ACA-Sec1 ACA Cloud Security Associate Questions and Answers

This file is a text file

The access privilege of this user group is read only

The owner of this file has read/write/execution privilege to this file

Other users (outside of this user group) can execute this file

adjust firewall rule

adjust local security policy

update OS patch

stop the service itself

stop all guest role access

Cache-Control

Date

Age

Expires

Host

Smurf

Ping Flood

Fraggle

SYN flood

enable CDN and change anti-DDOS pro IP to CDN address

add anti-DDOS pro IP into customer firewall white list

disable original server firewall

enable SLB for original server

basic anti-DDOS service can detect attack traffic and migrate them automatically

basic anti-DDOS service can protect any server connect to internet

no protection upper limit to the rate of attack traffic

CC attack protection need to be turned on manually

Strict input check

Use secured function call

SQL precompiling and variable binding

Warning message for abnormal input

both can defend DDOS attack

anti-DDOS pro is free to charge

anti-DDOS pro has more capabilities to defend against DDOS attacks

anti-DDOS pro can protect both inside and outside Alibaba Cloud servers

HTTPD

IIS

Web Daemon

Apache

Password-free login

Two-factor authentication

Phone number binding

Phone or email verification for password resetting

It will totally block any file to be able to upload to the web server

cache will be enabled only after you turn on the protection switch

there is a switch need to be turned on first

If you changed some page content, you can use 'cache update' button to manually update the cache

enforce security management to any public service

keep installing official released patches will be good enough

keep monitoring system processes , performance and status

always scan input by user through web application

Share password between different users

Botnet attack

system vulnerability is not fixed in time

Wrong security configuration

massive accounts registration for new user benefits gain

data leak because of data transmission with plain text

post massive comments with bots to some e-commerce website

page content including some porn pictures

Software development cycle is not formalized

Security system overall solutions are not complete

Administration tools on Cloud Platform may have some flaws

Cloud platform console and API may lack of security hardenning

One client host can access another client's data

User service become unavailable

Hacker can access host server directly

Incorrect client resource usage calculating

Elastic Public IP

CDN

EIP + SLB

EIP + NAT Gateway

DNS service

change'Administrator' to some other name

with'Server Guard protection In Allbaba Cloud,you can set password to some easy to

remember words.

except for some necessary accounts for system manogement,.dlsoble or delete other

seldomly used accounts

always set a complexed passwcwd using combination of numbers,letters and other

characters

it can only protect servers outside of Alibaba Cloud

it is free to charge

need to turn on manually

There is no service limitation for peak traffic