ACA-Sec1 AliCloud Online Prep Questions

Our AliCloud ACA-Sec1 practice exam questions can help you fit the atmosphere of actual test in advance, which enable you to improve your ability with minimum time spent on ACA-Sec1 exam prep and maximum knowledge gained. We are a group of experienced IT experts and certified trainers and created the ACA-Sec1 exam dumps to help our customer pass ACA-Sec1 real exam with high rate in an effective way.

Page 1 of 6

 Loading...

1. Which of the following options can be considered as Physical environment security risks in IT infrastructure?

Room temperature

Data encryption

Rain

Sounder

 Loading...

2. Which version of WAF will provide advisor customized protection rule? Score 2

Advanced Version

Enterprise Version

Ultimate Version

Standard Version

 Loading...

3. In Windows OS users can set software update configuration in various modes .

Which software update configuration listed here is not supported at all?

Set a fixed upgrade schedule

Automatically install any upgrade if available

Always ask for user’s permission before installation

never check for upgrade

 Loading...

4. For an IP subnet like 192.168.0.0/24, which of the following statements is true?

Every IP address inside this subnet can be assigned as a HOST IP

The broadcast address of this subnet is 192.168.0.0

The network address of this subnet is 192.168.0.255

IP communication between the hosts inside this subnet will not go through the gateway

 Loading...

5. Which directory is the home directory of root user?

/home/root

/root

/

/boot

 Loading...

6. In Windows OS what command can be used to open registry table and edit it?

Gpedit

Regedit

Gedit

Zedit

 Loading...

7. Which of the following protection rules are provided by WAF to better protect from CC attack? (the number of correct answers: 2)

Loose

Strict

Normal

Emergency

 Loading...

8. In Linux OS, if access control to a file is shown as '-rwxrw-r--' in shell command, which of the following statements are true? Score 2

This file is a text file

The access privilege of this user group is read only

The owner of this file has read/write/execution privilege to this file

Other users (outside of this user group) can execute this file

 Loading...

9. Identify the attack where the purpose is to stop a workstation or service from functioning?

This attack is known as non-repudiation

This attack is known as TCP/IP hijacking

This attack is known as denial of service (DoS)

This attack is known as brute force

 Loading...

10. Which of the following options can be considered as Data and Application security risks in IT infrastructure?

Data integrity

Data access control

Data readiness

Data encryption

Page 2 of 6

 Loading...

11. Which of following statements is NOT true about anti-DDOS basics and anti-DDOS Pro?

both can defend DDOS attack

anti-DDOS pro is free to charge

anti-DDOS pro has more capabilities to defend against DDOS attacks

anti-DDOS pro can protect both inside and outside Alibaba Cloud servers

 Loading...

12. What status transition flow a TCP client will go through in order to proactively establish connection and disconnect it?

SYNC_SENT- ->ESTABLISHED-->FIN_WAIT1-->FIN_WAIT2-->TIME_WAIT

SYNC_SENT- ->ESTABLISHED-->FIN_WAIT1-->FIN_WAIT2-->CLOSE_WAIT

SYNC_RCVD- ->ESTABLISHED-->CLOSE_WAIT-->TIME_WAIT-->LAST_ACK

SYNC_SENT- ->SYNC_RCVD-->ESTABLISHED-->FIN_WAIT1-->FIN_WAIT2

 Loading...

13. Which of the following security vulnerability is not a 'Server Side' security issue?

SQL injection

System Command Execution vulnerability

CSRF (cross site request fraud) vulnerability

File uploading vulnerability

 Loading...

14. A DoS attack that sends a flood of synchronization (SYN) requests and never sends the final acknowledgement (ACK) is typically known as which of the following?

Smurf

Ping Flood

Fraggle

SYN flood

 Loading...

15. Which of the following statements are true for how to login to different ECS operating system? (the number of correct answers: 2) Score 1

use 'remote desktop connection' for windows

use 'ssh' tool for windows

use 'remote desktop connection' for Linux

use 'ssh' tool for Linux

 Loading...

16. You configure a computer to act as a zombie set in order to attack a web server on a specific date.

What would this contaminated computer be part of?

The computer is part of a DDoS attack

The computer is part of a TCP/IP hijacking

The computer is part of a spoofing attack

The computer is part of a man-in-the-middle attack

 Loading...

17. Which of the following steps is not a valid step for using anti-DDOS pro?

configure to be protected domain name

add new DNS record

change source IP

if original server is using its own firewall, then need to add Anti-DDOS pro IP to its white list

bind real customer identity to anti-DDOS pro IP

 Loading...

18. For internet communication, to setup the connection and data transition between source and destination, which of the following information you will need (the number of correct answers: 3) Score 1

IP address

Port

Encryption algorism

Protocol

Router Location

 Loading...

