New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

F5 303 BIG-IP ASM Specialist Exam Practice Test

Page: 1 / 0
Total 0 questions

BIG-IP ASM Specialist Questions and Answers

Question 1

Users are experiencing low throughput when downloading large files over a high-speed WAN connection. Extensive packet loss was found to be an issue but CANNOT be eliminated.

Which two TCP profile settings should be modified to compensate for the packet loss in the network? (Choose two.)

Options:

A.

slow start

B.

proxy options

C.

proxy buffer low

D.

proxy buffer high

E.

Nagle's algorithm

Question 2

A BIG-IP Administrator makes a configuration change to a Virtual Server on the Standby device of an HA pair. The HA pair is currently configured with Auto-Sync Enabled. What effect will the change have on the HA pair configuration?

Options:

A.

The change will be undone when Auto-Sync propagates the config to the HA pair.

B.

The change will be propagated next time a configuration change is made on the Active device.

C.

The change will be undone next time a configuration change is made on the Active device.

D.

The change will take effect when Auto-Sync propagates the config to the HA pair.

Question 3

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

How should the LTM Specialist minimize the configuration?

Options:

A.

Remove the pool member level monitors.

B.

The configuration is as minimized as possible.

C.

Create a single monitor and apply it to each pool member.

D.

Create a single monitor, apply it to the pool, and remove the pool member level monitors.

Question 4

The pool members are serving up simple static web content.

The current virtual server configuration is given as follows:

tmsh list ltm virtual simple

ltm virtual simple {

destination 10.10.10.10:80

ip-protocol tcp

mask 255.255.255.255

profiles {

http { }

httpcompression { }

oneconnect { }

tcp { }

}

snat automap

vlans-disabled

}

tmsh list ltm pool simple_pool

ltm pool simple_pool {

members {

10.10.10.11:80 {

address 10.10.10.11 }

10.10.10.12:80 {

address 10.10.10.12 }

10.10.10.12:80 {

address 10.10.10.13 }

}

}

Which three objects in the virtual server configuration can be removed without disrupting functionality of the virtual server? (Choose three.)

Options:

A.

tcp

B.

http

C.

oneconnect

D.

snat automap

E.

httpcompression

Question 5

TWO BIG-IP appliances need to be configured to load balance multiple firewall in a firewall sandwich,

Which health monitor setting should be used to verify that the firewalls are able to forward traffic?

Options:

A.

Adaptive

B.

Reverse

C.

Transparent

D.

Up internal

Question 6

An unwanted IP addresstries to connect to the configuration utility via Self IP An LTM Specialist needs to block the attempts based on the IP address.

How should the ITM Specialist block the attempts without affecting other users?

Options:

A.

SSH IP allow list

B.

Port lockdown

C.

Devicetrust

D.

Packet filter

Question 7

The BIG-IP Administrator needs to perform a BIG-IP device upgrade to the latest version of TMOS. Where can the administrator obtain F5 documentation on upgrade requirements?

Options:

A.

iHealth

B.

Network > Interfaces

C.

Local Traffic > Pools

D.

AsKFS

E.

Local Traffic > Virtual Servers

Question 8

A BIG-IP Administrator wants to add a new Self IP to the BIG-IP device. Which item should be assigned to the new Self IP being configured?

Options:

A.

Interface

B.

Route

C.

VLAN

D.

Trunk

Question 9

A web application is meant to log the URI of the resource that responded to the client's initial Request-URI.

Which HTTP header will supply this information?

Options:

A.

Via

B.

Server

C.

Trailer

D.

Referer

Question 10

To increase available bandwidth of an existing Trunk, the BIG-IP Administrator is adding additional

interfaces.

Which command should the BIG-IP Administrator run from within bosh shell?

Options:

A.

tmsh create /net trunk trunk_A interfaces add {1.3.1.4}

B.

tmsh create/sys trunk trunk_A interfaces add {1.3.1.4}

C.

tmsh modify/sys trunk trunk^A interfaces add {1.3.1.4}

D.

tmsh modify /net trunk trunk_A interfaces add {1.3.1.4}

Question 11

The BIG-IP Administrator disable all pool members in a pool Users are still able to reach the pool

members.

What is allowing users to continue to reach the disabled poo! members?

Options:

A.

A slow to time on Pool

B.

A persistence profile on the Virtual Server

C.

A slow ramp time on virtual Server

D.

