Questions for the ACA-CLOUD1 were updated on : Nov 21 ,2025
RDS provides whitelist access policies. You can set permitted IP addresses and IP network segments
to effectively prevent hackers from attacking the server by port scanning.
A
Explanation:
A is the correct answer because RDS provides whitelist access policies that allow you to set
permitted IP addresses and IP network segments to effectively prevent hackers from attacking the
server by port scanning. A whitelist is a security feature that specifies the IP addresses or CIDR blocks
that are allowed to access your RDS instance. By default, the whitelist is empty, which means that no
IP address can access your RDS instance. You can add IP addresses or CIDR blocks to the whitelist
according to your business needs. You can also create multiple whitelist groups and assign different
IP addresses or CIDR blocks to each group.
This can help you manage the access permissions of
different users or applications12
Reference: 1
:
Configure a whitelist 2
:
ApsaraDB RDS:Configure an IP address whitelist
Reference: https://apsarastackdocument.oss-cn-
hangzhou.aliyuncs.com/01_ApsaraStackEnterprise/V3.5.2- intl-
en/Alibaba%20Cloud%20Apsara%20Stack%20Enterprise%201808%20Security%20Whitepaper%20-%
2020180831.pdf
In which of the following cases would you need to apply an ICP license? (Choose three.)
ABC
Explanation:
An ICP license is a permit issued by the Chinese Ministry of Industry and Information Technology
(MIIT) that allows websites to operate in China. An ICP license is required for any website that is
hosted on a mainland China server, or that wants to use a China-based CDN service to accelerate its
access in China. Therefore, you would need to apply an ICP license in the following cases:
Accelerate your Overseas Website in China: If you have a website that is hosted outside of China, but
you want to use Alibaba Cloud’s CDN service to improve its performance and user experience in
China, you would need to apply an ICP license for your domain name. This is because Alibaba Cloud’s
CDN nodes are located in mainland China, and any website that uses them must comply with the
Chinese regulations.
Launch your website in China: If you want to host your website on an Alibaba Cloud ECS instance or
OSS bucket that is located in mainland China, you would need to apply an ICP license for your
domain name. This is because any website that is hosted on a mainland China server must have an
ICP license to be accessible and legal in China.
Launch your online shop in China: If you want to run an e-commerce website that sells goods or
services to customers in China, you would need to apply an ICP license for your domain name. This is
because any website that engages in commercial activities in China must have an ICP license to
operate legally and securely in China.
Reference:
What is an ICP License? - Alibaba Cloud Academy
, ICP License Application - Alibaba Cloud
Documentation Center
Reference: https://www.alibabacloud.com/icp
As a cloud computing service provider, Alibaba Cloud provides security services including
.
(Choose two.)
AC
Explanation:
Alibaba Cloud provides security services for the underlying hardware of cloud computing, such as
physical security, network security, host security, and storage security. Alibaba Cloud also provides
security isolation between cloud computing tenants, such as virtualization isolation, network
isolation, and data isolation. These security services are part of Alibaba Cloud’s shared responsibility
model, where Alibaba Cloud is responsible for the security of the cloud infrastructure, while
customers are responsible for the security of their applications and data on the
cloud. Reference:
Alibaba Cloud Security Services
,
Alibaba Cloud Security & Compliance Center
,
Shared Responsibility Model
Reference: https://www.alibabacloud.com/solutions/security
Alibaba Cloud OSS is a cloud storage service that features massive capacity, outstanding security, low
cost, and high reliability. To control the access to the files stored on OSS, OSS provides multiple
access permissions for each bucket. These bucket permissions are
. (Choose three.)
BCD
Explanation:
According to the Alibaba Cloud Academy, Alibaba Cloud OSS is a cloud storage service that features
massive capacity, outstanding security, low cost, and high reliability. To control the access to the files
stored on OSS, OSS provides multiple access permissions for each bucket. These bucket permissions
are:
Public-read-write: Anyone, including anonymous users, can perform read and write operations on
the objects in the bucket. The owner of the bucket is charged for the requests and traffic generated
by these operations. This permission poses a high security risk and is not recommended.
