Alibaba ACP-Cloud1 Exam Practice Test Instant Access

Question 1

Many websites have suffered DDoS attacks of different volumes. Therefore, accurate understanding of DDoS attacks is critical to website security protection. Which of the following statements about DDoS attacks is the MOST accurate?

AThe purpose of a DDoS attack is to steal confidential information.

BThe main purpose of a DDoS attack is to prevent the target server from providing normal services. Currently, the DDoS attack is one of the strongest and most indefensible website attacks.

CA DDoS attacks crack the server's logon password by means of a massive number of attempts.

DDDoS attacks primarily target databases.

Answer : B

A DDoS attack is a type of cyberattack that aims to exhaust the resources of a target server or network, such as bandwidth, CPU, memory, or disk space, by sending a large amount of malicious traffic or requests. This can cause the server or network to slow down, crash, or become unavailable to legitimate users. A DDoS attack is not intended to steal confidential information, crack passwords, or target databases, although these may be secondary objectives or consequences of some attacks. A DDoS attack is one of the most common and powerful threats to website security, as it can be launched from multiple sources, use various attack methods, and evade traditional defense mechanisms. According to the DDoS Attack Statistics and Trend Report by Alibaba Cloud, the proportion of volumetric attacks at 50Gbps and above has doubled, and the resources exhaustion attack reached a peak value of 3 million QPS in 2020-2021. Reference: DDoS Attacks: Sources, Strategies and Practices - Alibaba Cloud, DDoS Attack Statistics and Trend Report by Alibaba Cloud, Use Alibaba Cloud Anti-DDoS Service to Defend DoS Attack, Anti-DDoS Basic - Alibaba Cloud

Question 2

Which of the following scenarios can be done using Alibaba Cloud Express Connection? (Number of correct answers: 2)

AIntranet communication between VPCs and Smart Access Gateway in customers different branch offices

BIntranet communication between a VPC and servers in an external IDC

CIntranet communication between two VPCs in different accounts and different CIDR Blocks

DIntranet communication between two VPCs under the same account in the same region

Answer : A, B

Alibaba Cloud Express Connect is a service that enables high-bandwidth, reliable, secure, and private connections between different networks, such as VPC networks across regions, Alibaba Cloud accounts, and on-premise data centers1. It supports different connection methods, such as physical connections, virtual border routers, and Express Cloud Connect1.

Scenario A: Intranet communication between VPCs and Smart Access Gateway in customers different branch offices. This scenario can be achieved by using Express Cloud Connect, which is based on the hardware capacities of Smart Access Gateway and provides SD-WAN capabilities1. Express Cloud Connect allows you to connect your branch offices to Alibaba Cloud through a dedicated partner backbone network, and access VPC networks in all regions1.

Scenario B: Intranet communication between a VPC and servers in an external IDC. This scenario can be achieved by using physical connections, which are dedicated network connections between on-premise data centers and VPC networks1. You can lease a line from your ISP or work with an Alibaba Cloud partner to establish a physical connection to Alibaba Cloud1. This way, you can access VPC networks in all regions with high bandwidth and low latency1.

Scenario C: Intranet communication between two VPCs in different accounts and different CIDR Blocks. This scenario can be achieved by using peering connections, which are logical connections that enable communication between VPC networks2. Peering connections support cross-region and cross-account scenarios, and allow you to connect VPC networks with different CIDR blocks2. However, peering connections are not part of Alibaba Cloud Express Connect, but a separate service called Cloud Enterprise Network2.

Scenario D: Intranet communication between two VPCs under the same account in the same region. This scenario can also be achieved by using peering connections, which are logical connections that enable communication between VPC networks2. Peering connections support intra-region and same-account scenarios, and allow you to connect VPC networks with different CIDR blocks2. However, peering connections are not part of Alibaba Cloud Express Connect, but a separate service called Cloud Enterprise Network2. Reference: 1: Express Connect - Alibaba Cloud 2: Introduction to Cloud Enterprise Network - Alibaba Cloud Document Center

Question 3

You would like to deploy your applications on Alibaba Cloud to meet requirements including cost reduction, improving service availability, fast deployment- and redundant backup Alibaba Cloud_________products can help meet these requirements (Number of correct

answers 3)

AElastic Compute Service (ECS) image achieve efficient and convenient deployment.

