Which SSL offload setting should be configured to provide end-to-end encryption with caching and compression for an externally accessible website?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master Citrix ADC13 with Citrix Gateway 1Y0-231 Test. Use flashcards and multiple choice questions with hints. Prepare thoroughly for your exam!

Multiple Choice

Which SSL offload setting should be configured to provide end-to-end encryption with caching and compression for an externally accessible website?

Explanation:
To have end-to-end encryption while still enabling caching and compression, the SSL/TLS must be present on both legs of the path: from the client to the ADC and from the ADC to the backend server. The ADC then can decrypt the client’s HTTP for caching and compression, while the traffic to the origin remains encrypted. Using TLS on both the front-end and the back-end (the SSL_TCP configuration on both sides) achieves this. On the front-end, the ADC terminates TLS with the client, so it can inspect and optimize the HTTP traffic. On the back-end, the ADC speaks TLS to the origin, preserving encryption all the way to the backend server. This combination provides end-to-end security and allows the ADC to perform caching and compression since it can work with decrypted HTTP at the edge. If the backend path isn’t encrypted (for example, plain HTTP or TCP without TLS), the encryption ends at the ADC and isn’t preserved to the origin, defeating end-to-end encryption. Similarly, if the front-end isn’t handling TLS, client traffic isn’t protected on the public path.

To have end-to-end encryption while still enabling caching and compression, the SSL/TLS must be present on both legs of the path: from the client to the ADC and from the ADC to the backend server. The ADC then can decrypt the client’s HTTP for caching and compression, while the traffic to the origin remains encrypted.

Using TLS on both the front-end and the back-end (the SSL_TCP configuration on both sides) achieves this. On the front-end, the ADC terminates TLS with the client, so it can inspect and optimize the HTTP traffic. On the back-end, the ADC speaks TLS to the origin, preserving encryption all the way to the backend server. This combination provides end-to-end security and allows the ADC to perform caching and compression since it can work with decrypted HTTP at the edge.

If the backend path isn’t encrypted (for example, plain HTTP or TCP without TLS), the encryption ends at the ADC and isn’t preserved to the origin, defeating end-to-end encryption. Similarly, if the front-end isn’t handling TLS, client traffic isn’t protected on the public path.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy