1. Which of the following shell command can be used to check disk usage in a Linux OS ECS A.

Df –h
B. Echo
C. Free –m
D. Ps –e –o

2. Which of the following application vulnerabilities are not as popular as others?

A. SQL Injection
B. XSS exploit
C. File uploading vulnerability
D. Kernel privilege breaking
Answer : D

3. In a regular server maintenance operation, the purpose of installing a patch on the operating
system is?
A. To improve server reseource usage
B. to improve system usability
C. to enhance system functionality
D. to avoid existing system vulnerabilities being used by some hackers
Answer :

4. Which of the following statements is NOT true about web application security protection
best practices?
A. enforce security management to any public service
B. keep installing official released patches will be good enough
C. keep monitoring system processes , performance and status
D. always scan input by user through web application
Answer : Other file says B

5. Which of the following function is provided by 'server guard' patch management service? A.
fix vulnerability found in open source software using Alibaba self-developed patch
B. detect any vulnerability before it bursts
C. release official patches for any exposed vulnerability
D. stop hacker's vulnerabilities probing Answer :

6. In May 2017 a new blackmail virus WannaCry burst globally, using Windows OS open port
445 to initiate its attacks. What is the quickest way to prevent this kind of attacks?
A. disable port 445
B. set a highly complexed administrator password
C. encrypt all data on server side
D. put sensitive data in some hidden directory

7. Which of the following function is NOT provided by 'Server Guard' vulnerability detection?
 A. Trojan detection
B. weak password detection
C. sensitive data encryption
D. Linux system vulnerability scanning Answer :

8. Reliable server daily operation and security management are essential for continuous service
running. Which of the following statement is NOT correct regarding to this scenario?
A. set easy to remember password to help administrator quickly login and solve problems
B. patch system timely and frequently
C. enable build-in OS firewall and configure it properly
D. disable the ports which are not providing service anymore

9. Which of the following statements is the possible reason that might lead to system
vulnerabilities?
A. software logic flaw or mistakes made during software development cycle
B. hardware devices are not up to date
C. system administrator didn't follow the operation manual exactly
D. The proprietary software that is safer than open source one should be installed

10. Which command in Redhat Linux shell can be used to check if some specific string is
included in a bunch of text files?
A. Watch
B. Find
C. Grep
D. Cat

11. In Windows OS which command can be used to track IP route, including involved
node and spent time on each hop?
A. Wroute
B. Route
C. Tracert
D. Traceroute

12. Which command in Windows OS can be used to open a terminal?

A. Painter.exe
B. Cmd.exe
C. Batch.exe
D. Term.exe Answer :

13. Which of the following protocol is dedicated to resolve IP and MAC addresses?
A. TCP
B ARP
.
C. DNS
 D. ICMP Answer : ARP

14. Which web server is default one in Windows OS?

A. HTTPD
B IIS
.
C. Web Daemon
D. Apache Answer :

15. For an IP subnet like 192.168.0.0/24, which of the following statements is true?
A. Every IP address inside this subnet can be assigned as a HOST IP
B. The broadcast address of this subnet is 192.168.0.0
C. The network address of this subnet is 192.168.0.255
D. IP communication between the hosts inside this subnet will not go through the gateway
Answer :

16. In Windows OS what command can be used to open registry table and edit it?
A. Gpedit
C. B Regedit Gedit
D. . Zedit Answer :

17. What status transition flow a TCP client will go through in order to proactively
establish connection and disconnect it?
A. SYNC_SENT- ->ESTABLISHED-->FIN_WAIT1-->FIN_WAIT2-->TIME_WAIT
B. SYNC_SENT- ->ESTABLISHED-->FIN_WAIT1-->FIN_WAIT2-->CLOSE_WAIT
C. SYNC_RCVD- ->ESTABLISHED-->CLOSE_WAIT-->TIME_WAIT-->LAST_ACK
D. SYNC_SENT- ->SYNC_RCVD-->ESTABLISHED-->FIN_WAIT1-->FIN_WAIT2
Answer : B. Other file says A

18. Which of the following protocol can be considered as 'application' layer protocol in
ISO/OSI 7 layer model?
A. TCP
B. UDP
C. IP
D. SMTP
Answer :

19. Which of the following HTTP status code does reflect that the requested page does
not exist? A. 403
B. 404
C. 201 D.
304
Answer : B. Group says A. Final B.
20. In Windows OS users can set software update configuration in various modes. Which
software update configuration listed here is not supported at all?
A. Set a fixed upgrade schedule
B. Automatically install any upgrade if available
C. Always ask for user’s permission before installation
D. never check for upgrade answer :B. I think D. Final D.

21. Which of the following statements are NOT true about 'Server Guard' remote logon
detection functionality?
A. It needs to setup common logon location in 'Server Guard' configuration
B. It can detect the attacking tool used by attacker
C. It can detect the remote logon used source IP address
D. It can send warning message to 'Server Guard' user
Answer : B

22. Which of the following functions does not belong to what WAF can provide?
A. DB encryption
B. SQL injection detection
C. XSS attack detection
D. unauthorized resource access blocking answer : Another file says D

23. After using WAF, if you find there are many user input data in the network traffic,
you should apply:
A. Loose protection policy
B. Normal protection policy
C. Strict protection policy
D. Progression protection policy Answer : C. But I think A.
24. After WAF was purchased, users need to add one DNS record to map their domain
name to WAF provided IP. What is the type of that DNS record?
A. A record
B. CNAME Record
C. TXT Record
D. MX Record Answer :

25. From which of the following attacks WAF will not provide protection?
A. SYN Flood
B. Web Server vulneraility attack
C. Core files unauthorized access
D. HTTP Flood Answer :

26. Which of the following security vulnerability is not a 'Server Side' security issue?
A. SQL injection
B. System Command Execution vulnerability
C. CSRF(cross site request fraud)vulnerability
D. File uploading vulnerability Answer :

27. Which of following statements is NOT true about anti-DDOS basics and anti-DDOS
Pro? A. both can defend DDOS attack
B. anti-DDOS pro is free to charge
C. anti-DDOS pro has more capabilities to defend against DDOS attacks
 D. anti-DDOS pro can protect both inside and outside Alibaba Cloud servers answer :

28. Which of the following statements is TRUE about Anti-DDOS basics?

A. it can only protect servers outside of Alibaba Cloud
B. it is free to charge
C. need to turn on manually
D. There is no service limitation for peak traffic
My Answer: B

29. What will the correct stops the traffic will flow through if the user used all following
cloud service: WAF, Anti-DDOS pro, CDN.
A. CDN- >Anti-DDOS Pro->WAF->Original Website
B. Anti-DDOS Pro->CDN->WAF->Original website
C. CDN- >WAF->Anti-DDOS Pro->Original website
D. Anti-DDOS Pro->WAF->CDN->Original website
Answer : Other file says A

30. If your company's official website is tampered, the consequence of such attack could
NOT be:
A. Website is used for some illegal attempts
B. Public image or reputation of your company is damaged
C. Business is impacted
D. Physical server is damaged Answer :

31. If WAF service user updated web page content after turning on website tampering
protection, what does user need to do on WAF console?
A. Update cache
B. turn on protection switch manually
C. add one protection rule
D. restart the whole WAF service answer :

32. Which of the following methods can't be used to prevent SQL injection attack?
A. Strict input check
B. Use secured function call
C. SQL precompiling and variable binding
D. Warning message for abnormal input Answer : B. Other file says D. Final D.

33. Which of the following protocols is not an application level protocol in ISO/OSI 7
layer networking model?
A. FTP
B. TCP
C. HTTP
D. SNMP
 Answer : B Another file says A

34. Which of the following statements is true about classic network and VPC?
A. they can do same thing
B. you can customize your private IP in a classic network
C. you can customize your private IP in VPC
D. servers inside VPC can only communicate to other VPC network answer : D. Group says
A.

35. Which of the following statements is NOT true about EIP and NAT gateway?
A. NAT gateway can support multi servers inside VPC to access public internet through one
public IP
B EIP can be bind to different ECS servers at the same time
.
C. Different EIP can't share bandwidth
D. NAT gateway can support shared bandwidth between several ips Answer :

36. Which of the following products is designed to provide secured and stable network
connection among different VPCs?
A. ECS
B. SLB
C. Security Group
D. Express Connect
Answer : Another file says A. Other file says D.

37. Which of the following reasons is the least possible reason leading to a network
attack?
A. technical skills show off of hacker
B. business competition
C. blackmail
D. help to find system vulnerability answer : Other file says D

38. Which of the following options does not belong to 5 key elements of network
communication?
A. Encryption Algorism
B. Source IP
C. Destination IP
D. Communication Protoco Answer :

39. What design flaw of TCP/IP protocol does SYN flood attack use?
A. UDP stateless connectio
B. DNS 3 times hands shake
C. TCP 3 times hands shake
D. HTTP plain text transmission Answer :
 40. Customer who bought ECS server doesn't need to worry about :
A. Cloud infrastructure security
B. OS vulnerability inside ECS
C. Web service security inside ECS
D. ECS security group setting
Answer : Another file says C

41. Using ECS security group can help you achieve:

A. better CPU usage
B fine grained access control to you server
.
C. enlarge your network bandwidth
D. apply QOS to a specific IP answer :

42. Which of the following functions can be provided by Alibaba Cloud Server Guard
product?(the number of correct answers: 3)
A. brute Force password hacking detection and defense
B. suspicious remote login detection and warning
C. security vulnerability scanning and patching
D. anti-ddos
E. anti SQL injection answer :

