Exam F5CAB5 Topic 6 Question 22 Discussion

Actual exam question for F5's F5CAB5 exam
Question #: 22
Topic #: 6
Without decrypting, what portion of an HTTPS session is visible with a packet capture?

Suggested Answer: B Vote an answer

When analyzing HTTPS traffic using tools like tcpdump without access to the SSL private keys for decryption, only the Layer 2 through Layer 4 information remains visible.
* Visible Information: You can see the Source and Destination IP addresses, TCP ports, and the TLS handshake headers (such as the Server Name Indication/SNI in the Client Hello).
* Encrypted Information: Once the encrypted tunnel is established, all Layer 7 data is masked. This includes HTTP Request/Response Headers (Option A and D) and Cookies (Option C).
* Troubleshooting Note: To see the headers or cookies, an administrator must either perform the packet capture on the "server-side" of the BIG-IP (if it is performing SSL Offload) or use a tool like Wireshark with the appropriate SSL keys loaded.

by Betty at Jul 11, 2026, 05:07 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10