[2024年04月02日] ACP-Cloud1問題集でAlibaba Cloud Computing合格確定させる練習問題集 [Q41-Q63]

[2024年04月02日]JPNTest ACP-Cloud1問題集でAlibaba Cloud Computing合格確定させる練習問題集

Alibaba Cloud ACP-Cloud1実際にある問題とブレーン問題集

Alibaba Cloud ACP-Cloud1 (ACPクラウドコンピューティングプロフェッショナル)試験は、クラウドコンピューティングの専門家の能力を検証する認定試験です。この試験は、クラウドアーキテクチャ、展開、セキュリティ、およびメンテナンスなど、クラウドコンピューティングのさまざまな側面における個人の知識とスキルをテストするために設計されています。

 

質問 # 41
Before data communication is setup, the security groups match the security group rules one by one to query whether to allow access requests Assume that the user has created two security group rules 1 and 2 The protocol type, port range, authorization type, and authorization object of the two security group rules are the same. The difference is that Rule 1 is a denial policy, rule 2 is an allowed policy, so the following statement is correct_______ (Number of correct answers 2)

• A. If rule 1 and rule 2 have different priorities, the rule with a small priority number takes effect
• B. If rule 1 and rule 2 have different priorities, the rule with a large priority number takes effect.
• C. If rule 1 and rule 2 have the same priority, the rule of the allowed policy takes effect first, and the rule that of the denial policy does not take effect.
• D. If rule 1 and rule 2 have the same priority, the rule of the denial policy takes effect first, and the rule of the allowed policy does not take effect

正解：A、D

質問 # 42
The backend server pool of an Alibaba Cloud SLB contains multiple ECS instances, which may have different service capacities. To exploit the different service capacities of backend ECS instances, which of the following statements is correct?

• A. Choose Weighted Round Robin mode to set higher weights to ECS instances with higher capacities The higher the weight of the backend ECS instance the higher chance that the instance will receive requests.
• B. SLB cannot assign more requests to certain ECS instances.
• C. Choose Round-Robin model and ECS instances with higher capacities will surely be assigned with more requests.
• D. Choose Weighted Least-Connection mode, and ECS instances with higher capacities will surely be assigned with more requests.

正解：A

質問 # 43
Alibaba Cloud ECS provides multiple instance types to meet the needs of different business scenarios. A medium-sized enterprise user wants to use two ECS instances, one to deploy a single Tomcat service and the other one to deploy Memcache. Which of the following configurations is most recommended?

• A. Tomcat: 4 cores 8G. Memcache: 2 cores 8G
• B. Tomcat: 4 cores. 8G, Memcache: 2 cores: 16G
• C. Tomcat: 4 cores, 4G, Memcache: 2 cores, 8G
• D. Tomcat: 4 cores: 4G, Memcache: 2 cores: 16G

正解：C

質問 # 44
A startup video streaming company deploys its service on Alibaba Cloud Elastic Compute Service (ECS) Christmas is coming soon and the CEO knows that they need to prepare more computing resources However, they don't want to purchase a large number of Elastic Compute Service (ECS) instances tor a long period of time. Instead, they want to buy ECS instances for a short period of time and release them after the event is over. Which of the following billing methods of ECS is the most suitable?

• A. Subscription with Reserved Instances
• B. Pay-As-You-Go with Savings Plan
• C. Pay-As-You-Go Only
• D. Pay-As-You-Go with Reserved Instances

正解：B

質問 # 45
Object Storage Service (OSS) supports access logging. A bucket owner can activate access logging for their buckets in the OSS management console. When access logging is activated for bucket A, OSS automatically accesses the request logs for this bucket (in hours) and generates and writes an object to the user-specified bucket B according to certain naming rules. Which of the following statements is true for OSS logging?

• A. Buckets A and B can be separate buckets (or a single bucket) but they must belong to the same user
• B. Buckets A and B must be the same bucket.
• C. Buckets A and B must be different buckets.
• D. Buckets A and B can belong to different users.

