


















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A cloud-native observability exam covering microservices logging, container log ingestion, Kubernetes integration, distributed tracing, service mesh telemetry, and log-driven autoscaling. Candidates learn best practices for running cloud-native workloads using Log Service.
Typology: Exams
1 / 90
This page cannot be seen from the preview
Don't miss anything!



















































































Question 1. Which cloud service model provides a complete development and runtime environment without the need to manage underlying servers? A) IaaS B) PaaS C) SaaS D) FaaS Answer: B Explanation: Platform as a Service (PaaS) delivers a full platform—including OS, runtime, and middleware—for developers to build and run applications, abstracting away server management. Question 2. In a hybrid cloud deployment, which component typically resides on‑premises? A) Public virtual machines B) Private networking gateway C) Public object storage D) Global CDN nodes Answer: B Explanation: A private networking gateway (or VPN/Direct Connect) connects the on‑premises data center to the public cloud, forming the “private” part of a hybrid model. Question 3. Which of the following is NOT a core principle of Cloud‑Native architecture? A) Immutable infrastructure B) Monolithic application design C) Microservices D) Containerization Answer: B
Explanation: Cloud‑Native encourages breaking applications into microservices; monolithic design contradicts this principle. Question 4. What does DevOps primarily aim to improve in software delivery? A) Hardware provisioning speed B) Separation between development and operations teams C) Collaboration and automation across the lifecycle D) Licensing cost reduction Answer: C Explanation: DevOps focuses on cultural change, collaboration, and automation to accelerate and stabilize software delivery. Question 5. Which Alibaba Cloud service is specifically designed for managing Kubernetes clusters? A) ACR B) ESS C) ACK D) ROS Answer: C Explanation: Alibaba Cloud Container Service for Kubernetes (ACK) provides managed Kubernetes cluster provisioning and operation. Question 6. In Docker terminology, what file is used to define how an image is built? A) Dockerfile B) docker-compose.yml C) image.json
B) Image vulnerability scanning C) Logtail integration D) Serverless functions Answer: B Explanation: ACR provides built‑in vulnerability scanning to detect security issues in container images. Question 10. Which command pushes a local Docker image named myapp:latest to an ACR repository registry.cn-hangzhou.aliyuncs.com/myrepo? A) docker push registry.cn-hangzhou.aliyuncs.com/myrepo/myapp:latest B) docker upload myapp:latest registry.cn-hangzhou.aliyuncs.com/myrepo C) docker commit myapp:latest registry.cn-hangzhou.aliyuncs.com/myrepo D) docker deploy myapp:latest registry.cn-hangzhou.aliyuncs.com/myrepo Answer: A Explanation: docker push followed by the fully qualified repository name uploads the image to ACR. Question 11. In ACK, which Kubernetes object defines a set of identical Pods and manages their rollout? A) Service B) Deployment C) ConfigMap D) Ingress Answer: B Explanation: A Deployment declares the desired state for a ReplicaSet, handling scaling and rolling updates.
Question 12. Which ACK cluster type eliminates the need to manage worker nodes? A) Managed Kubernetes B) Dedicated Kubernetes C) Serverless Kubernetes (ASK) D) Hybrid Kubernetes Answer: C Explanation: Serverless Kubernetes (ASK) abstracts away the underlying nodes, providing a nodeless experience. Question 13. What is the purpose of a Kubernetes Namespace? A) To provide network isolation between Pods B) To group resources for multi‑tenant isolation within a cluster C) To define storage classes for PVCs D) To schedule Pods on specific nodes only Answer: B Explanation: Namespaces partition a cluster’s resources, enabling logical separation for teams or environments. Question 14. Which ROS component allows you to define infrastructure as code? A) Stack B) Template C) Instance D) Resource Group Answer: B Explanation: ROS templates are JSON/YAML files that describe cloud resources, enabling IaC practices.
