Free ACP Cloud Security Certification Exam ACP-Sec1 Exam Practice Test

Cross Site Script (XSS) attacks refer to a kind of attack by tampering the webpage using HTML injection to insert malicious scripts so as to control the user's browser when the user browses the webpage XSS vulnerabilities may be used for user identity stealing (particularly the administrator identity), behavior hijacking, Trojan insertion and worm spreading, and also phishing

• True
• False

Among various types of network attacks, 'phishing' is one of the most common attacks. A phishing website looks exactly the same as the real website It asks visitors to login with their accounts and passwords; at the same time, record these privacy information for illegal purpose. Which of the following statements about how phishing websites are spread is FALSE?

• Banks publish phishing website links in prominent positions on their official websites
• Phishing website links are sent through Facebook. Twitter and other IM(instant Messenger) applications.
• Advertisements are pushed to search engines and small and medium websites, attracting users to click the phishing website links.
• Phishing website links are published in batches through emails forums, blogs, and SNS(Social Network Sites).

Various profit-oriented hacker groups exist on the Internet. They control a large number of server resources and can launch network attacks against a target server at any time Among those, one type of attack is common and destructive, which completely consumes resources of the target server so that normal customers cannot connect to the server Which of the following belongs to this type of attack?

• XSS attack
• Webshell attack
• DDoS attack
• SQL injection

Products like ECS and Server Load Balancer it will be automatically protected by Anti-DDoS Basic service

• True
• False

If an ECS instance needs to be accessed by other applications from internet, a corresponding 'port' must be enabled For example, HTTP applications work on port 80, while FTP applications work on port 21 If an administrator configures network security policies for this ECS instance, which of the following policies is the safest?

• After buying an ECS instance, the administrator immediately enables the security group firewall on the console and opens ports 0-1024 for public networks
• After buying an ECS instance, the administrator immediately enables the security group firewall on the console and opens only the required service ports for public networks
• The administrator wants to build multiple applications on an ECS instance. For easy management, the administrator uses default settings and allows any IP address to access required service ports
• After buying an ECS instance, the administrator immediately enables the security group firewall on the console and opens all ports for public networks

Users can detach the Security Center client on Alibaba Cloud ECS instances, and reinstall it later when necessary.

• True
• False

Alibaba Cloud Ant.-DDoS Premium Service is an advanced DDoS protection product It can defend against layer 4 and layer 7 attacks. Which of the following statements about Alibaba Cloud Anti-DDoS Premium Service is FALSE?

• Anti-DDoS Premium Service provides precise traffic reports and attack details in real time to keep you informed of the current service details on time
• Anti-DDoS Premium Service defends against various DDoS attacks, including but not limited to ICMP flood, UDP flood, TCP flood. SYN flood, and ACK flood attacks
• Anti-DDoS Premium Service supports 2 billing modes: Unlimited and Insurance.
• You can adjust the anti-DDoS elastic protection threshold to a higher level at any time, with the service interruption period no longer than 3 minutes

Alibaba Cloud Security's Data R.sk Control can effectively resolve junk registration, database hacking, and other service risk identification problems To use this service. you need to first collect service data. Which of the following methods can be used to collect information off Web applicationsystems?

• JavaScript
• SDK
• JavaScript, SDK
• HTML5

Alibaba Cloud's Content Moderation service cannot detect advertising or spam content.

• True
• False

For which of the following protection scenarios is Alibaba Cloud WAF applicable? (Number of correct answers: 5)

• Data leakage prevention
• Defense against website trojans and tampering
• Virtual vulnerability patches
• Protection against malicious CC attacks
• Brute force cracking protection
• Protection against SMS refresh and service data crawling