Hello everyone, welcome to our last chapter. In this chapter, I will introduce Alibaba cloud security related training and certification. Firstly, let's look at our Alibaba cloud academy website. With this URL, edu.alibabacloud.com, it will lead you to our Alibaba Cloud Academy website. In this website, from the banner you can see we have e-learning, certifications, offline trainings, partners, university coooporations, and the certification. If you click it, then will lead you to the page following. Here you will see all the professional certifications we're provided for the certification, including ACA for the associate and ACP for professional. In these three categories, the cloud computing, big data, and security, all of them have the ACA and the ACP certification. So let's look into the ACA cloud security associate certification first. So just click here. It will lead you to the detailed page in this page and it gives you the introduction about what the certification is generally about. And also, you can from here to view those PDF files directly from online, including the exam outlines and sample questions. Let's look into the exam outline It give you the basic coverage of this certification exam. And also the most important part in here, will give you the description about how long this exam will take and how many questions it includes. Also the total marks equal 100. And also, you can see the coverage of the different products of Alibaba cloud security related products. So the network security is 30%, servers on the cloud security's 30%, application security 30%, and others including the general knowledge and the operating system basics, 10%. And we've got 40 questions with single selection form and 20 questions with the multiple selection form. So by reading this outline, you will get a more clear understanding about what this exam is about. And you can prepare your examination much wisely. Then we can go to the ACP solution certification part. Open the exam outline. Again, at the very beginning they will introduce the coverage of this examination. And here you will see also the coverage and the content ratio for the different products. So here we talk about any details for 20%. WAF for 15% security center 20%, content moderation 5%, and SSL 5%, KMS 5%, and general knowledge about cloud security 10%. And of course, you have to know the combination which the other Cloud services, like ECS, SLB, OSS, RDS, and VPC, CDN, and other related cloud products. That will take 20%. So we have single selection, multiple selection and also true and false questions. So after listening to our online courses, we suggest to you maybe not take the certification exam immediately. Instead of that, you should go and try some console operations and user production, or daily work. So make sure you have enough hands on experience. So you get more familiar with some of the operations details and you begin to understand the connection between each of the products. So then you can have more confidence to pass examination at the first time. Okay, now let's look into some of the sample questions from the real examination questions. So you can have a better understanding about what the question looks like and also you will understand our design concept of those questions. So the first example is about host security. This is a quite simple question. It's a single selection question. Which of the following Alibaba Cloud products can work with Sever Guard? Definitely Server Guard is the one can be installed on ECS to protect your server security so the answer should be A. For this one, application security related, Alibaba Cloud Web Application Firewall is a web application-oriented security protection product based on Alibaba Group's years of web security defense experience. So which of the following attacks does WAF defend against? This is a good question, and I say SQL injection, definitely. It's something happening on the application level. It can be protected by WAF. And XSS, it's a cross site scripting. It's a very typical application, attacks. Windows virus, that could be something we're not sure, right? Linux vulnerability, maybe not. So the answer should be A and B, right? Okay, let's look into this question, the network security. Which of the following attacks can enable cloud anti-DDoS mitigate? Wow, if you are not quite familiar or remember what we taught in the course, literally you can use your logic to make the DCM. Which means, actually, when we see the word flood, it usually means using a lot of natural package to attack the original website and try to bring it and make it available to the normal customer. So the answer to this question is actually all of them. Okay, it's another question about network security. Which of the following products can mitigate threats from Internet? Well, another way to ask this question is, which of the following options are the security products from the network layer, right? And definitely, let's see, the WAF is the one to protect the application security. It should be the right answer. Anti-DDoS, needless to say. RDS, definitely not, it's not a security product right? Bug Bounty, it's a little bit misleading because Bug Bounty is one of our white hat service. It can mitigate a threat, but help you to find your system vulnerabilities in the virus. So the answer should be A and B. Okay, let's look at this one. Cloud computing services face security threats that affect their availability, integrity and confidentiality. Which of the following threats directly affect the availability of cloud computing services? Well, this is talking about and emphasizes availability, right? So the first one, brute force server password cracking, before they actually crack your system, I don't think it can affect your system availability. And large scale DDoS attacks, definitely, right? Webshell implanting, webshell, if you remember clearly it is trying to upload some kind of malicious files and then execute it from the client side. They're trying to really steal something from your website, the sensitive information, and it may not affect your website availability. The last one is the most hardest one because this attacks is also a kind of DDoS attacks, but it's happening on application level. So the answer should be B and D. Okay, this one is a long scenario. A startup team develops a mobile game, whose first edition only uses one Alibaba Cloud ECS instance and one RDS instance. The team performs a three week promotion campaign after launching the game. With the number of users increasing by 300 every day, the ECS instance load is growing rapidly and will soon be overloaded. In addition, the ECS instance suffered two six gigabyte DDoS attacks last week, resulting in service interruption for three hours in total. The team realizes that network security and high availability are the most urgent problems and need to be solved ASAP. Which Alibaba Cloud products can be used to resolve these problems? From the first phase, so they are trying to solve the problem, including the network security and high availability. So for happily, needless to say, since they are having a very growing rapidly business, we should involve auto scaling. And also SRV to make sure they have a more elastic attack. And at the same time because the DDoS attacks actually go beyond the upper limit of the entity does basically protect. So we suggest to purchase our Alibaba Cloud and the DDoS pro to protect their network security. Okay, here are some true and false questions. The first one is, before using the HTTPS protection feature Alibaba Cloud WAF, you must upload the server certificate and private key beforehand. Yes for the HTTPS, the WAF needs to know some of the security certification and the configuration so this one topic should be true. And when using Alibaba Cloud Anti-DDoS pro service, CNAME configuration is very simple, which can be done by configuring only one DNS record. If you have a chance to config this project, you will know that actually we need to use an one CNAME which is representing the anti-DDoS instance. So that it can mitigate all the bad traffic to go through the anti-DDoS pro scrubbing center first. So this should be a correct statement. The last one, when using Alibaba Cloud Anti-DDoS service or WAF, the origin site IP address may still be exposed due to some Trojans or backdoors in the servers or the source code information on some webpages. Actually, this situation is very important because sometimes you cannot just, because you already purchased our security products and you think it's well protected. But especially for the Anti-DDoS service, the original IP if you didn't change it after you using the Anti-DDoS service is still being at risk. That you have to face the risk that the original website IP address maybe already be exposed to someone. So if they are trying to attack you through the TCP IP level, it may bypass the Anti-DDoS pro instance. So it's quite serious that you need to understand this best practice, which means after you purchase the Anti-DDoS service, it will assign you a new IP address and try also to change the original IP address to a new one Okay we have another data security related long question. A large enterprise wants to mitigate its entire internal system to Alibaba Cloud to save overall IT and operation and management costs. Due to security concerns, the company requires that, firstly, remote security O&M should be supported. Secondly, the networks between the subsystems should be isolated because subsystems are independently used by different departments. So what security solutions you will give to this company? Well, you can say they are talking about the remote security operation, the management. So I believe, firstly, we need to use the security group function for the ECS because security group is working like the firewall in Alibaba Cloud. And it's giving you the protection and the isolation between the different subsystems. And you need also set up something we call the bastion host, or the jump server. It gives you the most secure way to remote manage your cloud resources. And the last one is definitely you need to enable the VPN service because you want to connect the person's house to the private data centre. The most effective way and most common economic way is to use a VPN gateway. So all in all, this is a total solution for this situation. Okay, with all these sample questions, I think you can have a better understanding about what our security certification questions looks like. And you will be more confident to prepare for our examination. And also, thank you for looking into our security online courses, and good luck.