Alibaba Cloud Certified Associate ACA Developer Ultimate Exam, Exams of Technology

The Alibaba Cloud Certified Associate ACA Developer Ultimate Exam prepares candidates for Alibaba Cloud developer certification exams. Topics include cloud computing fundamentals, application deployment, cloud databases, APIs, container services, security, DevOps, and cloud-native development practices. The resource includes realistic practice questions and technical explanations aligned with Alibaba Cloud certification objectives.

Typology: Exams

2025/2026

Available from 05/08/2026

nicky-jone
nicky-jone 🇮🇳

2.9

(44)

28K documents

1 / 50

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Alibaba Cloud Certified Associate ACA
Developer Ultimate Exam
**Question 1.** Which Alibaba Cloud service provides the underlying virtual machines used to run
custom application images?
A) Server Load Balancer (SLB)
B) Elastic Compute Service (ECS)
C) Function Compute (FC)
D) Object Storage Service (OSS)
Answer: B
Explanation: ECS is the IaaS offering that supplies configurable virtual machines on which you can install
operating systems and run custom images.
**Question 2.** When configuring an ECS instance for a Java web application, which security group rule
is essential to allow inbound HTTP traffic?
A) Allow TCP port 22 from 0.0.0.0/0
B) Allow TCP port 80 from 0.0.0.0/0
C) Allow UDP port 53 from 0.0.0.0/0
D) Allow TCP port 443 from 10.0.0.0/24
Answer: B
Explanation: HTTP uses TCP port 80; opening this port to all sources enables external clients to reach the
web server.
**Question 3.** Which of the following methods can be used to create a custom ECS image that
captures the current state of an instance?
A) Snapshot of the attached disk
B) Exporting the instance to an ISO file
C) Using the “Create Image” function in the ECS console
D) Publishing the instance as a Docker image
Answer: C
Explanation: The “Create Image” operation packages the OS, installed software, and configuration into a
reusable image.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32

Partial preview of the text

Download Alibaba Cloud Certified Associate ACA Developer Ultimate Exam and more Exams Technology in PDF only on Docsity!

Developer Ultimate Exam

Question 1. Which Alibaba Cloud service provides the underlying virtual machines used to run custom application images? A) Server Load Balancer (SLB) B) Elastic Compute Service (ECS) C) Function Compute (FC) D) Object Storage Service (OSS) Answer: B Explanation: ECS is the IaaS offering that supplies configurable virtual machines on which you can install operating systems and run custom images. Question 2. When configuring an ECS instance for a Java web application, which security group rule is essential to allow inbound HTTP traffic? A) Allow TCP port 22 from 0.0.0.0/ B) Allow TCP port 80 from 0.0.0.0/ C) Allow UDP port 53 from 0.0.0.0/ D) Allow TCP port 443 from 10.0.0.0/ Answer: B Explanation: HTTP uses TCP port 80; opening this port to all sources enables external clients to reach the web server. Question 3. Which of the following methods can be used to create a custom ECS image that captures the current state of an instance? A) Snapshot of the attached disk B) Exporting the instance to an ISO file C) Using the “Create Image” function in the ECS console D) Publishing the instance as a Docker image Answer: C Explanation: The “Create Image” operation packages the OS, installed software, and configuration into a reusable image.

Developer Ultimate Exam

Question 4. In Docker, which command builds a container image from a Dockerfile located in the current directory? A) docker run. B) docker build - t myimage. C) docker pull. D) docker compose up Answer: B Explanation: docker build - t . reads the Dockerfile in the current directory and creates an image with the specified tag. Question 5. What is the primary purpose of Alibaba Cloud Container Registry (ACR)? A) To host static website files B) To store and manage Docker container images securely C) To provide a serverless runtime for functions D) To balance traffic across multiple ECS instances Answer: B Explanation: ACR is a private registry service that stores, scans, and version‑controls container images. Question 6. Which component of Alibaba Cloud Container Service for Kubernetes (ACK) is responsible for scheduling pods onto worker nodes? A) kube-proxy B) kube-apiserver C) kube-scheduler D) etcd Answer: C Explanation: kube-scheduler evaluates resource requirements and places pods onto appropriate nodes. Question 7. When deploying a serverless function with Function Compute (FC), which of the following is NOT a supported trigger type?

