ACA-Sec1 Sample Questions Answers

UDP

TCP

IPX/SPX

AppleTalk

Share password between different users

Botnet attack

system vulnerability is not fixed in time

Wrong security configuration

stronger defending attacks capability

elastic protection bandwidth

no upper limit to the attack traffic need to be handled

can do anti-fraud protection

can protect IDC outside Alibaba Cloud

The version field

The source address field

The source port field

The destination address field

213

312

132

231

use WAF

change HTTP service to HTTPS service

resolve domain name to a disguised IP

change the service providing port

massive accounts registration for new user benefits gain

data leak because of data transmission with plain text

post massive comments with bots to some e-commerce website

page content including some porn pictures

this feature can only used for single page, can't be used to protect the whole domain

name

WAF need to inject JavaScript piece into all pages under the same protected domain

name to decide if the client side is worth to trust

direct access URL protected by this feature will have slider verification pop out

this feature is not suitable for scenario needs to call API directly

HTTP protocol support state keeping

HTTP is based on TCP/IP protocol

HTTP request supports methods like: GET, POST, PUT, HEAD, etc.

Response code 200 in HTTP protocol means exception on server side

Adding more search request together with the original one

adding an absolute true condition to bypass original request

use incorrect SQL function

use selfmade variable

adding ";" or "--" to change the original request purpose with new request attached

Enterprise sub-account management and permission assignment

Resource operation and authorization management between enterprises

Temporary authorization management for untrusted client apps

Prevention of network attacks on enterprises

it can only protect servers outside of Alibaba Cloud

it is free to charge

need to turn on manually

There is no service limitation for peak traffic

Software development cycle is not formalized

Security system overall solutions are not complete

Administration tools on Cloud Platform may have some flaws

Cloud platform console and API may lack of security hardenning

755

700

777

766

ECS

SLB

Security Group

Express Connect

TCP

UDP

IP

SMTP

XSS Attack

Server Information Theft

Code Execution

SQL Injection

basic anti-DDOS service can detect attack traffic and migrate them automatically

basic anti-DDOS service can protect any server connect to internet

no protection upper limit to the rate of attack traffic

CC attack protection need to be turned on manually

Brute Force password hacking

Trojan planting

Content Compliance Requirement

Vulnerability scanning

Lack of storage resource