Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Oracle Exam 1Z0-1104-23 Topic 6 Question 21 Discussion

Actual exam question for Oracle's 1Z0-1104-23 exam
Question #: 21
Topic #: 6
[All 1Z0-1104-23 Questions]

Challenge 4 - Task 4 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script:[http:///index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

Configure a Virtual Cloud Network (VCN)

Create a Compute Instance and install the Web Server

Create a Load Balancer and update Security List

Create a WAF policy

Configure Protection Rules against XSS attacks

Verify the created environment against XSS attacks

Note:You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

Create a WAF policy with the nameIAD-SP-PBT-WAF-01_99233424-lab.user01

Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02

Show Suggested Answer Hide Answer
Suggested Answer: A

SOLUTION:

From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.

From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.

Click Create WAF Policy.

The Create WAF Policy dialogue box appears. Creating a WAF policy consists of the following sections accessible from the left-side navigation:

a) Basic information

b) Access control

c) Rate limiting

d) Protections

e) Select enforcement point

f) Review and create.

In the Basic Information section:

a) Name: IAD-SP-PBT-WAF-01_99233424-lab.user01

b) WAF Policy Compartment: Select your working compartment

c) Action: Keep the default preconfigured actions; do not edit.

d) Click the Select enforcement point section accessible from the left-side navigation.

Note: You will configure the other section later in this practice. You will directly configure the Enforcement point.

In the Select enforcement point section:a) Add Firewalls: Select a load balancer IAD-SP-PBT-LB-01 in your current compartment from the list. b) Click Next for Review and Create.

Under the Review and Create Section:a) Verify the enforcement point added in the previous step.

Click Create WAF Policy.

The Create WAF Policy dialogue box closes, and you are returned to the WAF Policy page. The WAF policy you created is listed.


Contribute your Thoughts:

Lisha
4 months ago
Haha, 'javascript:alert(1)' in the URL? Classic XSS attack, but I'm sure the WAF will catch that!
upvoted 0 times
...
Lashawn
4 months ago
This is a good challenge to test my OCI WAF configuration skills. I'll take my time and ensure I do it right.
upvoted 0 times
...
Burma
4 months ago
Hmm, the script to test the XSS attack is interesting. I'll make sure to run it and verify the WAF is blocking the attack.
upvoted 0 times
...
Brendan
5 months ago
The scenario is clear, and the steps are laid out nicely. I'm confident I can complete this task.
upvoted 0 times
Deeanna
3 months ago
Finally, we can verify the environment to ensure it is protected.
upvoted 0 times
...
Isaac
3 months ago
After that, we can configure the protection rules against XSS attacks.
upvoted 0 times
...
Grover
3 months ago
Let's start by creating a WAF policy with the specified name.
upvoted 0 times
...
Kara
4 months ago
I'm ready to configure the Web Application Firewall to protect against XSS attacks.
upvoted 0 times
...
...
Therese
5 months ago
Okay, this looks straightforward. I just need to configure the WAF policy and the protection rules against XSS attacks.
upvoted 0 times
Kristel
3 months ago
Let's make sure the environment is secure against XSS attacks.
upvoted 0 times
...
Arletta
4 months ago
I will configure the protection rules to block XSS attacks.
upvoted 0 times
...
Marla
4 months ago
I'm going to create a WAF policy with the specified name.
upvoted 0 times
...
Jesse
4 months ago
Finally, I will verify the environment to ensure that the WAF is blocking XSS attacks successfully.
upvoted 0 times
...
Arlene
4 months ago
After that, I will configure the protection rules against XSS attacks.
upvoted 0 times
...
Amalia
4 months ago
I'm going to start by creating a WAF policy with the specified name.
upvoted 0 times
...
...
Timmy
5 months ago
Verifying the environment against XSS attacks is crucial to ensure the protection is working effectively.
upvoted 0 times
...
Pura
5 months ago
I think creating a WAF policy with specific rules is a good approach to prevent XSS attacks.
upvoted 0 times
...
Audrie
5 months ago
I agree, it's important to have strong protection in place for web applications.
upvoted 0 times
...
Cora
6 months ago
I feel confident about configuring the WAF to protect against XSS attacks.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77