BUtilizing Content Delivery Network (CDN) can meet the demands for redundant backup.

CUtilizing Server Load Balancer (SLB) and ECS instances can improve data reliability.

DElastic Compute Service (ECS) snapshot satisfies the needs of rapid recovery of applications and data.

EReasonable selection of Regions/Zones meets the location needs of application deployment as well as the demands for redundantly backup critical business applications and data.

EReasonable selection of Regions/Zones meets the location needs of application deployment as well as the demands for redundantly backup critical business applications and data. This is correct because regions and zones are the physical locations of Alibaba Cloud data centers. Regions are geographically isolated from each other, and zones are physically independent within the same region. Users can choose the regions and zones that best suit their application deployment needs, such as proximity to customers, compliance with local regulations, and availability of services. Users can also use multiple regions and zones to achieve redundancy and backup for their critical business applications and data.

Answer : A, C, E, E

A . Elastic Compute Service (ECS) image achieve efficient and convenient deployment. This is correct because ECS images are pre-configured operating system environments that can be used to create and launch ECS instances quickly and easily. ECS images can reduce the cost and time of deploying applications on Alibaba Cloud1.

B . Utilizing Content Delivery Network (CDN) can meet the demands for redundant backup. This is incorrect because CDN is not a backup service, but a service that accelerates the delivery of content to end users by caching it at edge nodes. CDN can improve the performance and availability of applications, but it does not provide data redundancy or backup2.

C . Utilizing Server Load Balancer (SLB) and ECS instances can improve data reliability. This is correct because SLB is a service that distributes traffic among multiple ECS instances based on predefined rules. SLB can improve the availability and reliability of applications by eliminating single points of failure and ensuring that requests are routed to healthy instances3.

D . Elastic Compute Service (ECS) snapshot satisfies the needs of rapid recovery of applications and data. This is incorrect because ECS snapshot is a feature that allows users to create point-in-time backups of ECS disks. ECS snapshots can be used to restore data or create new disks, but they do not satisfy the needs of rapid recovery of applications and data. Snapshots are stored in Object Storage Service (OSS), which is a low-cost and durable storage service, but it has higher latency and lower performance than disks4.

Question 4

You are designing a solution for a startup company, the proposed solution is like this You suggest they use ECS instances to process requests from mobile App clients, and use SLB to distribute data traffic and ensure the load across each backend ECS instance is balanced.

Moreover to deal with volatile fluctuations in business volume (page views are much higher on the weekends), you also suggest they use Auto Scaling to dynamically increase or reduce computing resources.

The company is satisfied with the solution you proposed. However, they have one concern that when removing an idle instance from the scaling group: if Auto Scaling shuts the instance down directly, the service running on that instance will be abruptly terminated, resulting in poor user experience.

In order to eliminate your customer's concern, which of the following solutions should you recommend them?

AFind the ECS instance that is going to be removed from the backend server pool of the SLB instancer and automatically set the weight of this ECS instance to 0. This instance will not be assigned with new requests, and will be automatically removed from the backend server pool after existing tasks are completed.

BFirst, insert a script into the image for creating the ECS instance Second, make the script run automatically when the operating system in this ECS instances is about to shut down. This script contains the processing logic that can ensure the instance finish all the remaining tasks before shutting down.

CFind the ECS instance that is going to be removed from the backend server pool of the SLB instance, and manually remove this instance from the backend server pool Applications running on this ECS instance will normally return results, but this instance will not be assigned with new requests.

DUse the Lifecycle Hook function embedded m Auto Scaling Define a suitable timeout and a web hook to do the necessary work before the instance is removed.

