Alibaba ACP-Cloud1 Exam Practice Test Instant Access

Question 1

Which of the following statements about an OSS bucket is NOT correct?

AEvery user can create more than one bucket.

BThe bucket name can be changed after creation.

CEvery bucket must have a unique name.

DThere is no limitation on the number of objects inside a bucket.

Answer : B

In Alibaba Cloud Object Storage Service (OSS), once a bucket is created, its name cannot be changed. This rule aligns with OSS's design to ensure global uniqueness and consistency in bucket naming across regions. Users can create multiple buckets, and each bucket can store an unlimited number of objects, provided the bucket name remains unique and immutable after creation.

Question 2

When the "'Obtain the Visitor's Real IP Address" function is enabled in Alibaba Cloud SLB For layer 7 services, you can obtain the real IP addresses of visitors through the______________field in HTTP header

AConnection

BAuthorization

CEtag

DX-Forwarded-For

Answer : D

The X-Forwarded-For field in HTTP header is used to identify the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. When the ''Obtain the Visitor's Real IP Address'' function is enabled in Alibaba Cloud SLB, the SLB instance adds the X-Forwarded-For field to the HTTP header of each request and forwards the request to the backend server. The backend server can then obtain the real IP address of the visitor from the X-Forwarded-For field1. The format of the X-Forwarded-For field is as follows:

X-Forwarded-For: client, proxy1, proxy2

where the value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from. In this example, the request passed through proxy1, proxy2, and then the SLB instance (proxy3).2

Question 3

If an administrator often needs to manage multiple ECS instances in an Alibaba Cloud VPC through the Internet Which of the following solutions can meet this need at low costs and without affecting system security.

ANone of these answers are correct.

BChoose an ECS instance from VPC and make it as the bastion host And then, apply an EIP and bind it to this ECS instance. After that the administrator can manage other ECS instances through this bastion host.

CModify the VPC Security Group policy, to allow access from the Internet.

DBind an EIP to each of the ECS instances, and Jog on to each of these ECS instances to manage them.

Answer : B

A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or in a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers. In the context of Alibaba Cloud, a bastion host can be used to securely access and manage multiple ECS instances in a VPC through the Internet. By applying an EIP and binding it to the bastion host, the administrator can use SSH or RDP protocols to log on to the bastion host from the Internet, and then use the same protocols to access other ECS instances in the VPC through the private network. This way, the administrator can avoid exposing all the ECS instances to the Internet, which would increase the risk of attacks and incur higher costs. The bastion host can also be configured with security policies and monitoring tools to enhance the protection of the ECS instances in the VPC. Reference: Bastion Host, Access an ECS Instance by Using a Bastion Host

Question 4

You deployed a MySQL database on an Alibaba Cloud Elastic Compute Service (ECS) instance. Due to increased traffic, there are more and more O&M tasks, such as database backup and Master/Slave database synchronization, and these tasks are becoming overwhelming.

Therefore, you can use Alibaba Cloud ___________ to solve this issue.

AAuto Scaling

BApsaraDB for RDS

CObject Storage Service

DTable Store

Answer : B

ApsaraDB for RDS is Alibaba Cloud's managed database service that simplifies O&M tasks for relational databases like MySQL. It offers built-in features for automatic backups, high availability, and Master/Slave synchronization, which reduces manual intervention and helps scale the database as traffic grows. By migrating to ApsaraDB for RDS, users can offload complex O&M responsibilities to Alibaba Cloud, ensuring a more efficient and scalable database solution for high-traffic applications.

Question 5

If you need to make the ECS instances under three VSwitches (inside the same Alibaba Cloud VPC) unable to access each other, while not affecting other Intranet connections in this VPC, what should you do?

ACreate three Security Groups, each containing all ECS instances under these three VSwitches. First, configure each Security Group to allow access to all CIDR Blocks. Then, configure each Security Group to forbid access to the CIDR blocks of the other two VSwitches (with this rule given higher priority than the previous rule).

BCreate three Security Groups, each containing all ECS instances under these three VSwitches. First, configure each Security Group to allow access to all CIDR Blocks. Then, configure each Security Group to forbid access to the CIDR blocks of the other two VSwitches (with this rule given a lower priority than the previous rule).

CCreate one Security Group containing all ECS instances under these three VSwitches. First, configure the Security Group to allow access to all CIDR Blocks. Then, configure the Security Group to forbid access to the CIDR blocks of the other two VSwitches (with this rule given higher priority than the previous rule).

DNone of these answers are correct.

Answer : A

To isolate ECS instances within different VSwitches in a VPC while allowing them to access the internet and other intranet resources, each VSwitch's instances should be in separate Security Groups. By configuring each group to allow all VPC CIDR blocks first and then restricting access to other VSwitch CIDR blocks with a higher priority rule, instances in each VSwitch are isolated without affecting the VPC's external connections. This approach follows Alibaba Cloud's Security Group best practices and CIDR-based access control within VPC environments.

Question 6

When creating a scaling group in Auto Scaling, there is one setting called ''Removal policy.'' Which of the following statements is true if the removal policy is set to ''the earliest instance with the scaling configuration''?

AThe earliest ECS instances created by Auto Scaling will be removed first

BThe oldest ECS instances will be removed

COnly the earliest ECS instances created manually will be removed

DThe earliest ECS instances added to the scaling group will be removed

Answer : A

When the removal policy is set to ''the earliest instance with the scaling configuration,'' Auto Scaling will prioritize removing the oldest ECS instances that were created by Auto Scaling. This policy helps manage and rotate instances that may have been running the longest, ensuring newer instances remain available to handle the current load. This approach is beneficial for maintaining cost-effectiveness and operational efficiency.

Question 7

Once ECS is created, you can't change its private IP address anymore.

ATrue

BFalse

Answer : B

You can change the private IP address of an ECS instance after it is created, but you need to stop the instance first. The private IP address must be within the CIDR block of the VPC and the VSwitch that the instance belongs to. You can modify the private IP address of an instance by using the console or the API. Reference: 3, ACP Cloud Computing Certification - Alibaba Cloud Academy

After stopping an Alibaba Cloud Elastic Compute Service (ECS) instance, you will still be charged for some resources related to that ECS instance, such as disks, snapshots, and public IP addresses, until you release them. The charging policy depends on the billing method and network type of the ECS instance. For pay-as-you-go instances, you can choose whether to enable the No fees for stopped instances feature, which allows you to stop paying for vCPUs and memory when the instance is stopped. However, this feature is only available for VPC-connected instances in some regions1. For subscription instances, you will be charged for the entire subscription period regardless of whether the instance is running or stopped2. Reference:

1: Billing FAQ - Elastic Compute Service - Alibaba Cloud Documentation Center1

2: Billing overview - Elastic Compute Service - Alibaba Cloud Documentation Center2

Alibaba ACP-Cloud1 ACP Cloud Computing Certification Exam Practice Test