nerdexam
F5

101 · Question #39

Assume a virtual server is configured with a ClientSSL profile. What would the result be if the virtual server's destination port were not 443.

The correct answer is C. As long as client traffic was directed to the alternate port, the virtual server would work as. A ClientSSL profile performs SSL termination based on profile association and matching traffic, not on the virtual server destination port being 443.

Section 4: Security Basics

Question

Assume a virtual server is configured with a ClientSSL profile. What would the result be if the virtual server's destination port were not 443.

Options

  • ASSL termination could not be performed if the virtual server's port was not port 443.
  • BVirtual servers with a ClientSSL profile are always configured with a destination port of 443.
  • CAs long as client traffic was directed to the alternate port, the virtual server would work as
  • DSince the virtual server is associated with a ClientSSL profile, it will always process traffic sent to

How the community answered

(40 responses)
  • A
    13% (5)
  • B
    3% (1)
  • C
    80% (32)
  • D
    5% (2)

Why each option

A ClientSSL profile performs SSL termination based on profile association and matching traffic, not on the virtual server destination port being 443.

ASSL termination could not be performed if the virtual server's port was not port 443.

SSL termination is not restricted to port 443; the ClientSSL profile processes SSL based on the virtual server's IP-port match, not on any fixed port requirement.

BVirtual servers with a ClientSSL profile are always configured with a destination port of 443.

Virtual servers with a ClientSSL profile are not enforced to use port 443; administrators freely configure any valid destination port when defining the virtual server.

CAs long as client traffic was directed to the alternate port, the virtual server would work asCorrect

The BIG-IP performs SSL termination for any virtual server with an associated ClientSSL profile regardless of the configured destination port number. Port 443 is only the IANA-registered default for HTTPS; if clients are directed to an alternate port such as 8443, the BIG-IP still completes the SSL handshake and decrypts the traffic as long as the client connects to the correct IP and port combination defined on the virtual server.

DSince the virtual server is associated with a ClientSSL profile, it will always process traffic sent to

A virtual server with a ClientSSL profile does not process all SSL traffic arriving at the BIG-IP - it only processes traffic that matches its specific IP address and port combination.

Concept tested: F5 BIG-IP ClientSSL profile port-independent SSL termination

Source: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-local-traffic-management-profiles-reference/ssl-profiles.html

Topics

#ClientSSL profile#virtual server port#SSL termination

Community Discussion

No community discussion yet for this question.

Full 101 Practice