Public-read: Only the owner of the bucket and authorized RAM users can perform write operations
on the objects in the bucket. Anyone, including anonymous users, can perform read operations on
the objects in the bucket. The owner of the bucket is charged for the requests and traffic generated
by these operations.
Private: Only the owner of the bucket and authorized RAM users can perform read and write
operations on the objects in the bucket. Other users, including anonymous users, are denied access
to the objects in the bucket unless they have been granted temporary access permissions by the
bucket owner or authorized RAM users.
Therefore, the options B, C, and D are the correct answers that describe the bucket permissions in
OSS. Reference:
OSS Security - Alibaba Object Storage Service Course - Cloud Academy
,
OSS Concepts
- Alibaba Cloud Documentation Center
Reference: https://www.alibabacloud.com/help/doc-detail/100676.htm
When using Alibaba Cloud OSS, you can set access control in 3 different levels, which are
(Choose three.)
ABC
Explanation:
When using Alibaba Cloud OSS, you can set access control in three different levels, which are bucket
level, object level, and RAM account level. Bucket level access control is the highest level of access
control, which determines whether a user can access the bucket and its objects. Bucket level access
control can be set to public read/write, public read, or private. Object level access control is the
second level of access control, which determines whether a user can access a specific object in the
bucket. Object level access control can be set to inherit from the bucket, public read/write, public
read, or private. RAM account level access control is the lowest level of access control, which
determines whether a user can perform certain operations on the bucket or the object. RAM account
level access control can be set by using RAM policies, which specify the actions, resources, and
conditions for the access. Reference:
Object Storage Service (OSS) - Alibaba Cloud Academy
,
Access
Control - Alibaba Cloud Documentation Center
Reference: https://www.alibabacloud.com/help/doc-detail/100676.htm
You are developing a highly available web application using stateless web servers. Which services are
suitable for the application? (Choose three.)
BCE
Explanation:
B, C, and E are the correct answers according to the ACA Cloud Computing by Alibaba Cloud
Academy Reference Materials and documents. Comprehensive and Detailed = B, C, and E are the
correct answers because they are suitable services for developing a highly available web application
using stateless web servers.
B is correct because Server Load Balancer (SLB) is a service that distributes network traffic across
groups of backend servers to improve the service capability and application availability. SLB can
handle sudden spikes in traffic, minimize response time, and maintain 99.99% availability of the web
application.
SLB also supports health checks, session persistence, and cross-zone load balancing1
C is correct because Elastic Compute Service (ECS) is a service that provides scalable and high-
performance virtual machines for various computing needs. ECS can run stateless web servers that
can be easily scaled up or down based on the demand. ECS can also use Auto Scaling to automate
the scaling process and Elastic Self-Health to automatically recover from failures.
ECS can also
leverage the Alibaba Cloud network infrastructure, such as VPC, Express Connect, and Global
Accelerator, to optimize the network connectivity and performance of the web servers2
E is correct because Object Storage Service (OSS) is a service that provides massive, secure, and cost-
effective storage for static files, such as images, videos, and documents. OSS can store the static
content of the web application and reduce the load and cost of the ECS instances.
OSS can also
integrate with CDN to accelerate the delivery of the static content and improve the user experience
and response time of the web application3
A and D are incorrect answers because they are not suitable services for developing a highly available
web application using stateless web servers.
A is incorrect because Relational Database Service (RDS) is a service that provides managed database
systems, such as MySQL, SQL Server, PostgreSQL, and PPAS. RDS is not a stateless web server, but a
stateful data storage and processing service.
RDS can be used to store the dynamic data of the web
application, but it is not suitable for hosting the web application itself4
D is incorrect because MaxCompute is a service that provides a fast and fully managed big data
platform for large-scale data warehousing. MaxCompute is not a stateless web server, but a data
analysis and processing service. MaxCompute can be used to perform complex data analytics and
machine learning tasks, but it is not suitable for hosting the web application itself.
Reference: 1
:
SLB Overview 2
:
ECS Overview 3
:
OSS Overview 4
:
RDS Overview
: [MaxCompute
Overview]
Reference: http://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/pdf/slb-faq-intl-en-2017-03-29.pdf
Which of the followings are not the operations that you can do on a cloud disk snapshot? (Choose
two.)