Developer Ultimate Exam

B) Using RAM role attached to the instance C) Storing keys in a plain‑text file on the disk D) Passing keys via URL query parameters Answer: B Explanation: RAM roles grant temporary credentials to the instance, eliminating the need to store long‑term AccessKeys. Question 11. When connecting to an OSS bucket via a private VPC endpoint, which feature must be enabled? A) Public read‑write ACL B) VPC endpoint for OSS C) Cross‑region replication D) Object lifecycle policy Answer: B Explanation: A VPC endpoint for OSS allows traffic to stay within the private network, bypassing the public internet. Question 12. Which OSS storage class is optimized for infrequently accessed data with a retrieval time of several hours? A) Standard B) Infrequent Access (IA) C) Archive D) Cold Archive Answer: C Explanation: The Archive class is designed for long‑term storage with retrieval latency measured in hours. Question 13. In ApsaraDB for RDS MySQL, what feature enables automatic distribution of read traffic to read‑only replicas? A) Multi‑AZ deployment

Developer Ultimate Exam

B) Read/Write splitting C) Data encryption at rest D) Point‑in‑time recovery Answer: B Explanation: Read/Write splitting directs write operations to the primary instance and distributes read queries across replicas. Question 14. Which parameter in the RDS connection string controls the size of the client‑side connection pool? A) maxPoolSize B) timeout C) charset D) autocommit Answer: A Explanation: maxPoolSize defines how many connections can be kept open in the pool for reuse. Question 15. Which Alibaba Cloud service provides a fully managed message queue with FIFO ordering? A) Server Load Balancer (SLB) B) Message Queue (MQ) for RabbitMQ C) Message Service (MNS) D) Function Compute (FC) Answer: C Explanation: MNS (Message Service) offers standard and FIFO queues; RabbitMQ is a separate product. Question 16. To implement an event‑driven workflow where an OSS object upload triggers data processing, which combination is most appropriate? A) OSS → Function Compute → RDS B) ECS → SLB → MQ

Developer Ultimate Exam

C) Message Queue (MQ) D) Function Compute (FC) Answer: B Explanation: Log Service (SLS) aggregates logs, provides indexing, and supports query and visualization. Question 20. When setting up scheduled auto scaling to handle predictable traffic spikes at 9 AM daily, which parameter must you define? A) Scaling policy type = “Scheduled” B) Minimum instance count = 0 C) Cooldown period = 0 seconds D) Health check protocol = TCP Answer: A Explanation: A scheduled scaling policy lets you specify the exact time and desired capacity. Question 21. Which load balancer type in Alibaba Cloud supports layer‑7 (application‑level) routing based on URL paths? A) Classic SLB B) Application Load Balancer (ALB) C) Network Load Balancer (NLB) D) Global Accelerator (GA) Answer: B Explanation: ALB operates at layer‑7 and can route traffic using host, path, or header rules. Question 22. When designing data storage for a product catalog with millions of items and flexible attribute schema, which service is most suitable? A) ApsaraDB for RDS MySQL B) Table Store (OTS) C) OSS Standard D) PolarDB for PostgreSQL

Developer Ultimate Exam

Answer: B Explanation: Table Store is a NoSQL key‑value/columnar service that handles large, schemaless datasets efficiently. Question 23. Which OSS lifecycle rule action moves objects older than 30 days from the Standard class to the Infrequent Access (IA) class? A) Transition to IA after 30 days B) Delete after 30 days C) Archive after 30 days D) No action; lifecycle does not support IA Answer: A Explanation: The “Transition” action can specify moving objects to a cheaper storage class after a defined age. Question 24. During a data migration from an on‑premises MySQL database to ApsaraDB RDS, which Alibaba Cloud service can perform near‑real‑time replication? A) Data Transmission Service (DTS) B) DataWorks C) AnalyticDB D) Server Load Balancer (SLB) Answer: A Explanation: DTS supports continuous data migration and synchronization between heterogeneous sources and RDS. Question 25. In a distributed storage system, which consistency model guarantees that a read always returns the most recent write? A) Eventual consistency B) Strong consistency C) Causal consistency D) Session consistency

