ACP-Cloud1 Exam Questions

Total 70 Questions

Last Updated Exam : 16-Dec-2024

When using Alibaba Cloud SLB, users can enable the health check function If a backend ECS instance A is running abnormally, SLB will isolate it and forward the requests to other ECS instances, and when the backend ECS instance A is back to normal, SLB will again forward requests to it.


A. True


B. False





A.
  True

Explanation: When using Alibaba Cloud SLB, users can enable the health check function to monitor the availability of the backend ECS instances. If a backend ECS instance A is running abnormally, SLB will stop forwarding requests to it and distribute them to other healthy ECS instances. This way, SLB can ensure the high availability and reliability of the service. When the backend ECS instance A is back to normal, SLB will resume forwarding requests to it. SLB performs health checks on the backend ECS instances at regular intervals and updates their status accordingly. Users can configure the health check parameters such as the protocol, port, interval, timeout, and threshold on the SLB console or by using the API. References: 1 - Health checks - Server Load Balancer - Alibaba Cloud Document Center - Health check overview

Alibaba Cloud Content Delivery Network (CDN) performs content acceleration with the support of intelligent DNS resolution The following function_________is NOT included in intelligent DNS resolution.


A. A user request is directed to the server nearest to the customer based on location information of the pre-configured IP section.


B. The intelligent DNS resolution can parse the same domain name into different IP addresses based on the IP of different visitors.


C. The intelligent DNS resolution supports web page content caching. A user will receive data from the origin site at first-time access, and then will be reading data from cache in subsequent requests


D. If a user activates mirror sites in different IDCs, intelligent DNS resolution can achieve load balancing by guiding customers in different places to different mirror sites.





C.
  The intelligent DNS resolution supports web page content caching. A user will receive data from the origin site at first-time access, and then will be reading data from cache in subsequent requests

Explanation: Intelligent DNS resolution is a feature of Alibaba Cloud DNS that allows users to configure different IP addresses for the same domain name based on the geographic locations or ISPs of the visitors. This way, visitors can access the nearest or optimal server for better performance and availability. Intelligent DNS resolution does not support web page content caching, which is a function of Alibaba Cloud CDN. Alibaba Cloud CDN is a distributed network that delivers content from the origin server to the edge nodes closest to the end users, reducing the network latency and bandwidth consumption. Alibaba Cloud CDN caches the static content of the web pages, such as images, CSS, and JavaScript files, on the edge nodes, so that the users can access them faster and reduce the load on the origin server. A user will receive data from the cache in the first-time access, and then will be updated from the origin site in subsequent requests based on the cache expiration time. References: 1: Intelligent DNS resolution - Alibaba Cloud DNS - Alibaba Cloud Documentation Center 4: Alibaba Cloud Content Delivery Network (CDN) performs content acceleration with the support of intelligent DNS resolution The following function_________is NOT included in intelligent DNS resolution. 5: Alibaba Cloud DNS:Alibaba Cloud line for intelligent DNS resolution (September 16, 2020) - Alibaba Cloud Documentation Center

A large enterprise wants to migrate the entire business system to Alibaba Cloud to save the overall IT procurement and O&M costs From the security aspect, the company requires that
1. Must support secured remote O&M because the administrator often takes business trips.
2. Networks between subsystems should be isolated because subsystems are independently used by different departments Which of the followings should be used together to meet the company's requirements? (Number of correct answers: 3)


A. Enable the VPN on the bastion host (or directly use the VPN image on Alibaba Cloud Marketplace). The administrator uses VPN encrypted communication during O&M.


B. Build an independent ECS instance as the bastion host or remote logon and O&M, and authorize the bastion host to access ECS instances running other subsystems.


C. Use the security group function of the ECS instance, and respectively deploy ECS instances running different subsystems to independent security groups.


D. Create multiple ECS instances in the VPC to install subsystems of different departments- Allocate only Intranet IP addresses to all ECS instances, and deploy them in the same security groups.





A.
  Enable the VPN on the bastion host (or directly use the VPN image on Alibaba Cloud Marketplace). The administrator uses VPN encrypted communication during O&M.

B.
  Build an independent ECS instance as the bastion host or remote logon and O&M, and authorize the bastion host to access ECS instances running other subsystems.

C.
  Use the security group function of the ECS instance, and respectively deploy ECS instances running different subsystems to independent security groups.

