ACA-Sec1 試験問題を無料オンラインアクセス

Which of the following statements about WAF data risk control feature is NOT true?

• A.this feature can only used for single page, can't be used to protect the whole domain name
• B.this feature is not suitable for scenario needs to call API directly
• C.WAF need to inject JavaScript piece into all pages under the same protected domain name to decide if the client side is worth to trust
• D.direct access URL protected by this feature will have slider verification pop out

What design flaw of TCP/IP protocol does SYN flood attack use?

• A.TCP 3 times hands shake
• B.DNS 3 times hands shake
• C.HTTP plain text transmission
• D.UDP stateless connectio

Which of the following statements are NOT true about 'Server Guard' remote logon detection functionality?

• A.It needs to setup common logon location in 'Server Guard' configuration
• B.It can detect the attacking tool used by attacker
• C.It can detect the remote logon used source IP address
• D.It can send warning message to 'Server Guard' user

May, 2017. New blackmail virus WannaCry burst globally. This virus leveraged Windows OS opened port 445 to initiate the attack, so the quickest way to prevent this kind of attack is?

• A.Change 'Administrator' to some other name
• B.Always set password with highly complex combination of number, letter and other characters
• C.Except some necessary accounts for system management, disable or delete other useless accounts
• D.With 'Server Guard' protection in Alibaba Cloud, you can set password to some easy to remember words.

Identify the attack where the purpose is to stop a workstation or service from functioning?

• A.This attack is known as denial of service (DoS)
• B.This attack is known as non-repudiation
• C.This attack is known as brute force
• D.This attack is known as TCP/IP hijacking