The default Avi Load Balancer behavior for impending SSL/TLS certificate expiration includes visible operational indicators in the UI and health score impact. VMware Avi documentation explains that certificates approaching expiration affect the Virtual Service by applying a security penalty. At 30 days before expiration, the Virtual Service incurs a 20-point security penalty and the maximum health score is capped at 80. The certificates page also provides visual indication of certificate status using color changes as certificates approach expiration. Email and SNMP alerting require notification or external integration configuration, so they are not the default mechanisms. A top red UI banner is not the standard default certificate-expiry alerting mechanism described for this case. Therefore, the correct default mechanisms are health score security penalty and SSL certificate color status indicators.