Explanation: To meet the company’s security requirements, the following solutions should be used together: A. Enable the VPN on the bastion host (or directly use the VPN image on Alibaba Cloud Marketplace). The administrator uses VPN encrypted communication during O&M. This solution can support secure remote O&M, because VPN (Virtual Private Network) is a technology that creates a secure and encrypted connection over the Internet between the bastion host and the administrator’s device. VPN can protect the data transmitted between the bastion host and the administrator from being intercepted or tampered by malicious third parties1. Alibaba Cloud provides VPN Gateway service that allows users to create VPN connections between VPCs and on-premises data centers, or between VPCs in different regions2. Users can also use VPN images from Alibaba Cloud Marketplace, such as OpenVPN, to create VPN servers on ECS instances3. B. Build an independent ECS instance as the bastion host or remote logon and O&M, and authorize the bastion host to access ECS instances running other subsystems. This solution can also support secure remote O&M, because a bastion host is a special-purpose ECS instance that acts as a proxy or a gateway for accessing other ECS instances in the VPC. A bastion host can enhance the security of the ECS instances by limiting the exposure of the ECS instances to the public network, and by implementing security policies and monitoring tools on the bastion host4. Alibaba Cloud provides Bastionhost service that allows users to centrally manage the access to cloud servers from external networks and provide secure connections to VPC resources5. C. Use the security group function of the ECS instance, and respectively deploy ECS instances running different subsystems to independent security groups. This solution can isolate the networks between subsystems, because a security group is a virtual firewall that controls the inbound and outbound traffic of the ECS instances in the group. Users can configure security group rules to allow or deny access based on the network protocol, port, and source IP address. By deploying ECS instances running different subsystems to independent security groups, users can prevent unauthorized access or communication between the subsystems6. The other solution is not suitable for the company’s scenario, for the following reason: D. Create multiple ECS instances in the VPC to install subsystems of different departments- Allocate only Intranet IP addresses to all ECS instances, and deploy them in the same security groups. This solution cannot isolate the networks between subsystems, because ECS instances in the same security group can communicate with each other by default, regardless of whether they have intranet or internet IP addresses. Moreover, this solution may also prevent the ECS instances from accessing the internet or providing external services, which may affect the business operation of the company6. References: What is a VPN? - Virtual Private Network - Cisco, VPN Gateway - Alibaba Cloud, OpenVPN - Alibaba Cloud Marketplace, Bastion Host - Alibaba Cloud Document Center, Bastionhost - Alibaba Cloud, Security groups - Elastic Compute Service - Alibaba Cloud

Object Storage Service (OSS) supports sub accounts, and you can allocate access permissions to different buckets for each sub account.


A. True


B. False





A.
  True

Explanation: Object Storage Service (OSS) supports sub accounts, which are the accounts that belong to a parent account and share the resources of the parent account. You can allocate access permissions to different buckets for each sub account by using bucket policies or RAM policies. Bucket policies are the access control policies that are attached to buckets and specify the permissions that other users have on the resources in the buckets. RAM policies are the access control policies that are attached to RAM users or RAM user groups and specify the permissions that the RAM users or RAM user groups have on the OSS resources. References: Object Storage Service:Overview - Alibaba Cloud Object Storage Service:FAQ - Alibaba Cloud Authentication - Object Storage Service - Alibaba Cloud

You are designing a solution for a startup company, the proposed solution is like this You suggest they use ECS instances to process requests from mobile App clients, and use SLB to distribute data traffic and ensure the load across each backend ECS instance is balanced.
Moreover to deal with volatile fluctuations in business volume (page views are much higher on the weekends), you also suggest they use Auto Scaling to dynamically increase or reduce computing resources.
The company is satisfied with the solution you proposed. However, they have one concern that when removing an idle instance from the scaling group: if Auto Scaling shuts the instance down directly, the service running on that instance will be abruptly terminated, resulting in poor user experience.
In order to eliminate your customer's concern, which of the following solutions should you recommend them?


A. Find the ECS instance that is going to be removed from the backend server pool of the SLB instancer and automatically set the weight of this ECS instance to 0. This instance will not be assigned with new requests, and will be automatically removed from the backend server pool after existing tasks are completed.


B. First, insert a script into the image for creating the ECS instance Second, make the script run automatically when the operating system in this ECS instances is about to shut down. This script contains the processing logic that can ensure the instance finish all the remaining tasks before shutting down.


C. Find the ECS instance that is going to be removed from the backend server pool of the SLB instance, and manually remove this instance from the backend server pool Applications running on this ECS instance will normally return results, but this instance will not be assigned with new requests.