43. When we talk about 'security vulnerability' of ECS server, we are refering to: (the
number of correct answers: 3) A. OS vulnerability B. Hardware
C. Application Vulnerabilit fault
y D. Hypervisor Vulnerability

E. Data Center Serviceability

Answer : ACD

44. Inside cloud, hypervisor vulnerability could cause the following possible
consequences: (the number of correct answers: 3)
A. One client host can access another client's data
B. User service become unavailable
C. Hacker can access host server directly
D. Incorrect client resource usage calculating Answer :

45. In the ISO/OSI 7 layers networking model, which of the following functions are
provided for the 'network layer'? (the number of correct answers: 2)
A. Routing
B. congestion handling
C. end to end reliable and transparent data transition
D. physical connection answer :
46. If Server Guard (product provided by Alibaba Cloud) report some brute force
password hacking attacks, the reporting information will include？ (the number of
correct answers: 3)
A. Attack initiated time
B Attack type
.
C. Tools attacker used
D. Attack source IP
E. Physical location of attacker Answer :

47. Which of the following statements about HTTP protocol are true?(the number of
correct answers: 2
A. HTTP protocol support state keeping
B. HTTP is based on TCP/IP protocol
C. HTTP request supports methods like: GET, POST, PUT, HEAD, etc.
D. Response code 200 in HTTP protocol means exception on server side Answer :

48. Which of the following statements is true about HTTP protocol?

Score 2
A. HTTP is a network layer protocol
B. the data transmitted by this protocol is auto-encrypted
C. default service port is 80
D. HTTP protocol can't be used to transmit file
My Answer: C

49. Which of following elements are included in a TCP/IP based route table？(the
number of correct answers: 3)
A. Network Destination
B. Netmask
C. Mac Address
D. Gateway IP
E. Port
Answer : BCE. Other file say A, B, D

50. Which of the following statements about IPV6 and IPV4 are true?(the number of
correct answers: 2)
A. IPV6 has bigger route table size
B. IPV6 address length upper limit is 128 bits
C. IPV6 has more simplified header
D. No network switch device is needed when using IPV6 protocol to transfer data Answer :
B, C

51. Which of the following logs can be accessed through ECS logs provided by Alibaba
Cloud?
(the number of correct answers: 2)
 A. OS system log
B. Application log
C. Hypervisor log
D. Cloud platform log Answer :

52. Which of the following statements are true about the difference between HTTP and
HTTPS
？(the number of correct answers: 2)
A. HTTP must use port 80 and HTTPS must use port 443 to provide service
B. HTTPS is more secure than HTTP regarding the way they transfer data
C. Data transferred through HTTPs is under encryption
D. You must buy commercial CA before you setup your own web server with HTTPS service
Answer : Other file says BC.

53. Which of the following protection rules are provided by WAF to better protect from
CC attack? (the number of correct answers: 2)
A. Loose
B. Strict
C. Normal
D. Emergency
Answer : Another file says B, C

54. CC customized protection rule supports you to define customized configuration

setting. Which of following items can be self-defined? (the number of correct
answers: 3)
A. Source IP
B. URI
C. How long the detection should last
D. How frequently the page is visited by one single source IP
E. Target IP Answer :
55. Which of the following statements are true to describe a SQL attack commonly used
pattern? (the number of correct answers: 3)
A. Adding more search request together with the original one
B. adding an absolute true condition to bypass original request
C. use incorrect SQL function
D. use selfmade variable
E. adding ";" or "--" to change the original request purpose with new request attached
answer :

56. Which of the following scenarios are suitable to use CC emergency mode
protection? (the number of correct answers: 2)
A. Web page
B. HTML 5 page
C. API
D. Native APPs Answer :

57. Which of the following scenarios can be considered as business fraud? (the number
of correct answers: 2)
A. massive accounts registration for new user benefits gain
B. data leak because of data transmission with plain text
C. post massive comments with bots to some e-commerce website
D. page content including some porn pictures answer : A, C

58. Which of the following statements about cloud security shared responsibilities
model are true? (the number of correct answers: 2)
A. for users who is using IAAS service, they should be responsible for their business system
which is on top of cloud infrastructure
B. cloud service provider should guarantee the security of all physical infrastructure
C. the damage caused by attacks leveraging security vulnerability in customers' application
server should be charged to cloud service provider
 D. cloud user should also take care of some of the hardware maintenance and operation
work
answer : Other file says A, C

59. User A rented 2 ECS server and one RDS in Alibaba Cloud to setup his company
public website. After the web site will become available online, the security risks
he/she will face will include: (the number of correct answers: 3)
A. physical cable is cut by someone
B. ECS admin password is hacked
C. website codes has some vulnerability
D. RDS DB got unknown remote logon
E. the disk in ECS is broken answer :

60. Which of the following scenarios should be handled by anti-DDOS service? (the
number of correct answers: 3)
A. Server is under syn flood attack, and is not reachable
B. online game service which is suffering with too many empty connections and slow
connections
C. DNS server is under udp flood attack and got no response anymore
D. website is under SQL injection attack
E. website is under XSS attacks answer :

61. By default, servers in VPC can't communicate with internet. By implementing which
of the following products these servers can gain the capability to communicate with
internet? (the number of correct answers: 3)
A. Elastic Public IP
B. CDN
C. EIP + SLB
D. EIP + NAT Gateway
E. DNS service
Answer : Other file says ACE.

