After creating an RDS for MySQL read-only instance, which of the following CAN NOT be performed
by the read-only instance in RDS management console?
D
Explanation:
A read-only RDS instance is a replica of the primary RDS instance that can handle read requests and
increase the read capability of the database system. A read-only RDS instance inherits the network
type (intranet or internet) of the primary RDS instance and cannot switch between them. Therefore,
option D is the correct answer. Reference: Create a read-only ApsaraDB RDS for MySQL instance,
Instance types for read-only ApsaraDB RDS instances
Compared with traditional physical servers, upgrading an ECS instance is much easier. Which of the
following statements about upgrading an ECS instance is false?
D
Explanation:
Changing an instance’s operating system requires creating a custom image or using a public image,
and then replacing the system disk of the instance. This process will cause the instance to restart.
Therefore, this statement is false. Reference: ECS User Guide: Replace the system disk (non-public
image) and ECS User Guide: Replace the system disk (public image)
Which of the following privilege is required to manually install Alibaba Clod Security Center on the
server?
C
Explanation:
To manually install Alibaba Cloud Security Center on the server, you need to have the system
administrator privilege. This is because the Security Center agent requires access to the system files
and processes, and can perform security operations such as vulnerability scanning, intrusion
detection, and threat blocking. A common user privilege or a database access privilege is not
sufficient to install the Security Center agent. An FTP service privilege is irrelevant to the installation
process.
If you need to accelerate a certain domain name (such as abc.com) via Alibaba Cloud Content
Delivery Network (CDN), you must add it to "CDN Domain Name List" in the CDN service. After added
successfully, you will get a CNAME address A Next, you need to modify domain name resolution and
direct the domain name (such as abc.com) to CNAME address
C
Explanation:
The DNS service provider used by the domain name (such as abc.com) does not need to support
intelligent resolution, because the CNAME address allocated to the domain name will point to an IP
address that is intelligently managed by Alibaba Cloud CDN system. Therefore, option C is not a
correct description of modifying domain name resolution. Reference: What is Alibaba Cloud CDN? -
CDN - Alibaba Cloud Documentation Center and Alibaba Cloud CDN
If an administrator often needs to manage multiple ECS instances in an Alibaba Cloud VPC through
the Internet Which of the following solutions can meet this need at low costs and without affecting
system security.
B
Explanation:
A bastion host is a special-purpose computer on a network specifically designed and configured to
withstand attacks. The computer generally hosts a single application, for example a proxy server, and
all other services are removed or limited to reduce the threat to the computer. It is hardened in this
manner primarily due to its location and purpose, which is either on the outside of a firewall or in a
demilitarized zone (DMZ) and usually involves access from untrusted networks or computers. In the
context of Alibaba Cloud, a bastion host can be used to securely access and manage multiple ECS
instances in a VPC through the Internet. By applying an EIP and binding it to the bastion host, the
administrator can use SSH or RDP protocols to log on to the bastion host from the Internet, and then
use the same protocols to access other ECS instances in the VPC through the private network. This
way, the administrator can avoid exposing all the ECS instances to the Internet, which would increase
the risk of attacks and incur higher costs. The bastion host can also be configured with security
policies and monitoring tools to enhance the protection of the ECS instances in the VPC. Reference:
Bastion Host, Access an ECS Instance by Using a Bastion Host
Which of the following ports does RDS for MySQL listen on by default?
B
Explanation:
The port 3306 is the default port on which MySQL is usually configured. This port is used by MySQL
clients and applications to connect to the MySQL server. If you are using any other port, you should
allow traffic to that specific port instead. Alibaba Cloud RDS for MySQL also uses this port by default,
unless you specify a different port when creating the RDS instance. You can view and modify the port
number of your RDS instance in the RDS console. Reference: How to configure an Amazon RDS
environment for MySQL, Connecting to a DB instance running the MySQL database engine, [Create
an ApsaraDB RDS for MySQL instance]
Many websites have suffered DDoS attacks of different volumes. Therefore, accurate understanding
of DDoS attacks is critical to website security protection. Which of the following statements about
DDoS attacks is the MOST accurate?
