F5 BIG-IP LTM Specialist: Maintain and Troubleshoot — Question 197

An LTM Specialist has just captured trace /var/tmp/trace.cap for site www.example.com while listening on virtual address 10.0.0.1:443 configured on partition
ApplicationA. The data payload being captured is SSL encrypted.
Which command should the LTM Specialist execute to decrypt the data payload?

Answer options

• A. ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/Common_d/certificate_d/:Common:www.example.com.crt_1
• B. ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1
• C. ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/ApplicationA_d/certificate_d/:ApplicationA:www.example.com.crt_1
• D. ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/ApplicationA_d/certificate_key_d/:ApplicationA:www.example.com.key_1

Correct answer: B

Explanation

The correct answer is B because it uses the key file needed to decrypt the SSL traffic captured in the trace. Options A and C incorrectly reference certificate files instead of the required key file, while option D uses the key path for ApplicationA, which is not correct for the certificate associated with www.example.com.