exam questions

Exam 301b All Questions

View all questions & answers for the 301b exam

Exam 301b topic 1 question 41 discussion

Actual exam question from F5's 301b
Question #: 41
Topic #: 1
[All 301b Questions]

Given this as the first packet displayed of an ssldump:
2 2 1296947622.6313 (0.0001) S>CV3.1(74) Handshake

ServerHello -

Version 3.1 -
random[32]=
19 21 d7 55 c1 14 65 63 54 23 62 b7 c4 30 a2 f0
b8 c4 20 06 86 ed 9c 1f 9e 46 0f 42 79 45 8a 29
session_id[32]=
c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad
4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
In reviewing the rest of the ssldump, the application data is NOT being decrypted.
Why is ssldump failing to decrypt the application data?

  • A. The application data is encrypted with SSLv3.
  • B. The application data is encrypted with TLSv1.
  • C. The data is contained within a resumed TLS session.
  • D. The BigDB Key Log.Tcpdump.Level needs to be adjusted.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
GVKD
4 months, 2 weeks ago
C - Correct Here's what you can look for to identify a resumed TLS connection in ssldump: 1. Missing ClientHello and ServerHello messages: In a resumed session, these messages are omitted as the client can reuse the existing session information. 2. Session ID presence: Look for the "Session ID" field in the handshake messages. If present, it indicates that the client is attempting to resume a previous session. 3. Cipher Suite agreement: In resumed sessions, the client and server directly agree on the cipher suite without negotiation, unlike the multiple options offered in a full handshake. 4. Short and fast handshake: Resumed sessions have significantly shorter handshakes as they do not require the full key exchange process. 5. Missing server certificate: Since the server already presented its certificate during the initial handshake, it won't be resent in a resumed session.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago