nerdexam
Exams101Questions#623
F5

101 · Question #623

101 Question #623: Real Exam Question with Answer & Explanation

The correct answer is D: HTTP. In a packet capture, HTTP traffic is identifiable by plaintext headers, TCP port 80 usage, and readable HTTP status lines, distinguishing it from encrypted or non-HTTP protocols.

Question

BIG-IP Administrator performs the capture as shown in the image! On which protocol is the application responding?

Exhibit

101 question #623 exhibit

Options

  • ARDP
  • BHTTPS
  • CDNS
  • DHTTP

Explanation

In a packet capture, HTTP traffic is identifiable by plaintext headers, TCP port 80 usage, and readable HTTP status lines, distinguishing it from encrypted or non-HTTP protocols.

Common mistakes.

  • A. RDP traffic uses TCP port 3389 and presents a binary protocol handshake in captures, not HTTP-style headers or status codes.
  • B. HTTPS traffic runs over TCP port 443 and appears as opaque TLS-encrypted records with no readable HTTP content visible in a capture.
  • C. DNS traffic uses UDP or TCP port 53 and shows structured query and response records for domain name resolution, not HTTP methods or response codes.

Concept tested. Protocol identification using packet capture analysis

Reference. https://www.rfc-editor.org/rfc/rfc9110

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice