1z0-1104-23試験無料問題集「Oracle Cloud Infrastructure 2023 Security Professional 認定」
Challenge 3 - Task 3 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01
[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13
2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01
[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13
2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"
正解:
See the solution below in Explanation
Explanation:
Solutions:
Create Bastion:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click Create Bastion and enter the following details:
a. Bastion name: SPPBTBASTION992831403labuser13
b. Configure Networking:
i. Target virtual cloud network: Select PBT-BAS-VCN-01
ii. Target Subnet: Select PBT-BAS-SNET-01 (Private Subnet) Note: Click Change compartment and select the working compartment to locate VCN and Private subnet gateway.
c. CIDR block allowlist: 0.0.0.0/0 (from anywhere) You can add one or more address ranges in the CIDR notation that you want to allow to connect to sessions hosted by this bastion.
d. Click Create Bastion.
After a few minutes, you can see that the Bastion has been successfully created, and the state is Active.
Create a Bastion Session:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click Create a Session and enter the following details:
a. Bastion name: PBT-1-Session-01
b. Session type: Select Managed SSH session.
c. Session name: PBT-1-Session-01 d. Username: Enter opc e. Compute instance in: Select PBT-BAS-VM-01.
Note: Click Change compartment and select the working compartment to locate VCN for the compute instance.
f. Add SSH key
g. Click Generate SSH key pair. h. Click Save private key. This will save the private key to your local workstation.
i. Click Save public key. This will save the public key to your local workstation.
j. Click Create session.
After a few minutes, you can see that the Bastion session has been successfully created, and the state is Active.
Explanation:
Solutions:
Create Bastion:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click Create Bastion and enter the following details:
a. Bastion name: SPPBTBASTION992831403labuser13
b. Configure Networking:
i. Target virtual cloud network: Select PBT-BAS-VCN-01
ii. Target Subnet: Select PBT-BAS-SNET-01 (Private Subnet) Note: Click Change compartment and select the working compartment to locate VCN and Private subnet gateway.
c. CIDR block allowlist: 0.0.0.0/0 (from anywhere) You can add one or more address ranges in the CIDR notation that you want to allow to connect to sessions hosted by this bastion.
d. Click Create Bastion.
After a few minutes, you can see that the Bastion has been successfully created, and the state is Active.
Create a Bastion Session:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click Create a Session and enter the following details:
a. Bastion name: PBT-1-Session-01
b. Session type: Select Managed SSH session.
c. Session name: PBT-1-Session-01 d. Username: Enter opc e. Compute instance in: Select PBT-BAS-VM-01.
Note: Click Change compartment and select the working compartment to locate VCN for the compute instance.
f. Add SSH key
g. Click Generate SSH key pair. h. Click Save private key. This will save the private key to your local workstation.
i. Click Save public key. This will save the public key to your local workstation.
j. Click Create session.
After a few minutes, you can see that the Bastion session has been successfully created, and the state is Active.
You are the first responder of a security incident for ABC Org. You have identified sever-al IP addresses and URLs in the logs that you suspect may be related to the incident. However, you need more information to confidently determine whether they are indeed malicious or not. Which OCI service can you use to obtain a more refined information and confidence score for these identified indicators? (Choose the best Answer.)
正解:D
解答を投票する