ACP Cloud Security Certification ACP-Sec1 Exam Dumps Questions

1. Alibaba Cloud CloudMonitor is a service that monitors Alibaba Cloud resources and Internet applications

Which of the following functions are currently provided by CloudMonitor? (Number of correct answers: 4)

2. More than one CNAME record is generated for the same domain name when Alibaba Cloud Anti-DDoS Premium Service Instance is purchased for load balancing purpose.

3. Data Risk Control feature has been integrated into Alibaba Cloud WAF. When this function is activated, a script must be embedded into the page that wishes to be protected under the corresponding domain name to check whether a client is trustworthy.

Which type of script is it?

4. When using Alibaba Cloud Anti-DDoS Service/WAF in China Mainland, you must finish ICP Filing beforehand.

5. The ScheduleKeyDeletion function lets you schedule a time to delete Key Management Service (KMS) keys.

How far in the future can a key deletion event be scheduled?

6. User A is the system administrator of a company, who often takes business trips to Shanghai Each time when he remotely logs on to the Shanghai an alert is reported, prompting "Someone is remotely logging on to the server Please pay attention to your server security"

Which of the following methods can be used to quickly and automatically resolve this issue?

7. There is a limit on the number of Customer Master Keys (CMKs) that users can create using Key Management Service (KMS), but users can raise this limit by submitting a support ticket to Alibaba Cloud.

8. A customer built his website on Alibaba Cloud- To defend against Web attacks he activated Alibaba Cloud WAF However, a week later, the customer finds that his website has suffered intrusion.

Which of the following actions should he take to ensure that WAF functions correctly and enhance system security? (Number of correct answers: 4)

9. Border Gateway Protocol (BGP) is mainly used for interconnection between autonomous systems (AS) on the Internet It. Controlling route transmission and selecting the best route Alibaba Cloud uses a BGP multi-line access mechanism for all its IDCs in China.

Which of the followings are advantages of a BGP multi-line IDC? (Number of correct answers 2)

10. Cross Site Script (XSS) attacks refer to a kind of attack by tampering the webpage using HTML injection to insert malicious scripts so as to control the user's browser when the user browses the webpage XSS vulnerabilities may be used for user identity stealing (particularly the administrator identity), behavior hijacking, Trojan insertion and worm spreading, and also phishing

11. Alibaba Cloud WAF is a security protection product based on Alibaba Group's web security defense experience accumulated over more than a decade By defending against common OWASP attacks, providing patches to fix vulnerabilities, and allowing users to customize protection policies for website services, WAF can successfully safeguard the security and availability of websites and web applications.

Which of the following types of security configurations does WAF provide? (Number of correct answers 3)

12. You have helped a customer set up a content filtering solution based on Content Moderation service However, the customer is complaining that certain images are getting incorrectly flagged as pornographic content.

What can you do to help fix this?

13. Import the key material

14. For which of the following protection scenarios is Alibaba Cloud WAF applicable? (Number of correct answers: 5)

15. Manage the certificate

16. Alibaba Cloud's Content Moderation service cannot detect advertising or spam content.

17. Content Moderation Service is an API-based service Like many API services, it employs throttling to make sure that the service cannot be overwhelmed by a large number of simultaneous requests.

What is the maximum number of requests per minute you can make against the Content Moderation API?

18. Alibaba Cloud Security Center can record source IP addresses that remotely access a server, and shield suspicious IP addresses that frequently connect to the server. During routine O&M.

Which of the following functions can be used to set the IP address that are commonly used by the system administrator'?

19. You have set an alert policy for the disk usage of an ECS instance by using Alibaba Cloud CloudMonitor Each measurement cycle lasts for 5 minutes, during which the average disk usage is measured If the average disk usage exceeds 80% for five consecutive measurement cycles, an alert will be reported.

After your average disk usage exceeds 80%, how long will it take to receive an alert with the best case scenario?

20. Alibaba Cloud Anti-DDoS Premium can be used only when the origin site IP address is in Alibaba Cloud.

21. Alibaba Cloud WAF cannot protect against large traffic DDoS attacks which can be solved by Alibaba Cloud Ant-DDoS Service.

22. Clean bandwidth refers to the maximum normal clean bandwidth that can be processed by Anti-DDoS Premium instances when your business is not under attack. Make sure that the Clean bandwidth of the instance is greater than the peak value of the inbound or outbound traffic of all services connected to the Anti-DDoS Premium instances

If the actual traffic volume exceeds the maximum Clean bandwidth, your business may be subject to traffic restrictions or random packet losses, and your normal business may be unavailable, slowed, or delayed for a certain period of time

23. Alibaba Cloud WAF currently supports web security protection for HTTP and HTTPS.

Which of the following ports are usually used for HTTP and HTTPS protocols? (Number of correct answers: 2)

24. After a customer uses Alibaba Cloud Anti-DDoS Premium Service, a 502 error is prompted.

Which of the followings are the possible causes of the error? (Number of correct answers 3)

25. You have bought an ECS instance on Alibaba Cloud After deploying a Python environment on it, which of the following is the easiest and quickest way to monitor whether the Python process is running normally and report an alert if the process is accidentally terminated?

26. Which of the following methods can be used to download the metric data of Alibaba Cloud CloudMonitor?

27. Alibaba Cloud Data Risk Control utilizes Alibaba Group's Big Data computing capabilities and industry-leading, risk decision making engine to address fraud threats in key service processes (such as account log on, online activity, payment) and avoid financial loss

Which of the following is NOT an application scenario of Data Risk Control?

28. If you activate Alibaba Cloud Security Center on an ECS Linux instance and change the default SSH port (22) to another port, you will no longer receive SMS or email notification related to brute force password cracking

29. Alibaba Cloud's CloudMonitor can not only monitor ECS instances in a secure and efficient way, but also monitor HTTP sites of clients' servers in data centers However, in the latter case, Alibaba Cloud does not provide monitor agent so users need to develop their own scripts to collect data

30. Which of the following services can be protected by the Alibaba Cloud Security Center's anti-brute force password cracking function? (Number of answers 3)