Which securityissues can be identified by Oracle Vulnerability Scanning Service? Select TWO correct answers

• A.Distributed Denial of Service (DDoS)
• B.Ports that are unintentionally left open can be a potential attack vector for cloud resources
• C.SQL Injection
• D.CISpublished Industry-standard benchmarks

Correct Answer: B,D

Explanation
Graphical user interface, text, application, email Description automatically generated

Comment: *

Name: *

Email: *

Verification: *

You want to make API calls against other OCI services from your instance without configuring user credentials. How would you achieve this?

• A.Create a dynamic group and add apolicy.
• B.Create a dynamic group and add your instance.
• C.Create a group and add a policy.
• D.No configuration is required for making API calls.

Comment: *

Name: *

Email: *

Verification: *

your company has hired a consulting firm to audit your oracle cloud infrastructure activity and configuration you have created a set of users who will be performing the audit, you assigned these user to the orgauditgrp group. the auditor required the ability to see the configuration of all resources within tenant and you have agreed to exempt the dev compartment from the audit.
which IAM policy should be created to grant the orgauditgrp the ability to look at configuration for all resources except for those resources inside the dev compartment?

• A.allow group orgauditgrp to read all-resources in tenancy where target.compartment.name !=dev
• B.allow group orgauditgrp to read all-resources in compartment !=dev
• C.allow group orgauditgrp to inspect all-resources in tenancy where target compartment.name !=dev
• D.allow group orgauditgrp to inspect all-resources in compartment !=dev

Comment: *

Name: *

Email: *

Verification: *

Bot Management in OCI provides which of the features? Select TWO correct answers.

• A.Bad Bot Denylist
• B.CAPTCHA Challenge
• C.IP Prefix Steering
• D.Good Bot Allowlist

Correct Answer: B,D

Comment: *

Name: *

Email: *

Verification: *

Challenge 4 - Task 4 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01 Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02

Comment: *

Name: *

Email: *

Verification: *