Explanation: HPA monitors metrics (e.g., CPU) and scales the replica count of a Deployment accordingly. Question 18. How does the Cluster Autoscaler differ from HPA in ACK? A) It scales the number of nodes, not Pods B) It scales only StatefulSets C) It only works with serverless clusters D) It is a manual scaling tool Answer: A Explanation: Cluster Autoscaler adds or removes worker nodes in response to unschedulable Pods, while HPA scales Pods. Question 19. In SLS, which entity is the top‑level container for log data? A) Logstore B) Machine Group C) Project D) Logtail Answer: C Explanation: A Project groups multiple Logstores and defines permissions; it is the highest level in SLS hierarchy. Question 20. What is the function of a Logstore in Alibaba Cloud Log Service? A) To define IAM policies for users B) To hold a collection of logs with the same schema C) To route logs to OSS automatically D) To encrypt logs at rest only
Answer: B Explanation: A Logstore stores log entries that share a common structure and provides indexing/search capabilities. Question 21. Which component of Log Service is responsible for pulling logs from ECS instances? A) Log Service SDK B) Logtail C) Logstore API D) ROS template Answer: B Explanation: Logtail is an agent installed on ECS or ACK nodes that collects and forwards logs to SLS. Question 22. Which log ingestion method is NOT supported by SLS? A) Logtail agent B) Direct API POST C) Kafka connector D) FTP file upload Answer: D Explanation: SLS does not provide native FTP ingestion; logs are sent via Logtail, SDK, API, or supported connectors. Question 23. In SLS query syntax, what does the function COUNT(*) return? A) Number of distinct log fields B) Total number of log entries matching the query
C) Number of ECS instances reaches 0 D) CPU usage on ECS > 90% Answer: B Explanation: SLS alerts are based on log query results, such as the count of matching logs exceeding a threshold. Question 27. Which metric is NOT directly monitored by Cloud Monitor (CMS) for an ECS instance? A) CPU Utilization B) Disk Read IOPS C) Container Image Vulnerabilities D) Network Inbound Traffic Answer: C Explanation: CMS monitors infrastructure metrics; container image vulnerabilities are a security feature of ACR, not a CMS metric. Question 28. What is the purpose of a RAM role in Alibaba Cloud? A) To allocate network bandwidth B) To define a set of permissions that can be assumed by services or users C) To store encrypted log data D) To schedule automatic scaling events Answer: B Explanation: RAM (Resource Access Management) roles encapsulate permissions and can be assumed by ECS, Function Compute, etc., for secure access. Question 29. Which principle best describes “least privilege” in RAM policy design?
A) Grant all permissions to all users B) Provide only the permissions necessary for a specific task C) Disable all permissions by default and never enable any D) Assign the same role to every service for simplicity Answer: B Explanation: Least privilege means each identity gets only the rights required to perform its duties, reducing attack surface. Question 30. In container security, which practice helps prevent malicious code execution at runtime? A) Disabling Logtail on containers B) Enabling read‑only root filesystem in the container spec C) Using public ACR repositories only D) Increasing container CPU limits Answer: B Explanation: Setting the root filesystem as read‑only limits the ability of attackers to write or modify files inside the container. Question 31. Which Kubernetes networking object provides a stable virtual IP for a set of Pods? A) Ingress B) Service (ClusterIP) C) EndpointSlice D) NetworkPolicy Answer: B Explanation: A Service of type ClusterIP allocates a stable virtual IP that routes traffic to its backing Pods.
Answer: B Explanation: ECI lets you run containers without managing underlying ECS instances, offering a serverless experience. Question 35. In Function Compute (FC), what triggers the execution of a function? A) Manual start via console only B) Event sources such as OSS upload, API Gateway, or Log Service alerts C) Scheduled ROS stack creation only D) Direct SSH login to the function container Answer: B Explanation: FC functions are invoked by various event sources, enabling event‑driven serverless computing. Question 36. Which Kubernetes object is used to request persistent storage for a stateful application? A) ConfigMap B) PersistentVolumeClaim (PVC) C) DaemonSet D) Job Answer: B Explanation: A PVC abstracts a request for storage, which is then bound to a PersistentVolume (PV) for use by Pods. Question 37. When using a CI/CD pipeline on Alibaba Cloud, which service typically stores the source code? A) ACR B) CodePipeline
C) CodeCommit (or Git) D) OSS Answer: C Explanation: Alibaba Cloud Code (CodeCommit) provides Git repositories for source code hosting, which CI/CD pipelines pull from. Question 38. Which of the following best describes a “managed” ACK cluster? A) Users must provision and maintain the control plane themselves B) Alibaba Cloud manages the control plane, upgrades, and high availability C) The cluster runs on dedicated physical servers only D) It does not support auto‑scaling of worker nodes Answer: B Explanation: Managed ACK offloads the control plane management to Alibaba Cloud while users focus on workloads. Question 39. What is the default log retention period for a newly created Logstore in SLS? A) 1 day B) 7 days C) 30 days D) 90 days Answer: C Explanation: By default, Logstore retains logs for 30 days unless a different lifecycle policy is configured. Question 40. Which ROS intrinsic function is used to reference a resource attribute, such as an ECS instance ID?
