F5 BIG-IP Administrator Exam V13.25 PDF
Document Details
Uploaded by HandySerpentine9885
201
F5
Tags
Summary
This is a past paper from the F5 BIG-IP Administrator exam, version V13.25. It includes 24 questions covering topics such as maintenance on BIG-IP appliances, HA pair upgrades, HTTP monitors, persistence profiles, and troubleshooting common issues. The exam covers various aspects of configuring and administering BIG-IP systems for networks and load balancing.
Full Transcript
IT Certification Guaranteed, The Easy Way! Exam : 201 Title : BIG-IP Administrator Exam Vendor : F5 Version : V13.25 1 IT Certification Guaranteed, The Easy Way! QUESTION NO: 1 A BIG-IP Admi...
IT Certification Guaranteed, The Easy Way! Exam : 201 Title : BIG-IP Administrator Exam Vendor : F5 Version : V13.25 1 IT Certification Guaranteed, The Easy Way! QUESTION NO: 1 A BIG-IP Administrator is conducting maintenance on one BIG-IP appliance in an HA Pair. Why should the BIG-IP Administrator put the appliance into FORCED_OFFLINE state? A. To preserve existing connections to Virtual Servers and reduce the CPU load B. To allow new connections to Virtual Servers and ensure the appliance becomes active C. To terminate connections to the management IP and decrease persistent connections D. To terminate existing connections to Virtual Servers and prevent the appliance from becoming active Answer: D QUESTION NO: 2 When upgrading a BIG-IP redundant pair, what happens when one system has been updated but the other has not? A. Synching should not be performed. B. The first system to be updated will assume the Active role. C. This is not possible since both systems are updated simultaneously. D. The older system will issue SNMP traps indicating a communication error with the partner. Answer: A QUESTION NO: 3 A BIG-IP Administrator is performing maintenance on the active BIG-IP device of an HA pair. The BIG-IP Administrator needs to minimize traffic disruptions. What should the BIG-IP Administrator do to start the maintenance activity? A. Reboot the BIG-IP device. B. Move resources to a new Traffic Group. C. Force the BIG-IP device to standby. D. Disable switch ports of the BIG-IP device. Answer: C QUESTION NO: 4 A site would like to ensure that a given web server's default page is being served correctly prior to sending it client traffic. They assigned the default HTTP monitor to the pool. What would the member status be if it sent an unexpected response to the GET request.? A. The pool member would be marked offline (red). B. The pool member would be marked online (green). C. The pool member would be marked unknown (blue). D. The pool member would alternate between red and green. Answer: B QUESTION NO: 5 Refer to the exhibit. 2 IT Certification Guaranteed, The Easy Way! Due to a change in application requirements, a BIG-IP Administrator needs to modify the configuration of a Virtual Server to include a Fallback Persistence Profile. Which persistence profile type should the BIG-IP Administrator use for this purpose? A. SSL B. Hash C. Universal D. Source Address Affinity Answer: D QUESTION NO: 6 Which event is always triggered when a client initially connects to a virtual server configured with an HTTP profile? A. HTTP_DATA B. CLIENT_DATA C. HTTP_REQUEST D. CLIENT_ACCEPTED Answer: D QUESTION NO: 7 Assuming other failover settings are at their default state, what would occur if the failover cable were to be disconnected for five seconds and then reconnected? A. As long as network communication is not lost, no change will occur. B. Nothing. Failover due to loss of voltage will not occur if the voltage is lost for less than ten seconds. C. When the cable is disconnected, both systems will become active. When the voltage is restored, unit two will revert to standby mode. D. When the cable is disconnected, both systems will become active. When the voltage is restored, both systems will maintain active mode. Answer: C QUESTION NO: 8 The BIG-IP appliance fails to boot. The BIG-IP Administrator needs to run the End User 3 IT Certification Guaranteed, The Easy Way! Diagnostics (EUD) utility to collect data to send to F5 Support. Where can the BIG-IP Administrator access this utility? A. Console Port B. Internal VLAN interface C. External VLAN interface D. Management Port Answer: A QUESTION NO: 9 Refer to the exhibit. A user attempts to connect to 10.10.10.1.80 using FTP over SSL with an FTPS client. Which virtual server will match and attempt to process the