19. Which of the following 4 functions can be achieved through ECS security group configuration?

allow specific IP to remote access ECS server

make ECS server be able to defend 15Gb/s DDOS attack

fix XSS vulnerability

assign customized IP address to ECS

 Loading...

20. Using RAM, Alibaba Cloud users can create and manage user accounts and control the operation permissions these user accounts possess for resources under your account .

Which of the following descriptions of a RAM usage scenario is NOT correct?

Enterprise sub-account management and permission assignment

Resource operation and authorization management between enterprises

Temporary authorization management for untrusted client apps

Prevention of network attacks on enterprises

Page 3 of 6

 Loading...

21. After using WAF, if you find there are many user input data in the network traffic, you should apply:

Loose protection policy

Normal protection policy

Strict protection policy

Progression protection policy

 Loading...

22. Using ECS security group can help you achieve:

better CPU usage

fine grained access control to you server

enlarge your network bandwidth

apply QOS to a specific IP

 Loading...

23. CC customized protection rule supports you to define customized configuration setting .

Which of following items can be self-defined? (the number of correct answers: 3)

Source IP

URI

How long the detection should last

How frequently the page is visited by one single source IP

Target IP

 Loading...

24. If Server Guard (product provided by Alibaba Cloud) report some brute force password hacking attacks, the reporting information will include (the number of correct answers: 3)

Attack initiated time

Attack type

Tools attacker used

Attack source IP

Physical location of attacker

 Loading...

25. May, 2017. New blackmail virus WannaCry burst globally.

This virus leveraged Windows OS opened port 445 to initiate the attack, so the quickest way to prevent this kind of attack is?

Change 'Administrator' to some other name

With 'Server Guard' protection in Alibaba Cloud, you can set password to some easy to remember words.

Except some necessary accounts for system management, disable or delete other useless accounts

Always set password with highly complex combination of number, letter and other characters

 Loading...

26. Which of following elements are included in a TCP/IP based route table (the number of correct answers: 3)

Network Destination

Netmask

Mac Address

Gateway IP

Port

 Loading...

27. Which of the following statements about ECS, VPC, security groups are NOT true? (the number of correct answers: 2)

rule setting for security group supports both in and out direction configuration

default security group rule is safe enough, please don't change it too much

by default, ECS in different security group can communicate with each other

one ECS can be in several different security group

 Loading...

28. Which of these options contains the three basic target categories for a DoS or a DDoS?

Resources, printers and storage devices

Networks, systems and applications

Systems, memory, network access card

Network access card, applications, peripheral devices

 Loading...

29. What will the correct stops the traffic will flow through if the user used all following cloud service: WAF, Anti-DDOS pro, CDN.

CDN- >Anti-DDOS Pro->WAF->Original Website

Anti-DDOS Pro->CDN->WAF->Original website

CDN- >WAF->Anti-DDOS Pro->Original website

Anti-DDOS Pro->WAF->CDN->Original website

 Loading...

30. From which of the following attacks WAF will not provide protection?

SYN Flood

Web Server vulnerability attack

Core files unauthorized access

HTTP Flood

Page 4 of 6

 Loading...

31. Alibaba Cloud offers different security protection plans to different tenant accounts .

Which of the following is NOT a security plan offered by Alibaba Cloud?

Password-free login

Two-factor authentication

Phone number binding

Phone or email verification for password resetting

 Loading...

32. Which of the following 2 security risks are not included in OWASP published 2017 Top 10 Web Application Security Risks

Cross-Site Request Forgery (CSRF)

Cross-Site Scripting (XSS)

Unvalidated Redirects and Forwards

Injection

 Loading...

33. Which of the following protocols will not be used for a SYN Flood attack?

UDP

TCP

IPX/SPX

AppleTalk

 Loading...

34. Which of the following protocols is not an application level protocol in ISO/OSI 7 layer networking model?

FTP

TCP

HTTP

SNMP

 Loading...

35. In Windows OS you can turn off a service through: Score 2

Control Panel->Management Tool->Stop the running service

Control Panel->windows update->Stop

Create new firewall rule to stop service

Delete administrator role and related accounts

 Loading...

36. Which of the following issues would not happen if ECS server is under attack by hackers?

sensitive data leak

service running on that server is not available

physical server damage

compromise the reputation of service provider on that server

 Loading...

37. Which protocol is a 'data link' layer protocol in ISO/OSI 7 layer network model? Score 2

ICMP

ARP

FTP

UDP

 Loading...

38. Which of the following statements about the supported way of MySQL DB for backup are true? (the number of correct answers: 2)

you can use 'mysqldump' do logical backup

you can copy files directly to do physical backup

you can use 'binlog' to do real time backup

you must stop accessing to DB before you do logical backup

 Loading...