A persistence profile on the Pool

Question 12

An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1

Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)

Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only server traffic specifically for this application?

Options:

A.

tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap

B.

tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

C.

tcpdump -ni vlan302 -s 0 'port 8080 and (host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

D.

tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

Question 13

The BIG-IP Administrator needs to ensure the correct health monitor is being used lor a new HTTP pool

named P_example.

Where should the BIG-IP Administrator validate these settings in the Configuration Utility?

Options:

A.

Local Traffic > Nodes > Default Monitor

B.

Local Traffic > Profiles > Services > HTTP > http

C.

Local Traffic > Monitors > http

D.

Local Traffic > Pools > P_ example

Question 14

An LTM Specialist uploaded new releases .iso and .md5 files titled "BIGIP-FILENAME" via the GUI.

Which commands are run via the command line from the root directory to verify the integrity of the new .iso file?

Options:

A.

cd /var/shared/images

md5sum --check BIGIP-FILENAME.iso

B.

cd /shared/images

md5sum --check BIGIP-FILENAME.iso

C.

cd /var/shared/images

md5sum --check BIGIP-FILENAME.iso.md5

D.

cd /shared/images

md5sum --check BIGIP-FILENAME.iso.md5

Question 15

An LTM Specialist notices the following error on the stdout console:

mcpd[2395]: 01070608:0: License is not operational(expired or digital signature does not match contents)

Which command should be executed to verify the LTM device license?

Options:

A.

bigpipe version

B.

tmsh show /sys license

C.

tmsh /util bigpipe version

D.

tmsh show /sys license status

Question 16

The BIG-IP Administrator configures an HTTP monitor with a specific receive string. The status is marked

'down'.

Which tool should the administrator use to identify the problem?

Options:

A.

Ping

B.

Health

C.

tcpdump

D.

ifconfig

Question 17

A BIG-IP Administrator upgrades the BIG-IP LTM to a newer software version. After the administrator reboots into the new volume, the Configuration fails to load. Why is the Configuration failing to load?

Options:

A.

The license needs to be reactivated before the upgrade.

B.

The upgrade was performed on the standby unit.

C.

A minimum of at least two reboots is required.

D.

Connectivity to the DNS server failed to be established.

Question 18

An LTM Specialist needs to assign a health monitor to a pool with two pool members 10.10.10 101 and 10.10.10.102 Both pool members are listening on port 8080 with TCP. The health of the application depends on the health of an another server(10 10 10 100) that runs port 9080 with TCP.

Which two custom TCP monitors should be selected as the pool's health monitors' (Choose two)

Options:

A.

a custom TCP monitor that works on port 9080 with 10.10.10.100 as alias address

B.

a custom TCP monitor that workson port 9080,

C.

a custom TCP monitor that works on port 8080

D.

a custom TCP monitor that works on port 9080 with 10,10.10.101 as alias address

E.

a custom TCP monitor that works on port 8080 with 10.10.10.101 as alias address

F.

a custom TCP monitor thatworks on port 8080 with 10.10.10.102 is alias address

Question 19

Refer to the exhibit.

A user attempts to connect to 10.10.10.1.80 using FTP over SSL with an FTPS client. Which virtual server will match and attempt to process the request?

Options:

A.

vsjutps

B.

vs_ftp

C.

vs_http

D.

nvfs

Question 20

A custom HTTP monitor is failing to a pool member 10.10.3.75:8080 that serves up

A ping works to the pool member address.

The SEND string that the monitor is using is:

Close/r/n/r/n

Which CLI tool syntax will show that the web server returns the correct HTTP response?

Options:

A.

curlhttp://10.10.10.3.75:8080/www.example.com/index.html

B.

curl-header 'Host:www.example.com' http://10.10.3.75:8080/

C.

tracepath 'http://www.example.com:80

D.

tracepath 10.10.3.75:8080 GET /index

Question 21

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A pair of LTM devices are deployed in a high-availability (HA) pair as the diagram shows. After inserting a new rule on the firewalls, the LTM devices become Standby. The rule drops all outbound sessions to the Internet. Only inbound connections are allowed from the Internet. There are no other changes to the environment.

What triggered the LTM device failover?

Options:

A.

HA Group

B.

Auto Failback

C.

VLAN Failsafe

D.