62. Which of the following risks are considered as common network security risk? (the
number of correct answers: 2)
A. Massive traffic flood attack
B. Software version is not up to date
C. Data under transferring is being sniffed
D. Physical Fiber Channel Cable is broken Answer :
Other file says AC.

63. Which command in RedHat Linux shell can be used to check disk usage? A. ls
B df
.
C. diskUsage
D. diskSpace answer : B
64. Alibaba Cloud will provide hot fix to address existing vulnerabilities. Which of the
following statements is true about this 'hot fix'? A. hot fix doesn't need to reboot
physical host
B. service will not be available during the hot fix
C. hot fix means the host need to reach some temperature upper limit to be able to
proceed
D. hot fix is transparent to end user

65. Which of the following issues would not happen if ECS server is under attack by
hackers?
A. sensitive data leak
B. service running on that server is not available
C. physical server damage
D. compromise the reputation of service provider on that server

66. Which of following statement about 'Server Guard' Trojan scanning functionality is
NOT correct? Score 2
A. Server Guard Agent will automatically scan your web pages directories and look
for any webshell file.
B. A change to a file in the web pages directories will trigger a scan for that file C.
you can log on to the Server Guard console to isolate webshell files with one click.
D. Server Guard will delete any suspicious webshell file immediately
My Answer: B. Other file says D

67. Which of the following issues will NOT be an issue anymore using Alibaba Cloud ECS
server?
Score 2
A. server is under brute force password hacking
B. hardware disk or memory broken
C. infection by Trojan Virus
D. application vulnerability being leveraged by hackers
My Answer: B

68. Which of the following benefit cannot be provided by 'Server Guard'?

Score 2
A. lower the risk of sensitive data leak
B. improve the usage of system resource
C. lower the cost of security protection
D. get instant alerts after attacks are detected
My Answer: B
69. In Windows OS you can turn off a service through:
Score 2
A. Control Panel->Management Tool->Stop the running service
B. Control Panel->windows update->Stop
C. Create new firewall rule to stop service
D. Delete administrator role and related accounts
My Answer: A

70. If your company has a lot of employees who would try to simultaneously access ECS
server protected by 'Server Guard' using your company's intranet, the 'Sever Guard'
may mistakenly identify those access requests as attacks. Which of the following
methods is the best way to solve this problem?
Score 2
A. set a highly complexed administrator password
B. change the rule of security group to unblock all company internal ips
C. add those IPs which need to access ECS server into 'Server Guard' logon white list
D. ask employees to access that ECS server not very frequently
My Answer: C

71. Which of the following protocol is dedicated for time sync up?
Score 2
A. HTTP
B. ICMP
C. NTP
D. UDP
My Answer: C

72. Which of the following statements about 'webshell' detection feature of

WAF is NOT true?
A. It will totally block any file to be able to upload tothe web server
B. cache will be enabled only after you turn on the protection switch
C. there is a switch need to be turned on first
D. If you changed some page content,you can use 'cache update' button to
manually update the cache Answer : A

73. Which of the following statements is NOT true about daily operation on
server account andpassword maintenance?
A. change'Administrator' to some other name
B. with'Server Guard protection In Allbaba Cloud,you can set password to some
easy to remember words.
C. except for some necessary accounts for system manogement,.dlsoble or delete
other seldomly used accounts
D. always set a complexed passwcwd using combination of numbers,letters and
other characters Answer : B
74. In Linux OS, if access control to a file is shown as '-rwxrw-r--' in shell command,
which of the following statements are true?
Score 2
A. This file is a text file
B. The access privilege of this user group is read only
C. The owner of this file has read/write/execution privilege to this file
D. Other users (outside of this user group) can execute this file
My Answer: C

75. Which service in RedHat Linux OS can be used to build network firewall
functionality? Score 2
A. iptables
B. ipfirewall
C. linuxfw
D. netstat
My Answer: A

76. Which Internet protocol is used to implement Linux shell command 'ping'?
Score 2
A. ICMP
B. UDP
C. PING
D. TCP
My Answer: A

