum -y install httpd. b) Enable Apache and start Apache server: bash sudo systemctl enable httpd.sudo systemctl restart httpd c) Create a firewall rule to enable HTTP connection through port 80 and reload the firewall: css sudo firewall -cmd --permanent --add-port=80/tcp sudo firewall -cmd --reload d) Create an index file for your web server: css sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html' e) Exit the SSH connection: bash exit After executing all the commands successfully, open a browser in your local system and enter the URL http://<Public IP of IAD-SP-PBT-VM-01>. Note: Your browser will not return anything because port 80 is not opened yet for the instance subnet.
Challenge 4 - Task 3 of 6 Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross -site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error. To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Configure a Virtual Cloud Network (VCN) Create a Compute Instance and install the Web Server Create a Load Balancer and update Security List Create a WAF policy Configure Protection Rules against XSS attacks Verify the created environment against XSS attacks Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1. Complete the following task in the provisioned OCI environment: Go to the VCN IAD-WAF -PBT-VCN-01. Create a Security List with the name IAD-SP-PBT-LB-SL-01. Create a Public subnet named LB-Subnet -IAD-SP-PBT-SNET -02 and attach the above -created security list. Create a Load Balancer with the name IAD-SP-PBT-LB-01. Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01. Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet. Explanation: SOLUTION: ee the solution below in Explanation. From the navigation menu, select Networking and then click Virtual Cloud Network. In the left navigation pane, under List Scope, select <your assigned compartment> from the drop - down menu. Click IAD-WAF -PBT-VCN-01 from the list of VCNs. In the left navigation pane, under Resources, click Security Lists. Click Create Security List. In the Create Security List dialogue box, enter the following: a) Name: IAD-SP-PBT-LB-SL-01 b) Do not add any ingress or egress rules. c) Click Create Security List. In the left navigation pane, under Resources, click Subnets. Click Create Subnet. In the Create Subnet dialogue box, enter the following: a) Name: LB-Subnet -IAD-SP-PBT-SNET -02 b) Create in Compartment: <your working compartment name> c) Subnet Type: Regional d) IPv4 CIDR Block: 10.0.4.0/24 e) Security List: From the drop -down menu, select the Security List you had created earlier, IAD-SP-PBT-LB-SL-01. Click Create Subnet. You now see that the subnet has been created successfully. Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1.
Challenge 4 - Task 4 of 6 Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross -site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error. To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Configure a Virtual Cloud Network (VCN) Create a Compute Instance and install the Web Server Create a Load Balancer and update Security List Create a WAF policy Configure Protection Rules against XSS attacks Verify the created environment against XSS attacks Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1. Complete the following task in the provisioned OCI environment: Create a WAF policy with the name IAD-SP-PBT-WAF -01_99233424 -lab.user01 Eg: IAD-SP-PBT-WAF -01_99232403 -lab.user02 Explanation: ee the solution below in Explanation. SOLUTION: From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it. From the left navigation pane, under List Scope, select <your working compartment> from the drop - down menu. Click Create WAF Policy. The Create WAF Policy dialogue box appears. Creating a WAF policy consists of the following sections accessible from the left-side navigation: a) Basic information b) Access control c) Rate limiting d) Protections e) Select enforcement point f) Review and create. In the Basic Information section: a) Name: IAD-SP-PBT-WAF -01_99233424 -lab.user01 b) WAF Policy Compartment: Select your working compartment c) Action: Keep the default preconfigured actions; do not edit. d) Click the Select enforcement point section accessible from the left-side navigation. Note: You will configure the other section later in this practice. You will directly configure the Enforcement point. In the Select enforcement point section: a) Add Firewalls: Select a load balancer IAD-SP-PBT-LB-01 in your current compartment from the list. b) Click Next for Review and Create. Under the Review and Create Section: a) Verify the enforcement point added in the previous step. Click Create WAF Policy. The Create WAF Policy dialogue box closes, and you are returned to the WAF Policy page. The WAF policy you created is listed.
Challenge 4 - Task 5 of 6 Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross -site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error. To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Configure a Virtual Cloud Network (VCN) Create a Compute Instance and install the Web Server Create a Load Balancer and update Security List Create a WAF policy Configure Protection Rules against XSS attacks Verify the created environment against XSS attacks Exam Dumps 100 /227 Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1. Complete the following task in the provisioned OCI environment: 1. Create a Protection Rule with name WAF -PBT-XSS-Protection against XSS attack. for protecting web server 2. Create a New Rule Action with name WAF -PBT-XSS-Action where http response code will be 503 (Service Unavailable). Explanation: ee the solution below in Explanation. SOLUTION: From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it. In the left navigation pane, under List Scope, select the working compartment from the drop -down menu. Click the IAD-SP-PBT-WAF -01_99233424 -lab.user01 WAF policy to add a protection rule. On the policy details page, click Protections under Policy. In the Protection section on the console, click Manage request protection rules. Click Add Request Protection Rule. In the Add protection rule dialog box, enter the following details: a) Name: WAF -PBT-XSS-Protection b) Conditions: Do not add any condition. c) Under Rule action - Action name: Select Create New Action from the drop -down menu. Exam Dumps 101 /227 In the Add Action dialog box, enter the following details: a) Name: WAF -PBT-XSS-Action b) Type: Return HTTP Response c) Response code: Select “503 Service unavailable” from the drop -down menu. d) Response page body: Type “Service Unavailable: Web Server is secured against XSS attacks.” e) Click Add action. Under Protection Capabilities, click Choose protection capabilities. In the Choose protection capabilities dialog box, complete the following: a) Filter by tags: Type “xss” and press Enter. b) Filter by version: Latest c) Protection list: Check all protections. Select the check box in the header to add all. d) Click Choose protection capabilities. e) Review and click Add request protection rule. f) Click Save Changes in the Manage Request Protection Rules dialog box. The rule you created appears in the list. The WAF policy will update and get back to Active state.
Challenge 4 - Task 6 of 6 Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross -site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error. To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public - ip- enforcement -point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Configure a Virtual Cloud Network (VCN) Create a Compute Instance and install the Web Server Create a Load Balancer and update Security List Create a WAF policy Configure Protection Rules against XSS attacks Verify the created environment against XSS attacks Exam Dumps 102 /227 Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424 -C01 and Region us-ashburn -1. Complete the following task in the provisioned OCI environment: You will connect to the web server and append an XSS script. The protection rule will evaluate the requests and respond accordingly. Explanation: SOLUTION: ee the solution below in Explanation. From the navigation menu, select Networking and then click Load Balancer. From the left navigation pane, under List Scope, select <your working compartment> from the drop - down menu. Select the load balancer IAD-SP-PBT-VM-01. Note down the Public IP address. Open a web browser and enter the URL http://<Public IP of IAD-SP-PBT-VM-01>. Verify the text in index.html is displayed: arduino 129.153.147.141 You are visiting WAF Based Web Server 1 Now enter the following URL: less http://Public IP of IAD-SP-PBT-VM-01/index.html?<p Style="background:url(javascript:alert(1))"> Exam Dumps 103 /227 arduino 129.153.147.141 Service Unavailable; Web Server is secured against XSS attacks. This format keeps the instructions intact while preserving the original content.
When creating an OCI Vault, which factors may lead to select the Virtual Private Vault? Select TWO correct answers
