nerdexam
F5

101 · Question #529

What should the BIG-IP Administrator configure to perform SSL offloading when the certificate is already imported on the BIG-IP device?

The correct answer is B. Virtual server using client SSL profile configured to use the certificate. SSL offloading on F5 BIG-IP is achieved by binding a Client SSL profile - containing the server certificate and key - directly to the virtual server, so BIG-IP terminates the client's SSL session.

Section 5: Application Delivery Basics

Question

What should the BIG-IP Administrator configure to perform SSL offloading when the certificate is already imported on the BIG-IP device?

Options

  • AHTTP profile using client SSL profile
  • BVirtual server using client SSL profile configured to use the certificate
  • CVirtual server using server SSL profile configured to use the certificate
  • DHTTP profile using server SSL profile

How the community answered

(49 responses)
  • A
    8% (4)
  • B
    88% (43)
  • C
    2% (1)
  • D
    2% (1)

Why each option

SSL offloading on F5 BIG-IP is achieved by binding a Client SSL profile - containing the server certificate and key - directly to the virtual server, so BIG-IP terminates the client's SSL session.

AHTTP profile using client SSL profile

An HTTP profile controls HTTP traffic behavior such as header manipulation but does not handle SSL certificate binding or TLS termination.

BVirtual server using client SSL profile configured to use the certificateCorrect

A Client SSL profile on F5 BIG-IP defines the certificate, key, and cipher settings used to terminate SSL/TLS connections coming from clients. By attaching this profile to the virtual server (not an HTTP profile), BIG-IP decrypts incoming HTTPS traffic, offloading that CPU burden from backend servers. The certificate that was imported on the BIG-IP is referenced within this Client SSL profile configuration.

CVirtual server using server SSL profile configured to use the certificate

A Server SSL profile is used when BIG-IP needs to re-encrypt traffic toward the backend server (SSL bridging), not for terminating the client-facing SSL session.

DHTTP profile using server SSL profile

Attaching a Server SSL profile to an HTTP profile does not terminate inbound client SSL connections and is not the correct mechanism for SSL offloading.

Concept tested: F5 BIG-IP SSL offloading with Client SSL profile

Source: https://my.f5.com/manage/s/article/K14783

Topics

#SSL offloading#client SSL profile#virtual server#BIG-IP configuration

Community Discussion

No community discussion yet for this question.

Full 101 Practice