Exam 1z0-997-20 topic 1 question 11 discussion

Answer is B. It says "SSL Termination Only". Then, only it's needed to update in the listener/s. Question not talk about encrypt internal communication or change the deployed service. Otherway, update the certificate at backends will interrupt the active connections.

"SSL Termination Only"

d https://docs.oracle.com/en-us/iaas/Content/Balance/Tasks/update_certificate.htm

I think the correct answer is D based on this: To ensure consistent service, you must update (rotate) expiring certificates: Update your client or backend server to work with a new certificate bundle. Upload the new SSL certificate bundle to the load balancer: Edit listeners or backend sets (as needed) so they use the new certificate bundle (Optional) Remove the expiring SSL certificate bundle

B is the correct one. If LB does the SSL termination the backend servers know nothing about certificates.

So correct me if I'm wrong, but isn't the whole point of SSL Termination to take the pressure away from the backend servers? Meaning they are not involved in the process in the first place so they do not need to be updated to use the new certificate. Making the answer = B https://avinetworks.com/glossary/ssl-termination/

B is the correct option as the load balancer has been configured with SSL Termination only

B is correct. https://docs.oracle.com/en-us/iaas/Content/Balance/Tasks/managingcertificates.htm To ensure consistent service, you must update (rotate) expiring certificates: Update your client or backend server to work with a new certificate bundle. 1. Upload the new SSL certificate bundle to the load balancer: 2. Edit listeners or backend sets (as needed) so they use the new certificate bundle. Remember it is OR!!!! Important Updating the backend set temporarily interrupts traffic and can drop active connections. since it is OR, we can choose update either listener OR backend. update listener is a better choice since it does not cause any disruption.

Can someone explain to me why is not correct the option D when in the documentation says in regards to the certification expiring replacement: Editing a listener: Open the navigation menu, click Networking, and then click Load Balancers. Choose the Compartment that contains the load balancer you want to modify, and then click the load balancer's name. In the Resources menu, click Listeners. For the listener you want to edit, click the Actions menu, and then click Edit Listener. In the Certificate Name list, choose the new certificate bundle. Click Submit. So the option should be C

I agree with nenoAZ. The answer is B. To terminate SSL at the load balancer, you must create a listener at a port such as 443, and then associate an uploaded certificate bundle with the listener. (https://docs.oracle.com/en-us/iaas/Content/Balance/Tasks/managingcertificates.htm)

D is the correct Answer.

B since SSL termination only needs to associate the listeners with new certificate bundle; and no need to update the backend set given there is no encryption between LB and backend servers. Note A and D are not right as they are referring to backend servers (not backend set).

Answer is A if the certificate is configured to use L7. It is D if the certificates is configured L3/L4. https://serverfault.com/questions/68753/does-each-server-behind-a-load-balancer-need-their-own-ssl-certificate

D seems a better choice!

D seems to be the correct answer here.

D is the correct anwer - https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Tasks/managingcertificates.htm Update your client or backend server to work with a new certificate bundle. Editing a listener

B is the answer