39. CC attacks can cause serious damages .

Which of the following statements about CC attack is not correct? Score 2

CC attack will simulate real user requests

Will consume massive sever side resource

CC attack is done on network layer

The request generated by CC attack is hard to be distinguished from normal requests

 Loading...

40. You are planning on hosting an eCommerce Web server. You are intent on making the server secure against all external attacks possible .

Which of the following would be the best way to test your server for its weaknesses? Choose the best answer.

Ping to the server

Simulate a DDoS attack on that server

Simulate a DoS attack on the server

Check if all the patches and required antivirus software has been loaded o the server

Page 5 of 6

 Loading...

41. Which of the following statements is true about HTTP protocol? Score 2

HTTP is a network layer protocol

the data transmitted by this protocol is auto-encrypted

default service port is 80

HTTP protocol can't be used to transmit file

 Loading...

42. Which of the following items can't be set in ECS security group configuration? Score 2

OS type

network interface

authorization policy

authorization object

 Loading...

43. Which of following statement about 'Server Guard' Trojan scanning functionality is NOT correct? Score 2

Server Guard Agent will automatically scan your web pages directories and look for any webshell file.

A change to a file in the web pages directories will trigger a scan for that file

you can log on to the Server Guard console to isolate webshell files with one click.

Server Guard will delete any suspicious webshell file immediately My Answer,

Other file says D

 Loading...

44. Which of the following statements about VLAN are NOT true? (the number of correct answers: 3) Score 1

users in different VLAN can connect each other directly without pre-configuration

different VLAN means different physical location of switches

VLAN configuration can be done through an TCP/IP router device

VLAN can enhance the network security and data isolation

 Loading...

45. Reliable server daily operation and security management are essential for continuous service running .

Which of the following statement is NOT correct regarding to this scenario?

set easy to remember password to help administrator quickly login and solve problems

patch system timely and frequently

enable build-in OS firewall and configure it properly

disable the ports which are not providing service anymore

 Loading...

46. Which of the following HTTP status code does reflect that the requested page does not exist?

403

404

201

304

 Loading...

47. Which of the following function is provided by 'server guard' patch management service?

fix vulnerability found in open source software using Alibaba self-developed patch

detect any vulnerability before it bursts

release official patches for any exposed vulnerability

stop hacker's vulnerabilities probing

 Loading...

48. What are the advantages of anti-DDOS pro comparing to anti-DDOS basics service?

(the number of correct answers: 3)

stronger defending attacks capability

elastic protection bandwidth

no upper limit to the attack traffic need to be handled

can do anti-fraud protection

can protect IDC outside Alibaba Cloud

 Loading...

49. By default, servers in VPC can't communicate with internet. By implementing which of the following products these servers can gain the capability to communicate with internet? (the number of correct answers: 3)

Elastic Public IP

CDN

EIP + SLB

EIP + NAT Gateway

DNS service

 Loading...

50. Which of the following protocol is dedicated to resolve IP and MAC addresses?

TCP

ARP

DNS

ICMP

Page 6 of 6

 Loading...

51. Which of following statements about the possible reasons that cause web server vulnerabilities are true? (the number of correct answers: 2) Score 1

Bugs generated during common component development

Hardware configuration is not up to date

Software used or OS itself contain some logic flaw

End user didn't follow the user manual

 Loading...

52. Which web server is default one in Windows OS?

HTTPD

IIS

Web Daemon

Apache

 Loading...

53. In a regular server maintenance operation, the purpose of installing a patch on the operating system is?

To improve server resource usage

to improve system usability

to enhance system functionality

to avoid existing system vulnerabilities being used by some hackers

 Loading...

54. Regarding the 'Shared Security Responsibilities' on Alibaba Cloud, which of the following options are the responsibilities Cloud user need to take care of?

Data security inside ECS

Physical servers water proof

Application vulnerabilities

ECS network configuration

 Loading...

55. Which of the following methods CANNOT increase account security?

Strong password policies

Periodically reset the user login passwords

Adhere to the minimum authorization principle

Unite user management, permission management and resource management into a single management process

 Loading...

56. In order to stop the service provided through a particular port in Windows OS, which of the following methods can be used to achieve this objective? (the number of correct answers: 3)

adjust firewall rule

adjust local security policy

update OS patch

stop the service itself

stop all guest role access

 Loading...

57. If user is using anti-DDOS Pro service, but the original server has rule to limit access to the client IPs, which of the following actions is the most proper one to take?

enable CDN and change anti-DDOS pro IP to CDN address

add anti-DDOS pro IP into customer firewall white list

disable original server firewall

enable SLB for original server

 Loading...

58. Which of the following shell command can be used to check disk usage in a Linux OS ECS

Df Ch

Echo

Free Cm

Ps Ce Co

 Loading...