Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free CAP-C01 Practice Questions

Pass your Alibaba Cloud Certified Professional: Cloud Architect (CAP-C01) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

An architect needs redundant connectivity from on-premises to Alibaba Cloud so that if the primary Express Connect physical line fails, traffic automatically uses a backup path. What is the recommended design?

A
B
C
D
to track
Same family resources

Explore More Alibaba Cloud Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Alibaba Cloud Security Engineer (Associate)

Practice QuestionsStudy GuideCheat SheetFlashcards1 blog

Alibaba Cloud ACA Cloud Business

Practice Questions

Alibaba Cloud ACA Generative AI Engineer

Practice Questions

Alibaba Cloud Certified Associate (ACA) Cloud Computing

Practice Questions

Alibaba Cloud Certified Associate (ACA) Cloud Operator

Practice Questions

Alibaba Cloud Certified Associate Cloud Engineer (CEA-C01)

Practice Questions

More From This Family

Videos and articles for deeper review.

ArticleFREE Alibaba Cloud Security Associate (CSA-C01) Certification Guide 2026: Exam Format, Blueprint, Study Plan16 min read
2026 Statistics

Key Facts: CAP-C01 Exam

$200

Exam Fee (USD)

Alibaba Cloud

90 min

Exam Duration

Alibaba Cloud

70/100

Passing Score

Alibaba Cloud

50

Questions

Alibaba Cloud

Professional

Certification Level

Alibaba Cloud

Replaces ACP Cloud Computing

Successor Exam

Alibaba Cloud

As of May 2026, Alibaba Cloud lists CAP-C01 (Certified Professional: Cloud Architect) as a professional-level exam costing $200 USD, lasting 90 minutes, with 50 multiple-choice questions and a passing score of 70 out of 100, delivered in English through Pearson VUE online or at a test center. The five content domains are Core Infrastructure Deep Dive (26%), Building Highly Available, Performant Cloud Architecture (22%), Securing Workloads on Alibaba Cloud (22%), Building Enterprise-grade Networks on Alibaba Cloud (18%), and Delivering Services and Content on Alibaba Cloud (12%). CAP-C01 is the current professional architect exam that replaced the retired ACP Cloud Computing certification, and a 14-day wait applies between any two professional exam attempts. Alibaba Cloud does not publish the certificate validity term or a public pass rate, so confirm renewal details on the official certification site.

