nerdexam
Exams101Questions#211
F5

101 · Question #211

101 Question #211: Real Exam Question with Answer & Explanation

The correct answer is C: As long as client traffic was directed to the alternate port, the virtual server would work as. A ClientSSL profile performs SSL termination based on profile association, not port number, so any destination port can be used as long as clients direct traffic to that port.

Question

Assume a virtual server is configured with a ClientSSL profile. What would the result be if the virtual server's destination port were not 443.

Options

  • ASSL termination could not be performed if the virtual server's port was not port 443.
  • BVirtual servers with a ClientSSL profile are always configured with a destination port of 443.
  • CAs long as client traffic was directed to the alternate port, the virtual server would work as
  • DSince the virtual server is associated with a ClientSSL profile, it will always process traffic sent to

Explanation

A ClientSSL profile performs SSL termination based on profile association, not port number, so any destination port can be used as long as clients direct traffic to that port.

Common mistakes.

  • A. SSL termination via a ClientSSL profile is port-agnostic; the BIG-IP can decrypt SSL traffic on any port the virtual server listens on.
  • B. There is no system-level restriction that forces a ClientSSL-enabled virtual server to use port 443; the administrator sets the destination port freely.
  • D. A virtual server only processes traffic sent to its configured destination IP and port combination; it does not intercept traffic sent to other ports simply because a ClientSSL profile is attached.

Concept tested. F5 BIG-IP ClientSSL profile port independence

Reference. https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-system-ssl-administration/big-ip-system-ssl-administration.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice