101 · Question #298
Why does deploying LTM into an existing network immediately improve security?
The correct answer is C. No traffic A allowed through LTM until it has been specified.. BIG-IP LTM uses a default-deny posture, meaning no traffic is forwarded to any backend resource until virtual servers and pools are explicitly configured by an administrator.
Question
Why does deploying LTM into an existing network immediately improve security?
Options
- AOnly requests for specific ports are allowed through LTM.
- BAll traffic through LTM is checked for DDoS attacks.
- CNo traffic A allowed through LTM until it has been specified.
- DAll users must authenticate before accessing applications through LTM.
- EOnly LAN administrators can access resources through LTM.
How the community answered
(37 responses)- B3% (1)
- C92% (34)
- E5% (2)
Why each option
BIG-IP LTM uses a default-deny posture, meaning no traffic is forwarded to any backend resource until virtual servers and pools are explicitly configured by an administrator.
LTM does not restrict traffic to specific ports by default; port-based filtering depends entirely on the virtual server configuration the administrator creates.
LTM does not automatically inspect all traffic for DDoS attacks; that capability requires the Advanced Firewall Manager module or explicit profile configuration.
BIG-IP LTM operates as a full proxy with a whitelist-based default model in which no traffic passes to backend resources until an administrator explicitly defines virtual servers, pools, and associated policies. Any traffic that does not match a configured virtual server is silently dropped, immediately reducing the attack surface when LTM is inserted into an existing network. This default-deny behavior requires zero additional configuration to take effect.
LTM does not enforce user authentication before allowing application access by default; authentication requires explicit Access Policy Manager configuration.
LTM does not limit resource access to LAN administrators; access control is governed by virtual server definitions and policies, not by administrator role.
Concept tested: BIG-IP LTM default deny traffic security posture
Source: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-local-traffic-management-getting-started/local-traffic-manager-concepts.html
Topics
Community Discussion
No community discussion yet for this question.