正解：A

質問 # 46
When using Alibaba Cloud SLB to forward layer 7 (HTTP) service requests. SLB will replace the IP address in the HTTP header file to forward requests.
Therefore the source IP address that can be seen on the backend ECS instance is the IP address of SLB instead of the clients real IP address.

• A. False
• B. True

正解：B

解説：
Explanation
When using Alibaba Cloud SLB to forward layer 7 (HTTP) service requests, SLB will replace the IP address in the HTTP header file to forward requests. Therefore, the source IP address that can be seen on the backend ECS instance is the IP address of SLB instead of the client's real IP address. However, SLB also provides a feature called X-Forwarded-For (XFF) that can help you obtain the real IP address of the client. XFF is a standard HTTP header field that records the original IP address of the client and the proxy servers that the request passes through. You can enable XFF on the SLB console or by using the API, and then configure your backend ECS instance to parse the XFF header field and get the real IP address of the client. References: 1 - SLB overview - Alibaba Cloud Document Center - Layer 7 listeners - X-Forwarded-For

質問 # 47
Which of the following scenarios can be done using Alibaba Cloud Express Connection? (Number of correct answers: 2)

• A. Intranet communication between two VPCs under the same account in the same region
• B. Intranet communication between VPCs and Smart Access Gateway in customers different branch offices
• C. Intranet communication between two VPCs in different accounts and different CIDR Blocks
• D. Intranet communication between a VPC and servers in an external IDC

正解：B、C

質問 # 48
Many websites have suffered DDoS attacks of different volumes. Therefore, accurate understanding of DDoS attacks is critical to website security protection. Which of the following statements about DDoS attacks is the MOST accurate?

• A. A DDoS attacks crack the server's logon password by means of a massive number of attempts.
• B. The purpose of a DDoS attack is to steal confidential information.
• C. DDoS attacks primarily target databases.
• D. The main purpose of a DDoS attack is to prevent the target server from providing normal services.
  Currently, the DDoS attack is one of the strongest and most indefensible website attacks.

正解：D

解説：
Explanation
A DDoS attack is a type of cyberattack that aims to exhaust the resources of a target server or network, such as bandwidth, CPU, memory, or disk space, by sending a large amount of malicious traffic or requests. This can cause the server or network to slow down, crash, or become unavailable to legitimate users. A DDoS attack is not intended to steal confidential information, crack passwords, or target databases, although these may be secondary objectives or consequences of some attacks. A DDoS attack is one of the most common and powerful threats to website security, as it can be launched from multiple sources, use various attack methods, and evade traditional defense mechanisms. According to the DDoS Attack Statistics and Trend Report by Alibaba Cloud, the proportion of volumetric attacks at 50Gbps and above has doubled, and the resources exhaustion attack reached a peak value of 3 million QPS in 2020-2021. References: DDoS Attacks: Sources, Strategies and Practices - Alibaba Cloud, DDoS Attack Statistics and Trend Report by Alibaba Cloud, Use Alibaba Cloud Anti-DDoS Service to Defend DoS Attack, Anti-DDoS Basic - Alibaba Cloud

質問 # 49
When you create an Alibaba Cloud VPC. a VRouter and a route table will be created automatically. Which of the following statements is NOT correct about the route table?

• A. The routing entries of the route table can not be modified manually.
• B. When a VPC is deleted, the corresponding route table is also deleted.
• C. This route table cannot be deleted
• D. Each VRouter may have multiple route tables.

正解：B

質問 # 50
Before data communication is setup, the security groups match the security group rules one by one to query whether to allow access requests Assume that the user has created two security group rules 1 and 2 The protocol type, port range, authorization type, and authorization object of the two security group rules are the same. The difference is that Rule 1 is a denial policy, rule 2 is an allowed policy, so the following statement is correct_______ (Number of correct answers 2)

• A. If rule 1 and rule 2 have different priorities, the rule with a small priority number takes effect
• B. If rule 1 and rule 2 have different priorities, the rule with a large priority number takes effect.
• C. If rule 1 and rule 2 have the same priority, the rule of the allowed policy takes effect first, and the rule that of the denial policy does not take effect.
• D. If rule 1 and rule 2 have the same priority, the rule of the denial policy takes effect first, and the rule of the allowed policy does not take effect

正解：A、D

解説：
Explanation
Before data communication is set up, the security groups match the security group rules one by one to query whether to allow access requests. If the protocol type, port range, authorization type, and authorization object of two security group rules are the same, the following rules apply:
If the two rules have the same priority, the rule of the denial policy takes effect first, and the rule of the allowed policy does not take effect. This is because the security group rules follow the principle of minimum permission, which means that the most restrictive rule is applied when there is a conflict.
If the two rules have different priorities, the rule with a smaller priority number takes effect. This is because the security group rules follow the principle of priority, which means that the rule with a higher priority (lower number) is applied when there is a conflict. References: ECS Security Groups - Alibaba Fundamentals - Cloud Academy, Security group rules - Elastic Compute Service - Alibaba Cloud Documentation Center

質問 # 51
Alibaba Cloud Server Load Balancer (SLB) provides services for distributing traffic among multiple ECS instances SLB can expand the application system's service capacity through traffic distribution, and improve the system's availability by eliminating SPoFs (Single Points of Failure). Which of the following statements are correct? (Number of correct answers; 2)

• A. One of SLB's features is the Health Check. If some of the backend ECS instances are down, whereas other backend ECS instances can still provide services, then the system can continue to work normally.
• B. SLB provides a function to automatically synchronize data among backend ECS instances using rsync remote synchronization.
• C. Before using SLB to provide external services, make sure that you have installed and correctly configured the SLB agent on all of the backend ECS instances.
• D. When recreating an SLB instance that has an Internet IP address, a new Internet IP address will be assigned to the SLB instance.

正解：A、D

解説：
Explanation
According to the Alibaba Cloud SLB documentation1, SLB provides a health check feature that monitors the availability and performance of the backend servers. If a backend server fails the health check, SLB stops routing requests to it and redirects the traffic to other healthy servers. This way, SLB can improve the system's availability by eliminating single points of failure (SPOFs). Therefore, option A is a correct statement about SLB.
According to the same documentation1, SLB instances are assigned with public IP addresses or private IP addresses based on the network type. If you delete an SLB instance and create a new one, a new IP address will be allocated to the new instance. You cannot specify or reserve an IP address for an SLB instance.
Therefore, option B is also a correct statement about SLB.
Option C is incorrect, because SLB does not require you to install or configure any SLB agent on the backend servers. You only need to add the backend servers to the SLB instance and configure the listener and the server group. SLB will automatically distribute the traffic to the backend servers based on the load balancing algorithm and the health check status2.
Option D is also incorrect, because SLB does not provide a function to automatically synchronize data among backend servers. SLB only handles the network traffic distribution and does not interfere with the data on the backend servers. You need to use other methods or tools to synchronize data among backend servers, such as rsync, lsyncd, or Alibaba Cloud Data Transmission Service (DTS)3.
References: Server Load Balancer:SLB overview, Add backend servers, and Data Transmission Service.

質問 # 52
You are designing a solution for a startup company, the proposed solution is like this You suggest they use ECS instances to process requests from mobile App clients, and use SLB to distribute data traffic and ensure the load across each backend ECS instance is balanced.
Moreover to deal with volatile fluctuations in business volume (page views are much higher on the weekends), you also suggest they use Auto Scaling to dynamically increase or reduce computing resources.
The company is satisfied with the solution you proposed. However, they have one concern that when removing an idle instance from the scaling group: if Auto Scaling shuts the instance down directly, the service running on that instance will be abruptly terminated, resulting in poor user experience.
In order to eliminate your customer's concern, which of the following solutions should you recommend them?

