ACA-Sec1 Practice Exam Questions with Answers ACA Cloud Security Associate Certification

for users who is using IAAS service, they should be responsible for their business system which is

on top of cloud infrastructure

cloud service provider should guarantee the security of all physical infrastructure

the damage caused by attacks leveraging security vulnerability in customers' application server

should be charged to cloud service provider

cloud user should also take care of some of the hardware maintenance and operation work

NAT gateway can support multi servers inside VPC to access public internet through one

public IP

EIP can be bind to different ECS servers at the same time

Different EIP can't share bandwidth

NAT gateway can support shared bandwidth between several ips

2314

2341

2431

2413

rule setting for security group supports both in and out direction configuration

default security group rule is safe enough, please don't change it too much

by default, ECS in different security group can communicate with each other

one ECS can be in several different security group

Server Guard Agent will automatically scan your web pages directories and look for any

webshell file.

A change to a file in the web pages directories will trigger a scan for that file

you can log on to the Server Guard console to isolate webshell files with one click.

Server Guard will delete any suspicious webshell file immediately

My Answer: B. Other file says D

technical skills show off of hacker

business competition

blackmail

help to find system vulnerability

Attack initiated time

Attack type

Tools attacker used

Attack source IP

Physical location of attacker

Painter.exe

Cmd.exe

Batch.exe

Term.exe

Massive traffic flood attack

Software version is not up to date

Data under transferring is being sniffed

Physical Fiber Channel Cable is broken

Change 'Administrator' to some other name

With 'Server Guard' protection in Alibaba Cloud, you can set password to some easy to

remember words.

Except some necessary accounts for system management, disable or delete other useless

accounts

Always set password with highly complex combination of number, letter and other

characters

Strong password policies

Periodically reset the user login passwords

Adhere to the minimum authorization principle

Unite user management, permission management and resource management into a single

management process

HTTP must use port 80 and HTTPS must use port 443 to provide service

HTTPS is more secure than HTTP regarding the way they transfer data

Data transferred through HTTPs is under encryption

You must buy commercial CA before you setup your own web server with HTTPS service

Routing

congestion handling

end to end reliable and transparent data transition

physical connection

enable CDN and change anti-DDOS pro IP to CDN address

add anti-DDOS pro IP into customer firewall white list

disable original server firewall

enable SLB for original server

allow specific IP to remote access ECS server

make ECS server be able to defend 15Gb/s DDOS attack

fix XSS vulnerability

assign customized IP address to ECS

Data security inside ECS

Physical servers water proof

Application vulnerabilities

ECS network configuration

Loose protection policy

Normal protection policy

Strict protection policy

Progression protection policy

IP address

Port

Encryption algorism

Protocol

Router Location

XSS Attack

Server Information Theft

Code Execution

SQL Injection

adjust firewall rule

adjust local security policy

update OS patch

stop the service itself

stop all guest role access

It needs to setup common logon location in 'Server Guard' configuration

It can detect the attacking tool used by attacker

It can detect the remote logon used source IP address

It can send warning message to 'Server Guard' user

Trojan detection

weak password detection

sensitive data encryption

Linux system vulnerability scanning

FTP

TCP

HTTP

SNMP

Gpedit

Regedit

Gedit

Zedit

Elastic Public IP

CDN

EIP + SLB

EIP + NAT Gateway

DNS service

Cloud infrastructure security

OS vulnerability inside ECS

Web service security inside ECS

ECS security group setting

SQL Injection

XSS exploit

File uploading vulnerability

Kernel privilege breaking

Loose

Strict

Normal

Regular

Early Warning

To improve server resource usage

to improve system usability

to enhance system functionality

to avoid existing system vulnerabilities being used by some hackers

Physical Server Damage

Leak of customer sensitive data

Service running on this ECS become not available

The datacenter where the ECS belongs to need to shutdown

TCP

ARP

DNS

ICMP

Brute Force password hacking

Trojan planting

Content Compliance Requirement

Vulnerability scanning

Lack of storage resource

Watch

Find

Grep

Ca

they can do same thing

you can customize your private IP in a classic network

you can customize your private IP in VPC

servers inside VPC can only communicate to other VPC network

offline backup tape devices

enterprise major website

router device

online banking system

Illegal Logon!

Migrated Already!

Logon Successfully!

Remote Logon Detected!

Enterprise sub-account management and permission assignment

Resource operation and authorization management between enterprises

Temporary authorization management for untrusted client apps

Prevention of network attacks on enterprises

Control Panel->Management Tool->Stop the running service

Control Panel->windows update->Stop

Create new firewall rule to stop service

Delete administrator role and related accounts

Ppart

Fdisk

Du

mount