77. Which protocol is a 'data link' layer protocol in ISO/OSI 7 layer network model?
Score 2
A. ICMP
B. ARP
C. FTP
D. UDP
My Answer: B

78. In Linux OS, if you want to set a file access privilege to read, write, and execute for
the owner only, what octal number will reflect such settings correctly?
Score 2
A. 755
B. 700
C. 777
D. 766
My Answer: B
79. Please list the correct order of the following 4 steps to enable a WAF service : (1)
upload HTTPS CA and private key(HTTPS website only) (2) add the domain name that
needs to be
protected (3) select the original IP address (4) add CNAME DNS record
Score 2
A. 2314
B. 2341
C. 2431
D. 2413
My Answer: B

80. What is the correct action sequence of WAF protection strategy: (1) CC detection (2)
Web application attack detection (3) Access control
Score 2
A. 213
B. 312
C. 132
D. 231
My Answer: B

81. Which version of WAF will provide advisor customized protection rule?
Score 2
A. Advanced Version
B. Enterprise Version
C. Ultimate Version
D. Standard Version
My Answer: B

82. For internet communication, to setup the connection and data transition between
source and destination, which of the following information you will need？(the
number of correct answers: 3)
Score 1
A. IP address
B. Port
C. Encryption algorism
D. Protocol
E. Router Location
My Answer: A, B, D

83. Anti-DDOS basic is provided by Alibaba Cloud for free. Which of the following
statements about this service are NOT true? (the number of correct answers: 2)
 Score 1
A. basic anti-DDOS service can detect attack traffic and migrate them automatically
B. basic anti-DDOS service can protect any server connect to internet
C. no protection upper limit to the rate of attack traffic
D. CC attack protection need to be turned on manually
My Answer: A, C

84. Which of the following service may under anti-DDOS attack?(the number of correct
answers: 3)
Score 1
A. servers in VPC only configured with private network
B. any device internet reachable
C. government website
D. public DNS service
E. offline servers
My Answer: B, C, D

85. The Alibaba Cloud WAF protection strategy provides the following: (the number of
correct answers: 3) Score 1
A. Loose
B. Strict
C. Normal
D. Regular
E. Early Warning
My Answer: A,B,C

86. What modes Alibaba Cloud WAF will provide to defend SQL injection? (the number
of correct answers: 2) Score 1
A. Normal Mode
B. Protection Mode
C. Warning Mode
D. Restriction Mode
My Answer: B,C

87. Which of following attacks could serve as a CC attack? (the number of correct
answers: 3) Score 1
A. SYN flood
B. ICMP flood
C. One host simulate many IP addresses
D. Attack through agent
E. Zombie network
My Answer: A,B,C. Other file says CDE.
88. You just physically attached one new disk to a Linux server. Before you can write
data into that disk with shell command, which of the following steps you have to
finish? (the number of correct answers: 4) Score 1
A. Make Partitions
B. Raw Format
C. Format
D. Mount
E. Create Filesystem
My Answer: A,C,D,E

89. Which of the following statements about VLAN are NOT true?(the number of correct
answers: 3) Score 1
A. users in different VLAN can connect each other directly without pre-configuration
B. different VLAN means different physical location of switches
C. VLAN configuration can be done through an TCP/IP router device
D. VlAN can enhance the network security and data isolation
My Answer: A,B,C

90. For MySQL DB, if the records number exceeds one million in one single table, which
of the following methods can help you improve querying speed?(the number of
correct answers: 2) Score 1
A. setup index for this
table
B. use 'group by' to filter information
C. use 'count(*)' to get total record number before query
D. use 'limit N' to limit the number of possible returned records
My Answer: A, B

91. Which of the following statements about the supported way of MySQL DB for
backup are true?(the number of correct answers: 2)
A. you can use 'mysqldump' do logical
backup
B. you can copy files directly to do physical backup
C. you can use 'binlog' to do real time backup
D. you must stop accessing to DB before you do logical backup
My Answer: AB

92. Which of following statements about the possible reasons that cause web server
vulnerabilities are true? (the number of correct answers: 2)
Score 1
A. Bugs generated during common component development
B. Hardware configuration is not up to date
C. Software used or OS itself contain some logic flaw
 D. End user didn't follow the user manual
My Answer: A, C

93. Which of the following statements are true for how to login to different ECS
operating system? (the number of correct answers: 2)
Score 1
A. use 'remote desktop connection' for windows
B. use 'ssh' tool for windows
C. use 'remote desktop connection' for Linux
D. use 'ssh' tool for Linux
My Answer: A, D

94. Apart from technical approaches, the proper data security management rules can be
applied in daily operations to lower the risk of information leakage. Which of the
following risks can be mitigated setting a strong data security management policy for
company's employees?
Score 2
A. information is sniffed during network transition
B. under http flood attack
C. sensitive information is taken away by former employee
D. email phishing
My Answer: A

