SAE-C01 Exam Information and Outline
Alibaba Cloud Certified Expert: Solutions Architect
SAE-C01 Exam Syllabus & Study Guide
Before you start practicing with our exam simulator, it is essential to understand the official SAE-C01 exam objectives. This course outline serves as your roadmap, breaking down exactly which technical domains and skills will be tested. By reviewing the syllabus, you can identify your strengths and focus your study time on the areas where you need the most improvement.
The information below reflects the latest 2026 course contents as defined by Alibaba-Cloud. We provide this detailed breakdown to help you align your preparation with the actual exam format, ensuring there are no surprises on test day. Use this outline as a checklist to track your progress as you move through our practice question banks.
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
Exam Code: SAE-C01
Exam Name: Alibaba Cloud Certified Expert: Solutions Architect
Number of Questions: 100
Time Allotted: 120 minutes
Passing Marks: 80 out of 100 (80%)
Exam Format: Multiple-choice questions; available online or offline via Pearson VUE test centers (not available via OnVUE for overseas customers)
Languages: English
Security Services on Public Cloud
- Identity and Access Management (IAM)
- RAM (Resource Access Management): Centralized service for managing user identities- permissions- and roles. Supports fine-grained access control via policies (e.g.- JSON-based statements with actions- resources- and conditions).
- STS (Security Token Service): Temporary credential service for federated access- enabling short-lived tokens for secure API calls without long-term keys.
- MFA (Multi-Factor Authentication): Layered security requiring additional verification (e.g.- TOTP or SMS) for privileged accounts.
- Data Protection and Encryption
- KMS (Key Management Service): Managed hardware security module (HSM)-backed service for creating- rotating- and auditing cryptographic keys (symmetric/asymmetric- CMK - Customer Master Keys).
- SSE (Server-Side Encryption): Automatic encryption at rest for services like OSS; supports SSE-KMS for customer-managed keys.
- TDE (Transparent Data Encryption): Database-level encryption for RDS to protect data files without application changes.
- Threat Detection and Response
- Security Center (SC): Unified dashboard for vulnerability scanning- baseline checks- and real-time alerts on threats like malware or intrusions.
- WAF (Web Application Firewall): Layer-7 protection against OWASP Top 10 threats- including SQL injection- XSS- and CC attacks; uses managed rulesets and custom policies.
- Anti-DDoS (Anti-DDoS Pro/Basic): Traffic scrubbing service mitigating volumetric attacks up to 5 Tbps; includes SYN flood protection and blackhole activation.
- Compliance and Auditing
- ActionTrail: Logs API calls for auditing and compliance (e.g.- PCI DSS- HIPAA); supports trail delivery to OSS or Log Service.
- CloudMonitor: Metrics and alerts for security events- integrated with SLB and ECS for anomaly detection.
Storage Services on Public Cloud
- Object Storage
- OSS (Object Storage Service): S3-compatible storage for unstructured data; supports Standard- Infrequent Access (IA)- Archive- and Cold Archive tiers for cost efficiency.
- Multipart Upload: Parallel upload for large objects (>100 MB) to improve reliability and speed.
- Bucket Policies: ACLs and cross-account access using JSON conditions for read/write permissions.
- Block and File Storage
- ESS (Enhanced SSD): High-IOPS block storage for ECS; performance tiers (PL0-PL3) based on IOPS/throughput (e.g.- PL1: 50-500 MB/s).
- NAS (Network Attached Storage): NFS/SMB file system for shared access; supports Extreme NFS for low-latency workloads.
- Snapshot Service: Point-in-time copies for EBS volumes; incremental backups with rollback capabilities.
- Backup and Archival
- Hybrid Backup Recovery (HBR): Centralized backup for ECS- OSS- and on-premises; features vault-based storage and GRS (Geo-Redundant Storage).
- Data Lifecycle Management: Automated transitions (e.g.- OSS IA to Archive after 30 days) via rules to reduce costs.
- High-Performance Storage
- OSS-HPC: Parallel file system for AI/ML workloads; integrates with OSS for petabyte-scale data lakes.
Compute Services on Public Cloud
- Virtual Machines
- ECS (Elastic Compute Service): IaaS VMs with instance types (e.g.- ecs.g7: general-purpose- ecs.c7: compute-optimized); supports burstable performance (bPSU).
- Auto Scaling: Dynamic adjustment of ECS groups based on metrics (CPU >80%); integrates with SLB for HA.
- Security Groups: Stateful firewalls for inbound/outbound traffic rules at instance level.
- Serverless Compute
- FC (Function Compute): Event-driven- pay-per-use execution; supports custom runtimes (Node.js- Python) and triggers from OSS/SMS.
- EDAS (Enterprise Distributed Application Service): Middleware for Java apps with auto-scaling and zero-downtime deployments.
- Bare Metal and GPU Instances
- EBM (Elastic Bare Metal): Single-tenant instances for compliance; no hypervisor overhead.
- Elastic GPU Service (EGS): vGPU sharing for graphics-intensive tasks; types like gn6v (NVIDIA V100).
- Image and Deployment Management
- Custom Images: Built from snapshots; supports encrypted images for secure sharing.
- Deployment Sets: Fault isolation strategies (high-availability set- zone-disaster-recovery set) for multi-AZ resilience.
Public Cloud Architectures
- High Availability and Disaster Recovery
- RPO/RTO: Recovery Point Objective (data loss tolerance) and Recovery Time Objective (downtime tolerance); e.g.- synchronous replication for RPO=0.
- Multi-AZ Architecture: Spreading resources across Availability Zones within a region for 99.99% SLA.