Gateway Failsafe

Question 22

An LTM device configured with a management IP address and route and a series of self-IPs and TMM routes.Both management and TMM have a routing entry for 101 10/24 Application traffic is being load balanced and sent to pool member 10.1.1.123 with SNAT Automap and configured.

Which route will the LTM device use?

Options:

A.

TMM route regardless of the management port status

B.

both routes, which will duplicate traffic on both management and TMM interface

C.

equal cost multipath load balancing via both routes

D.

management route when TMM interface is down or TMM is offline

E.

management route regardless of the managementport status

Question 23

A 8IG-IP Administrator configures a node with a standard icmp Health Monitor. The Node shows as DOWN although the Backend Server is configured to answer ICMP requests. Which step should the administrator take next to find the root cause of this issue?

Options:

A.

Run a curl Run a qkview

B.

Run a qkview

C.

Runatcpdump

D.

Runanssldump

Question 24

Which three HTTP headers allow an application server to determine the client's language compatibility, browser, operating system type, and compression compatibility? (Choose three.)

Options:

A.

Accept

B.

Accept-Encoding

C.

Accept-Language

D.

Host

E.

User-Agent

Question 25

Refer to the exhibit.

A pool member fails the monitor checks for about 30 minutes and then starts passing the monitor

checks. New traffic is Not being sent to the pool member.

What is the likely reason for this problem?

Options:

A.

The pool member is disabled

B.

Monitor Type is TCP Half Open

C.

Manual resume is enabled

D.

Time Until Up is zero

Question 26

Refer to the exhibit

The network team creates a new VLAN on the switches. The BIG-IP Administrator needs to create a

configuration on the BIG-IP device. The BIG-IP Administrator creates a new VLAN and Self IP, but the

servers on the new VLAN are NOT reachable from the BIG-IP device.

Which action should the BIG-IP Administrators to resolve this issue?

Options:

A.

Set Port Lockdown of Set IP to Allow All

B.

Change Auto Last Hop to enabled

C.

Assign a physical interface to the new VLAN

D.

Create a Floating Set IP Address

Question 27

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

An LTM device has been configured for load balancing a number of different application servers. Configuration changes need to be made to the LTM device to allow administrative management of the servers in 172.16.10/24, 172.16.20/24, and 172.16.30/24 networks. The servers require outbound access to numerous destinations for operations.

Which solution has the simplest configuration changes while maintaining functionality and basic security?

Options:

A.

Remove 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24, and keep 0.0.0.0:0/0.0.0.0 enabled on all VLANs.

B.

Replace 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24, with 172.16.0.0:0/16, and keep 0.0.0.0:0/0.0.0.0.

C.

Enable 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24 on ingress VLAN(s), and enable 0.0.0.0:0/0.0.0.0 on egress VLAN(s).

D.

Enable 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24 on egress VLAN(s), and enable 0.0.0.0:0/0.0.0.0 on ingress VLAN(s).

Question 28

A web server's default gateway is the network router. The LTM Specialist needs to introduce an LTM device to load balance to the web servers without changing the server's default gateway.

Which deployment method and settings should the LTM Specialist use to ensure correct traffic flow and that the web servers can obtain the actual con IP addresses?

Options:

A.

route deployment with Automap configured and X-Forwarded-For inserted in HTTP headers

B.

route deployment without SNAT configuration

C.

SNAT deployment with automap configured and X-Forwarded-For inserted in HTTP headers

D.

SNAT deployment with automap configured

Question 29

A BIG-IP Administrator needs to collect HTTP status code and HTTP method for traffic flowing through a

virtual server.

Which default profile provides this information?

Options:

A.

HTTP

B.

Analytics

C.

Request Adapt

D.

Statistics

Question 30

The LTM Specialist is in the process of creating a USB boot drive for the purpose of restoring the BIG-IP software to an LTM device. A separate LTM device has been selected for the purpose of creating the USB boot drive. The BIG-IP software ISO has already been uploaded and mounted on the separate LTM device.

Which command should the LTM Specialist use to trigger the LTM device to install the BIG-IP software to the USB boot drive?

Options:

A.

tmsh

B.

install

C.

mkdisk

D.

bigip_software_create

Question 31

A customer wants to select the pool for an application based on information found in the path ofthe URL.

For example:

1 should be sent to the app 1 pool

2 should be sent to the app2 pool

Which two profiles need to be assigned to the virtual server? (Choose two.)

Options:

A.

