- Email support@dumps4free.com
When using Alibaba Cloud SLB, users can enable the health check function If a backend ECS instance A is running abnormally, SLB will isolate it and forward the requests to other ECS instances, and when the backend ECS instance A is back to normal, SLB will again forward requests to it.
A. True
B. False
Explanation: When using Alibaba Cloud SLB, users can enable the health check function to monitor the availability of the backend ECS instances. If a backend ECS instance A is running abnormally, SLB will stop forwarding requests to it and distribute them to other healthy ECS instances. This way, SLB can ensure the high availability and reliability of the service. When the backend ECS instance A is back to normal, SLB will resume forwarding requests to it. SLB performs health checks on the backend ECS instances at regular intervals and updates their status accordingly. Users can configure the health check parameters such as the protocol, port, interval, timeout, and threshold on the SLB console or by using the API. References: 1 - Health checks - Server Load Balancer - Alibaba Cloud Document Center - Health check overview
Alibaba Cloud Content Delivery Network (CDN) performs content acceleration with the support of intelligent DNS resolution The following function_________is NOT included in intelligent DNS resolution.
A. A user request is directed to the server nearest to the customer based on location information of the pre-configured IP section.
B. The intelligent DNS resolution can parse the same domain name into different IP addresses based on the IP of different visitors.
C. The intelligent DNS resolution supports web page content caching. A user will receive data from the origin site at first-time access, and then will be reading data from cache in subsequent requests
D. If a user activates mirror sites in different IDCs, intelligent DNS resolution can achieve load balancing by guiding customers in different places to different mirror sites.
Explanation: Intelligent DNS resolution is a feature of Alibaba Cloud DNS that allows users to configure different IP addresses for the same domain name based on the geographic locations or ISPs of the visitors. This way, visitors can access the nearest or optimal server for better performance and availability. Intelligent DNS resolution does not support web page content caching, which is a function of Alibaba Cloud CDN. Alibaba Cloud CDN is a distributed network that delivers content from the origin server to the edge nodes closest to the end users, reducing the network latency and bandwidth consumption. Alibaba Cloud CDN caches the static content of the web pages, such as images, CSS, and JavaScript files, on the edge nodes, so that the users can access them faster and reduce the load on the origin server. A user will receive data from the cache in the first-time access, and then will be updated from the origin site in subsequent requests based on the cache expiration time. References: 1: Intelligent DNS resolution - Alibaba Cloud DNS - Alibaba Cloud Documentation Center 4: Alibaba Cloud Content Delivery Network (CDN) performs content acceleration with the support of intelligent DNS resolution The following function_________is NOT included in intelligent DNS resolution. 5: Alibaba Cloud DNS:Alibaba Cloud line for intelligent DNS resolution (September 16, 2020) - Alibaba Cloud Documentation Center
A large enterprise wants to migrate the entire business system to Alibaba Cloud to save the
overall IT procurement and O&M costs From the security aspect, the company requires
that
1. Must support secured remote O&M because the administrator often takes business trips.
2. Networks between subsystems should be isolated because subsystems are
independently used by different departments Which of the followings should be used
together to meet the company's requirements? (Number of correct answers: 3)
A. Enable the VPN on the bastion host (or directly use the VPN image on Alibaba Cloud Marketplace). The administrator uses VPN encrypted communication during O&M.
B. Build an independent ECS instance as the bastion host or remote logon and O&M, and authorize the bastion host to access ECS instances running other subsystems.
C. Use the security group function of the ECS instance, and respectively deploy ECS instances running different subsystems to independent security groups.
D. Create multiple ECS instances in the VPC to install subsystems of different departments- Allocate only Intranet IP addresses to all ECS instances, and deploy them in the same security groups.
