nerdexam
F5

101 · Question #489

Which Transport Layer Security (TLS) extension can be used to enable a single virtual server to serve multiple HTTPS websites in different can be used to enable a single virtual server to server domai

The correct answer is C. Server Name indication. Server Name Indication (SNI) is the TLS extension that allows a single virtual server to serve multiple HTTPS websites by transmitting the target hostname during the TLS handshake.

Section 4: Security Basics

Question

Which Transport Layer Security (TLS) extension can be used to enable a single virtual server to serve multiple HTTPS websites in different can be used to enable a single virtual server to server domains?

Options

  • ASession Tickets
  • BOCSP Staping
  • CServer Name indication
  • DCertificate Status Request

How the community answered

(57 responses)
  • A
    2% (1)
  • B
    7% (4)
  • C
    88% (50)
  • D
    4% (2)

Why each option

Server Name Indication (SNI) is the TLS extension that allows a single virtual server to serve multiple HTTPS websites by transmitting the target hostname during the TLS handshake.

ASession Tickets

Session Tickets are a TLS extension used for session resumption to reduce handshake overhead and improve performance, not for hosting multiple domains.

BOCSP Staping

OCSP Stapling allows the server to attach a pre-fetched certificate revocation response to the TLS handshake, which is unrelated to multi-domain virtual server hosting.

CServer Name indicationCorrect

SNI is a TLS extension defined in RFC 6066 in which the client includes the desired hostname in the ClientHello message before any certificate is exchanged. This allows a single IP address or virtual server to present different TLS certificates for different domain names, enabling multi-domain HTTPS hosting on one endpoint. Without SNI, the server cannot determine which certificate to present before the TLS handshake completes.

DCertificate Status Request

Certificate Status Request is the TLS extension mechanism that requests OCSP revocation status from the server, not a feature for serving multiple domains on one virtual server.

Concept tested: TLS Server Name Indication for multi-domain virtual hosting

Source: https://www.rfc-editor.org/rfc/rfc6066

Topics

#SNI#TLS extensions#virtual server#HTTPS multi-domain

Community Discussion

No community discussion yet for this question.

Full 101 Practice