• A. Find the ECS instance that is going to be removed from the backend server pool of the SLB instancer and automatically set the weight of this ECS instance to 0. This instance will not be assigned with new requests, and will be automatically removed from the backend server pool after existing tasks are completed.
• B. Use the Lifecycle Hook function embedded m Auto Scaling Define a suitable timeout and a web hook to do the necessary work before the instance is removed.
• C. Find the ECS instance that is going to be removed from the backend server pool of the SLB instance, and manually remove this instance from the backend server pool Applications running on this ECS instance will normally return results, but this instance will not be assigned with new requests.
• D. First, insert a script into the image for creating the ECS instance Second, make the script run automatically when the operating system in this ECS instances is about to shut down. This script contains the processing logic that can ensure the instance finish all the remaining tasks before shutting down.

正解：B

解説：
Explanation
According to the Alibaba Cloud Auto Scaling documentation1, the Lifecycle Hook feature allows you to perform custom operations on instances that are added to or removed from a scaling group. You can define a lifecycle hook to specify a timeout period and a web hook URL. When an instance is about to be removed, Auto Scaling sends a notification to the web hook URL and waits for a response. During the timeout period, you can perform the necessary operations on the instance, such as gracefully shutting down the service, backing up the data, or sending a custom notification. After the operations are completed, you can send a response to the web hook URL to confirm the removal of the instance. This way, you can ensure that the instance is removed without affecting the user experience or causing data loss. Therefore, option D is the best solution to eliminate the customer's concern. References: Lifecycle hooks and Alibaba Cloud Auto Scaling.

質問 # 53
The daily PV volume of a community website is as high as 20 million. The applications of the website are deployed on ECS instances while logs are stored on the data disks of a single ECS instance.
Now, the website wants to extend the log retention period to 24 months and ensure that logs can be quickly downloaded when needed. The current data disks they have can only help retain three months of logs In this case, ________ is the ideal solution for solving the log retention issue.

• A. OSS
• B. CDN
• C. Container Service
• D. ApsaraDB for RDS

正解：A

解説：
Explanation
OSS (Object Storage Service) is a secure, cost-effective, and highly reliable cloud storage service that allows you to store, back up, and archive any amount of data in the cloud1. OSS is ideal for storing logs, as it provides 99.9999999999% (12 nines) durability and 99.995% availability or service continuity1. OSS also supports lifecycle management, which allows you to automatically delete or transition objects to lower-cost storage classes based on your predefined rules2. OSS offers four tiers of storage: Standard, Infrequent Access, Archive, and Cold Archive. Each tier is cost-optimized for specific storage patterns1. The Archive and Cold Archive tiers are suitable for storing infrequently accessed data, such as logs, for a long time. The Archive tier offers data retrieval time within one minute, while the Cold Archive tier offers expedited data retrieval time within an hour1. Therefore, OSS can help the website extend the log retention period to 24 months and ensure that logs can be quickly downloaded when needed.
CDN (Content Delivery Network) is a distributed network that delivers content to users based on their geographic locations, the origin sites, and the content delivery nodes3. CDN is mainly used for content distribution, such as static web pages, images, videos, and downloads3. CDN is not suitable for storing logs, as it does not provide data durability or lifecycle management.
Container Service is a high-performance and scalable container application management service that enables you to use Docker and Kubernetes to manage the lifecycle of containerized applications4. Container Service is mainly used for deploying and orchestrating microservices, serverless applications, and big data applications4.
Container Service is not suitable for storing logs, as it does not provide data durability or lifecycle management.
ApsaraDB for RDS (Relational Database Service) is a stable and reliable online database service that supports MySQL, SQL Server, PostgreSQL, MariaDB, and PPAS5. ApsaraDB for RDS is mainly used for storing and processing structured data, such as user information, transaction records, and product catalogs5. ApsaraDB for RDS is not suitable for storing logs, as it is more expensive and less scalable than OSS. References: Object Storage Service (OSS) - Alibaba Cloud, Lifecycle management - Object Storage Service - Alibaba Cloud Documentation Center, Content Delivery Network (CDN) - Alibaba Cloud, Container Service - Alibaba Cloud, ApsaraDB for RDS - Alibaba Cloud

