New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Oracle Exam 1Z0-1104-23 Topic 3 Question 10 Discussion

Actual exam question for Oracle's 1Z0-1104-23 exam
Question #: 10
Topic #: 3
[All 1Z0-1104-23 Questions]

Challenge 4 - Task 5 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script:[http:///index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)

Create a Compute Instance and install the Web Server

Create a Load Balancer and update Security List

Create a WAF policy

Configure Protection Rules against XSS attacks

Verify the created environment against XSS attacks

Note:You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

1. Create a Protection Rule with nameWAF-PBT-XSS-Protectionagainst XSS attack. for protecting web server

2. Create a New Rule Action with nameWAF-PBT-XSS-Actionwhere http response code will be 503 (Service Unavailable).

Show Suggested Answer Hide Answer
Suggested Answer: A

SOLUTION:

From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.

In the left navigation pane, under List Scope, select the working compartment from the drop-down menu.

Click the IAD-SP-PBT-WAF-01_99233424-lab.user01 WAF policy to add a protection rule.

On the policy details page, click Protections under Policy.

In the Protection section on the console, click Manage request protection rules.

Click Add Request Protection Rule.

In the Add protection rule dialog box, enter the following details:

a) Name: WAF-PBT-XSS-Protection

b) Conditions: Do not add any condition.

c) Under Rule action - Action name: Select Create New Action from the drop-down menu.

In the Add Action dialog box, enter the following details:

a) Name: WAF-PBT-XSS-Action

b) Type: Return HTTP Response

c) Response code: Select ''503 Service unavailable'' from the drop-down menu.

d) Response page body: Type ''Service Unavailable: Web Server is secured against XSS attacks.''

e) Click Add action.

Under Protection Capabilities, click Choose protection capabilities.

In the Choose protection capabilities dialog box, complete the following:

a) Filter by tags: Type ''xss'' and press Enter.

b) Filter by version: Latest

c) Protection list: Check all protections. Select the check box in the header to add all.

d) Click Choose protection capabilities.

e) Review and click Add request protection rule.

f) Click Save Changes in the Manage Request Protection Rules dialog box.

The rule you created appears in the list. The WAF policy will update and get back to Active state.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77