ACP-Cloud1 Questions Bank

Default and non-default VSwitches do not have the same constraints and operations. Default VSwitches have specific configurations and limitations set by Alibaba Cloud, designed to simplify initial setups. In contrast, non-default VSwitches, created by users, allow for more customized configurations and are typically used in more complex or specialized networking environments. Thus, option C is incorrect as the constraints and operations differ between default and non-default VSwitches.

Alibaba Cloud ECS (Elastic Compute Service) is an Infrastructure as a Service (IaaS) offering, providing users with virtualized computing resources like virtual machines. IaaS services offer fundamental cloud infrastructure such as compute, storage, and networking resources.

SLB (Server Load Balancer) is a service that distributes network traffic across groups of backend servers to improve the service capability and application availability1. SLB supports HTTPS listeners, which allow you to encrypt the data transmission between clients and SLB instances2. HTTPS is a secure version of HTTP that uses SSL/TLS protocols to provide data encryption, integrity, and authentication3.

To use HTTPS listeners, you need to upload SSL certificates to SLB. SSL certificates are digital certificates that use public key cryptography to verify the identity of a website and encrypt the data exchanged between the website and the visitors4. There are two types of SSL certificates: server certificates and client certificates. Server certificates are issued by trusted certificate authorities (CAs) to verify the identity of the website owner and the domain name. Client certificates are issued by the website owner to verify the identity of the visitors5.

SLB supports both one-way and two-way authentication for HTTPS listeners. One-way authentication means that only the server identity is verified by the client. Two-way authentication means that both the server and the client identities are verified by each other. To use one-way authentication, you only need to upload the server SSL certificate to SLB. To use two-way authentication, you need to upload both the server SSL certificate and the client CA certificate to SLB. The client CA certificate is the root certificate or intermediate certificate of the CA that issues the client certificates.

Therefore, if you want to use SLB and ECS instances to deploy two-way authenticated HTTPS websites, you need to host server SSL certificates and client CA certificates on SLB. SLB can host both SSL certificates and CA certificates, and it supports HTTPS two-way authentication. The other statements are incorrect. References: Server Load Balancer(SLB) - Alibaba Cloud, Add an HTTPS listener - Server Load Balancer - Alibaba Cloud Documentation Center, What is HTTPS? - SSL.com, What is an SSL Certificate? - SSL.com, What is a Client Certificate? - SSL.com, [Configure two-way authentication for an HTTPS listener - Server Load Balancer - Alibaba Cloud Documentation Center]

When the removal policy is set to “the earliest instance with the scaling configuration,” Auto Scaling will prioritize removing the oldest ECS instances that were created by Auto Scaling. This policy helps manage and rotate instances that may have been running the longest, ensuring newer instances remain available to handle the current load. This approach is beneficial for maintaining cost-effectiveness and operational efficiency.