Summer Sale - Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 5763r953

Welcome To DumpsPedia

ACA-Sec1 Sample Questions Answers

Questions 4

Which of the following protocols will not be used for a SYN Flood attack?

Options:

A.

UDP

B.

TCP

C.

IPX/SPX

D.

AppleTalk

Buy Now
Questions 5

Which of the following options could NOT be the reason that causes website

tampering

Options:

A.

Share password between different users

B.

Botnet attack

C.

system vulnerability is not fixed in time

D.

Wrong security configuration

Buy Now
Questions 6

What are the advantages of anti-DDOS pro comparing to anti-DDOS basics service?

(the number of correct answers: 3)

Options:

A.

stronger defending attacks capability

B.

elastic protection bandwidth

C.

no upper limit to the attack traffic need to be handled

D.

can do anti-fraud protection

E.

can protect IDC outside Alibaba Cloud

Buy Now
Questions 7

In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the

attacker manipulate?

Options:

A.

The version field

B.

The source address field

C.

The source port field

D.

The destination address field

Buy Now
Questions 8

What is the correct action sequence of WAF protection strategy: (1) CC detection (2) Web

application attack detection (3) Access control

Score 2

Options:

A.

213

B.

312

C.

132

D.

231

Buy Now
Questions 9

Which of the following methods can't be used against CC attack?

Options:

A.

use WAF

B.

change HTTP service to HTTPS service

C.

resolve domain name to a disguised IP

D.

change the service providing port

Buy Now
Questions 10

Which of the following scenarios can be considered as business fraud? (the number of

correct answers: 2)

Options:

A.

massive accounts registration for new user benefits gain

B.

data leak because of data transmission with plain text

C.

post massive comments with bots to some e-commerce website

D.

page content including some porn pictures

Buy Now
Questions 11

Which of the following statements about WAF data risk control feature is NOT true?

Options:

A.

this feature can only used for single page, can't be used to protect the whole domain

name

B.

WAF need to inject JavaScript piece into all pages under the same protected domain

name to decide if the client side is worth to trust

C.

direct access URL protected by this feature will have slider verification pop out

D.

this feature is not suitable for scenario needs to call API directly

Buy Now
Questions 12

Which of the following statements about HTTP protocol are true?(the number of correct

answers: 2

Options:

A.

HTTP protocol support state keeping

B.

HTTP is based on TCP/IP protocol

C.

HTTP request supports methods like: GET, POST, PUT, HEAD, etc.

D.

Response code 200 in HTTP protocol means exception on server side

Buy Now
Questions 13

Which of the following statements are true to describe a SQL attack commonly used pattern? (the number of correct answers: 3)

Options:

A.

Adding more search request together with the original one

B.

adding an absolute true condition to bypass original request

C.

use incorrect SQL function

D.

use selfmade variable

E.

adding ";" or "--" to change the original request purpose with new request attached

Buy Now
Questions 14

Using RAM, Alibaba Cloud users can create and manage user accounts and control the operation

permissions these user accounts possess for resources under your account. Which of the following

descriptions of a RAM usage scenario is NOT correct?

Options:

A.

Enterprise sub-account management and permission assignment

B.

Resource operation and authorization management between enterprises

C.

Temporary authorization management for untrusted client apps

D.

Prevention of network attacks on enterprises

Buy Now
Questions 15

Which of the following statements is TRUE about Anti-DDOS basics?

Options:

A.

it can only protect servers outside of Alibaba Cloud

B.

it is free to charge

C.

need to turn on manually

D.

There is no service limitation for peak traffic

Buy Now
Questions 16

Security risk may caused by 'Cloud platform', 'ISV' or 'End user', which of the following options

are the possible risks may caused by Cloud Platform?

Options:

A.

Software development cycle is not formalized

B.

Security system overall solutions are not complete

C.

Administration tools on Cloud Platform may have some flaws

D.

Cloud platform console and API may lack of security hardenning

Buy Now
Questions 17

In Linux OS, if you want to set a file access privilege to read, write, and execute for the

owner only, what octal number will reflect such settings correctly?

Score 2

Options:

A.

755

B.

700

C.

777

D.

766

Buy Now
Questions 18

Which of the following products is designed to provide secured and stable network

connection among different VPCs?

Options:

A.

ECS

B.

SLB

C.

Security Group

D.

Express Connect

Buy Now
Questions 19

Which of the following protocol can be considered as 'application' layer protocol in ISO/OSI 7 layer model?

Options:

A.

TCP

B.

UDP

C.

IP

D.

SMTP

Buy Now
Questions 20

Which of the following options is the top 1 web application security risk based on OWASP 2017

report?

Options:

A.

XSS Attack

B.

Server Information Theft

C.

Code Execution

D.

SQL Injection

Buy Now
Questions 21

Anti-DDOS basic is provided by Alibaba Cloud for free. Which of the following statements

about this service are NOT true? (the number of correct answers: 2)

Score 1

Options:

A.

basic anti-DDOS service can detect attack traffic and migrate them automatically

B.

basic anti-DDOS service can protect any server connect to internet

C.

no protection upper limit to the rate of attack traffic

D.

CC attack protection need to be turned on manually

Buy Now
Questions 22

Each host connecting to internet will face the potential attacks from internet as follows : ( the numbers of correct answers : 3)

Options:

A.

Brute Force password hacking

B.

Trojan planting

C.

Content Compliance Requirement

D.

Vulnerability scanning

E.

Lack of storage resource

Buy Now
Exam Code: ACA-Sec1
Exam Name: ACA Cloud Security Associate
Last Update: Apr 16, 2024
Questions: 147
$72  $159.99
$54  $119.99
$45  $99.99
buy now ACA-Sec1