Examice

Exam 301b All QuestionsBrowse all questions from this exam

Question 41

An LTM Specialist is troubleshooting virtual server 10.0.0.1:443 residing on VLAN vlan301. The web application is accessed via www.example.com. The LTM

Specialist wants to save a packet capture with complete decrypted payload for external analysis.

Which command should the LTM Specialist execute on the LTM device command line interface?

tcpdump -vvv -s 0 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap

tcpdump -vvv -s 0 -ni vlan301 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap

ssldump -Aed -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap

ssldump -Aed -ni vlan301 -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap

Correct Answer: C

To capture and decrypt the SSL traffic as requested, the LTM Specialist should use the 'ssldump' command to decrypt the payload using the private key and direct the output to a file. While 'tcpdump' is often used for capturing packets, it does not have the capability to decrypt SSL traffic. The correct command should specify the use of the private key for decryption, as well as the necessary parameters to capture the traffic. Therefore, the correct command is 'ssldump -Aed -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap'. This command will decrypt the payload and save it for external analysis.

Discussion

GVKDOption: D

D - Correct