D. Use the Lifecycle Hook function embedded m Auto Scaling Define a suitable timeout and a web hook to do the necessary work before the instance is removed.





D.
  Use the Lifecycle Hook function embedded m Auto Scaling Define a suitable timeout and a web hook to do the necessary work before the instance is removed.

Explanation: According to the Alibaba Cloud Auto Scaling documentation1, the Lifecycle Hook feature allows you to perform custom operations on instances that are added to or removed from a scaling group. You can define a lifecycle hook to specify a timeout period and a web hook URL. When an instance is about to be removed, Auto Scaling sends a notification to the web hook URL and waits for a response. During the timeout period, you can perform the necessary operations on the instance, such as gracefully shutting down the service, backing up the data, or sending a custom notification. After the operations are completed, you can send a response to the web hook URL to confirm the removal of the instance. This way, you can ensure that the instance is removed without affecting the user experience or causing data loss. Therefore, option D is the best solution to eliminate the customer’s concern. References: Lifecycle hooks and Alibaba Cloud Auto Scaling.

Many websites have suffered DDoS attacks of different volumes. Therefore, accurate understanding of DDoS attacks is critical to website security protection. Which of the following statements about DDoS attacks is the MOST accurate?


A. The purpose of a DDoS attack is to steal confidential information.


B. The main purpose of a DDoS attack is to prevent the target server from providing normal services. Currently, the DDoS attack is one of the strongest and most indefensible website attacks.


C. A DDoS attacks crack the server's logon password by means of a massive number of attempts.


D. DDoS attacks primarily target databases.





B.
  The main purpose of a DDoS attack is to prevent the target server from providing normal services. Currently, the DDoS attack is one of the strongest and most indefensible website attacks.

Explanation: A DDoS attack is a type of cyberattack that aims to exhaust the resources of a target server or network, such as bandwidth, CPU, memory, or disk space, by sending a large amount of malicious traffic or requests. This can cause the server or network to slow down, crash, or become unavailable to legitimate users. A DDoS attack is not intended to steal confidential information, crack passwords, or target databases, although these may be secondary objectives or consequences of some attacks. A DDoS attack is one of the most common and powerful threats to website security, as it can be launched from multiple sources, use various attack methods, and evade traditional defense mechanisms. According to the DDoS Attack Statistics and Trend Report by Alibaba Cloud, the proportion of volumetric attacks at 50Gbps and above has doubled, and the resources exhaustion attack reached a peak value of 3 million QPS in 2020-2021. References: DDoS Attacks: Sources, Strategies and Practices - Alibaba Cloud, DDoS Attack Statistics and Trend Report by Alibaba Cloud, Use Alibaba Cloud Anti-DDoS Service to Defend DoS Attack, Anti-DDoS Basic - Alibaba Cloud

Once ECS is created, you can't change its private IP address anymore.


A. True


B. False





B.
  False

Explanation: You can change the private IP address of an ECS instance after it is created, but you need to stop the instance first. The private IP address must be within the CIDR block of the VPC and the VSwitch that the instance belongs to. You can modify the private IP address of an instance by using the console or the API. References: 3, ACP Cloud Computing Certification - Alibaba Cloud Academy After stopping an Alibaba Cloud Elastic Compute Service (ECS) instance, you will still be charged for some resources related to that ECS instance, such as disks, snapshots, and public IP addresses, until you release them. The charging policy depends on the billing method and network type of the ECS instance. For pay-as-you-go instances, you can choose whether to enable the No fees for stopped instances feature, which allows you to stop paying for vCPUs and memory when the instance is stopped. However, this feature is only available for VPC-connected instances in some regions1. For subscription instances, you will be charged for the entire subscription period regardless of whether the instance is running or stopped2. References: 1: Billing FAQ - Elastic Compute Service - Alibaba Cloud Documentation Center1 2: Billing overview - Elastic Compute Service - Alibaba Cloud Documentation Center2

Alibaba Cloud ECS provides multiple instance types to meet the needs of different business scenarios. A medium-sized enterprise user wants to use two ECS instances, one to deploy a single Tomcat service and the other one to deploy Memcache. Which of the following configurations is most recommended?