AC
Explanation:
According to the Alibaba Cloud Academy, a cloud disk snapshot is a point-in-time backup of a cloud
disk. You can use snapshots to back up data, create images, or restore data. The operations that you
can do on a cloud disk snapshot are snapshot creation, snapshot deletion, snapshot rollback, and
snapshot sharing. Snapshot duplicate and snapshot download are not the operations that you can do
on a cloud disk snapshot. Therefore, the options A and C are the correct
answers. Reference:
Snapshot Overview - Alibaba Cloud Documentation Center
,
ACA Cloud
Computing Exam Preparation Course - Alibaba Cloud
, Module 3: Cloud Computing Storage, Lesson 2:
Snapshot, Slide 2
Reference: https://www.alibabacloud.com/help/doc-detail/52045.htm#section-1ff-9s6-3i5
ECS is a highly flexible service. It can be used independently as a simple web server, or used with
other
Alibaba Cloud products, such as OSS and CDN, to provide advanced solutions. ECS can be used in
applications such as:
. (Choose four.)
ABCD
Explanation:
A, B, C, and D are the correct answers according to the ACA Cloud Computing by Alibaba Cloud
Academy Reference Materials and documents. Comprehensive and Detailed = A, B, C, and D are the
correct answers because ECS is a highly flexible service that can be used independently as a simple
web server, or used with other Alibaba Cloud products, such as OSS and CDN, to provide advanced
solutions. ECS can be used in applications such as:
Official corporate websites: ECS can host official corporate websites that require high performance,
stability, reliability, and scalability. ECS can also support various web frameworks and languages, such
as PHP, Java, Node.js, Python, and Ruby.
ECS can also be integrated with other Alibaba Cloud
products, such as SLB, CDN, and WAF, to improve the security, availability, and performance of the
websites1
Large-traffic apps: ECS can handle large-traffic apps that require high concurrency, low latency, and
high throughput. ECS can also scale up or down based on the real-time traffic demands, and use Auto
Scaling to automate the scaling process.
ECS can also leverage the Alibaba Cloud network
infrastructure, such as VPC, Express Connect, and Global Accelerator, to optimize the network
connectivity and performance of the apps2
Databases: ECS can run various database systems, such as MySQL, PostgreSQL, MongoDB, and Redis,
to provide data storage and processing capabilities for different applications. ECS can also use cloud
disks or local disks as the storage media for the databases, and choose different disk types, such as
SSD, ESSD, and Ultra Disk, based on the performance and cost requirements.
ECS can also use RDS or
PolarDB to replace the self-managed databases, and enjoy the benefits of managed database
services, such as backup, recovery, monitoring, and maintenance3
Simple web applications: ECS can run simple web applications that do not require complex
architectures or high availability. ECS can provide fast memory and the latest CPUs to power the web
applications and achieve faster results with low latency. ECS can also use OSS to store static files,
such as images, videos, and documents, and reduce the storage cost and load of the ECS instances.
E is an incorrect answer because ECS is not a storage service that provides unlimited online storage.
ECS is a compute service that provides virtual machines with limited storage capacity. ECS can use
OSS or NAS to expand the storage capacity, but these are separate storage services that have their
own pricing and billing methods.
Reference: 1
:
Build a Corporate Website 2
:
Build a Large-Traffic App 3
:
Build a Database System
:
[Build a Simple Web Application] : [ECS Overview]
Your friend purchases some Alibaba Cloud resources and uses them to build an online training
website. Before the site goes online, your friend wants to perform some performance tests but
doesn't know how to do it. In this case, which of the following services can help?
C
Explanation:
Load and Performance Testing Service (LPTS) is a service that helps users to test the performance and
stability of their websites, applications, or servers under different load conditions. LPTS can simulate
a large number of concurrent users and requests, and generate detailed reports on the response
time, throughput, error rate, and other metrics of the target system. LPTS can help users to identify
and resolve performance bottlenecks, optimize resource utilization, and ensure the reliability and
availability of their online services. Reference:
Load and Performance Testing Service - Alibaba Cloud
Academy
, Load and Performance Testing Service - Alibaba Cloud Documentation Center
Reference: https://www.alibabacloud.com/support/after-sales
An enterprise hosts their servers (include both Linux and Windows servers) in a traditional IDC. Every
night hackers with IP addresses from many countries try to crack the password of their servers,
making the administrator terribly worried about this. However, because of work requirements, the
remote management port of these servers must be opened to public network.
