D. Tomcat: 4 cores: 4G, Memcache: 2 cores: 16G

Answer DescriptionExplanation: According to the Alibaba Cloud ECS documentation1, the recommended instance type for Tomcat is ecs.c5.xlarge, which has 4 vCPUs and 4 GiB of memory. This instance type is suitable for web applications that require high performance and low latency. The recommended instance type for Memcache is ecs.r5.large, which has 2 vCPUs and 16 GiB of memory. This instance type is optimized for memory-intensive applications that require high memory bandwidth and low latency. Therefore, option D is the most recommended configuration for deploying Tomcat and Memcache on two ECS instances. References: Instance type families and Alibaba Cloud Elastic Compute Service Product Introduction

B. False

Answer DescriptionExplanation: Alibaba Cloud provides comprehensive security protection covering networks, hosts, applications, databases, and content for on-cloud clients, but users still need to pay attention to security protection issues. Alibaba Cloud and its customers are jointly responsible for the security of customers’ applications built on Alibaba Cloud. With security responsibilities shared between Alibaba Cloud and its customers, Alibaba Cloud provides a secure infrastructure to decrease the enterprise security burden of customers. As such, customers can configure and use cloud products in a secure manner, thus relieving much of the underlying security burdens while allowing customers to focus more on their core business needs. However, customers still need to follow the best practices and guidelines for cloud security, such as using strong passwords, enabling multi-factor authentication, encrypting sensitive data, applying security patches, etc. Customers also need to monitor and manage the security risks and incidents of their cloud environment using Alibaba Cloud’s security products and services, such as Security Center, ActionTrail, Cloud Firewall, etc.

B. False

Answer DescriptionExplanation: Objects cannot be directly renamed in OSS. To rename an object in the bucket, you can copy the source object to the destination object and delete the source object. This is because the object name is part of the object URL and cannot be changed without affecting the access to the object. However, if you enable the hierarchical namespace feature for a bucket, you can rename objects in the bucket by using the OSS console or SDKs.

D. Intranet/Internet switchover

Answer DescriptionExplanation: A read-only RDS instance is a replica of the primary RDS instance that can handle read requests and increase the read capability of the database system. A read-only RDS instance inherits the network type (intranet or internet) of the primary RDS instance and cannot switch between them. Therefore, option D is the correct answer. References: Create a read-only ApsaraDB RDS for MySQL instance, Instance types for read-only ApsaraDB RDS instances

B. The instance and the scaling group must be in the same region but not necessarily the same zone.

Answer DescriptionExplanation: According to the Alibaba Cloud documentation1, Auto Scaling is a service that automatically adjusts the number of elastic computing resources based on your business demands and policies. When the demand for computing resources increases, Auto Scaling automatically adds ECS instances to ensure sufficient computing capabilities. When the demand decreases, Auto Scaling automatically removes ECS instances to reduce costs. Auto Scaling supports adding an existing ECS instance into the scaling group, but the instance must meet some requirements1. One of the requirements is that the instance and the scaling group must be in the same region. However, they do not have to be in the same zone. A zone is a physical area within a region that has independent power grids and networks. A region is a geographic area where Alibaba Cloud deploys its resources. Therefore, the correct answer is B.

B. Port 3306

Answer DescriptionExplanation: The port 3306 is the default port on which MySQL is usually configured. This port is used by MySQL clients and applications to connect to the MySQL server. If you are using any other port, you should allow traffic to that specific port instead. Alibaba Cloud RDS for MySQL also uses this port by default, unless you specify a different port when creating the RDS instance. You can view and modify the port number of your RDS instance in the RDS console.

A. True

Answer DescriptionExplanation: Object Storage Service (OSS) supports sub accounts, which are the accounts that belong to a parent account and share the resources of the parent account. You can allocate access permissions to different buckets for each sub account by using bucket policies or RAM policies. Bucket policies are the access control policies that are attached to buckets and specify the permissions that other users have on the resources in the buckets. RAM policies are the access control policies that are attached to RAM users or RAM user groups and specify the permissions that the RAM users or RAM user groups have on the OSS resources. References: Object Storage Service:Overview - Alibaba Cloud Object Storage Service:FAQ - Alibaba Cloud Authentication - Object Storage Service - Alibaba Cloud

B. You need to host server SSL certificates and client CA certificates on SLB

Answer DescriptionExplanation: SLB (Server Load Balancer) is a service that distributes network traffic across groups of backend servers to improve the service capability and application availability1. SLB supports HTTPS listeners, which allow you to encrypt the data transmission between clients and SLB instances2. HTTPS is a secure version of HTTP that uses SSL/TLS protocols to provide data encryption, integrity, and authentication3.
To use HTTPS listeners, you need to upload SSL certificates to SLB. SSL certificates are digital certificates that use public key cryptography to verify the identity of a website and encrypt the data exchanged between the website and the visitors4. There are two types of SSL certificates: server certificates and client certificates. Server certificates are issued by trusted certificate authorities (CAs) to verify the identity of the website owner and the domain name. Client certificates are issued by the website owner to verify the identity of the visitors5.
SLB supports both one-way and two-way authentication for HTTPS listeners. One-way authentication means that only the server identity is verified by the client. Two-way authentication means that both the server and the client identities are verified by each other. To use one-way authentication, you only need to upload the server SSL certificate to SLB. To use two-way authentication, you need to upload both the server SSL certificate and the client CA certificate to SLB. The client CA certificate is the root certificate or intermediate certificate of the CA that issues the client certificates.
Therefore, if you want to use SLB and ECS instances to deploy two-way authenticated HTTPS websites, you need to host server SSL certificates and client CA certificates on SLB. SLB can host both SSL certificates and CA certificates, and it supports HTTPS twoway authentication. The other statements are incorrect. References: Server Load Balancer(SLB) - Alibaba Cloud, Add an HTTPS listener - Server Load Balancer - Alibaba Cloud Documentation Center, What is HTTPS? - SSL.com, What is an SSL Certificate? - SSL.com, What is a Client Certificate? - SSL.com, [Configure two-way authentication for an HTTPS listener - Server Load Balancer - Alibaba Cloud Documentation Center]