B
Explanation:
A DDoS attack is a type of cyberattack that aims to exhaust the resources of a target server or
network, such as bandwidth, CPU, memory, or disk space, by sending a large amount of malicious
traffic or requests. This can cause the server or network to slow down, crash, or become unavailable
to legitimate users. A DDoS attack is not intended to steal confidential information, crack passwords,
or target databases, although these may be secondary objectives or consequences of some attacks. A
DDoS attack is one of the most common and powerful threats to website security, as it can be
launched from multiple sources, use various attack methods, and evade traditional defense
mechanisms. According to the DDoS Attack Statistics and Trend Report by Alibaba Cloud, the
proportion of volumetric attacks at 50Gbps and above has doubled, and the resources exhaustion
attack reached a peak value of 3 million QPS in 2020-2021. Reference: DDoS Attacks: Sources,
Strategies and Practices - Alibaba Cloud, DDoS Attack Statistics and Trend Report by Alibaba Cloud,
Use Alibaba Cloud Anti-DDoS Service to Defend DoS Attack, Anti-DDoS Basic - Alibaba Cloud
OSS supports multi-part uploading for large files, namely dividing a large file into multiple parts and
uploading them in order. This function is suitable for scenarios such as uploading large files or
uploading files with poor connectivity.
After completing all the multi-part uploading tasks, if you forget to invoke the "Complete Multipart
Upload" interface, there will be fragment files left in OSS, occupying bucket storage space-To
facilitate deleting those files, OSS provides the________function.
D
Explanation:
OSS provides the fragment management function to help you delete the fragment files left in OSS
after you forget to invoke the “Complete Multipart Upload” interface. Fragment management allows
you to list, delete, or restore the fragment files in a bucket. You can use the OSS console, OSS SDKs,
or OSS APIs to perform fragment management operations. OpenAPI batch deletion, online batch
deletion, and bucket clearing are not the functions provided by OSS to delete the fragment files.
Alibaba Cloud ECS provides multiple instance types to meet the needs of different business
scenarios. A medium-sized enterprise user wants to use two ECS instances, one to deploy a single
Tomcat service and the other one to deploy Memcache. Which of the following configurations is
most recommended?
D
Explanation:
According to the Alibaba Cloud ECS documentation1, the recommended instance type for Tomcat is
ecs.c5.xlarge, which has 4 vCPUs and 4 GiB of memory. This instance type is suitable for web
applications that require high performance and low latency. The recommended instance type for
Memcache is ecs.r5.large, which has 2 vCPUs and 16 GiB of memory. This instance type is optimized
for memory-intensive applications that require high memory bandwidth and low latency. Therefore,
option D is the most recommended configuration for deploying Tomcat and Memcache on two ECS
instances. Reference: Instance type families and Alibaba Cloud Elastic Compute Service Product
Introduction
A company launched its online service just a year ago. It uses five ECS instances and does not have a
full-time system administrator Over the last six months, the company's system has encountered
various security problems Several high-risk vulnerabilities were exploited by hackers, leading to
leakage of the company's confidential dat
a. Which of the following Alibaba Cloud products can be used to quickly resolve this problem?
D
Explanation:
Security Center is a centralized security management system that dynamically identifies and analyzes
security threats, and generates alerts when threats are detected. Security Center provides multiple
features to ensure the security of cloud resources and servers in data centers1. Security Center can
help the company to quickly resolve its security problems by providing the following benefits:
Unified security management: Security Center automatically collects various log data from the
company’s services on the cloud, and implements control over found security threats. Security
Center can also manage assets, attacks, vulnerabilities, and threats in the Security Center console2.
Proactive defense: Security Center supports the proactive detection and termination of mainstream
ransomware, mining programs, backdoor programs, worms, malicious programs, DDoS trojans, and
trojan programs. Security Center also prevents websites from being maliciously implanted with the
acts that involve terrorism, politics, dark chains, trojans, and backdoors. This ensures the normal
operation of web page information2.
Automated security operations: Security Center automatically traces the sources and causes of
attacks. This helps the company understand the ins and outs of intrusion threats and make quick
responses. Security Center also supports custom alerts and third-party data migration to the cloud in
a secure manner2. Reference: Security Center - Alibaba Cloud, Cloud Security- Alibaba Cloud,
Introduction to Security Center - Alibaba Cloud Document Center