Exam 350-901 topic 1 question 19 discussion

I would say C and D depending on the protocol (HTTP or HTTPS). A and B probaly wrong, because UDP works with DTLS rather than TLS.

C and D A and B cannot be good as the connectionless UDP will not map to the connection-oriented TCP, which http and https use E cannot be true, as SCTP is a stream control protocol, cannot be mapped to http In both C and D the LB terminates TLS, and originates the http connection, either encrypted (HTTP), or not encrypted (HTTPS=HTTP+TLS) way.

https://www.ietf.org/proceedings/54/I-D/draft-ietf-tsvwg-tls-over-sctp-00.txt - about E

Selected Answer: CD Stream Control Transmission Protocol (SCTP) use DTLS DTLS is a protocol based on TLS that is capable of securing the datagram transport. DTLS is well-suited for securing applications and services that are delay-sensitive (and hence use datagram transport), tunneling applications such as VPNs, and applications that tend to run out of file descriptors or socket buffers. https://datatracker.ietf.org/doc/html/rfc9260

In the context of load balancing, TLS termination is typically handled over a TCP connection. UDP and SCTP are less common for this use case due to the lack of reliability compared to TCP, especially for applications such as file servers. Once TLS is terminated, the load balancer can then initiate a new connection to the selected server. This can be either HTTP or HTTPS depending on the specific needs of the network and application, although using HTTP is more common after termination because the load balancer has already decrypted the traffic and can then send it unencrypted to the server in a secure network. Given these considerations, the two correct options are: C. Terminate the TLS over the TCP connection from the router and originate an HTTP connection to the selected server. D. Terminate the TLS over the TCP connection from the router and originate an HTTPS connection to the selected server.

Tend to think it is - DE TLS with HTTPs is obvious. And from the rest the only protocol supporting TLS is SCTP. UDP is usind DTLS. And HTTP is NOT using TLS at all.

C and D are related to HTTPS with or without SSL offloading.

C and D are the correct answer. The traffic from the router is via the internet so LB should secure and use TLS to terminate the connection from the router. and the LB should handle the SSL offloading. Then from LB, it will create a new session originating from the LB (via selfIPs) and whether to use HTTP or HTTPS to the server.

TLS is not used with HTTP connections :)

https 443/sctp HTTPS # IETF TSVWG # Randall Stewart <[email protected]> # [RFC4960] World Wide Web HTTP over TLS/SSL over SCTP.

C and D

Neither UDP or SCTP are relevant

The question is wrongly formulated and not complete. What is it originated from the router or a user making website requests i.e what client and destination application is used being haled. I would say C and D.

C is a concept called SSL/TLS offloader aka SSL/TLS Termination. C and D is correct! SCTP has nothing to do with HTTP and HTTPS.

D and E for sure

I don't think I've ever configured SCTP on a load balancer, and it's not really a 'security' protocol. Also a ton of load balancers don't even know how to differentiate them (https://support.f5.com/csp/article/K3800)

I would agree with JM_Lee. TLS provides security (HTTPS) hence in my opinion would be DE