request? A. vsjutps B. vs_ftp C. vs_http D. nvfs Answer: B QUESTION NO: 10 The BIG-IP Administrator needs to perform a BIG-IP device upgrade to the latest version of TMOS. Where can the administrator obtain F5 documentation on upgrade requirements? A. iHealth B. Network > Interfaces C. Local Traffic > Pools D. AsKFS E. Local Traffic > Virtual Servers Answer: C QUESTION NO: 11 A BIG-IP Administrator contacts F5 Support, which identifies a suspected hardware failure. Which information should the BIG-IP Administrator provide to F5 Support? A. Qkview, EUD output 4 IT Certification Guaranteed, The Easy Way! B. Qkview, UCS archive, core files C. Qkview, part numbers for failed components D. Qkview, packet capture, UCS archive Answer: A QUESTION NO: 12 A BIG-IP device is configured with both an internal external and two Corporate VLANs. The virtual server has SNAT enabled and is set to listen on all VLANs Auto Last Hop is disabled. The Corporate users are on 10.0.0.0./24 and 172.16.0.0/12. The BIG-IP has a Self-IP on the 1.0.0.0.0./24 subnet. Internet users are able to access the virtual server. Only some of the Corporate users are able to connect to the virtual server A BIG-IP Administrator performs a tcpdump on the BIG- IP and verifies that traffic is arriving from users in 10.0.0.0/24. What should the BIG-IP Administrator do to correct this behaviour? A. Disable the server on the internal VLAN B. Add a static route for the 172.16.0.0/12 subnet C. Change the default route to point to the extra firewall D. Modify the default route of the servers to point to the BIG-IP device Answer: B QUESTION NO: 13 Which statement is true concerning SNATs using automap? A. Only specified self-IP addresses are used as automap addresses. B. SNATs using automap will translate all client addresses to an automap address. C. A SNAT using automap will preferentially use a floating self-IP over a nonfloating self-IP. D. A SNAT using automap can be used to translate the source address of all outgoing traffic to the same address regardless of which VLAN the traffic is sent through. Answer: C QUESTION NO: 14 How should a BIG-IP Administrator persistent sessions from being sent to a pool member so that the server administrator can perform maintenance? A. force the pool member offline B. disable the pool member C. add an additional monitor to the poor D. disable the virtual server Answer: A QUESTION NO: 15 Interface 1.2 on a BIG-IP VE has a status of UNINITIALIZED. What is the reason for this status? A. Interface 1.2 has been added to a trunk. B. Interface 1.2 has NOT been assigned to a VLAN. C. Interface 1.2 has been disabled. 5 IT Certification Guaranteed, The Easy Way! D. No default route has been created. Answer: B Explanation: trunk is a portchannel, you need to add a physical interface. QUESTION NO: 16 A BIG-IP Administrator must determine if a Virtual Address is configured to fail over to the standby member of a device group in which area of the Configuration Utility can this be confirmed? A. Device Management > Traffic Groups B. Device Management > Devices C. Local Traffic > Virtual Servers D. Device Management > Overview Answer: C QUESTION NO: 17 Refer of the exhibit. The 816-IP Administrator runs the command shown and observes a device trust issue between BIG-IP devices in a device group. The issue prevents config sync on device bigip3.local. 6 IT Certification Guaranteed, The Easy Way! What is preventing the config sync? A. Next Active Load factor is 0 on bigip1.local B. Both devices are standby C. Next Active Load factor is 1 on bigip1.local D. Time Delta to local system is 12 Answer: A Explanation: Option A should be bioip3.local?. if choose bigip3.local, you should choose A. QUESTION NO: 18 A BIG-IP Administrator runs the initial configuration wizard and learns that the NTP servers were invalid. In which area of the Configuration Utility should the BIG-IP Administrator update the list of configured NTP servers? A. System > Configuration B. System > Services C. System > Preferences D. System > Platform Answer: A QUESTION NO: 19 Given that VLAN failsafe is enabled on the external VLAN and the network that the active BIG-IP's external VLAN is connected to has failed, which statement is always true about the results? A. The active system will note the failure in the HA table. B. The active system will reboot and the standby system will go into active mode. C. The active system will failover and the standby system will go into active mode. D. The