201 · Question #3
A site needs to terminate client HTTPS traffic at the BIG IP and forward that traffic unencrypted. Which two are profile types that must be associated with such a virtual server. (Choose two.)
The correct answer is A. TCP D. ClientSSL. To terminate client HTTPS traffic and forward it unencrypted, a virtual server needs a TCP profile for basic connection handling and a ClientSSL profile for decryption.
Question
A site needs to terminate client HTTPS traffic at the BIG IP and forward that traffic unencrypted. Which two are profile types that must be associated with such a virtual server. (Choose two.)
Options
- ATCP
- BHTTP
- CHTTPS
- DClientSSL
- EServerSSL
How the community answered
(40 responses)- A85% (34)
- B8% (3)
- C3% (1)
- E5% (2)
Why each option
To terminate client HTTPS traffic and forward it unencrypted, a virtual server needs a TCP profile for basic connection handling and a ClientSSL profile for decryption.
The TCP profile is a foundational profile for any virtual server handling TCP-based network traffic, managing the underlying connection state.
An HTTP profile is typically used to inspect, modify, or optimize HTTP traffic, but it is not strictly required just to terminate SSL and forward unencrypted traffic; the question asks for profiles that *must* be associated.
HTTPS is a protocol, not a profile type itself on the BIG-IP; ClientSSL combined with potentially HTTP handles HTTPS traffic.
The ClientSSL profile is essential for the BIG-IP to perform SSL/TLS decryption on the incoming client-side HTTPS traffic, effectively terminating the encryption.
ServerSSL is used for re-encrypting traffic from the BIG-IP to the backend servers, which contradicts the requirement to forward traffic unencrypted.
Concept tested: Virtual server profiles for client-side SSL termination
Source: https://clouddocs.f5.com/clouddocs/big-ip-system-and-modules/latest/big-ip-ltm-basics/virtual-servers.html
Topics
Community Discussion
No community discussion yet for this question.