質問 # 54
Auto Scaling is a management service that can automatically adjust elastic computing resources based on your business needs and policies It supports adding an existing ECS instance into the scaling group but imposes certain requirements on instance region In this case, which of the following statements is true?

• A. Each scaling group can span up to two regions. After adding the ECS instance, the number of regions of all the ECS instances in the scaling group must be no greater than two.
• B. The instance and the scaling group can be in different regions and zones.
• C. The instance and the scaling group must be in the same region but not necessarily the same zone.
• D. The instance and the scaling group must be in the same region and zone.

正解：C

質問 # 55
When using Alibaba Cloud SLB. you can set different weights for backend ECS instances The higher the weight of a backend ECS instance the more load will be assigned to it An SLB instance has 5 ECS instances in the backend server pool, all of which are healthy Among these 5 ECS instances, the weight of ecs_inst1 is set to 100. Which of the following statements is correct?

• A. Based on request level parameters of external requests, all requests with a request level parameter of 100 will be transferred to ecs_inst1
• B. We do not know the weight settings of the remaining 4 ECS instances, so we cannot tell what would happen
• C. Based on SLB's working mechanism, approximately 20% of loads will be assigned to ecs_inst1
• D. 100% of loads will be assigned to ecs__inst1, and the remaining 4 ECS instances will stay idle

正解：B

質問 # 56
The backend server pool of an Alibaba Cloud SLB contains multiple ECS instances, which may have different service capacities. To exploit the different service capacities of backend ECS instances, which of the following statements is correct?

• A. Choose Weighted Round Robin mode to set higher weights to ECS instances with higher capacities The higher the weight of the backend ECS instance the higher chance that the instance will receive requests.
• B. SLB cannot assign more requests to certain ECS instances.
• C. Choose Round-Robin model and ECS instances with higher capacities will surely be assigned with more requests.
• D. Choose Weighted Least-Connection mode, and ECS instances with higher capacities will surely be assigned with more requests.

正解：A

解説：
Explanation
Weighted Round Robin (WRR) is a load balancing mode that assigns requests to backend ECS instances based on their weights. The higher the weight of the backend ECS instance, the higher the chance that the instance will receive requests. This mode can exploit the different service capacities of backend ECS instances by setting higher weights to ECS instances with higher capacities. For example, if there are two ECS instances in the backend server pool, one with a weight of 10 and the other with a weight of 20, the ECS instance with a weight of 20 will receive twice as many requests as the ECS instance with a weight of 10.
References:
1: SLB overview - Server Load Balancer - Alibaba Cloud Documentation Center
4: Server Load Balancer - Alibaba Cloud
5: Alibaba Server Load Balancer (SLB) Course - Cloud Academy

質問 # 57
Object Storage Service (OSS) supports access logging. A bucket owner can activate access logging for their buckets in the OSS management console. When access logging is activated for bucket A, OSS automatically accesses the request logs for this bucket (in hours) and generates and writes an object to the user-specified bucket B according to certain naming rules. Which of the following statements is true for OSS logging?

• A. Buckets A and B can be separate buckets (or a single bucket) but they must belong to the same user
• B. Buckets A and B must be the same bucket.
• C. Buckets A and B must be different buckets.
• D. Buckets A and B can belong to different users.