active system will restart the traffic management module to eliminate the possibility that BIG-IP is the cause for the network failure. Answer: A QUESTION NO: 20 A set of servers is used for an FTP application as well as an HTTP website via separate BIG- IP Pools. The server support team reports that some servers are receiving a lot more traffic than others. Which Load Balancing Method should the BIG-IP Administrator apply to even out the connection count? A. Ratio (Member) B. Least Connections (Member) C. Least Connections (Node) D. Ratio (Node) Answer: C Explanation: The connection is required to be balanced, and the unit is the server and the application port is the unit, so it is node. 7 IT Certification Guaranteed, The Easy Way! QUESTION NO: 21 A standard virtual server has been associated with a pool with multiple members. Assuming all other settings are left at their defaults, which statement is always true concerning traffic processed by the virtual server? A. The client IP address is unchanged between the client side connection and the serverside connection. B. The server IP address is unchanged between the client side connection and the serverside connection. C. The TCP ports used in the client side connection are the same as the TCP ports serverside connection. D. The IP addresses used in the clientside connection are the same as the IP addresses used in the serverside connection. Answer: A QUESTION NO: 22 Which three properties can be assigned to nodes? (Choose three.) A. ratio values B. priority values C. health monitors D. connection limits E. loadbalancing mode Answer: A,C,D QUESTION NO: 23 A Standard Virtual Server for a web application is configured with Automap for the Source Address Translation option. The original source address of the client must be known by the backend servers. What should the BIG-IP Administrator configure to meet this requirement? A. The Virtual Server type as Performance (HTTP) B. An HTTP profile to insert the X-Forward-For header C. An HTTP Transparent profile D. A SNAT Pool with the client IP Answer: B Explanation: Because it is a web application, you can insert the source IP in the xff field in the http profile. QUESTION NO: 24 A BIG-IP Administrator makes a configuration change to a Virtual Server on the Standby device of an HA pair. The HA pair is currently configured with Auto-Sync Enabled. What effect will the change have on the HA pair configuration? A. The change will be undone when Auto-Sync propagates the config to the HA pair. B. The change will be propagated next time a configuration change is made on the Active device. C. The change will be undone next time a configuration change is made on the Active device. 8 IT Certification Guaranteed, The Easy Way! D. The change will take effect when Auto-Sync propagates the config to the HA pair. Answer: D QUESTION NO: 25 Which IP address will the client address be changed to when SNAT automap is specified within a Virtual Server configuration? A. The floating self-IP address on the VLAN where the packet leaves the system. B. The floating self-IP address on the VLAN where the packet arrives on the system. C. It will alternate between the floating and non floating self-IP address on the VLAN where the packet leaves the system so that port exhaustion is avoided. D. It will alternate between the floating and non floating self-IP address on the VLAN where the packet arrives on the system so that port exhaustion is avoided. Answer: A QUESTION NO: 26 Refer to the exhibit. 9 IT Certification Guaranteed, The Easy Way! A pool member fails the monitor checks for about 30 minutes and then starts passing the monitor checks. New traffic is Not being sent to the pool member. What is the likely reason for this problem? A. The pool member is disabled B. Monitor Type is TCP Half Open C. Manual resume is enabled D. Time Until Up is zero Answer: C QUESTION NO: 27 10 IT Certification Guaranteed, The Easy Way! The 8IG-IP Administrator generates a qkview using "qkview -SO" and needs to transfer the output file via SCP. Which directory contains the output file? A. /var/log B. /var/tmp C. /var/local D. /var/config Answer: B QUESTION NO: 28 A BIG-IP Administrator is creating a new Trunk on the BIG-IP device. What objects should be added to the new Trunk being created? A. Interfaces B. Network routes C. VLANS D. IP addresses Answer: A Explanation: trunk is a portchannel, you need to add a physical interface. QUESTION NO: 29 Refer to the exhibit A connection is being established to IP 1.1.1.1 on port 8080. Which virtual server will handle the connection? A. fwd_8080_vs B. host_vs C. host_ 8080_VS D. fwdvs Answer: B QUESTION NO: 30 A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing power outages. Which log file should the BIG-IP Administrator check to verify the suspicion? A. /war /log/daemon.log B. /var/log/kern.log C. /var/log/ltm D. /var/log/audit 11 IT Certification Guaranteed, The Easy Way! Answer: C QUESTION NO: 31 A virtual server is listening at 10.10.1.100:80 and has the following iRule associated with it: when HTTP_REQUEST { if { [HTTP::header UserAgent] contains "MSIE" } { pool MSIE_pool } else { pool Mozilla_pool } If a user connects to http://10.10.1.100/foo.html and their browser does not specify a UserAgent, which pool will receive the request? A. MSIE_pool B. Mozilla_pool C. None. The request will be dropped. D. Unknown. The pool cannot be determined from the information provided. Answer: B QUESTION NO: 32 A BIG-IP Administrator needs to collect HTTP status code and HTTP method for traffic flowing through a virtual server. Which default profile provides this information? A. HTTP B. Analytics C. Request Adapt D. Statistics Answer: A QUESTION NO: 33 In the BIG-IP Configuration Utility, a user requests a single screen view to determine the status of all Virtual Servers and associated pool members, as well as any iRules in use. Where should the BIG-IP Administrator instruct the user to find this view? A. Local Traffic > Monitors B. Local Traffic > Virtual Servers C. Local Traffic > Network Map D. Statistics Answer: C Explanation: Network Map can display vs and its associated pool, pool member, and irule, can be retrieved, and can be quickly linked. QUESTION NO: 34 Assuming there are open connections through an active system's NAT and a fail over occurs, by default, what happens to those connections? 12 IT Certification Guaranteed, The Easy Way! A. All open connections will be lost. B. All open connections will be maintained. C. The "Mirror" option must be chosen on the NAT and the setting synchronized prior to the connection establishment. D. Longlived connections such as Telnet and FTP will be maintained while shortlived connections such as HTTP will be lost. E. All open connections are lost, but new connections are initiated by the newly active BIG IP, resulting in minimal client downtime. Answer: B QUESTION NO: 35 A BIG-IP Administrator remotely connects to the appliance via out-of-band management using https://mybigip mycompany net. The management portal has been working all week. When the administrator attempts to login today, the connection times out. Which two aspects should the administrator verify? (Choose two) A. DNS is property resolving the FQDN of the device. B. The device is NOT redirecting them to http. C. The administrator has the latest version of the web browser. D. Packet Filters on the device are blocking port 80. E. The administrator has TCP connectivity to the device. Answer: A,E 13 IT Certification Guaranteed, The Easy Way! QUESTION NO: 36 When using the setup utility to configure a redundant pair, you are asked to provide a "Failover Peer IP". Which address is this? A. an address of the other system in its management network B. an address of the other system in a redundant pair configuration C. an address on the current system used to listen for failover messages from the partner BIG-IP D. an address on the current system used to initiate mirroring and network failover heartbeat messages Answer: B QUESTION NO: 37 Which statement is true about the synchronization process, as performed by the Configuration Utility or by typing b config sync all? A. The process should always be run from the standby system. B. The process should always be run from the system with the latest configuration. C. The two /config/bigip.conf configuration files are synchronized (made identical) each time the process is run. D. Multiple files, including /config/bigip.conf and /config/bigip_base.conf, are synchronized (made identical) each time the process is run. Answer: C QUESTION NO: 38 A BIG-IP Administrator adds new Pool Members into an existing, highly utilized pool. Soon after, there are reports that the application is failing to load for some users. What pool level setting should the BIG-IP Administrator check? A. Availability Requirement B. Allow SNAT C. Action On Service Down D. Slow Ramp Time Answer: D Explanation: Option ABC is a global