nerdexam
F5

201 · Question #299

201 Question #299: Real Exam Question with Answer & Explanation

The correct answer is A. No SSL certificates are required on the BIG-IP.. When a virtual server uses a ServerSSL profile, the BIG-IP acts as an SSL client to the backend server and typically does not require its own SSL certificate.

Section 7: Configure Advanced Features

Question

Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the BIG- IP?

Options

  • ANo SSL certificates are required on the BIG-IP.
  • BThe BIG-IP's SSL certificates must only exist.
  • CThe BIG-IP's SSL certificates must be issued from a certificate authority.
  • DThe BIG-IP's SSL certificates must be created within the company hosting the BIG-IPs.

Explanation

When a virtual server uses a ServerSSL profile, the BIG-IP acts as an SSL client to the backend server and typically does not require its own SSL certificate.

Common mistakes.

  • B. The BIG-IP's own SSL certificates are generally required for ClientSSL profiles, where the BIG-IP acts as a server, or if mutual SSL is enabled for ServerSSL.
  • C. Certificates issued from a CA would be needed if the BIG-IP were presenting itself as a server (ClientSSL) or for mutual SSL, but not for basic ServerSSL where it acts as a client.
  • D. The origin of the BIG-IP's SSL certificates is irrelevant if no certificates are needed at all for the specified ServerSSL profile use case.

Concept tested. Server-side SSL (ServerSSL) certificate requirements

Reference. https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-system-ssl-administration/working-with-ssl-profiles.html

Topics

#ServerSSL profile#SSL certificates#SSL handshake#backend communication

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 201 Practice