- GSLB (Global Server Load Balancing): DNS-based traffic routing for global HA; health checks and weighted policies.
- Scalability Patterns
- Horizontal Scaling: Adding ECS instances via Auto Scaling groups; stateless design for loose coupling.
- Vertical Scaling: Instance type upgrades (e.g.- from c6 to c7) for CPU/memory bursts.
- Cost Optimization
- Savings Plans: Committed usage discounts (e.g.- 1/3-year terms) vs. Spot Instances for interruptible workloads.
- TCO Calculator: Tool for comparing on-premises vs. cloud costs- factoring in Reserved Instances (RI).
- Migration and Modernization
- Migrate to Cloud: Tools like Database Migration Service for lift-and-shift; re-architect for microservices.
Database Services on Public Cloud
- Relational Databases
- RDS (Relational Database Service): Managed MySQL/PostgreSQL/SQL Server; primary/secondary replication with semi-sync mode.
- ApsaraDB for RDS: High-availability edition with read replicas (up to 15) and auto-backup (7-732 days retention).
- Tair: In-memory caching (Redis-compatible); supports AOF/RDB persistence and cluster mode for 1M+ QPS.
- NoSQL and Big Data
- Table Store (OTS): Wide-column NoSQL for massive structured data; supports single-table partitioning and 10K+ ops/sec.
- PolarDB: Cloud-native RDBMS with shared storage; scales to 100 TB- 99.99% durability via log-based replication.
- Analytical Databases
- AnalyticDB: HTAP (Hybrid Transactional/Analytical Processing) for real-time queries; MPP architecture with 1 PB scale-out.
- Data Transmission Service (DTS): Real-time sync/migration between DBs; supports schema/table-level CDC (Change Data Capture).
- Backup and Performance
- Physical Backup: Block-level snapshots for RDS; cross-region DR with PITR (Point-in-Time Recovery).
- Performance Insights: Query optimization with slow log analysis and index recommendations.
Networking Services on Public Cloud
- Virtual Networking
- VPC (Virtual Private Cloud): Isolated network with CIDR blocks; supports IPv4/IPv6 and flow logs via SLS.
- VSwitch: Subnet within VPC for resource attachment; spans one AZ with route tables for inter-VSwitch routing.
- NAT Gateway: Outbound internet access for private subnets; SNAT/DNAT with EIP binding.
- Load Balancing and Acceleration
- SLB (Server Load Balancer): L4/L7 balancing; Classic (CLB) for intra-VPC- Application (ALB) for HTTP/HTTPS path routing.
- CDN (Content Delivery Network): Edge caching with dynamic acceleration; protocols like QUIC for reduced latency.
- GA (Global Accelerator): Any-cast EIP for traffic steering to nearest POP; integrates with SLB for 50% latency reduction.
- Connectivity and Peering
- VPN Gateway: IPsec/IKEv2 tunnels for site-to-site connectivity; supports BGP for dynamic routing.
- Express Connect: Private fiber links to on-premises; CEN (Cloud Enterprise Network) for multi-VPC/region peering.
- Cloud Firewall: Centralized policy enforcement across VPCs; threat intel feeds for east-west traffic.
- DNS and Monitoring
- Alibaba Cloud DNS: Authoritative/managed DNS with health checks; supports private zones for VPC resolution.
Cloud Native Services on Public Cloud
- Container Orchestration
- ACK (Alibaba Cloud Container Service for Kubernetes): Managed K8s with auto-upgrades; supports node pools (system/user) and CSI for storage.
- Container Registry (ACR): Docker OCI-compliant repo; Enterprise edition with vulnerability scanning and geo-replication.
- Helm Charts: Package manager for K8s apps; ACK integrates with ARGO for GitOps deployments.
- Serverless and Microservices
- Serverless App Engine (SAE): PaaS for Java/Node.js; auto-scales pods with traffic mirroring for canary releases.
- MSE (Microservices Engine): Service mesh with Istio-compatible governance; circuit breakers- rate limiting- and tracing via Jaeger.
- EventBridge: SaaS integration bus for event routing; sources like OSS uploads trigger FC functions.
- DevOps and Monitoring
- DevOps Platform: CI/CD with Jenkins integration; pipeline as code for blue-green deployments.
- ARMS (Application Real-Time Monitoring Service): APM for cloud native; traces requests across services with Prometheus metrics.
- Service Security
- CS (Container Security Service): Runtime protection with Falco rules; scans images for CVEs and enforces pod policies.
Hybrid Cloud
- Connectivity and Extension
- Cloud Enterprise Network (CEN): Global transit hub for hybrid peering; supports VBR (Virtual Border Router) attachments.
- Express Connect Circuit: Dedicated 1-100 Gbps links to data centers; low-latency (<10 ms) with SLA 99.95%.
- VPN Connect: Encrypted tunnels over public internet; supports dead peer detection for failover.
- Data Synchronization and Backup
- DataSync: Real-time file/folder sync between on-premises NFS and OSS/NAS; bandwidth throttling for hybrid DR.
- HBR (Hybrid Backup Recovery): Agent-based backups from physical servers to cloud vaults; deduplication and encryption.
- Management and Governance
- CloudMonitor Hybrid: Unified metrics for on-premises agents; alerts on cross-environment anomalies.
- Apsara Stack: On-premises Alibaba Cloud replica for regulated industries; supports hybrid ACK for consistent K8s.
- Workload Portability
- Server Migration Center (SMC): VM import from VMware/Hyper-V to ECS; block replication with minimal downtime.
- Edge Node: Outpost-like extension for low-latency inference; integrates ACK for hybrid container runs.