Client SSL

B.

Persistence

C.

TTPCompression

D.

HTTP

E.

TCP

Question 32

An LTM Specialist needs to rewrite text within an HTML response from a web server. A client is sending the following HTTP request:

GET / HTTP/1.1

Host:

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-LanguagE. en-US,en;q=0.5

Accept-EncodinG. gzip, deflate

Cache-Control: no-cache

Connection: keep-alive

CookiE. somecookie=1

HTTP/1.1 200 OK

Server: Apache/2.2.15 (Unix)

Last-ModifieD. Wed, 12 Aug 2009 00:00:30 GMT

Accept-Ranges: bytes

Content-LengtH. 1063

X-Cnection: close

Content-TypE. text/html; charset=UTF-8

Vary: Accept-Encoding

Content-EncodinG. gzip

Connection: Keep-Alive

Although a stream profile has been added to the virtual server, the content within the HTTP response is NOT being matched and therefore NOT modified.

Which header field is contributing to the issue?

Options:

A.

HTTP Method

B.

Cookie content

C.

User-Agent Value

D.

Accept-Encoding header

Question 33

An LTM Specialist plans to enable connection mirroring for a virtualserver in an HA environment.

What must the LTM Specialist consider before implementing the configuration change?

Options:

A.

Impact on system performance that might be noticeable

B.

The add-on license that is required for this feature to be available

C.

Creating the required separate interface for connection mirroring

D.

Decreased number of possible concurrent connections to that virtual server

Question 34

The network team introduces a new subnet 10.10.22.0/24 to the network. The route needs to be configured on the F5 device to access this network via the 30.30.30.158 gateway.

How should the LTM Specialist configure thisroute?

Options:

A.

Tmsh modify net route 10.10.22/24 gw 30.30.30.158

B.

Tmsh create net route 10.10.22/24 gw 30.30.30.158

C.

Tmsh changey net route 10.10.22/24 gw 30.30.30.158

D.

Tmsh add net route 10.10.22/24 gw 30.30.30.158

Question 35

A new VLAN vlan301 has been configured on a highly available LTM device in partition ApplicationA. A new directly connected backend server has been placed on vlan301. However, there are connectivity issues pinging the default gateway. The VLAN self IPs configured on the LTM devices are 192.168.0.251 and 192.168.0.252 with floating IP 192.168.0.253. The LTM Specialist needs to perform a packet capture to assist with troubleshooting the connectivity.

Which command should the LTM Specialist execute on the LTM device command line interface to capture the attempted pings to the LTM device default gateway on VLAN vlan301?

Options:

A.

tcpdump -ni /ApplicationA/vlan301 'host 192.168.0.253'

B.

tcpdump -ni vlan301 'host 192.168.0.253'

C.

tcpdump -ni /ApplicationA/vlan301 'host 192.168.0.251 or host 192.168.0.252'

D.

tcpdump -ni vlan301 'host 192.168.0.251 or host 192.168.0.252'

Question 36

What is the correct command to reset an LTM device to its default settings?

Options:

A.

tmsh reset-all default

B.

tmsh set /sys config defaults

C.

tmsh load /sys config default

D.

tmsh /util bigpipe reset-factory-defaults

Question 37

An LTM Specialist needs to loadbalance an application using an LTM device to meet the requirements:

The application servers do NOT Support SSL, but client access to the application should be secured.

Multiple requests from the same client should be sent to the same pool member.

All pool members will have roughly the same processing power, and traffic should be distributed evenly.

The LTM device is NOT the pool members' default gateway.

which configuration should the LTM Specialist.

Options:

A.

a performance 14 virtual server with a SNAT and cookie persistence

B.

a performance L4 virtual server with a Client SSL profile and Source Address persistence

C.

A performance L4 virtual server with a SNAT, HTTP profile. Server SSL profile, and cookie persistence

D.

A standard virtual server with a SNAT, HTTP profile Server SSL profile, and cookie persistence

E.

A standard virtual server with a SNAT, HTTP profile, Client profile, andd cookie persistance.

Question 38

Which Virtual Server type prevents the use of a default pool?

Options:

A.

Performance (Layer 4)

B.

Forwarding (IP)

C.

Performance HTTP

D.

Standard

Question 39

A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing power

outages.

Which log file should the BIG-IP Administrator check to verify the suspicion?

Options:

A.

/war /log/daemon.log

B.

