Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

F5 Networks F5CAB5 Exam - Topic 7 Question 10 Discussion

Refer to the exhibit.A BIG-IP Administrator needs to deploy an application on the BIG-IP system to performSSL offload and re-encrypt the traffic to pool members. During testing, users are unable to connect to the application.What must the BIG-IP Administrator do to resolve the issue? (Choose one answer)
D) Configure an SSL Profile (Server)
A) Remove the configured SSL Profile (Client)
B) Configure Protocol Profile (Server) as splitsession-default-tcp
C) Enable Forward Proxy in the SSL Profile (Client)

F5 Networks F5CAB5 Exam - Topic 7 Question 10 Discussion

Actual exam question for F5 Networks's F5CAB5 exam
Question #: 10
Topic #: 7
[All F5CAB5 Questions]

Refer to the exhibit.

A BIG-IP Administrator needs to deploy an application on the BIG-IP system to performSSL offload and re-encrypt the traffic to pool members. During testing, users are unable to connect to the application.

What must the BIG-IP Administrator do to resolve the issue? (Choose one answer)

Show Suggested Answer Hide Answer
Suggested Answer: D

To successfully performSSL offload and re-encryptionon a BIG-IP system, the virtual server must be configured withboth a Client SSL profile and a Server SSL profile. The Client SSL profile enables BIG-IP to decrypt inbound HTTPS traffic from clients, while the Server SSL profile is required tore-encrypt traffic before forwarding it to the pool members.

From the exhibit, the virtual server has aClient SSL profile configured, which allows BIG-IP to accept HTTPS connections from clients. However, there isno Server SSL profile attached, meaning BIG-IP attempts to sendunencrypted HTTP trafficto pool members listening on HTTPS (port 443). This protocol mismatch causes the server-side SSL handshake to fail, resulting in users being unable to connect to the application.

This behavior is well documented in BIG-IP SSL troubleshooting guides: when backend servers expect HTTPS, a Server SSL profile is mandatory to establish a secure connection from BIG-IP to the pool members.

The other options are incorrect:

Removing the Client SSL profile (Option A) would break client-side HTTPS.

The server-side TCP profile (Option B) is unrelated to SSL encryption.

Forward Proxy (Option C) is only used for outbound SSL inspection scenarios.

Therefore, configuring anSSL Profile (Server)is the correct and required solution.


by Kris at May 05, 2026, 09:19 PM

Limited Time Offer

25%

Off

Get Premium F5CAB5 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Barbra
1 month ago
This question seems similar to one we practiced where we had to configure profiles correctly. I wonder if the SSL Profile (Server) is the key here.
upvoted 0 times
...
Barabara
1 month ago
I'm not entirely sure, but I feel like enabling Forward Proxy in the SSL Profile might be related to how traffic is managed.
upvoted 0 times
...
Rickie
1 month ago
I think I remember something about needing an SSL Profile for the server to handle the re-encryption properly.
upvoted 0 times
...

Save Cancel