"Jazz Clothing" is an e-commerce company that wants to secure their in-transit communication to online store's hosted on Oracle Cloud Infrastructure (OCI) by ensuring secure Transport Layer Security (TLS) connections. They plan to automate the process of creating and rotating certificates using the OCI Certificates service to avoid outages due to expired certificates. What is a key benefit that Jazz Clothing will gain by automating their certificate management for TLS connections in OCI? (Choose the best Answer.)
Challenge 1 - Task 2 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a good security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured:
To complete this requirement, you are provided with:
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following task:
In the field below, write the IAM policy, which allows a program running on a computer instance (principal instance) to retrieve a secret from the OCI Vault.
Challenge 4 - Task 1 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack
Scenario
You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: /index.html? ) To complete this deployment, you have to perform the following tasks in the environment provisioned for you: Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1. Complete the following task in the provisioned OCI environment: Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01
Challenge 3 - Task 4 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario
A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
• Configure a Virtual Cloud Network (VCN) and a Private Subnet.
• Provision a Compute Instance in the private subnet and enable Bastion Plugin.
• Create a Bastion and Bastion session.
• Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1
Complete the following tasks in the provisioned OCI environment:
Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.
Copyright © 2021-2024 CertsTopics. All Rights Reserved
