F5
101 · Question #40
101 Question #40: Real Exam Question with Answer & Explanation
The correct answer is A: A virtual server that has both ClientSSL and ServerSSL profiles can still support cookie. When a virtual server has both ClientSSL and ServerSSL profiles, the BIG-IP decrypts inbound SSL traffic, enabling L7 features like cookie persistence to inspect and act on the cleartext payload.
Question
Which statement is true concerning SSL termination.
Options
- AA virtual server that has both ClientSSL and ServerSSL profiles can still support cookie
- BDecrypting traffic at the BIG-IP allows the use of iRules for traffic management, but increases the
- CWhen any virtual server uses a ClientSSL profile, all SSL traffic sent to the BIG-IP is decrypted
- DIf a virtual server has both a ClientSSL and ServerSSL profile, the pool members have less SSL
Explanation
When a virtual server has both ClientSSL and ServerSSL profiles, the BIG-IP decrypts inbound SSL traffic, enabling L7 features like cookie persistence to inspect and act on the cleartext payload.
Common mistakes.
- B. Decrypting traffic at the BIG-IP offloads SSL processing from pool members, reducing their CPU overhead - it does not increase backend burden; the added load is borne by the BIG-IP itself.
- C. A ClientSSL profile only decrypts SSL traffic directed to the specific virtual server it is associated with, not all SSL traffic arriving anywhere on the BIG-IP.
- D. When both ClientSSL and ServerSSL profiles are configured, the BIG-IP re-encrypts traffic before sending it to pool members, meaning pool members still perform full SSL processing and do not benefit from reduced SSL overhead.
Concept tested. F5 BIG-IP SSL bridging and L7 feature visibility
Community Discussion
No community discussion yet for this question.