95. Which of the following damages can't be caused by a DDOS attack

Score 2
A. DNS service down
B. physical server broken
C. military commander system down
D. web service down
My Answer: B

96. Which of the following items can't be set in ECS security group configuration?
Score 2
A. OS type
B. network interface
C. authorization policy
D. authorization object
My Answer: A

97. Which of the following 4 functions can be achieved through ECS security group
configuration?
A. allow specific IP to remote access ECS server
B. make ECS server be able to defend 15Gb/s DDOS attack
 C. fix XSS vulnerability
D. assign customized IP address to ECS My Answer: A

98. CC attacks can cause serious damages. Which of the following statements about CC
attack is not correct?
Score 2
A. CC attack will simulate real user requests
B. Will consume massive sever side resource
C. CC attack is done on network layer
D. The request generated by CC attack is hard to be distinguished from normal requests My
Answer: C

99. Which of the following scenarios is the one that 'Server Guard' will support for brute
force password hacking detection?
A. RDS remote connection
B. ECS server remote logon or inside DB remote logon
C. Windows shared directory access
D. Linux CRM application remote logon
My Answer: B

100. When 'Server Guard' detects remote logon behavior, what information will be
shown on 'Server Guard' console? A. Illegal Logon!
B. Migrated Already!
C. Logon Successfully!
D. Remote Logon Detected!
My Answer: D

101. Which of the following statements about WAF data risk control feature is NOT true?
A. this feature can only used for single page, can't be used to protect the whole
domain name
B. WAF need to inject JavaScript piece into all pages under the same protected domain
name to decide if the client side is worth to trust
C. direct access URL protected by this feature will have slider verification pop out
D. this feature is not suitable for scenario needs to call API directly

My Answer: A/not sure

102. Which of the following options could NOT be the reason that causes website
tampering
A. Share password between different users
B. Botnet attack
C. system vulnerability is not fixed in time
D. Wrong security configuration
 My Answer: B

103. Which of the following methods can't be used against CC attack?

A. use WAF
B. change HTTP service to HTTPS service
C. resolve domain name to a disguised IP
D. change the service providing port My Answer: B

104. Which of the following steps is not a valid step for using anti-DDOS pro?
A. configure to be protected domain name
B. add new DNS record
C. change source IP
D. if original server is using its own firewall, then need to add Anti-DDOS pro IP to its white
list
E. bind real customer identity to anti-DDOS pro IP
My Answer: E

105. If user is using anti-DDOS Pro service, but the original server has rule to limit access
to the client IPs, which of the following actions is the most proper one to take?

A. enable CDN and change anti-DDOS pro IP to CDN address

B. add anti-DDOS pro IP into customer firewall white list
C. disable original server firewall
D. enable SLB for original server
My Answer: B

106. Which of the following products won't be a DDOS attack target?

A. offline backup tape devices

B. enterprise major website
C. router device
D. online banking system
My Answer: A

107. ECS cloud server is one of the service provided by Alibaba Cloud. If it is attacked by
some internet hacker, which of the following consequences such attack could cause?
(the number of correct answers: 2)

A. Physical Server Damage

B. Leak of customer sensitive data
 C. Service running on this ECS become not available
D. The datacenter where the ECS belongs to need to shutdown
My Answer: BC

108. In order to stop the service provided through a particular port in Windows OS, which
of the following methods can be used to achieve this objective? (the number of
correct answers: 3)

A. adjust firewall rule

B. adjust local security policy
C. update OS patch
D. stop the service itself
E. stop all guest role access
My Answer: ABD

109. What are the advantages of anti-DDOS pro comparing to anti-DDOS basics service?
(the number of correct answers: 3)

A. stronger defending attacks capability

B. elastic protection bandwidth
C. no upper limit to the attack traffic need to be handled
D. can do anti-fraud protection
E. can protect IDC outside Alibaba Cloud

My Answer: ACD. Steve ABE

110. May, 2017. New blackmail virus WannaCry burst globally. This virus leveraged
Windows OS opened port 445 to initiate the attack, so the quickest way to prevent
this kind of attack is?
A. Change 'Administrator' to some other name
B. With 'Server Guard' protection in Alibaba Cloud, you can set password to some easy to
remember words.
C. Except some necessary accounts for system management, disable or delete other
useless accounts
D. Always set password with highly complex combination of number, letter and other
characters

111. Which of the following statements about ECS, VPC, security groups are NOT true?
(the number of correct answers: 2)
A. rule setting for security group supports both in and out direction configuration
B. default security group rule is safe enough, please don't change it too much
 C. by default, ECS in different security group can communicate with each other D. one ECS
can be in several different security group

112. Which of the IP addresses are private IP addresses? (Correct Answers: 2)

A. 192.169.1.1
B. 172.16.58.14
C. 10.44.10.45
D. 8.8.8.8

113. Answers A, B, D
 114. 114.

114. Age, Expires, Host (I feel)

115.
115. Mount
Single answer

1 .Using RAM, Alibaba Cloud users can create and manage user accounts and control the
operation permissions these user accounts possess for resources under your account.
Which of the following descriptions of a RAM usage scenario is NOT correct?

Score 6.7

A. Enterprise sub-account management and permission assignment

B. Resource operation and authorization management between enterprises

C. Temporary authorization management for untrusted client apps

D. Prevention of network attacks on enterprises

My Answer: D

Single answer

2 .In making cloud accounts more secure, which of the following is NOT a guiding
principle?

Score 6.7

A. Anonymous logins

B. Login verification
C. Account permissions

D. Authorization distribution

My Answer: A

Single answer

3 .Alibaba Cloud offers different security protection plans to different tenant accounts.
Which of the following is NOT a security plan offered by Alibaba Cloud?

Score 6.7

A. Password-free login

B. Two-factor authentication

C. Phone number binding

D. Phone or email verification for password resetting

My Answer: A

Single answer

4 .Which of the following security issues is considered by the OWASP to be the most
dangerous issue facing cloud computing?

Score 6.7

A. Injection

B. Account or service flow hijacking

C. Denial of service

D. Multi-tenant isolation failure

My Answer: A

Single answer

5 .In the Alibaba Cloud, which services can satisfy client user identity management
requirements?

Score 6.7

A. Security group

B. Server Guard
C. Resource Access Management (RAM)

D. Situational awareness

My Answer: C

Single answer

6 .Which of the following descriptions of the shared responsibilites security model is

CORRECT?

Score 6.7

A. After beginning to use cloud service, the cloud service provider will become
responsible for all of the user’s security.

B. After beginning to use cloud service, the user and the cloud service provider will
be jointly responsible for cloud security, with each responsible for different layers of
security.

C. After beginning to use cloud service, users must still take care of physical and
environmental security.

D. After beginning to use cloud service, users only need to pay attention to the
security of their own apps and data. All other security will be the responsibility of the
cloud service provider.

My Answer: B

Single answer

7 .Which of the following options is the top 1 web application security risk based on
OWASP 2017 report?

Score 6.7

A. XSS Attack

B. Server Information Theft

C. Code Execution

D. SQL Injection

My Answer: D

Single answer

8 .Which of the following methods CANNOT increase account security?

Score 6.7

A. Strong password policies

B. Periodically reset the user login passwords

C. Adhere to the minimum authorization principle

D. Unite user management, permission management and resource management into a

single management process

My Answer: D

Multiple answers

9 .Which of the following 2 security risks are not included in OWASP published 2017 Top
10 Web
Application Security Risks

Score 6.7

A. Cross-Site Request Forgery(CSRF)

B. Cross-Site Scripting(XSS)

C. Unvalidated Redirects and Forwards

D. Injection

My Answer: A,C

Multiple answers

10 .Security risk may caused by 'Cloud platform', 'ISV' or 'End user', which of the
following options are the possible risks may caused by Cloud Platform?

Score 6.7

A. Software development cycel is not formalized

B. Security system overall solutions are not complete

C. Administration tools on Cloud Platform may have some flaws

D. Cloud platform console and API may lack of security hardenning

My Answer: B,C,D

Multiple answers
11 .Regarding the 'Shared Security Responsibilites' on Alibaba Cloud, which of the
following options are the responsibilites Cloud user need to take care of ?

Score 6.7

A. Data security inside ECS

B. Physical servers water proof

C. Application vulnerabilites

D. ECS network configuration

My Answer: A,C,D

Multiple answers

12 .Which of the following options can be considered as Data and Application

security risks in IT infrastructure Score 6.7

A. Data integrity

B. Data access control

C. Data readiness

D. Data encryption

My Answer: A,B,D

Multiple answers

13 .Which of the following Alibaba Cloud products need to be considered to use if you
want to build an elastic computing cluster to provide web service together and also with
dynamic data and static data seperately stored

Score 6.7

A. ECS

B. SLB

C. RDS

D. OSS

E. KMS

My Answer: A,B,C,D
Multiple answers

14 .Which of the following cloud services are the most common ones when we talk about
different types of Cloud service

Score 6.7

A. IaaS

B. PaaS

C. SaaS

D. DaaS

My Answer: A,B,C

Multiple answers

15 .Which of the following options can be considered as Physical envionment security

risks in IT infrastructure

Score 6.7

A. Room temperature

B. Data encryption

C. Rain

D. Sounder

My Answer: A,C,D

Single answer

1 .You configure a computer to act as a zombie set in order to attack a web server on a
specific date.
What would this contaminated computer be part of?

