Alibaba Cloud ACA-Sec1 ACA Cloud Security Associate Exam Practice Test

allow specific IP to remote access ECS server

make ECS server be able to defend 15Gb/s DDOS attack

fix XSS vulnerability

assign customized IP address to ECS

Ppart

Fdisk

Du

mount

To improve server resource usage

to improve system usability

to enhance system functionality

to avoid existing system vulnerabilities being used by some hackers

Encryption Algorism

Source IP

Destination IP

Communication Protocol

CC attack will simulate real user requests

Will consume massive sever side resource

CC attack is done on network layer

The request generated by CC attack is hard to be distinguished from normal requests

disable port 445

set a highly complexed administrator password

encrypt all data on server side

put sensitive data in some hidden directory

After beginning to use cloud service, the cloud service provider will become responsible for all of

the user’s security.

After beginning to use cloud service, the user and the cloud service provider will be jointly

responsible for cloud security, with each responsible for different layers of security.

After beginning to use cloud service, users must still take care of physical and environmental

security.

After beginning to use cloud service, users only need to pay attention to the security of their own

apps and data. All other security will be the responsibility of the cloud service provider.

lower the risk of sensitive data leak

improve the usage of system resource

lower the cost of security protection

get instant alerts after attacks are detected

change'Administrator' to some other name

with'Server Guard protection In Allbaba Cloud,you can set password to some easy to

remember words.

except for some necessary accounts for system manogement,.dlsoble or delete other

seldomly used accounts

always set a complexed passwcwd using combination of numbers,letters and other

characters

massive accounts registration for new user benefits gain

data leak because of data transmission with plain text

post massive comments with bots to some e-commerce website

page content including some porn pictures

SQL injection

System Command Execution vulnerability

CSRF(cross site request fraud)vulnerability

File uploading vulnerability

Physical Server Damage

Leak of customer sensitive data

Service running on this ECS become not available

The datacenter where the ECS belongs to need to shutdown

enforce security management to any public service

keep installing official released patches will be good enough

keep monitoring system processes , performance and status

always scan input by user through web application

they can do same thing

you can customize your private IP in a classic network

you can customize your private IP in VPC

servers inside VPC can only communicate to other VPC network

IP address

Port

Encryption algorism

Protocol

Router Location

Update cache

turn on protection switch manually

add one protection rule

restart the whole WAF service

better CPU usage

fine grained access control to you server

enlarge your network bandwidth

apply QOS to a specific IP

servers in VPC only configured with private network

any device internet reachable

government website

public DNS service

offline servers

In order to get admin password

Steal confidential information

Causes the target server unable to process legitimate requests

If the target server has no vulnerabilities, the remote attack may still succeed.

Painter.exe

Cmd.exe

Batch.exe

Term.exe

The version field

The source address field

The source port field

The destination address field

403

404

201

304