F5 Application Delivery Fundamentals — Question 57

Which statement is true concerning SSL termination.

Answer options

• A. A virtual server that has both ClientSSL and ServerSSL profiles can still support cookie persistence.
• B. Decrypting traffic at the BIG-IP allows the use of iRules for traffic management, but increases the load on the pool member.
• C. When any virtual server uses a ClientSSL profile, all SSL traffic sent to the BIG-IP is decrypted before it is forwarded to servers.
• D. If a virtual server has both a ClientSSL and ServerSSL profile, the pool members have less SSL processing than if the virtual server had only a ClientSSL profile.

Correct answer: A

Explanation

Option A is correct because a virtual server with both ClientSSL and ServerSSL profiles can indeed support cookie persistence, allowing for session continuity. Option B is misleading as it states that decryption increases load on pool members; while true, it doesn't negate A's correctness. Option C is incorrect because not all SSL traffic is decrypted before forwarding; some may remain encrypted. Option D is false as having both profiles does not necessarily mean reduced SSL processing for pool members.