A) To ensure a copy of a Pod runs on every (or selected) node in the cluster B) To provide horizontal scaling of a Deployment C) To store configuration data as key‑value pairs D) To expose a service externally via a load balancer Answer: A Explanation: DaemonSets guarantee that a Pod instance runs on each node, useful for logging agents, monitoring, etc. Question 44. Which Cloud Monitor metric would you use to set an alarm for high memory usage on an ECS instance? A) CPUUtilization B) DiskReadOps C) MemoryUsagePercentage D) NetworkOutRate Answer: C Explanation: MemoryUsagePercentage reflects the proportion of memory used, suitable for memory‑related alerts. Question 45. In RAM, what is the difference between a user and a role? A) Users can be assumed by services; roles cannot B) Roles define permissions and can be assumed; users are identities that can log in C) Users are only for OSS; roles are for all services D) There is no functional difference; they are synonyms Answer: B Explanation: Users are actual identities with credentials; roles encapsulate permissions and can be assumed by users, ECS, or other services.
Question 46. Which of the following is a best practice for securing container images in ACR? A) Disable vulnerability scanning to improve performance B) Use only public repositories for all images C) Sign images with Alibaba Cloud Container Registry (ACR) image signing feature D) Store images without any access control Answer: C Explanation: Image signing ensures integrity and authenticity, preventing tampered images from being deployed. Question 47. What does the “Pod IP” represent in a Kubernetes cluster? A) The IP address of the node hosting the Pod B) A virtual IP shared by all Pods in the Service C) The unique IP assigned to a single Pod, reachable within the cluster network D) The external public IP assigned by SLB Answer: C Explanation: Each Pod receives its own IP address for intra‑cluster communication. Question 48. Which of the following statements about Alibaba Cloud OSS lifecycle rules is true? A) They can automatically delete objects after a specified number of days B) They are only applicable to Log Service data C) They must be configured through ROS templates only D) They cannot transition objects to cheaper storage classes Answer: A
D) The IAM policies for the stack Answer: B Explanation: Parameters allow users to pass custom values (e.g., instance type) when launching a stack. Question 52. Which of the following is NOT a valid scaling metric for ESS? A) CPU Utilization B) Memory Utilization C) Number of active Pods in ACK D) Custom Cloud Monitor metric Answer: C Explanation: ESS scales ECS instances; it does not directly use Kubernetes Pod counts (that's handled by HPA/Cluster Autoscaler). Question 53. What is the effect of setting restartPolicy: Never in a Kubernetes Pod spec? A) The Pod will be restarted automatically on failure B) The Pod will not be restarted after it exits, regardless of exit code C) The Pod will be recreated by the Deployment controller D) The Pod will be scheduled on a node with no other Pods Answer: B Explanation: restartPolicy: Never tells the kubelet not to restart the container after it terminates. Question 54. Which Log Service query function calculates the average value of a numeric field? A) SUM
AVGMAXMEDIANAnswer: B Explanation: AVG(field) returns the arithmetic mean of the specified numeric field. Question 55. In ACK, which Service type exposes the application via a public IP automatically provisioned by SLB? A) ClusterIP B) NodePort C) LoadBalancer D) ExternalName Answer: C Explanation: LoadBalancer Service creates an external SLB and assigns a public IP for inbound traffic. Question 56. Which of the following is a recommended way to protect sensitive environment variables in a Kubernetes Deployment? A) Store them directly in the container image B) Use ConfigMaps for all secrets C) Store them as Kubernetes Secrets and reference them as envFrom or env D) Write them to a log file on startup Answer: C Explanation: Secrets are base64‑encoded objects designed for storing confidential data, and can be injected into Pods securely.