The administrator heard that Alibaba Cloud has solutions that can help customers improve the
security of their systems. Therefore, he/she wants to migrate the system to Alibaba Cloud. Which of
the following functions should the administrator activate in Alibaba Cloud to reduce the possibility of
brute force password cracking?
B
Explanation:
Server Guard is a cloud-based security service that provides real-time protection for servers against
intrusion events, such as brute force password cracking. Server Guard consists of a lightweight agent
that is installed on the server and a cloud protection center that analyzes and responds to security
threats.
Server Guard can help the administrator to reduce the possibility of brute force password
cracking by providing the following features1
:
Password cracking protection: Server Guard can detect and block password cracking attempts on
servers, such as SSH brute force attacks on Linux servers and RDP brute force attacks on Windows
servers. Server Guard can also alert the administrator of the attack source, time, and frequency, and
provide suggestions for password strengthening.
Webshell detection and removal: Server Guard can scan and remove webshells that are maliciously
implanted on servers by hackers. Webshells are scripts that allow hackers to remotely execute
commands on servers, such as stealing data, uploading files, or launching attacks. Server Guard can
identify and delete webshells based on signature matching, behavior analysis, and machine learning.
Anti-virus and anti-ransomware: Server Guard can detect and terminate various types of malware,
such as ransomware, mining programs, backdoor programs, worms, and trojans. Server Guard can
also prevent the encryption and deletion of files by ransomware, and restore the files to their original
state.
Security baseline check: Server Guard can perform security baseline checks on servers to evaluate
their security posture and compliance level. Server Guard can check more than 40 security items,
such as system configuration, account management, network security, and log audit. Server Guard
can also provide security hardening suggestions and one-click fixes for the detected issues.
Security situation awareness: Server Guard can provide a comprehensive and visualized view of the
security situation of the servers, such as the number of attacks, the attack sources, the attack types,
the attack trends, and the security score. Server Guard can also provide security reports and
recommendations for improving the security level of the servers. Reference:
Security Center
Reference: https://www.alibabacloud.com/blog/blogblogalibaba-cloud-server-guard-a-
comprehensive- assessment_284390
A video streaming company uses SLB to distribute user requests to 30 ECS instances (the 30 ECS
instances have the same configuration). Yet, the company finds that the service traffic soars
dramatically every night from 20:00 to 02:00. According to their calculation, the evening traffic is
100% higher than the traffic in other periods of time. To properly respond to user requests, which of
the following methods is most preferred from the perspective of cost and implementation simplicity?
A
Explanation:
According to the Alibaba Cloud Academy, Auto Scaling is a service that automatically creates and
releases ECS instances based on pre-defined rules in order to scale services to match demand.
Furthermore, it can configure server load balancer and relational database service white lists,
without any manual intervention. Therefore, using Auto Scaling is the most preferred method from
the perspective of cost and implementation simplicity, as it can dynamically adjust the number of
ECS instances according to the traffic fluctuations, without requiring manual operations or wasting
resources. The other methods are either too complex, inefficient, or costly to
implement. Reference:
Introduction to Alibaba Auto Scaling - Cloud Academy
,
ACA Cloud Computing
Exam Preparation Course - Alibaba Cloud
, Module 4: Cloud Computing Elasticity, Lesson 1: Auto
Scaling, Slide 2.
Reference: https://www.alibabacloud.com/product/auto-scaling
Auto Scaling is a management service that can automatically adjust elastic computing resources
based on your business needs and policies. It supports adding existing ECS instances into the scaling
group, whose status however must be ________.
A
Explanation:
A is the correct answer because Auto Scaling supports adding existing ECS instances into the scaling
group, whose status however must be running. Running means that the ECS instance is in a normal
state and can provide services. Auto Scaling does not support adding ECS instances that are in other
states, such as created, stopped, or preparing. Created means that the ECS instance has been created
but has not been started yet. Stopped means that the ECS instance has been stopped and cannot
provide services.
Preparing means that the ECS instance is being initialized and cannot provide
services12
B, C, and D are incorrect answers because they are not valid states for adding existing ECS instances
into the scaling group.
