New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Alibaba Cloud ACA-Sec1 ACA Cloud Security Associate Exam Practice Test

Demo: 22 questions
Total 147 questions

ACA Cloud Security Associate Questions and Answers

Question 1

Which of the following 4 functions can be achieved through ECS security group

configuration?

Options:

A.

allow specific IP to remote access ECS server

B.

make ECS server be able to defend 15Gb/s DDOS attack

C.

fix XSS vulnerability

D.

assign customized IP address to ECS

Question 2

18.in RedHat Linux shell which command can be used to check what file system is mounted and form what disk device it was done?

Options:

A.

Ppart

B.

Fdisk

C.

Du

D.

mount

Question 3

In a regular server maintenance operation, the purpose of installing a patch on the operating system is?

Options:

A.

To improve server resource usage

B.

to improve system usability

C.

to enhance system functionality

D.

to avoid existing system vulnerabilities being used by some hackers

Question 4

Which of the following options does not belong to 5 key elements of network

communication?

Options:

A.

Encryption Algorism

B.

Source IP

C.

Destination IP

D.

Communication Protocol

Question 5

CC attacks can cause serious damages. Which of the following statements about CC attack is

not correct?

Score 2

Options:

A.

CC attack will simulate real user requests

B.

Will consume massive sever side resource

C.

CC attack is done on network layer

D.

The request generated by CC attack is hard to be distinguished from normal requests

Question 6

In May 2017 a new blackmail virus WannaCry burst globally, using Windows OS open port 445 to initiate its attacks. What is the quickest way to prevent this kind of attacks?

Options:

A.

disable port 445

B.

set a highly complexed administrator password

C.

encrypt all data on server side

D.

put sensitive data in some hidden directory

Question 7

Which of the following descriptions of the shared responsibilities security model is CORRECT?

Options:

A.

After beginning to use cloud service, the cloud service provider will become responsible for all of

the user’s security.

B.

After beginning to use cloud service, the user and the cloud service provider will be jointly

responsible for cloud security, with each responsible for different layers of security.

C.

After beginning to use cloud service, users must still take care of physical and environmental

security.

D.

After beginning to use cloud service, users only need to pay attention to the security of their own

apps and data. All other security will be the responsibility of the cloud service provider.

Question 8

Which of the following benefit cannot be provided by 'Server Guard'?

Score 2

Options:

A.

lower the risk of sensitive data leak

B.

improve the usage of system resource

C.

lower the cost of security protection

D.

get instant alerts after attacks are detected

Question 9

Which of the following statements is NOT true about daily operation on server account

andpassword maintenance?

Options:

A.

change'Administrator' to some other name

B.

with'Server Guard protection In Allbaba Cloud,you can set password to some easy to

remember words.

C.

except for some necessary accounts for system manogement,.dlsoble or delete other

seldomly used accounts

D.

always set a complexed passwcwd using combination of numbers,letters and other

characters

Question 10

Which of the following scenarios can be considered as business fraud? (the number of

correct answers: 2)

Options:

A.

massive accounts registration for new user benefits gain

B.

data leak because of data transmission with plain text

C.

post massive comments with bots to some e-commerce website

D.

page content including some porn pictures

Question 11

Which of the following security vulnerability is not a 'Server Side' security issue?

Options:

A.

SQL injection

B.

System Command Execution vulnerability

C.

CSRF(cross site request fraud)vulnerability

D.

File uploading vulnerability

Question 12

ECS cloud server is one of the service provided by Alibaba Cloud. If it is attacked by

some internet hacker, which of the following consequences such attack could cause? (the

number of correct answers: 2)

Options:

A.

Physical Server Damage

B.

Leak of customer sensitive data

C.

Service running on this ECS become not available

D.

The datacenter where the ECS belongs to need to shutdown

Question 13

Which of the following statements is NOT true about web application security protection best practices?

Options:

A.

enforce security management to any public service

B.

keep installing official released patches will be good enough

C.

keep monitoring system processes , performance and status

D.

always scan input by user through web application

Question 14

Which of the following statements is true about classic network and VPC?

Options:

A.

they can do same thing

B.

you can customize your private IP in a classic network

C.

you can customize your private IP in VPC

D.

servers inside VPC can only communicate to other VPC network

Question 15

For internet communication, to setup the connection and data transition between source

and destination, which of the following information you will need? (the number of correct

answers: 3)

Score 1

Options:

A.

IP address

B.

Port

C.

Encryption algorism

D.

Protocol

E.

Router Location

Question 16

If WAF service user updated web page content after turning on website tampering protection, what does user need to do on WAF console?

Options:

A.

Update cache

B.

turn on protection switch manually

C.

add one protection rule

D.

restart the whole WAF service

Question 17

Using ECS security group can help you achieve:

Options:

A.

better CPU usage

B.

fine grained access control to you server

C.

enlarge your network bandwidth

D.

apply QOS to a specific IP

Question 18

Which of the following service may under anti-DDOS attack?(the number of correct answers:

3)

Score 1

Options:

A.

servers in VPC only configured with private network

B.

any device internet reachable

C.

government website

D.

public DNS service

E.

offline servers

Question 19

Which of the following DDoS descriptions are correct?

Options:

A.

In order to get admin password

B.

Steal confidential information

C.

Causes the target server unable to process legitimate requests

D.

If the target server has no vulnerabilities, the remote attack may still succeed.

Question 20

Which command in Windows OS can be used to open a terminal?

Options:

A.

Painter.exe

B.

Cmd.exe

C.

Batch.exe

D.

Term.exe

Question 21

In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the

attacker manipulate?

Options:

A.

The version field

B.

The source address field

C.

The source port field

D.

The destination address field

Question 22

Which of the following HTTP status code does reflect that the requested page does not exist?

Options:

A.

403

B.

404

C.

201

D.

304

Demo: 22 questions
Total 147 questions