F5 TMOS Administration — Question 6

Which statement is true concerning SSL termination?

Answer options

• A. A virtual server that has both ClientSSL and ServerSSL profiles can still support cookie persistence.
• B. Decrypting traffic at the BIG-IP allows the use of iRules for traffic management, but increases the load on the pool member.
• C. When any virtual server uses a ClientSSL profile, all SSL traffic sent to the BIG-IP is decrypted before it is forwarded to servers.
• D. If a virtual server has both a ClientSSL and ServerSSL profile, the pool members have less SSL processing than if the virtual server had only a ClientSSL profile.

Correct answer: A

Explanation

Answer A is correct because a virtual server with both ClientSSL and ServerSSL profiles can indeed support cookie persistence. Option B is incorrect since while decrypting traffic allows for iRules, it does increase the load on the system, but this does not pertain to SSL termination directly. Option C is misleading, as not all SSL traffic must be decrypted for every virtual server. Option D is inaccurate because having both profiles does not necessarily reduce processing load compared to having just a ClientSSL profile.