Developer Ultimate Exam

Explanation: Attaching a RAM role to an ECS instance provides temporary security tokens automatically. Question 29. Which service should you use to centrally manage SSL/TLS certificates for multiple domains hosted behind an ALB? A) Key Management Service (KMS) B) Certificate Management Service (CMS) C) Security Center D) RAM Answer: B Explanation: CMS handles certificate issuance, renewal, and binding to ALB listeners. Question 30. To encrypt sensitive configuration values used by Function Compute, which service provides envelope encryption with customer‑managed keys? A) Object Storage Service (OSS) B) Key Management Service (KMS) C) Server Load Balancer (SLB) D) Message Queue (MQ) Answer: B Explanation: KMS allows you to generate CMKs and encrypt/decrypt data, ideal for protecting secrets. Question 31. Which of the following is the correct syntax to pull a Docker image from a private ACR repository using the Alibaba Cloud CLI? A) aliyun cr GetImage --repo myrepo --tag latest B) docker pull registry.cn-hangzhou.aliyuncs.com/myrepo/myimage:latest C) aliyun ecs PullImage --image myrepo/myimage:latest D) docker download myrepo/myimage:latest Answer: B Explanation: Docker authenticates to ACR and pulls the image using the full registry domain.

Developer Ultimate Exam

Question 32. In ACK, which object defines the desired state of a set of identical pods and ensures that the specified number of replicas are always running? A) Service B) Deployment C) ConfigMap D) Secret Answer: B Explanation: A Deployment manages replica sets and performs rolling updates to maintain the desired replica count. Question 33. Which Cloud Monitor alarm type can trigger an HTTP callback to a custom webhook when the alarm fires? A) SMS notification B) Email notification C) Webhook notification D) DingTalk notification Answer: C Explanation: Webhook alarms send a POST request to a user‑defined URL, enabling integration with external systems. Question 34. When configuring Log Service (SLS) to ingest logs from an ECS instance, which component on the instance is responsible for forwarding log files? A) aliyunlog agent B) crontab C) nginx D) sshd Answer: A Explanation: The aliyunlog agent collects and ships logs to SLS.

Developer Ultimate Exam

Question 38. When using the Alibaba Cloud SDK for Go, which method initializes a client with a RAM role credential? A) sts.NewClientWithAccessKey B) ecs.NewClientWithSecurityToken C) ram.NewClientWithRoleArn D) sts.NewClientWithRoleArn Answer: D Explanation: sts.NewClientWithRoleArn obtains temporary credentials for a RAM role and returns a client. Question 39. Which of the following is a best practice for storing database credentials in a containerized application running on ACK? A) Hard‑code the credentials in the Dockerfile B) Store them in an environment variable in the pod spec without encryption C) Use a Kubernetes Secret backed by KMS encryption D) Include them in the application source code repository Answer: C Explanation: Kubernetes Secrets can be encrypted with KMS, providing secure credential storage for containers. Question 40. In Function Compute, which runtime environment would you select to execute a Node.js 14.x function? A) nodejs B) nodejs C) nodejs D) nodejs Answer: D Explanation: The runtime identifier nodejs14 specifies the Node.js 14.x environment.

Developer Ultimate Exam

Question 41. Which of the following is NOT a valid method for authenticating API requests to Alibaba Cloud services? A) AccessKey ID and Secret B) RAM role temporary credentials C) Signature Version 4 (SigV4) only D) Security Token Service (STS) token Answer: C Explanation: Alibaba Cloud uses its own signature algorithm (ACS4), not AWS’s SigV4. Question 42. What is the purpose of a “bucket policy” in OSS? A) To define lifecycle rules for objects B) To control cross‑origin resource sharing (CORS) C) To grant or deny permissions to specific principals on the bucket D) To enable versioning of objects Answer: C Explanation: Bucket policies are JSON documents that specify allow/deny actions for users, RAM roles, or anonymous access. Question 43. Which feature of Alibaba Cloud’s Data Transmission Service (DTS) helps ensure data consistency during a full data migration? A) Incremental synchronization after initial load B) Automatic data compression C) Real‑time analytics D) Serverless execution Answer: A Explanation: DTS performs an initial full load and then captures incremental changes to keep source and target consistent.

