Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Oracle Exam 1Z0-1104-23 Topic 2 Question 20 Discussion

Actual exam question for Oracle's 1Z0-1104-23 exam
Question #: 20
Topic #: 2
[All 1Z0-1104-23 Questions]

Challenge 4 - Task 6 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script:[http:///index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)

Create a Compute Instance and install the Web Server

Create a Load Balancer and update Security List

Create a WAF policy

Configure Protection Rules against XSS attacks

Verify the created environment against XSS attacks

Note:You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

You will connect to the web server and append an XSS script. The protection rule will evaluate the requests and respond accordingly.

Show Suggested Answer Hide Answer
Suggested Answer: A

SOLUTION:

From the navigation menu, select Networking and then click Load Balancer.

From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.

Select the load balancer IAD-SP-PBT-VM-01. Note down the Public IP address.

Open a web browser and enter the URL http://<Public IP of IAD-SP-PBT-VM-01>.

Verify the text in index.html is displayed:

arduino

129.153.147.141

You are visiting WAF Based Web Server 1

Now enter the following URL:

less

http://Public IP of IAD-SP-PBT-VM-01/index.html?

arduino

129.153.147.141

Service Unavailable; Web Server is secured against XSS attacks.

This format keeps the instructions intact while preserving the original content.


Contribute your Thoughts:

Frederica
5 months ago
Oof, 'Service Unavailable' as the expected response - guess they don't want any successful XSS attacks getting through!
upvoted 0 times
Vanesa
5 months ago
A
upvoted 0 times
...
Millie
5 months ago
A
upvoted 0 times
...
...
Deangelo
6 months ago
Wait, we have to use the assigned compartment and region? That's a nice touch to make sure we're following the instructions to the letter.
upvoted 0 times
...
Kanisha
6 months ago
Haha, 'javascript:alert(1)' - classic XSS payload. I wonder if the WAF will detect that immediately or if I'll need some more advanced rules.
upvoted 0 times
Sommer
5 months ago
Yeah, it's a common one. But it's always good to have more advanced rules in place just to be safe.
upvoted 0 times
...
Sherita
5 months ago
I think the WAF should be able to detect that XSS payload easily.
upvoted 0 times
...
...
Kenneth
6 months ago
The XSS attack script in the scenario is a clever way to test the configured WAF rules. I'll need to make sure my rules are tight enough to block that.
upvoted 0 times
Laurel
5 months ago
Let's test the environment by connecting to the web server and appending the XSS script to see if the WAF blocks it.
upvoted 0 times
...
Jolanda
5 months ago
I agree, the XSS attack script provided in the scenario is a good test to ensure our rules are effective.
upvoted 0 times
...
Bo
6 months ago
Make sure to configure the WAF policy with strong protection rules against XSS attacks.
upvoted 0 times
...
...
Annita
6 months ago
I agree, XSS attacks can be very harmful. It's important to have strong protection in place.
upvoted 0 times
...
Deonna
6 months ago
This looks like a pretty straightforward WAF configuration task. I'd start by setting up the VCN and compute instance as required.
upvoted 0 times
Lawrence
5 months ago
Finally, we can create a WAF policy and configure Protection Rules against XSS attacks.
upvoted 0 times
...
Abel
5 months ago
User 2
upvoted 0 times
...
Tina
5 months ago
After that, we need to create a Load Balancer and update the Security List.
upvoted 0 times
...
Germaine
6 months ago
Setting up the VCN and compute instance is the first step.
upvoted 0 times
...
Yesenia
6 months ago
User 1
upvoted 0 times
...
Francine
6 months ago
After that, we can create the WAF policy and configure protection rules against XSS attacks.
upvoted 0 times
...
Diane
6 months ago
Setting up the VCN and compute instance is the first step.
upvoted 0 times
...
...
Mendy
6 months ago
I think configuring a WAF to protect against XSS attacks is crucial for web security.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77