Exam F5CAB5 Topic 6 Question 22 Discussion
Actual exam question for F5's F5CAB5 exam
Question #: 22
Topic #: 6
Question #: 22
Topic #: 6
Without decrypting, what portion of an HTTPS session is visible with a packet capture?
Suggested Answer: B Vote an answer
When analyzing HTTPS traffic using tools like tcpdump without access to the SSL private keys for decryption, only the Layer 2 through Layer 4 information remains visible.
* Visible Information: You can see the Source and Destination IP addresses, TCP ports, and the TLS handshake headers (such as the Server Name Indication/SNI in the Client Hello).
* Encrypted Information: Once the encrypted tunnel is established, all Layer 7 data is masked. This includes HTTP Request/Response Headers (Option A and D) and Cookies (Option C).
* Troubleshooting Note: To see the headers or cookies, an administrator must either perform the packet capture on the "server-side" of the BIG-IP (if it is performing SSL Offload) or use a tool like Wireshark with the appropriate SSL keys loaded.
* Visible Information: You can see the Source and Destination IP addresses, TCP ports, and the TLS handshake headers (such as the Server Name Indication/SNI in the Client Hello).
* Encrypted Information: Once the encrypted tunnel is established, all Layer 7 data is masked. This includes HTTP Request/Response Headers (Option A and D) and Cookies (Option C).
* Troubleshooting Note: To see the headers or cookies, an administrator must either perform the packet capture on the "server-side" of the BIG-IP (if it is performing SSL Offload) or use a tool like Wireshark with the appropriate SSL keys loaded.
by Betty at Jul 11, 2026, 05:07 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).