/var/log/kern.log

C.

/var/log/ltm

D.

/var/log/audit

Question 40

Remote users who access the LTM device are authenticated via Radius. The default remote user role is Guest Some users need LTM device with the Administrator role. The F5 Radius attributes are configure on the Radius server.

Which configuration item needs to be created?

Options:

A.

Remote User role

B.

Admin account

C.

User role

D.

Useraccount

Question 41

AN LTM Specialist receives reports that an external company application is having reliability issues. The F5 Administrator finds the following in /vat/log/ltm file.

The LTM Specialist determines that the F5 LTMdevice is entering into Aggressive Mode Adaptive Reaping, which is causing the site reliability issues.

What is the most likely reason that the LTM device has entered into Aggressive Mode Adaptive Reaping?

Options:

A.

The LTM device exceeds licensed traffic limits.

B.

The site has too many licensed modules.

C.

The LTM device has not provisioned AVR.

D.

The site is under DDOS attack

Question 42

Which iRule will instruct the client's browser to avoid caching HTML server responses?

Options:

A.

when HTTP_REQUEST {

if {[HTTP::header Content-Type] equals "html"} {

HTTP::header insert Pragma "no-cache"

HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"

HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"

}

}

B.

when HTTP_REQUEST {

if {[HTTP::header Content-Type] contains "html"} {

HTTP::header insert Pragma "no-cache"

HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"

HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"

}

}

C.

when HTTP_RESPONSE {

if {[HTTP::header Content-Type] contains "html"} {

HTTP::header insert Pragma "no-cache"

HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"

HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"

}

}

D.

when HTTP_RESPONSE {

if {[HTTP::header Content-Type] equals "html"} {

HTTP::header insert Pragma "no-cache"

HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"

HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"

}

}

Question 43

Refer to the exhibit.

The http monitor is applied to a pool All members are enabled One pool member stops responding TCP port 80. The server still responds to ping.

What is the resulting status ofthis pool member?

Options:

A.

Available (Enabled)

B.

Offline (Disabled)

C.

Unavailable (Disabled)

D.

Unknown (Enabled)

Question 44

Given the log entry:

011f0005:3: HTTP header (32800) exceeded maximum allowed size of 32768 (Client sidE. vip=/Common/VS_web profile=http pool=/Common/POOL_web client_ip=10.0.0.1)

Which HTTP profile setting can be modified temporarily to resolve the issue?

Options:

A.

Increase Maximum Requests

B.

Decrease Maximum Requests

C.

Increase Maximum Header Count

D.

Decrease Maximum Header Count

E.

Increase Maximum Header size

F.

Decrease Maximum Header size

Question 45

An LTM Specialist has installed a hotfix that updated the SCCP firmware package.

Which command will ensure that the host subsystem and SCCP reboot?

Options:

A.

reboot

B.

full_box_reboot

C.

shutdown -r now

D.

The reboot should be initiated via the HTTPS administration GUI.

Question 46

Refer to the exhibit.

How long will the persistence record remain in the table?

Options:

A.

180 seconds after the last packet

B.

180 seconds after the initial table entry

C.

300 seconds after the initial table entry

D.

300 seconds after the last packet

Question 47

A BIG-IP Administrator applied the latest hotfix to an inactive boot location by mistake, and needs to downgrade back to the previous hotfix.

What should the BIG-IP Administrator do to change the boot location to the previous hotfix?

Options:

A.

Uninstall the newest hotfix and reinstall the previous hotfix

B.

Reinstall the base version and install the previous hotfix

C.

Reinstall the previous hotfix and re-activate the license

D.

Uninstall the base version and restore the UCS

Question 48

Which iRule statement demotes a virtual server from CMP?

Options:

A.

set ::foo 123

B.

set static::foo 123

C.

persist source_addr 1800

D.

[ class match $HTTP_CONTENT contains my_data_class ]

Question 49

An LTM Specialist must perform a hot fix installation from the command line.

What is the correct procedure to ensure that the installation is successful?

Options:

A.

import the hot fix to the /var/shared/images directory

check the integrity of the file with an md5 checksum

tmsh apply sys software hotfix volume .iso

B.

import the hot fix to the /var/shared/images directory

check the integrity of the file with an md5 checksum

tmsh install sys software hotfix .iso volume

C.

import the hot fix to the /shared/images directory

check the integrity of the file with an md5 checksum

tmsh apply sys software hotfix volume .iso

D.

import the hot fix to the /shared/images directory

check the integrity of the file with an md5 checksum

tmsh install sys software hotfix .iso volume

Question 50

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

Users are able to access the application when connecting directly to the web server but are unsuccessful when connecting to the virtual server.

What is the cause of the application access problem?

Options:

A.

The virtual server has SNAT disabled.

B.

The client has no route to the web server.

C.

The virtual server has address translation disabled.

D.

The web server is NOT responding on the correct port.

E.

The virtual server is NOT configured to listen on port 80.

Question 51

An organization’s development team creates an application to put behind the F5LTM device. The application can be quite load intensive at first, and then evens out over time. The team’s load balancing method needs to select a pool after taking into account the pool member’s response over the time to avoid landing on a busy pool member.

Which of the following load balancing methods meets this requirement?

Options:

A.

Fastest (application)

B.

Predictive (member)

C.

Dynamic (node)

D.

Observed (member)

Question 52

Four members in a server pool have similar hardware platforms. An LTM Specialist needs the load balancing method that canselect the server with the fewest entries in the persistence table.

Which load balancing method should the LTM Specialist use?

Options:

A.

Observed

B.

Dynamic Ratio

C.

Least Sessions

D.

Leas Connections

Question 53

An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1

Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)

Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only client traffic specifically for this virtual server?

Options:

A.

tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap

B.

tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

C.

tcpdump -ni vlan301 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap

D.

tcpdump -ni vlan302 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap

E.

tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

Question 54

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A web application is configured to allow sessions to continue even after a user computer is shut down for the night. A new LTM device is configured to load balance the web application to several servers. The application owner reports that application users are logged out of the web application whenever their browser is restarted or computer is rebooted.

What is the problem?

Options:

A.

The virtual server does NOT have persistence configured.

B.

The virtual server does NOT have persistence mirroring configured.

C.

The cookie set by the LTM device does NOT have an "Expires" value.

D.

The cookie set by the server is NOT being passed to client by the LTM device.

Question 55

An LTM Specialist is investigating reports from users that SSH connections are being terminated unexpectedly. SSH connections are load balanced through a virtual server. The users experiencing this problem are running SQL queries that take upwards of 15 minutes to return with no screen output. The virtual server is standard with a pool associated and no other customizations.

What is causing the SSH connections to terminate?

Options:

A.

UDP IP ToS

B.

TCP idle timeout

C.

The virtual server has no persistence.

D.

The pool has Reselect Retries set to 0.

Question 56

An IT support engineer needs to access and modify Virtual Servers in three partitions (Common /Banking and Dev) daily on a BIG-IP device. The company operates a Least Privilege access policy. What level of access does the IT support engineer need to ensure completion of daily roles?

Options:

A.

Manager in /common/Banking, and /Dev partitions

B.

Application Editor in /Common, /Banking, and /Dev partitions

C.

Manager in all partitions

D.

Application Editor in all partitions

Question 57

The BIG-IP Administrator needs to perform a BIG-IP device upgrade to the latest version of TMOS. Where can the administrator obtain F5 documentation on upgrade requirements?

Options:

A.

AskF5

B.

DevCentral

C.

Bug Tracker

D.

iHealth

Question 58

An SSL application is being migrated to the LTM device. Both encrypted and unencrypted traffic are accepted by the server. The virtual server configuration is as follows:

Which LTM device profile should be used on the LTM device to reduce the CPU load on the current.

Options:

A.

Protocol

B.

serverssl

C.

clientsssl

D.

stream

Question 59

The output of a tmsh command is: ------------------------------------------------------------ Net::Interface Name Status Bits Bits Errs Errs Drops Drops Colli In Out In Out In Out sions ------------------------------------------------------------ 1.1 down 0 0 0 0 0 0 0 1.2 up 191.4K 0 0 0 374 0 0 1.3 down 0 0 0 0 0 0 0 1.4 up 22.5K 0 0 0 44 0 0 2.1 miss 0 0 0 0 0 0 0 2.2 miss 0 0 0 0 0 0 0 mgmt up 43.2G 160.0G 0 0 0 0 0

Which command was executed on the LTM device to show the output?