Developer Ultimate Exam

Question 47. Which service provides a managed, distributed relational database compatible with MySQL and PostgreSQL, offering high performance and auto‑scaling? A) ApsaraDB for RDS B) PolarDB C) AnalyticDB D) Table Store Answer: B Explanation: PolarDB is a cloud‑native relational database that supports MySQL and PostgreSQL compatibility with elastic scaling. Question 48. When configuring a scheduled auto‑scaling rule, which parameter defines the exact time when the scaling action should occur? A) ScalingAdjustment B) RecurrenceType C) LaunchTime D) ScheduledAction Answer: D Explanation: ScheduledAction (or similar) specifies the date and time for the scaling event. Question 49. Which of the following is a correct way to enable HTTPS on an ALB listener? A) Upload a self‑signed certificate via the console B) Bind a certificate from Certificate Management Service to the listener C) Set the listener protocol to HTTP and enable SSL D) Use a private key only without a certificate Answer: B Explanation: ALB requires a full certificate (public key + private key) managed by CMS to terminate HTTPS.

Developer Ultimate Exam

Question 50. In a microservices architecture deployed on ACK, which tool can be used to collect distributed traces without modifying application code? A) Log Service (SLS) B) Tracing Analysis with OpenTelemetry auto‑instrumentation C) Cloud Monitor alarm D) Function Compute event source Answer: B Explanation: OpenTelemetry auto‑instrumentation libraries can capture traces automatically for supported runtimes. Question 51. Which of the following is true about OSS versioning? A) It can be enabled per bucket to keep multiple versions of an object. B) It automatically deletes older versions after 30 days. C) It is only available for the Archive storage class. D) It requires a separate paid service. Answer: A Explanation: Enabling versioning on a bucket retains each overwrite as a distinct version. Question 52. What is the default retention period for a temporary credential obtained via STS? A) 1 hour B) 12 hours C) 24 hours D) 48 hours Answer: B Explanation: STS temporary credentials default to a 12‑hour validity unless a different duration is specified. Question 53. Which Alibaba Cloud feature helps protect against DDoS attacks targeting your public endpoints?

Developer Ultimate Exam

C) DaemonSet D) StatefulSet Answer: B Explanation: The RollingUpdate strategy performs progressive pod replacements while maintaining service availability. Question 57. In Cloud Monitor, which chart type is most suitable for visualizing time‑series data such as CPU utilization over the past week? A) Pie chart B) Bar chart C) Line chart D) Scatter plot Answer: C Explanation: Line charts display continuous data points over time, ideal for metrics trends. Question 58. Which of the following statements about Alibaba Cloud’s “Resource Directory” is correct? A) It is used to group multiple RAM users under a single account. B) It provides a hierarchical management structure for multiple Alibaba Cloud accounts. C) It replaces the need for RAM policies. D) It only works with ECS services. Answer: B Explanation: Resource Directory enables centralized governance across multiple sub‑accounts in a hierarchy. Question 59. Which OSS feature can be used to enforce that only objects with a specific prefix are uploaded? A) CORS rule B) Bucket policy with a condition on s3:prefix

Developer Ultimate Exam

C) Lifecycle rule D) Object tagging Answer: B Explanation: A bucket policy can include a condition that checks the object key prefix, restricting uploads. Question 60. When configuring a VPC NAT Gateway for outbound internet access from private ECS instances, which component must be associated with the NAT Gateway? A) Security Group B) Elastic IP (EIP) C) RAM role D) OSS bucket Answer: B Explanation: An EIP provides a public address for the NAT Gateway to translate private IP traffic. Question 61. Which of the following best describes the difference between “Standard” and “Cold Archive” OSS storage classes? A) Standard offers lower latency; Cold Archive has the highest durability but longest retrieval time. B) Cold Archive is cheaper and has faster retrieval than Standard. C) Both have the same performance; pricing differs only by region. D) Standard cannot be used for versioned objects. Answer: A Explanation: Standard provides immediate access, while Cold Archive is the lowest‑cost class with retrieval times measured in days. Question 62. In a multi‑region deployment, which Alibaba Cloud service can replicate OSS objects across regions automatically? A) OSS Cross‑Region Replication (CRR) B) Data Transmission Service (DTS)