Alibaba Cloud ACA-Sec1 ACA Cloud Security Associate Exam Practice Test

better CPU usage

fine grained access control to you server

enlarge your network bandwidth

apply QOS to a specific IP

disable port 445

set a highly complexed administrator password

encrypt all data on server side

put sensitive data in some hidden directory

MITM

DNS spoofing

Ping sweep

DoS

Enterprise sub-account management and permission assignment

Resource operation and authorization management between enterprises

Temporary authorization management for untrusted client apps

Prevention of network attacks on enterprises

Website is used for some illegal attempts

Public image or reputation of your company is damaged

Business is impacted

Physical server is damaged

TCP

UDP

IP

SMTP

IPV6 has bigger route table size

IPV6 address length upper limit is 128 bits

IPV6 has more simplified header

No network switch device is needed when using IPV6 protocol to transfer data

Cache-Control

Date

Age

Expires

Host

Control Panel->Management Tool->Stop the running service

Control Panel->windows update->Stop

Create new firewall rule to stop service

Delete administrator role and related accounts

use WAF

change HTTP service to HTTPS service

resolve domain name to a disguised IP

change the service providing port

both can defend DDOS attack

anti-DDOS pro is free to charge

anti-DDOS pro has more capabilities to defend against DDOS attacks

anti-DDOS pro can protect both inside and outside Alibaba Cloud servers

Data received successfully

Delay of data reception

Slow access web resources

unauthorized access control

Software development cycle is not formalized

Security system overall solutions are not complete

Administration tools on Cloud Platform may have some flaws

Cloud platform console and API may lack of security hardenning

software logic flaw or mistakes made during software development cycle

hardware devices are not up to date

system administrator didn't follow the operation manual exactly

The proprietary software that is safer than open source one should be installed

NAT gateway can support multi servers inside VPC to access public internet through one

public IP

EIP can be bind to different ECS servers at the same time

Different EIP can't share bandwidth

NAT gateway can support shared bandwidth between several ips

UDP stateless connectio

DNS 3 times hands shake

TCP 3 times hands shake

HTTP plain text transmission

hot fix doesn't need to reboot physical host

service will not be available during the hot fix

hot fix means the host need to reach some temperature upper limit to be able to

proceed

hot fix is transparent to end user

Advanced Version

Enterprise Version

Ultimate Version

Standard Version

Anonymous logins

Login verification

Account permissions

Authorization distribution

you can use 'mysqldump' do logical backup

you can copy files directly to do physical backup

you can use 'binlog' to do real time backup

you must stop accessing to DB before you do logical backup

users in different VLAN can connect each other directly without pre-configuration

different VLAN means different physical location of switches

VLAN configuration can be done through an TCP/IP router device

VlAN can enhance the network security and data isolation

ICMP

ARP

FTP

UDP