Options:

A.

tmsh show /net interface

B.

tmsh /net show interface status

C.

tmsh /net show interface

D.

tmsh show /net interface status

Question 60

An LTM Specialist is experiencing issues in a failover event. Certain long-lasting FTP event. Certain long-lasting FTP connections using a single node pool are forced to reconnect. The bigip.conf extract isshown:

What does the LTM Specialist need to change in the configuration to avoid this issue?

Options:

A.

snatpool

B.

persistence mirroring

C.

connection mirroring

D.

ftp profile

Question 61

An LTM Specialist is configuring a client profile to offload processing a new application Company policy requires that clients can resume session for up to 30 minutes, but must renegotiate a new session after that.

Which setting should the LTM Specialist change to satisfy this requirement?

Options:

A.

Renegotiate Max Record Delay

B.

Renegotiation period

C.

Cachesize

D.

Cache timeout

Question 62

An LTM device pair is configured for failover and connection mirroring. The LTM devices are configured with virtual servers for HTTP, HTTPS with SSL offload, and SSH. An event occurs that causes a failover. HTTP and SSH sessions active at the time of failover remain active, but HTTPS sessions are dropped.

What is the root cause of this problem?

Options:

A.

The SSL certificates on the LTM devices do NOT match.

B.

Connection mirroring is incompatible with clientssl profiles.

C.

SNAT automap was NOT enabled for the HTTPS virtual servers.

D.

Connection mirroring was NOT enabled for the HTTPS virtual servers.

Question 63

An LTM Specialist needs to terminate client SSL traffic and based on the cookie presented by client.

Which set of profiles should the LTM Specialist use?

Options:

A.

HTTPS, Client SSL, Cookie Persistence Profile

B.

HTTP, Server SSL, SSL Cookie Profile

C.

HTTPS, Server SSL, SSL Cookie Profile

D.

HTTP, Client SSL, Cookie Persistence Profile,

Question 64

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist configures a virtual server to perform client-side encryption while allowing the server-side traffic to be unencrypted. Application owners report that images are failing to load through the virtual server; however, images load when going directly to the server.

What is the problem with the images loading through the virtual server?

Options:

A.

Image references are for HTTP objects, not HTTPS.

B.

Image references are for HTTPS objects, not HTTP.

C.

The virtual server does not have "SSL Offloading" enabled.

D.

The virtual server does not have an HTTP profile associated.

Question 65

A BIG-IP Administrator defines a device Self IP . The Self IP is NOT reachable from the network. What should the BIG-IP Administrator verify first?

Options:

A.

The correct interface has been selected.

B.

The correct VLAN has been selected.

C.

Verify if auto last hop is disabled.

D.

The correct Trunk has been selected.

Question 66

The picture belongs to static content, you can configure static content cache in FS to meet this demand

An LTM Specialist must configure session persistence for a highly available, highly utilized web-based application.

* The following requirements are provided:

* http proxy setup for security

persistence information available to the HA peer in case of failover

The LTM Specialist needs to minimize additional burden on the LTM device to the greatest extent possible.

Which persistence profile should be used?

Options:

A.

Cookie insert

B.

Universal

C.

Source Address Affinity

D.

Destination Address Affinity

Question 67

A device group is made up of four members: LTM-A, LTM-B, LTM-C, and LTM-D. An LTM Specialist makes a configuration change on LTM-B. Later, a different LTM Specialist notices a "changes pending" message on all devices. When logged into LTM-D, the LTM Specialist attempts to config-sync to the device group. The sync operation fails.

Why is the LTM Specialist on LTM-D unable to synchronize the configuration to the group?

Options:

A.

The changes made on LTM-B are invalid.

B.

LTM-D has the lowest commit-id of the group.

C.

NTP is NOT configured on the devices in the group.

D.

LTM-B is the device eligible to initiate a config-sync.

Question 68

An F5 LTM Specialist needs to perform an LTM device configuration backup prior to RMA swap.

Which command should be executed on the command line interface to create a backup?

Options:

A.

bigpipe config save /var/tmp/backup.ucs

B.

tmsh save /sys ucs /var/tmp/backup.ucs

C.

tmsh save /sys config /var/tmp/backup.ucs

D.

tmsh save /sys config ucs /var/tmp/backup.ucs

Question 69

A BIG-IP Administrator adds new Pool Members into an existing, highly utilized pool. Soon after, there are reports that the application is failing to load for some users. What pool level setting should the BIG-IP Administrator check?

Options:

A.

Availability Requirement

B.

