Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Oracle Exam 1Z0-1104-23 Topic 10 Question 13 Discussion

Actual exam question for Oracle's 1Z0-1104-23 exam
Question #: 13
Topic #: 10
[All 1Z0-1104-23 Questions]

Challenge 4 - Task 6 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script:[http:///index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)

Create a Compute Instance and install the Web Server

Create a Load Balancer and update Security List

Create a WAF policy

Configure Protection Rules against XSS attacks

Verify the created environment against XSS attacks

Note:You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

You will connect to the web server and append an XSS script. The protection rule will evaluate the requests and respond accordingly.

Show Suggested Answer Hide Answer
Suggested Answer: A

SOLUTION:

From the navigation menu, select Networking and then click Load Balancer.

From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.

Select the load balancer IAD-SP-PBT-VM-01. Note down the Public IP address.

Open a web browser and enter the URL http://<Public IP of IAD-SP-PBT-VM-01>.

Verify the text in index.html is displayed:

arduino

129.153.147.141

You are visiting WAF Based Web Server 1

Now enter the following URL:

less

http://Public IP of IAD-SP-PBT-VM-01/index.html?

arduino

129.153.147.141

Service Unavailable; Web Server is secured against XSS attacks.

This format keeps the instructions intact while preserving the original content.


Contribute your Thoughts:

Major
6 months ago
Let's make sure to follow the steps properly to configure the WAF and test it thoroughly.
upvoted 0 times
...
Leah
6 months ago
That makes sense, we need to test the protection rules to ensure they are working as expected.
upvoted 0 times
...
Melita
7 months ago
One way to verify is by sending a request with an XSS payload and checking if we get a 503 error code.
upvoted 0 times
...
Major
7 months ago
I wonder how we can verify if the WAF is effectively blocking XSS attacks.
upvoted 0 times
...
Leah
7 months ago
I agree, XSS attacks can be harmful and it's important to take preventive measures.
upvoted 0 times
...
Major
7 months ago
I think configuring a Web Application Firewall is crucial for protecting against XSS attacks.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77