Answer : D

According to the Alibaba Cloud Auto Scaling documentation1, the Lifecycle Hook feature allows you to perform custom operations on instances that are added to or removed from a scaling group. You can define a lifecycle hook to specify a timeout period and a web hook URL. When an instance is about to be removed, Auto Scaling sends a notification to the web hook URL and waits for a response. During the timeout period, you can perform the necessary operations on the instance, such as gracefully shutting down the service, backing up the data, or sending a custom notification. After the operations are completed, you can send a response to the web hook URL to confirm the removal of the instance. This way, you can ensure that the instance is removed without affecting the user experience or causing data loss. Therefore, option D is the best solution to eliminate the customer's concern. Reference: Lifecycle hooks and Alibaba Cloud Auto Scaling.

Question 5

When creating cloud product instances in Alibaba Cloud, you can choose the default VPC and VSwitch. The difference between non-default VPC/VSwitch and default VPC/VSwitch is that default VPC and VSwitch can only be created by Alibaba Cloud. Which of the following statements is incorrect about default VSwitch?

ADefault VSwitches can only be created in default VPCs

BIf you have already created a VPC and a VSwitch by yourself, when creating a cloud product instance, the instance cannot be created under the default VSwitch

CDefault and non-default VSwitches have the same constraints and operations

DDefault VSwitches are created for you by Alibaba Cloud. Any VSwitches you create are non-default switches

Answer : C

Default and non-default VSwitches do not have the same constraints and operations. Default VSwitches have specific configurations and limitations set by Alibaba Cloud, designed to simplify initial setups. In contrast, non-default VSwitches, created by users, allow for more customized configurations and are typically used in more complex or specialized networking environments. Thus, option C is incorrect as the constraints and operations differ between default and non-default VSwitches.

Question 6

SQL injection is a common attack on the application layer. It builds special input as a parameter to pass into a web application to steal or destroy the application dat

a. Which of the following is the target that SQL injection eventually destroys or steals from?

AWeb applications

BRedis database

CConfidential files on the server

DPictures on the server

Answer : A

SQL injection attacks primarily target databases by exploiting vulnerabilities in web applications. Attackers manipulate SQL queries to gain unauthorized access to the application's backend database, which may lead to data leakage or destruction. Although SQL injection affects the data stored in databases and not directly files or images on the server, the primary target remains the application layer through which the attack is conducted.

Question 7

For ECS and RDS instances under different Alibaba Cloud accounts but in the same region, which of the following statements is NOT correct for migrating self-built MySQL databases (running on ECS) to RDS?

AThe data can be imported via the Intranet

BThe data cannot be migrated.

CThe data can be imported via the public network.

DThe data can be imported by running mysqldump.

Answer : A

Data Transmission Service (DTS) is a real-time data streaming service that supports data transmission between data sources such as relational databases, NoSQL, and Big Data (OLAP). DTS supports data migration, data synchronization, and change data subscription scenarios. DTS can migrate your data to and from most of the widely used commercial and open source databases. It supports homogeneous migrations such as MySQL to MySQL, as well as heterogeneous migrations between different database platforms, such as Oracle to MySQL. Migrations can be from on-premises databases to RDS or ECS, databases running on ECS to RDS, or vice versa, as well as from one RDS database to another RDS database. DTS also supports migrating data between RDS instances of different Alibaba Cloud accounts, as long as they are in the same region1. Therefore, the statement B. The data cannot be migrated is NOT correct for migrating self-built MySQL databases (running on ECS) to RDS. The other statements are correct, as the data can be imported via the Intranet, the public network, or by running mysqldump234. Reference:

1: Migrate Self-built Database to RDS - Alibaba Cloud

2: Migrating a Self-built MySQL Database to Alibaba Cloud RDS for MySQL with Minimal Downtime - Alibaba Cloud Community

3: Migrating Data from a Self-Managed SQL Server Database on an ECS to an ApsaraDB RDS for SQL Server Database

4: Migrate data between RDS instances of different Alibaba Cloud accounts,Data Transmission Service

Alibaba ACP Cloud Computing Certification ACP-Cloud1 Exam Practice Test