configuration, has nothing to do with the new pool member, select D after excluding QUESTION NO: 39 Which statement is true concerning iRule events? A. All iRule events relate to HTTP processes. B. All client traffic has data that could be used to trigger iRule events. C. All iRule events are appropriate at any point in the clientserver communication. D. If an iRule references an event that doesn't occur during the client's communication, the client's connection will be terminated prematurely. Answer: B 14 IT Certification Guaranteed, The Easy Way! QUESTION NO: 40 A BIG-IP Administrator sees the following error message in /var/log/ltm diskmonitor: *******; Disk partition shared has less than 30$ free Which section of the Configuration Utility should the BIG-IP Administrator access to investigate this error message? A. Statistics > Analytics B. System > File Management C. Statistics > Module Statistics > System D. System > Disk Management Answer: D QUESTION NO: 41 During a high-demand traffic event, the BIG-IP Administrator needs to limit the number of new connections per second allowed to a Virtual Server. What should the administrator apply to accomplish this task? A. An HTTP Compression profile to the Virtual Server B. A connection rate limit to the Virtual Server C. A connection limit to the Virtual Server D. A OneConnect profile to the Virtual Server Answer: B QUESTION NO: 42 A BIG-IP Administrator needs to apply a health monitor for a pool of database servers named DB_Pool that uses TCP port 1521. Where should the BIG-IP Administrator apply this monitor? A. Local Traffic > Profiles > Protocol > TCP B. Local Traffic > Nodes > Default Monitor C. Local Traffic > Pools > De Pool > Members D. Local Traffic > Pools > DB Pool > Properties Answer: D QUESTION NO: 43 Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the pool members? A. No SSL certificates are required on the pool members. B. The pool members.SSL certificates must only exist. C. The pool members.SSL certificates must be issued from a certificate authority. D. The pool members.SSL certificates must be created within the company hosting the BIGIPs. Answer: B QUESTION NO: 44 An LTM device has a virtual server mapped to www.f5.com with a pool assigned. Users report that when browsing, they are periodically required to re-login to /resources/201.1.7.b.2_l.com. The objects are defined as follows: 15 IT Certification Guaranteed, The Easy Way! Virtual server. Destination 192.168.245.100:443 netmask 255.255.255.0 Persistence: SSL session persistence Profiles: HTTP/TCP Which persistence method should the BIG-IP Administrator apply to resolve this issue? A. Source address affinity B. hexadecimal C. SIP D. Destination address affinity Answer: A QUESTION NO: 45 A BIG-IP Administrator wants to add a new Self IP to the BIG-IP device. Which item should be assigned to the new Self IP being configured? A. Interface B. Route C. VLAN D. Trunk Answer: C QUESTION NO: 46 Under what condition must an appliance license be reactivated? A. Licenses only have to be reactivated for RMAs no other situations. B. Licenses generally have to be reactivated during system software upgrades. C. Licenses only have to be reactivated when new features are added (IPv6, Routing Modules, etc) no other situations. D. Never. Licenses are permanent for the platform regardless the version of software installed. Answer: B QUESTION NO: 47 Refer to the exhibit. 16 IT Certification Guaranteed, The Easy Way! During maintenance, the BIG-IP Administrator manually disables a pool member as shown. What is the result? A. All pool members continue to process persistent connections B. All pool members stop accepting new connections. C. The disabled pool member stops processing persistent connections. D. The disabled pool member stops processing existing connections Answer: A QUESTION NO: 48 Refer to the exhibit. 