← Back to exam page

ACA-Operator ACA System Operator

Loading demo links...

Showing 1–3 of 10 questions

Question 1

A developer needs to use some sensitive business data and operational data in the process of developing a program, but the data should be protected (encrypted or anonymized) as much as possible. In order to facilitate and secure management of data encryption keys, the developer can use Alibaba Cloud Key Management Service (KMS) envelope encryption technology. Which of these statements is NOT correct, regarding

KMS?

Select all that apply, then click Submit answer.

  • Developers can generate a plaintext data key and a ciphertext data key by calling the GenerateDataKey interface.

  • Envelope encryption is an encryption mechanism similar to digital envelope technology.
    The technology allows you to store, transfer and use encrypted data by encapsulating their Data Keys (DKs) in an envelope, instead of \y encrypting/decrypting data directly with Customer Master Keys (CMKs).

  • The user uses the master key created on KMS to encrypt and decrypt the generated data key.

  • The master key generated by KMS is also kept by the user.


Question 2

In order to deal with sudden spikes in traffic, Company A uses Alibaba Cloud

Auto Scaling to set up an alarm trigger task (growing the Scaling Group when

the average memory utilization on ECS instances exceeds 80%). During the

test, it was found that the alarm task was not executed successfully. Which of

these could be possible causes? (Number of correct answers: 3)

Select all that apply, then click Submit answer.

  • The ECS instances in the Scaling Group have not yet installed the CloudMonitor monitoring agent

  • Before triggering the alarm task, the number of instances in the group has reached the maximum number of instances allowed (MaxSize)

  • The instance types chosen in the Scaling Configuration are out-of-stock in the Alibaba
    Cloud Region where the Scaling Group is located

  • The number of instances in the current group exceeds the “expected number of instances” for the Scaling Group


Question 3

CORRECT TEXT

When using Alibaba Cloud CDN, a visitor's request will first be routed to a CDN edge node, and in the event of a cache miss at this edge node, the node will fetch data from the origin site (back-to-source request). Even with this redirection, it is possible for the origin site to see the visitor's real IP address. Which of the following statements about obtaining the visitor's real IP address are correct? (Number of correct answers: 2)

A visitor's real IP address can only be obtained by modifying the site or web application.

B. visitor's real IP address is stored in the "X-Forwarded-For" HTTP header. It can bedirectly obtained via Apache or NGINX logs.

C. In Windows, if IIS is used, after installing the "F5XForwardedFor" extension module, thevisitor's real IP address can be seen via IIS logs.

D. You can activate the "record visitor's real IP" function in the Alibaba Cloud CDN console,then you can directly view visitor's IP addresses from the Alibaba Cloud CDN access logs.

Answer: B, C

Explanation:

Select all that apply, then click Submit answer.

  • visitor's real IP address is stored in the "X-Forwarded-For" HTTP header. It can bedirectly obtained via Apache or NGINX logs.

  • In Windows, if IIS is used, after installing the "F5XForwardedFor" extension module, thevisitor's real IP address can be seen via IIS logs.

  • You can activate the "record visitor's real IP" function in the Alibaba Cloud CDN console,then you can directly view visitor's IP addresses from the Alibaba Cloud CDN access logs.