A. Tomcat: 4 cores. 8G, Memcache: 2 cores: 16G


B. Tomcat: 4 cores 8G. Memcache: 2 cores 8G


C. Tomcat: 4 cores, 4G, Memcache: 2 cores, 8G


D. Tomcat: 4 cores: 4G, Memcache: 2 cores: 16G





D.
  Tomcat: 4 cores: 4G, Memcache: 2 cores: 16G

Explanation: According to the Alibaba Cloud ECS documentation1, the recommended instance type for Tomcat is ecs.c5.xlarge, which has 4 vCPUs and 4 GiB of memory. This instance type is suitable for web applications that require high performance and low latency. The recommended instance type for Memcache is ecs.r5.large, which has 2 vCPUs and 16 GiB of memory. This instance type is optimized for memory-intensive applications that require high memory bandwidth and low latency. Therefore, option D is the most recommended configuration for deploying Tomcat and Memcache on two ECS instances. References: Instance type families and Alibaba Cloud Elastic Compute Service Product Introduction

You would like to deploy your applications on Alibaba Cloud to meet requirements including cost reduction, improving service availability, fast deployment- and redundant backup Alibaba Cloud_________products can help meet these requirements (Number of correct answers 3)


A. Elastic Compute Service (ECS) image achieve efficient and convenient deployment.


B. Utilizing Content Delivery Network (CDN) can meet the demands for redundant backup.


C. Utilizing Server Load Balancer (SLB) and ECS instances can improve data reliability.


D. Elastic Compute Service (ECS) snapshot satisfies the needs of rapid recovery of applications and data.


E. Reasonable selection of Regions/Zones meets the location needs of application deployment as well as the demands for redundantly backup critical business applications and data.





A.
  Elastic Compute Service (ECS) image achieve efficient and convenient deployment.

C.
  Utilizing Server Load Balancer (SLB) and ECS instances can improve data reliability.

E.
  Reasonable selection of Regions/Zones meets the location needs of application deployment as well as the demands for redundantly backup critical business applications and data.

Explanation: A. Elastic Compute Service (ECS) image achieve efficient and convenient deployment. This is correct because ECS images are pre-configured operating system environments that can be used to create and launch ECS instances quickly and easily. ECS images can reduce the cost and time of deploying applications on Alibaba Cloud1. B. Utilizing Content Delivery Network (CDN) can meet the demands for redundant backup. This is incorrect because CDN is not a backup service, but a service that accelerates the delivery of content to end users by caching it at edge nodes. CDN can improve the performance and availability of applications, but it does not provide data redundancy or backup2. C. Utilizing Server Load Balancer (SLB) and ECS instances can improve data reliability. This is correct because SLB is a service that distributes traffic among multiple ECS instances based on predefined rules. SLB can improve the availability and reliability of applications by eliminating single points of failure and ensuring that requests are routed to healthy instances3. D. Elastic Compute Service (ECS) snapshot satisfies the needs of rapid recovery of applications and data. This is incorrect because ECS snapshot is a feature that allows users to create point-in-time backups of ECS disks. ECS snapshots can be used to restore data or create new disks, but they do not satisfy the needs of rapid recovery of applications and data. Snapshots are stored in Object Storage Service (OSS), which is a low-cost and durable storage service, but it has higher latency and lower performance than disks4. E. Reasonable selection of Regions/Zones meets the location needs of application deployment as well as the demands for redundantly backup critical business applications and data. This is correct because regions and zones are the physical locations of Alibaba Cloud data centers. Regions are geographically isolated from each other, and zones are physically independent within the same region. Users can choose the regions and zones that best suit their application deployment needs, such as proximity to customers, compliance with local regulations, and availability of services. Users can also use multiple regions and zones to achieve redundancy and backup for their critical business applications and data. References: 1: ECS Images 2: CDN Overview 3: SLB Overview 4: ECS Snapshots : Regions and Zones

When the "'Obtain the Visitor's Real IP Address" function is enabled in Alibaba Cloud SLB For layer 7 services, you can obtain the real IP addresses of visitors through the______________field in HTTP header


A. Connection


B. Authorization


C. Etag


D. X-Forwarded-For





D.
  X-Forwarded-For

Explanation: The X-Forwarded-For field in HTTP header is used to identify the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. When the “Obtain the Visitor’s Real IP Address” function is enabled in Alibaba Cloud SLB, the SLB instance adds the X-Forwarded-For field to the HTTP header of each request and forwards the request to the backend server. The backend server can then obtain the real IP address of the visitor from the X-Forwarded-For field1. The format of the X-Forwarded-For field is as follows:
X-Forwarded-For: client, proxy1, proxy2
where the value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from. In this example, the request passed through proxy1, proxy2, and then the SLB instance (proxy3).2 References: Obtain client IP addresses - Server Load Balancer - Alibaba Cloud, XForwarded- For - MDN Web Docs