Sample CAP-C01 Practice Questions

Try these sample questions to test your CAP-C01 exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1An architect needs to provide private, isolated network space on Alibaba Cloud where they fully control the IP address range, subnets, and route tables. Which service provides this foundation?
A.Virtual Private Cloud (VPC)
B.Server Load Balancer (SLB)
C.Cloud Enterprise Network (CEN)
D.Express Connect
Explanation: A Virtual Private Cloud (VPC) is the logically isolated private network on Alibaba Cloud where you define the CIDR block, create VSwitches (subnets), and configure route tables. It is the foundational construct that other resources such as ECS, RDS, and SLB are deployed into.
2Within an Alibaba Cloud VPC, what is the function of a VSwitch?
A.It provides a NAT for outbound internet access
B.It is a subnet that hosts cloud resources within a single zone and CIDR range
C.It is the dedicated physical connection to an on-premises data center
D.It applies stateful firewall rules to ECS instances
Explanation: A VSwitch is the Alibaba Cloud equivalent of a subnet. It belongs to one zone, carves a CIDR block out of the VPC range, and is where ENIs and instances are placed. Resources in different VSwitches communicate over the VPC route table.
3An enterprise must interconnect dozens of VPCs across multiple regions plus several on-premises sites into a single mesh with automatic route learning and bandwidth control. Which Alibaba Cloud service is designed for this?
A.VPC Peering only
B.Internet Shared Bandwidth
C.Cloud Enterprise Network (CEN)
D.Smart Access Gateway hardware only
Explanation: Cloud Enterprise Network (CEN) builds a global mesh that interconnects VPCs across regions and on-premises networks attached via Express Connect or VPN. It automatically propagates routes between attached networks and lets you allocate bandwidth with Bandwidth Plans on transit routers.
4A company wants a dedicated, low-latency private leased line from its on-premises data center into an Alibaba Cloud VPC, bypassing the public internet. Which service should the architect choose?
A.VPN Gateway over the internet
B.NAT Gateway
C.Global Accelerator
D.Express Connect with a physical connection and Virtual Border Router
Explanation: Express Connect establishes a dedicated physical leased line into Alibaba Cloud. The physical connection terminates at an access point, and a Virtual Border Router (VBR) plus a router interface or CEN attachment routes traffic privately into the VPC, avoiding the public internet for stable, low-latency connectivity.
5An architect needs an encrypted IPsec tunnel between an on-premises site and an Alibaba Cloud VPC over the existing internet connection, with no new physical circuit. Which service fits best?
A.VPN Gateway
B.Express Connect
C.Cloud Firewall
D.Anycast EIP
Explanation: VPN Gateway provides IPsec-VPN connections that build encrypted tunnels between on-premises gateways and the VPC over the public internet, requiring no dedicated circuit. It is the cost-effective choice when a physical Express Connect line is not justified.
6Private ECS instances in a VSwitch with no public IP need to download OS patches from the internet without being directly reachable from outside. What should the architect deploy?
A.Assign each instance a public IP
B.A NAT Gateway with an SNAT entry and an associated EIP
C.An internet-facing SLB
D.A second VPC peered for internet egress
Explanation: A NAT Gateway with an SNAT (source NAT) entry lets private instances initiate outbound connections to the internet through a shared EIP while remaining unreachable from inbound traffic. This is the standard pattern for outbound-only internet access from private subnets.
7An architect must control which protocols and ports are allowed to reach individual ECS instances, with stateful rules evaluated per instance. Which Alibaba Cloud feature provides this?
A.Network ACL on the VSwitch
B.Route table entry
C.Security Group
D.DDoS Protection Basic
Explanation: Security Groups act as stateful virtual firewalls at the instance/ENI level, controlling inbound and outbound traffic by protocol, port, and source. Because they are stateful, return traffic for allowed connections is automatically permitted.
8Two VPCs in the same region are attached to the same CEN instance but cannot communicate. Their VSwitch CIDR blocks overlap. What is the most likely cause?
A.CEN does not support same-region VPCs
B.CEN requires a VPN Gateway between the VPCs
C.Security Groups always block CEN traffic by default
D.Overlapping CIDR ranges cause route conflicts that CEN cannot resolve
Explanation: CEN relies on route propagation, so attached networks must have non-overlapping CIDR blocks. When ranges overlap, routes conflict and CEN cannot determine a unique next hop, breaking connectivity. The fix is to redesign the address plan so each network has a unique CIDR.
9An architect designs a VPC and must choose a private CIDR block. Which range is a valid choice for a VPC primary CIDR?
A.172.16.0.0/12
B.8.8.8.0/24
C.100.64.0.0/10
D.224.0.0.0/4
Explanation: Alibaba Cloud VPCs accept the RFC 1918 private ranges 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 (and subsets) as the primary CIDR. 172.16.0.0/12 is a valid private block for a VPC.
10A global company wants users worldwide to reach an application hosted in one region with the lowest possible latency by entering Alibaba Cloud's network at the nearest edge. Which service should the architect use?
A.NAT Gateway
B.Global Accelerator (GA)
C.VPN Gateway
D.Elastic IP Address only
Explanation: Global Accelerator (GA) provides anycast entry points so users connect to the nearest Alibaba Cloud access point and traverse the optimized backbone to the origin region. This reduces jitter and latency compared with traversing the public internet end to end.

About the CAP-C01 Exam

Alibaba Cloud's CAP-C01 exam earns the Certified Professional: Cloud Architect credential, validating that you can design and implement scalable, highly available, secure, and cost-effective solutions on Alibaba Cloud. The skills span enterprise VPC and CEN networking, hybrid and global connectivity with Express Connect and VPN Gateway, core infrastructure (ECS, OSS, RDS, PolarDB, AnalyticDB, Redis), high availability and disaster recovery, content delivery with CDN, and workload security. CAP-C01 is the current professional architect exam that replaced the retired ACP Cloud Computing certification.

Questions

50 scored questions

Time Limit

90 minutes

Passing Score

70/100

Exam Fee

$200 (Alibaba Cloud)

CAP-C01 Exam Content Outline

26%

Core Infrastructure Deep Dive

Master ECS instances, custom images, ESSD block storage, OSS object storage and storage classes, NAS, ApsaraDB RDS, PolarDB and PolarDB-X, AnalyticDB, Tablestore, Container Service for Kubernetes, Function Compute, messaging with ApsaraMQ, Resource Orchestration Service, Simple Log Service, and cost optimization with subscription, reserved, spot, and Savings Plans purchasing.

22%

Building Highly Available, Performant Cloud Architecture

Design multi-zone and multi-region high availability with Server Load Balancer health checks and Auto Scaling, scale databases with RDS HA and read replicas and ApsaraDB for Redis caching, protect data with snapshots, OSS ZRS, and DTS-based disaster recovery, and monitor with CloudMonitor.