Reference: 1
:
Add existing ECS instances to a scaling group 2
:
ECS instance lifecycle
Reference: http://static-aliyun-doc.oss-cn-
hangzhou.aliyuncs.com/download/pdf/DNESS1876951_en-
US_intl_181115175025_public_176152014821b385708e5290da11a0fe.pdf (14)
Which of the following statements is true for RDS?
A
Explanation:
RDS allows users to create multiple databases in one RDS instance, as long as the total storage
capacity and performance of the instance are not exceeded. This can help users save costs and
simplify management. Users can create, delete, and manage databases in the RDS console or by
using SQL commands. However, databases with the same name are not allowed in the same
instance, and resources are shared among the databases in the same RDS instance, such as CPU,
memory, disk, and network bandwidth. Reference:
Operate and Manage a Relational Database on
the Cloud
,
Alibaba RDS Course | Cloud Academy
,
ACA Cloud Computing Certification - Alibaba Cloud
Academy
Reference: https://www.alibabacloud.com/help/doc-detail/26092.htm
Company В builds a music download website based on OSS and ECS, and users can download mp3
files
after registering for the website. Recently, the public network traffic to the OSS has doubled but the
increase of registered users is less than 10%. After in-depth analysis, engineers find that many user
download requests are raised from search engine but not the website itself. In this case, which of the
following measures is thought to be able to address this issue.
C
Explanation:
The issue that Company B faces is that their music files stored in OSS are being downloaded by
unauthorized users who access them through search engines, rather than through their website. This
is called leeching, which is a form of bandwidth theft that consumes the OSS traffic and increases the
cost for Company B. To address this issue, Company B can limit the access sources by configuring the
“Anti-leech settings” of OSS bucket attributes. Anti-leech settings allow the bucket owner to specify a
referer whitelist, which is a list of domain names that are allowed to access the OSS resources. The
referer is a part of the HTTP header that indicates the source URL of the request. By setting a referer
whitelist, Company B can prevent leeches from accessing their music files directly from search
engines or other websites, and only allow access from their own website domain name. This way,
Company B can protect their OSS resources from unauthorized access and reduce their OSS traffic
costs. The other options are not effective or relevant for addressing the issue. Migrating music files
from OSS to data disks for ECS instances would increase the storage and computing costs for
Company B, and also reduce the scalability and availability of their music files. Changing the website
access mode to HTTPS would enhance the security and encryption of the website, but it would not
prevent leeches from accessing the OSS resources through search engines. Introducing SLB for extra
protection would improve the load balancing and high availability of the ECS instances, but it would
not affect the access control of the OSS resources. Reference:
OSS Anti-Leech Referer Configuration
and Error Elimination
Reference: http://static-aliyun-doc.oss-cn-
hangzhou.aliyuncs.com/download/pdf/DNOSS11828897_en-
US_intl_190202150837_public_b55986256a50380c526a35e863023ec9.pdf (55)
Alibaba Cloud Object Storage Service (OSS) is a massive, highly available, secured and cost effective
storage service. OSS is superior than self-built storage in all these aspects. Which of the following
advantage relates
to the high availability of OSS?
B
Explanation:
According to the Alibaba Cloud Academy, Alibaba Cloud Object Storage Service (OSS) is a massive,
highly available, secured and cost effective storage service. OSS is superior than self-built storage in
all these aspects. One of the advantages of OSS is its high availability, which means that the data
stored in OSS can be accessed anytime and anywhere with minimal downtime or interruption. OSS
achieves high availability by ensuring data reliability of not less than 99.99999999%. Data reliability is
the probability that the data stored in OSS is not lost or corrupted. OSS ensures data reliability by
automatically backing up data with multiple redundant copies across different devices and facilities.
Therefore, the option B is the correct answer that relates to the high availability of
OSS. Reference:
What is OSS? - Alibaba Object Storage Service Course - Cloud Academy
, [Object
Storage Service(OSS): Store Data Safely In The Cloud - Alibaba Cloud Blog]
Reference: https://www.alibabacloud.com/blog/alibaba-cloud-object-storage-vs--ibm-cloud-and-
oracle-cloud- equivalent_293464