nerdexam
F5

101 · Question #298

Why does deploying LTM into an existing network immediately improve security?

The correct answer is C. No traffic A allowed through LTM until it has been specified.. BIG-IP LTM uses a default-deny posture, meaning no traffic is forwarded to any backend resource until virtual servers and pools are explicitly configured by an administrator.

Section 4: Security Basics

Question

Why does deploying LTM into an existing network immediately improve security?

Options

  • AOnly requests for specific ports are allowed through LTM.
  • BAll traffic through LTM is checked for DDoS attacks.
  • CNo traffic A allowed through LTM until it has been specified.
  • DAll users must authenticate before accessing applications through LTM.
  • EOnly LAN administrators can access resources through LTM.

How the community answered

(37 responses)
  • B
    3% (1)
  • C
    92% (34)
  • E
    5% (2)

Why each option

BIG-IP LTM uses a default-deny posture, meaning no traffic is forwarded to any backend resource until virtual servers and pools are explicitly configured by an administrator.

AOnly requests for specific ports are allowed through LTM.

LTM does not restrict traffic to specific ports by default; port-based filtering depends entirely on the virtual server configuration the administrator creates.

BAll traffic through LTM is checked for DDoS attacks.

LTM does not automatically inspect all traffic for DDoS attacks; that capability requires the Advanced Firewall Manager module or explicit profile configuration.

CNo traffic A allowed through LTM until it has been specified.Correct

BIG-IP LTM operates as a full proxy with a whitelist-based default model in which no traffic passes to backend resources until an administrator explicitly defines virtual servers, pools, and associated policies. Any traffic that does not match a configured virtual server is silently dropped, immediately reducing the attack surface when LTM is inserted into an existing network. This default-deny behavior requires zero additional configuration to take effect.

DAll users must authenticate before accessing applications through LTM.

LTM does not enforce user authentication before allowing application access by default; authentication requires explicit Access Policy Manager configuration.

EOnly LAN administrators can access resources through LTM.

LTM does not limit resource access to LAN administrators; access control is governed by virtual server definitions and policies, not by administrator role.

Concept tested: BIG-IP LTM default deny traffic security posture

Source: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-local-traffic-management-getting-started/local-traffic-manager-concepts.html

Topics

#LTM security#traffic filtering#port-based access#network security

Community Discussion

No community discussion yet for this question.

Full 101 Practice