17 IT Certification Guaranteed, The Easy Way! A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL offload and re-encrypt the traffic to pool members. During testing, users are unable to connect to the application. What must the BIG-IP Administrator do to resolve the issue? A. Remove the configured SSL Profile (Client) B. Configure Protocol Profile (Server) as splitsession-default-tcp C. Enable Forward Proxy in the SSL Profile (Client) D. Configure an SSL Profile (Server) Answer: D Explanation: According to the requirements of the subject, the client and server must be configured with 18 IT Certification Guaranteed, The Easy Way! ssl profile. QUESTION NO: 49 Refer to the exhibit. An organization is reporting slow performance accessing their Intranet website, hosted in a public cloud. All employees use a single Proxy Server with the public IP of 104.219.110.168 to connect to the Internet. What should the BIG-IP Administrator of the Intranet website do to fix this issue? A. Change Source Address to 104.219.110.168/32 B. Change Load Balancing Method to Least Connection C. Change Fallback Persistence Profile to source_addr 19 IT Certification Guaranteed, The Easy Way! D. Change Default Persistence Profile to cookie Answer: D QUESTION NO: 50 A BIG-IP Administrator receives an RMA replacement for a failed F5 device. The BIG-IP Administrator tries to restore a UCS taken from the previous device, but the restore fails. The following error appears inthe/var/log/itm. mcpd [****J: ******;0; License is not operational (expired or digital signature does not match contents.) What should the BIG-IP Administrator do to avoid this error? A. Use the appropriate tmsh command with the no-license option B. Revoke the license prior to restoring C. Reactivate the license on the new device using the manual activation method D. Remove the license information from the UCS archive Answer: A QUESTION NO: 51 A BIG-IP Administrator defines a device Self IP. The Self IP is NOT reachable from the network. What should the BIG-IP Administrator verify first? A. The correct interface has been selected. B. The correct VLAN has been selected. C. Verify if auto last hop is disabled. D. The correct Trunk has been selected. Answer: B QUESTION NO: 52 A BIG-IP Administrator reviews the log files to determine the cause of a recent problem and finds the following entry. Mar 27.07.58.48 local/BIG-IP notice mcpd {5140} 010707275 Pool member 172.16.20.1.10029 monitor status down. What is the cause of this log message? A. The pool member has been disabled. B. The pool member has been marked as Down by the BIG-IP Administrator. C. The monitor attached to the pool member needs a higher timeout value. D. The monitor attached to the pool member has failed. Answer: D QUESTION NO: 53 A BIG-IP Administrator has configured a BIG-IP cluster with remote user authentication against dcOl f5trn.com. Only local users can successfully log into the system. Configsync is also failing. Which two tools should the 8IG-IP Administrator use to further investigate these issues? (Choose two) A. ntpq B. pam_timestamp_check 20 IT Certification Guaranteed, The Easy Way! C. passwd D. pwck E. dig Answer: A,C QUESTION NO: 54 Refer to the exhibit The BIG-IP Administrator is unable to access the management console via Self-IP 10.10 1.33 and port 443. What is the reason for this problem? A. Packet Filter needs to be configured to allow a source B. Self IP is configured to allow TCP All C. Self IP is configured to allow UDP 443 D. Packet Filter is configured to allow port 443 Answer: C QUESTION NO: 55 You need to terminate client SSL traffic at the BIG-IP and also to persist client traffic to the same pool member based on a BIG IP supplied cookie. Which four are profiles that would normally be included in the virtual server's definition? (Choose four.) A. TCP B. HTTP C. HTTPS D. ClientSSL E. ServerSSL F. CookieBased Persistence Answer: A,B,D,F QUESTION NO: 56 A BIG-IP Administrator finds the following log entry after a report of user issues connecting to a virtual server: 01010201: 2: Inet port exhaustion on 10.70.110.112 to 192.28.123.250:80 (proto 6) How should the BIG-IP Administrator modify the SNAT pool that is associated with the virtual server? A. Remove the SNAT pool and apply SNAT Automap. B. Remove an IP address from the SNAT pool. C. Add an address to the SNAT pool. D. Increase the timeout of the SNAT addresses. Answer: C QUESTION NO: 57 Refer to the exhibit. 21 IT Certification Guaranteed, The Easy Way! The BIG-IP Administrator has modified an iRule on one device of an HA pair. The BIG-IP Administrator notices there is NO traffic on the BIG-IP device in which they are logged into. What should the BIG-IP Administrator do to verify if the iRule works correctly? A. Push configuration from this device to the group and start to monitor traffic on this device B. Pull configuration to this device to the cluster and start to monitor traffic on this device C. Log in to the other device in the cluster, push configuration from it, and start to monitor traffic on that device D. Log in to the other device in the cluster, pull configuration to it, and start to monitor traffic on that device Answer: D Explanation: The device in the picture is a standby machine, of course there is no traffic, you need to log in to the host, and then pull the configuration to the host. QUESTION NO: 58 A BIG-IP Administrator needs to modify a virtual server that web offload web traffic compression tasks from the target server. Which two profiles must the BIG-IP Administrator apply to a virtual server to enable compression? (Choose two) A. Server SSL profile B. Stream profile C. Persistence profile D. HITP profile E. Compression profile Answer: D,E QUESTION NO: 59 Refer to the exhibit. 22 IT Certification Guaranteed, The Easy Way! Which two pool members are eligible to receive new connections? (Choose two) A. 10.21.0.102.80 B. 10.21.0.104.80 C. 10.21.0.105.80 D. 10.21.0.101.80 E. 10.21.0.103.80 Answer: B,D QUESTION NO: 60 A 8IG-IP Administrator is making adjustments to an iRule and needs to identify which of the 235 virtual server configured on the BIG-IP device will be affected. How should the administrator obtain this information in an effective way? A. Local Traffic > Virtual Server B. Local traffio Pools C. LOCAL Traffic > Network Map D. Local traffic > Rules Answer: C QUESTION NO: 61 Refer to the exhibit. How many nodes are represented on the network map shown? 23 IT Certification Guaranteed, The Easy Way! A. Four B. Three C. One D. Two Answer: B QUESTION NO: 62 A BIG-IP Administrator needs to restore an encrypted UCS archive from the command line using the TMSH utility. Which TMSH command should the BIG-IP Administrator use to accomplish this? A. load/sys ucs passphrase B. load/sys config file passphrase C. load/sys config file D. load/sys ucs no-license Answer: A QUESTION NO: 63 A BIG-IP Administrator upgrades the BIG-IP LTM to a newer software version. After the administrator reboots into the new volume, the Configuration fails to load. Why is the Configuration failing to load? A. The license needs to be reactivated before the upgrade. B. The upgrade was performed on the standby unit. C. A minimum of at least two reboots is required. D. Connectivity to the DNS server failed to be established. Answer: A QUESTION NO: 64 Refer to the exhibit The network team creates a new VLAN on the switches. The BIG-IP Administrator needs to create a configuration on the BIG-IP device. The BIG-IP Administrator creates a new VLAN and Self IP, but the servers on the new VLAN are NOT reachable from the BIG-IP device. Which action should the BIG-IP Administrators to resolve this issue? A. Set Port Lockdown of Set IP to Allow All B. Change Auto Last Hop to enabled C. Assign a physical interface to the new VLAN D. Create a Floating Set IP Address Answer: C QUESTION NO: 65 Which statement is true concerning cookie persistence? A. Cookie persistence allows persistence independent of IP addresses. B. Cookie persistence allows persistence even if the data are encrypted from client to pool member. 24 IT Certification Guaranteed, The Easy Way! C. Cookie persistence uses a cookie that stores the virtual server, pool name, and member IP address in clear text. D. If a client's browser accepts cookies, cookie persistence will always cause a cookie to be written to the client's file system. Answer: A QUESTION NO: 66 Which two statements are true about SNATs? (Choose two.) A. SNATs are enabled on all VLANs, by default. B. SNATs can be configured within a Profile definition. C. SNATs can be configured within a Virtual Server definition. D. SNAT's are enabled only on the VLAN where origin traffic arrives, by default. Answer: A,C QUESTION NO: 67 Which two methods can be used to determine which BIG-IP is currently active? (Choose two.) A. The bigtop command displays the status. B. Only the active system's configuration screens are active. C. The status (Active/Standby) is embedded in the command prompt. D. The ifconfig a command displays the floating addresses on the active system. Answer: A,C QUESTION NO: 68 A BIG-IP device has only LTM and ASM modules provisioned. Both have nominal provisioning level. The BI6-IP Administrator wants to dedicate more resources to the LTM module. The ASM module must remain enabled. Which tmsh command should the BIG-IP Administrator execute to obtain the desired result? A. modify/sys provision asm level minimum B. modify /sys provision Itm level dedicated C. modify /sys provision asm level none D. modify /sys provision Itm level minimum Answer: A QUESTION NO: 69 Generally speaking, should the monitor templates be used as production monitors or should they be customized prior to use. A. Most templates, such as http and tcp, are as effective as customized monitors. B. Monitor template customization is only a matter of preference, not an issue of effectiveness or performance. C. Most templates, such as https, should have the receive rule customized to make the monitor more robust. D. While some templates, such as ftp, must be customized, those that can be used without modification are not improved by specific changes. 