Allow SNAT

C.

Action On Service Down

D.

Slow Ramp Time

Question 70

A virtual server is experiencing intermittent port exhaustion. What should be done to fix this issue?

Options:

A.

add moreSNAT addresses

B.

add more pool members

C.

enable advanced routing

D.

enable SNAT automap

Question 71

One of the two members of a device group has been decommissioned. The BIG-IP Administrator tries to

delete the device group, but is unsuccessful.

Prior to removing the device group, which action should be performed?

Options:

A.

Disable the device group

B.

Remove all members from the device group

C.

Remove the decommissioned device from the device group

D.

Make sure all members of the device group are in sync

Question 72

An LTM device is serving an FTP virtual server that has three pool members. The FTP pool members are monitored via TCP port 21. Customers are reporting that they are able to log in, but are sometimes unable to upload files to the server.

Which monitor should the LTM Specialist configure to verify that the servers can handle file uploads?

Options:

A.

FTP

B.

Inband

C.

External

D.

Scripted

E.

Real Server

Question 73

Refer to the exhibit.

A BIG-IP Administrator needs to fall over the active device. The administrator logs into the Configuration

Unity and navigates to Device Management > Traffic Group. However, Force to Standby is greyed out

What is causing this issue?

Options:

A.

The BIG-IP Administrator is NOT logged into command line to tail over

B.

The BIG-IP Administrator is on the Standby Device

C.

The BIG-IP Administrator is logged in as root

D.

The BIG-IP Administrator is logged in as administrator

Question 74

An ecommerce company is experiencing latency issues with online shops during Black Friday's peak season.

The BIG-IP Administrator detects an overall high CPU load on the BIG-IP device and wants to move the

top utilized Virtual Servers to a dedicated BIG-IP device.

Where should the BIG-IP Administrator determine the problematic Virtual Servers?

Options:

A.

System > Plattform

B.

Local Traffic > Virtual Servers > Virtual Server List

C.

Local Traffic > Network Map

D.

Statistics > Module Statistics > Local Traffic > Virtual Servers

Question 75

DNS queries from two internal DNS servers are being load balanced to external DNS Servers via a Virtual

Server on a BIG-P device. The DNS queries originate from 192.168.101.100 and 192.168.101.200 and

target 192.168.21.50

All DNS queries destined for the external DNS Servers fail

Which property change should the BIG-IP Administrator make in the Virtual Server to resolve this issue?

Options:

A.

Protocol Profile (Client) to DNS-OPTIMZED

B.

Type to Performance (HTTP)

C.

Protocol to UDP

D.

Source Address to 192.168.101.0/24

Question 76

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A failover has just occured on BIG-IP1. BIG-IP2 is now active and manages traffic as expected. Both Bigip's are set with a gateway failsafe to check the reachability of the main border router. Switches have performed as expected.

Where should the LTM Specialist check for potential issues?

Options:

A.

Network Interface 2.1 of BIG-IP 2

B.

Network Interface 2.1 of BIG-IP 1

C.

Network Interface 2.2 of BIG-IP 2

D.

Network Interface 2.2 of BIG-IP 1

E.

Network Interface 1.1 of BIG-IP 1

F.

Network Interface 1.1 of BIG-IP 2

Question 77

A Standard Virtual Server configured for an application reports poor network performance. This

application is accessed mainly from computers on the Internet.

What should the BIG-IP Administrator configure on the Virtual Server to achieve better network

performance?

Options:

A.

Protocol Profile (Client) with f5-tcp-wan and Protocol Profile (Server) with f5-tcp-lan

B.

Protocol Profile (Client) with f5-tcp-lan

C.

Protocol Profile (Client) with fS-tcp-lan and Protocol Profile (Server) with f5-tcp-wan

D.

Protocol Profile (Client) with f5-tcp-optimized

Question 78

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

An LTM Specialist configures a virtual server for an internal application to perform client-side encryption while allowing the server-side traffic to be unencrypted. Application users report that images are NOT loading through the virtual server; however, images load when going directly to the server.

What should the LTM Specialist configure to allow the images to load through the virtual server?

Options:

A.

HTTP profile with "SSL Offload" enabled

B.

HTTP profile with "SSL Offload" disabled

C.

Stream profile with source "http:" and target "https:"

D.

Stream profile with target "http:" and source "https:"

Page: 1 / 0
Total 0 questions