Explanation: To meet the company’s security requirements, the following solutions should be used together: A. Enable the VPN on the bastion host (or directly use the VPN image on Alibaba Cloud Marketplace). The administrator uses VPN encrypted communication during O&M. This solution can support secure remote O&M, because VPN (Virtual Private Network) is a technology that creates a secure and encrypted connection over the Internet between the bastion host and the administrator’s device. VPN can protect the data transmitted between the bastion host and the administrator from being intercepted or tampered by malicious third parties1. Alibaba Cloud provides VPN Gateway service that allows users to create VPN connections between VPCs and on-premises data centers, or between VPCs in different regions2. Users can also use VPN images from Alibaba Cloud Marketplace, such as OpenVPN, to create VPN servers on ECS instances3. B. Build an independent ECS instance as the bastion host or remote logon and O&M, and authorize the bastion host to access ECS instances running other subsystems. This solution can also support secure remote O&M, because a bastion host is a special-purpose ECS instance that acts as a proxy or a gateway for accessing other ECS instances in the VPC. A bastion host can enhance the security of the ECS instances by limiting the exposure of the ECS instances to the public network, and by implementing security policies and monitoring tools on the bastion host4. Alibaba Cloud provides Bastionhost service that allows users to centrally manage the access to cloud servers from external networks and provide secure connections to VPC resources5. C. Use the security group function of the ECS instance, and respectively deploy ECS instances running different subsystems to independent security groups. This solution can isolate the networks between subsystems, because a security group is a virtual firewall that controls the inbound and outbound traffic of the ECS instances in the group. Users can configure security group rules to allow or deny access based on the network protocol, port, and source IP address. By deploying ECS instances running different subsystems to independent security groups, users can prevent unauthorized access or communication between the subsystems6. The other solution is not suitable for the company’s scenario, for the following reason: D. Create multiple ECS instances in the VPC to install subsystems of different departments- Allocate only Intranet IP addresses to all ECS instances, and deploy them in the same security groups. This solution cannot isolate the networks between subsystems, because ECS instances in the same security group can communicate with each other by default, regardless of whether they have intranet or internet IP addresses. Moreover, this solution may also prevent the ECS instances from accessing the internet or providing external services, which may affect the business operation of the company6. References: What is a VPN? - Virtual Private Network - Cisco, VPN Gateway - Alibaba Cloud, OpenVPN - Alibaba Cloud Marketplace, Bastion Host - Alibaba Cloud Document Center, Bastionhost - Alibaba Cloud, Security groups - Elastic Compute Service - Alibaba Cloud
Object Storage Service (OSS) supports sub accounts, and you can allocate access permissions to different buckets for each sub account.
A. True
B. False
Explanation: Object Storage Service (OSS) supports sub accounts, which are the accounts that belong to a parent account and share the resources of the parent account. You can allocate access permissions to different buckets for each sub account by using bucket policies or RAM policies. Bucket policies are the access control policies that are attached to buckets and specify the permissions that other users have on the resources in the buckets. RAM policies are the access control policies that are attached to RAM users or RAM user groups and specify the permissions that the RAM users or RAM user groups have on the OSS resources. References: Object Storage Service:Overview - Alibaba Cloud Object Storage Service:FAQ - Alibaba Cloud Authentication - Object Storage Service - Alibaba Cloud
You are designing a solution for a startup company, the proposed solution is like this You
suggest they use ECS instances to process requests from mobile App clients, and use SLB
to distribute data traffic and ensure the load across each backend ECS instance is
balanced.
Moreover to deal with volatile fluctuations in business volume (page views are much higher
on the weekends), you also suggest they use Auto Scaling to dynamically increase or
reduce computing resources.
The company is satisfied with the solution you proposed. However, they have one concern
that when removing an idle instance from the scaling group: if Auto Scaling shuts the
instance down directly, the service running on that instance will be abruptly terminated,
resulting in poor user experience.
In order to eliminate your customer's concern, which of the following solutions should you
recommend them?
A. Find the ECS instance that is going to be removed from the backend server pool of the SLB instancer and automatically set the weight of this ECS instance to 0. This instance will not be assigned with new requests, and will be automatically removed from the backend server pool after existing tasks are completed.
B. First, insert a script into the image for creating the ECS instance Second, make the script run automatically when the operating system in this ECS instances is about to shut down. This script contains the processing logic that can ensure the instance finish all the remaining tasks before shutting down.
C. Find the ECS instance that is going to be removed from the backend server pool of the SLB instance, and manually remove this instance from the backend server pool Applications running on this ECS instance will normally return results, but this instance will not be assigned with new requests.
D. Use the Lifecycle Hook function embedded m Auto Scaling Define a suitable timeout and a web hook to do the necessary work before the instance is removed.
Explanation: According to the Alibaba Cloud Auto Scaling documentation1, the Lifecycle Hook feature allows you to perform custom operations on instances that are added to or removed from a scaling group. You can define a lifecycle hook to specify a timeout period and a web hook URL. When an instance is about to be removed, Auto Scaling sends a notification to the web hook URL and waits for a response. During the timeout period, you can perform the necessary operations on the instance, such as gracefully shutting down the service, backing up the data, or sending a custom notification. After the operations are completed, you can send a response to the web hook URL to confirm the removal of the instance. This way, you can ensure that the instance is removed without affecting the user experience or causing data loss. Therefore, option D is the best solution to eliminate the customer’s concern. References: Lifecycle hooks and Alibaba Cloud Auto Scaling.
| Page 1 out of 14 Pages |