正解：A

解説：
Explanation
OSS logging is a feature that allows you to record the access requests to your OSS buckets. You can enable and configure logging for a bucket in the OSS console or by using the OSS API. When logging is enabled for a bucket A, OSS automatically generates access log objects every hour and stores them in a specified bucket B: The log objects follow a predefined naming convention that includes the source bucket name, the date, the hour, and a unique string.
The documentation also states that buckets A and B can be separate buckets or the same bucket, but they must belong to the same user1. This means that you cannot store the access logs of one user's bucket in another user's bucket. Therefore, the correct answer is A.
References:
1: Logging - Object Storage Service - Alibaba Cloud Documentation Center

質問 # 58
For ECS and RDS instances under different Alibaba Cloud accounts but in the same region, which of the following statements is NOT correct for migrating self-built MySQL databases (running on ECS) to RDS?

• A. The data cannot be migrated.
• B. The data can be imported via the public network.
• C. The data can be imported via the Intranet
• D. The data can be imported by running mysqldump.

正解：D

質問 # 59
All RDS for MySQL backups are full backups.

• A. False
• B. True

正解：B

質問 # 60
Object Storage Service (OSS) supports sub accounts, and you can allocate access permissions to different buckets for each sub account.

• A. False
• B. True

正解：B

解説：
Explanation
Object Storage Service (OSS) supports sub accounts, which are the accounts that belong to a parent account and share the resources of the parent account. You can allocate access permissions to different buckets for each sub account by using bucket policies or RAM policies. Bucket policies are the access control policies that are attached to buckets and specify the permissions that other users have on the resources in the buckets. RAM policies are the access control policies that are attached to RAM users or RAM user groups and specify the permissions that the RAM users or RAM user groups have on the OSS resources. References:
Object Storage Service:Overview - Alibaba Cloud
Object Storage Service:FAQ - Alibaba Cloud
Authentication - Object Storage Service - Alibaba Cloud

質問 # 61
A new media company uses a mobile app to provide news and information services. They utilize Auto Scaling to add/reduce ECS instances dynamically to address service traffic spikes.
Based on the estimation of their service and technical personnel the company thinks they require 10 ECS instances during idle hours and 10 to 20 ECS instances (dynamically adjusted) during some busy hours, which are normally from 07:30 to 09:00 and from 18:30 to 20:00 In the scaling group; they set the "Minimum number of instances" to 10 and "Maximum number of instances" to 20.
To simplify deployment tasks and save costs, which of the following scaling modes should they choose?

• A. Fixed quantity mode
• B. Scheduled mode
• C. Event-triggered mode
• D. Healthy mode

正解：B

解説：
Explanation
According to the Alibaba Cloud Auto Scaling documentation, scheduled mode allows you to configure the scheduled tasks by adding or removing ECS instances for a fixed time. This mode is suitable for scenarios where the service traffic spikes are predictable and periodic. For example, a new media company can use scheduled mode to add or reduce ECS instances dynamically to address service traffic spikes during some busy hours, such as from 07:30 to 09:00 and from 18:30 to 20:00. This mode can help simplify deployment tasks and save costs by avoiding unnecessary scaling activities. References: How Auto Scaling works - Auto Scaling - Alibaba Cloud Documentation Center.

質問 # 62
Many websites have suffered DDoS attacks of different volumes. Therefore, accurate understanding of DDoS attacks is critical to website security protection. Which of the following statements about DDoS attacks is the MOST accurate?

• A. A DDoS attacks crack the server's logon password by means of a massive number of attempts.
• B. The purpose of a DDoS attack is to steal confidential information.
• C. DDoS attacks primarily target databases.
• D. The main purpose of a DDoS attack is to prevent the target server from providing normal services. Currently, the DDoS attack is one of the strongest and most indefensible website attacks.

正解：D

質問 # 63
......

最新ACP-Cloud1合格保証 試験問題集でには正確で最新な 問題：https://www.jpntest.com/shiken/ACP-Cloud1-mondaishu