See the solution below in Explanation.
Explanation:
To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.
Step-by-Step Solution for Task 2: Create a Security Zone
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Security Zones:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderGovernance and Administration, selectSecurity Zones.
* Create a New Security Zone:
* In the Security Zones dashboard, click theCreate Security Zonebutton.
* Configure the Security Zone Details:
* Name:Enter IAD_SAP-PBT-CSZ-01.
* Compartment:Select the assigned compartment provided.
* Description:(Optional) Add a description, e.g., "Security Zone for public subnet compute instances."
* Associate the Custom Security Zone Recipe:
* In theRecipesection, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.
* Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.
* Define the Security Zone Scope:
* UnderResources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.
* Check the box to include all resources in the selected compartment if applicable.
* Create the Security Zone:
* ClickCreateto finalize the security zone creation.
* Once created, note theOCIDof the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.
* Verify the Security Zone:
* Go to theSecurity Zonestab and locate IAD_SAP-PBT-CSZ-01.
* Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.
OCID of the Created Security Zone
* The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..<unique_string>).
Please enter the OCID displayed in the OCI Console after completing Step 7.

See the solution below in Explanation.
Explanation:
Task 2: Create a Compute Instance and Install the Web Server
Step 1: Create the Compute Instance
* Log in to the OCI Console.
* Navigate toCompute>Instances.
* ClickCreate Instance.
* Enter the following details:
* Name: PBT-CERT-VM-01
* Compartment: Select your assigned compartment.
* Placement: Leave as default or select an availability domain (e.g., Availability Domain 1).
* Image: ClickChange Image, selectOracle Linux 8, and confirm.
* Shape: ClickChange Shape, selectVM.Standard.A1.Flex, and configure:
* OCPUs: 1 (or adjust as needed)
* Memory: 6 GB (or adjust as needed)
* Networking:
* Virtual Cloud Network: Select PBT-CERT-VCN-01.
* Subnet: Select Compute-Subnet-PBT-CERT.
* Leave public IP assignment enabled for internet access.
* SSH Key: Provide your public SSH key (upload or paste) for secure access.
* ClickCreateand wait for the instance to be provisioned.
Step 2: Connect to the Compute Instance
* Once the instance is created, note thePublic IP Addressfrom the instance details page.
* Use an SSH client to connect:
* Command: ssh -i <private-key-file> opc@<public-ip-address>
* Replace <private-key-file> with your private key path and <public-ip-address> with the instance' s public IP.
Step 3: Install and Configure Apache Web Server
* Install Apache:
* Run: sudo yum -y install httpd
* Enable and Start Apache:
* Run: sudo systemctl enable httpd
* Run: sudo systemctl restart httpd
* Configure Firewall to Allow HTTP Traffic (Port 80):
* Run: sudo firewall-cmd --permanent --add-port=80/tcp
* Run: sudo firewall-cmd --reload
* Create an index.html File:
* Run: sudo bash -c 'echo "You are visiting Web Server 1" >> /var/www/html/index.html' Step 4: Verify the Configuration
* Open
a web browser and enter http://
<public-ip-address> to ensure the page displays "You are visiting Web Server 1".
* If needed, troubleshoot by checking Apache status: sudo systemctl status httpd.
Step 5: Retrieve and Enter the OCID
* Go to the instance details page for PBT-CERT-VM-01 underCompute>Instances.
* Copy theOCID(a long string starting with ocid1.instance., unique to your tenancy).
* Enter the copied OCID exactly as it appears into the text box provided.
Notes
* These steps are based on OCI Compute documentation and Oracle Linux 8 setup guides.
* Ensure the security list PBT-CERT-CS-SL-01 allows inbound traffic on port 22 (SSH) and port 80 (HTTP) if not already configured.
* The OCID will be unique to your instance; obtain it from the OCI Console after creation

See the solution below in Explanation.
Explanation:
To create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in a public subnet, we will follow the steps outlined in the Oracle Cloud Infrastructure (OCI) Security Zones documentation. These steps are based on verified procedures from the OCI Security Zone Guide and related resources.
Step-by-Step Solution for Task 1: Create a Custom Security Zone Recipe
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment provided in the tenancy.
* Navigate to Security Zones:
* From the OCI Console, go to the navigation menu (hamburger icon) on the top left.
* UnderGovernance and Administration, selectSecurity Zones.
* Create a New Security Zone Recipe:
* In the Security Zones dashboard, click on theRecipestab.
* Click theCreate Recipebutton.
* Configure the Recipe Details:
* Name:Enter IAD-SP-PBT-CSP-01.
* Description:(Optional) Add a description, e.g., "Custom recipe to allow compute instances in public subnet."
* Leave theCompartmentas the assigned compartment provided.
* Define the Security Zone Policy:
* In the policy editor, start with a base policy. Since the Maximum Security Zone recipe restricts public subnet usage, you need to customize it.
* Add the following policy statement to allow compute instances in a public subnet:
Allow service compute to use virtual-network-family in compartment <compartment-name> where ALL { target.resource.type = 'Instance', target.vcn.cidr_block = '10.0.0.0/16', target.subnet.cidr_block = '10.0.10.0/24'
}
* Replace <compartment-name> with the name of your assigned compartment.
* This policy allows the Compute service to provision instances in the public subnet (10.0.10.0/24) within the VCN (10.0.0.0/16).
* Adjust Restrictions:
* Ensure the recipe does not inherit the Maximum Security Zone recipe's default restrictions that block public subnet usage. Explicitly allow the public subnet by including the subnet CIDR block (10.0.10.0/24) in the policy.
* Remove or modify any conflicting default rules that prohibit public subnet usage (e.g., rules blocking internet access or public IP assignment).
* Save the Recipe:
* ClickCreateto save the custom security zone recipe.
* Once created, note theOCIDof the recipe from the recipe details page. The OCID will be a unique identifier starting with ocid1.securityzonerecipe.
* Verify the Recipe:
* Go to theRecipestab and locate IAD-SP-PBT-CSP-01.
* Ensure the policy reflects the allowance for compute instances in the public subnet by reviewing the policy statement.
OCID of the Created Custom Security Zone Recipe
* The exact OCID will be generated upon creation (e.g., ocid1.securityzonerecipe.oc1..unique_string).
Please enter the OCID displayed in the OCI Console after completing Step 7.
Notes
* Ensure IAM policies are correctly configured to grant you permissions to create and manage security zone recipes in the compartment.
* The policy assumes the public subnet CIDR (10.0.10.0/24) matches the diagram. Adjust if the actual subnet CIDR differs.
* Test the recipe by associating it with a security zone and attempting to launch a compute instance to confirm compliance.