Score 6.7

A. The computer is part of a DDoS attack

B. The computer is part of a TCP/IP hijacking

C. The computer is part of a spoofing attack

D. The computer is part of a man-in-the-middle attack

My Answer: A
Single answer

2 .A DoS attack that sends a flood of synchronization (SYN) requests and never sends the
final acknowledgement (ACK) is typically known as which of the following?

Score 6.7

A. Smurf

B. Ping Flood

C. Fraggle

D. SYN flood

My Answer: D

Single answer

3 .Which of the following can be termed as the Denial of Service Attack? Choose the best
answer.

Score 6.7

A. A computer on your network has crashed

B. Your router is unable to find a destination outside of your network

C. Your Web server has gone into a loop trying to service a client request D. You

keyboard is no longer responding

My Answer: C

Single answer

4 .In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol)

packet does the attacker manipulate? Score 6.7

A. The version field

B. The source address field

C. The source port field

D. The destination address field

My Answer: B

Single answer
5 .Which of these options contains the three basic target categories for a DoS or a DDoS?

Score 6.7

A. Resources, printers and storage devices

B. Networks, systems and applications

C. Systems, memory, network access card

D. Network access card, applications, peripheral devices

My Answer: B

Single answer

6 .You are planning on hosting an eCommerce Web server. You are intent on making the
server secure against all external attacks possible. Which of the following would be the
best way to test your server for its weaknesses? Choose the best answer.

Score 6.7

A. Ping to the server

B. Simulate a DDoS attack on that server

C. Simulate a DoS attack on the server

D. Check if all the patches and required antivirus software has been loaded o the server

My Answer: B

Single answer

7 .What type of attack is likely occuring if you see a significant increase in network traffic
and users complain that the web server is hung up?

Score 6.7

A. MITM

B. DNS spoofing

C. Ping sweep

D. DoS

My Answer: D

Single answer
8 .Identify the attack where the purpose is to stop a workstation or service from
functioning?

Score 6.7

A. This attack is known as non-repudiation

B. This attack is known as TCP/IP hijacking

C. This attack is known as denial of service (DoS)

D. This attack is known as brute force

My Answer: C

Multiple answers

11 .Which of the following services can suffer from DDoS attack?

Score 6.7

A. Servers in VPC only configured with private network

B. Any device internet reachable

C. Government website

D. Public DNS service

E. Offline servers

My Answer: B,C,D

Multiple answers

12 .Which of the following protocols will not be used for a SYN Flood attack?

Score 6.7

A. UDP

B. TCP

C. IPX/SPX

D. AppleTalk

My Answer: A,C,D

Multiple answers
13 .Which of the followings are not the reasons for a DDoS attack?

Score 6.7

A. Destroying of integrity

B. Destroying of confidentiality

C. Destroying of availabilitiy

D. Destroying of business credit

My Answer: A,B,D

Multiple answers

14 .What of the followings will happen if encounter DoS or DDoS attack?

Score 6.7

A. Data received successfully

B. Delay of data reception

C. Slow access web resources

D. unauthorized access control

My Answer: B,C

Multiple answers

15 .Which of the following DDoS descriptions are correct?

Score 6.7

A. In order to get admin password

B. Steal confidential information

C. Causes the target server unable to process legitimate requests

D. If the target server has no vulnerabilities, the remote attack may still succeed.

My Answer: C,D

Which directory is the home directory of root user?

A. /home/root
B. /root
C. /
D. /boot

Which commands can be used to reload the operation system? (Correct Answers: 2)
A. reload
B. shutdown
C. init
D.
restart
Answer : ?

Which of the following statements about cloud security shared responsibilities model are
true? (the number of correct answers: 2)
A. for users who is using IAAS service, they should be responsible for their business
system which is on top of cloud infrastructure
B. cloud service provider should guarantee the security of all physical infrastructure
C. the damage caused by attacks leveraging security vulnerability in customers'
application server should be charged to cloud service provider
D. cloud user should also take care of some of the hardware maintenance and operation
work answer :

If Server Guard (product provided by Alibaba Cloud) report some brute force
password hacking attacks, the reporting information will include？ (the number of
correct answers: 3) A. Attack initiated time
B. Attack type
C. Tools attacker used
D. Attack source IP
E. Physical location of attacker Ans: ?

This dump is from original exam question of @ninjajung. He scored initially 87%. With
some questions not answered. I've put the correct answer for that question in red from
alibaba clouder exam answers. So I think you can score 95% at least if you get exactly
this questions. But you'll have some of them for sure.

My tips for you to pass ACA Security :

1. Use this dump I posted
2. Read on alibaba the three http error 403,404,200- forbidden, not found, succeeded.
3. I'll post some screenshot which are new questions which are not in the dump

4. Please get focused on single answer questions first. They worths 80%. 2 points per
questions. Then later pass to multiple answers

Check these questions as well