22%

Securing Workloads on Alibaba Cloud

Implement least privilege with RAM users, roles, and STS, enforce MFA and password policy, encrypt data with KMS and Secrets Manager and SSL Certificates Service, protect applications with WAF, Anti-DDoS, Cloud Firewall, and Security Center, and govern accounts with Cloud Config, ActionTrail, Resource Directory, and Control Policies.

18%

Building Enterprise-grade Networks on Alibaba Cloud

Plan VPC and VSwitch CIDRs and route tables, secure traffic with Security Groups and Network ACLs, provide egress with NAT Gateway and SNAT, interconnect with VPC peering, CEN Transit Routers, Express Connect, VPN Gateway, and Smart Access Gateway, and use PrivateLink and OSS internal endpoints for private access.

12%

Delivering Services and Content on Alibaba Cloud

Accelerate delivery with Alibaba Cloud CDN caching strategy and origin protection over OSS, stream media with ApsaraVideo, publish APIs with API Gateway, and manage global traffic with Alibaba Cloud DNS, Global Traffic Manager, Global Accelerator, and Anycast EIP for low-latency global access.

How to Pass the CAP-C01 Exam

What You Need to Know

  • Passing score: 70/100
  • Exam length: 50 questions
  • Time limit: 90 minutes
  • Exam fee: $200

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

CAP-C01 Study Tips from Top Performers

1Spend the largest share of study time on Core Infrastructure Deep Dive because it is the heaviest area at 26%, covering ECS, OSS, RDS, PolarDB, PolarDB-X, AnalyticDB, Tablestore, ACK, Function Compute, and cost-optimization purchasing models.
2Learn the Alibaba Cloud networking stack thoroughly: VPC and VSwitch CIDR planning, route tables, Security Groups versus stateless Network ACLs, NAT Gateway SNAT, CEN Transit Routers and Bandwidth Plans, Express Connect, and VPN Gateway.
3Master high-availability and disaster-recovery patterns: multi-zone deployment behind SLB, Auto Scaling policies, RDS HA and read replicas, OSS ZRS, snapshots, and DTS cross-region replication, and know when multi-region is required over multi-zone.
4Know the security services and when to use each: RAM roles and STS over long-term AccessKeys, KMS and Secrets Manager, WAF, Anti-DDoS Pro/Premium, Cloud Firewall, Security Center, Cloud Config, ActionTrail, and Resource Directory Control Policies.
5Understand content delivery and global traffic: CDN caching strategy with OSS origin protection, ApsaraVideo, API Gateway, Alibaba Cloud DNS, Global Traffic Manager, Global Accelerator, and Anycast EIP, and how they reduce latency for global users.
6Practice cost optimization across compute and storage: subscription versus pay-as-you-go versus preemptible versus Savings Plans, OSS storage-class lifecycle transitions, right-sizing with CloudMonitor, and minimizing cross-zone data transfer.

Frequently Asked Questions

What are the current official exam facts for CAP-C01?

Alibaba Cloud lists CAP-C01 as a professional-level exam costing $200 USD, lasting 90 minutes, with 50 multiple-choice questions and a passing score of 70 out of 100. It is delivered in English through Pearson VUE, online or at a test center.

Is CAP-C01 the replacement for the ACP Cloud Computing certification?

Yes. CAP-C01 is the current Alibaba Cloud Certified Professional Cloud Architect exam that replaced the retired ACP Cloud Computing certification, focusing on designing and implementing scalable and resilient architectures.

What domains are weighted most heavily on CAP-C01?

Core Infrastructure Deep Dive is the largest area at 26%. Building Highly Available, Performant Cloud Architecture and Securing Workloads each carry 22%, Building Enterprise-grade Networks is 18%, and Delivering Services and Content is 12%.

Which Alibaba Cloud services should I study for CAP-C01?

Focus on VPC, VSwitch, CEN, Express Connect, VPN Gateway, NAT Gateway, SLB, Auto Scaling, ECS, OSS, NAS, ApsaraDB RDS, PolarDB, PolarDB-X, AnalyticDB, ApsaraDB for Redis, CDN, RAM, KMS, WAF, Anti-DDoS, Cloud Firewall, Security Center, and DTS.

How often can I retake CAP-C01 if I fail?

Alibaba Cloud requires a 14-day waiting period between attempts at any two professional-level exams, so you must wait 14 days before retaking CAP-C01.

What experience does Alibaba Cloud recommend before CAP-C01?

Alibaba Cloud recommends hands-on experience designing and implementing scalable, resilient solutions across networking, compute, storage, databases, and security, plus familiarity with associate-level cloud fundamentals.