25 IT Certification Guaranteed, The Easy Way! Answer: C QUESTION NO: 70 A web server administrator informs the BIG-IP Administrator that web servers are overloaded Starting next month, the BIG-IP device will terminate SSL to reduce web server load. The BIG-IP device is ready using client SSL client profile and Rules on HTTP level. What actions should the BIG-IP Administrators to achieve the desired configuration? A. Remove the server SSL profile and configure the Pool Members to use HTTP B. Remove the client SSL profile and configure the Pool Members to US HTTP C. Remove the chart SSL profile and change the Virtual Server to accept HTTP D. Remove the server SSL profile and change the Virtual Server to accept HTTP traffic Answer: A QUESTION NO: 71 As a part of the Setup Utility, the administrator sets the host name for the BIG IP. What would be the result if the two systems in a redundant pair were set to the same host name? A. Host names do not matter in redundant pair communication. B. In a redundant pair, the two systems will always have the same host name. The parameter is synchronized between the systems. C. The first time the systems are synchronized the receiving system will be assigned the same self-IP addresses as the source system. D. When the administrator attempts to access the configuration utility using the host name, they will always connect to the active system. Answer: C QUESTION NO: 72 Refer to the exhibit 26 IT Certification Guaranteed, The Easy Way! 27 IT Certification Guaranteed, The Easy Way! The network team creates a new VLAN on the switches. The BIG-IP Administrator needs to create a configuration on the BIG-IP device. The BIG-IP Administrator creates a new VLAN and Self IP, but the servers on the new VLAN are NOT reachable from the BIG-IP device. Which action should the BIG-IP Administrators to resolve this issue? A. Set Port Lockdown of Set IP to Allow All B. Change Auto Last Hop to enabled C. Assign a physical interface to the new VLAN D. Create a Floating Set IP Address Answer: C QUESTION NO: 73 For a given Virtual Server, the BIG-IP must perform SSL Offload and negotiate secure communication overTLSvl.2only. What should the BIG-IP Administrator do to meet this requirement? A. Configure a custom SSL Profile (Client) and select no TLSvl in the options list B. Configure a custom SSL Profile (Client) with a custom TLSV1.2 cipher string C. Configure a custom SSL Profile (Server) and select no TLSvl in the options list D. Configure a custom SSL Profile (Server) with a custom TLSV1.2 cipher string Answer: B Explanation: 28 IT Certification Guaranteed, The Easy Way! no TLSvl only disables TLS1.0, TLS1.1 is still used and does not meet the requirements. QUESTION NO: 74 Which cookie persistence method requires the fewest configuration changes on the web servers to be implemented correctly? A. insert B. rewrite C. passive D. session Answer: A QUESTION NO: 75 A BIG-IP Administrator configures a Virtual Server. Users report that they always receive a TCP RST packet to the BIG-IP system when attempting to connect to it. What is the possible reason for this issue? A. The virtual server Type is set to Internal B. The virtual server Type is set to Reject C. The virtual server Type is set to Drop D. The virtual server Type is set to Stateless Answer: B QUESTION NO: 76 A pool of four servers has been partially upgraded for two new servers with more memory and CPU capacity. The BIG-IP Administrator must change the load balance method to consider more connections for the two new servers. Which load balancing method considers pool member CPU and memory load? A. Round Robin B. Dynamic Ratio C. Ratio D. Least Connection Answer: C QUESTION NO: 77 A Virtual Server uses an iRule to send traffic to pool members depending on the URI. The BIG-IP Administrator needs to modify the pool member in the iRule. Which event declaration does the BIG-IP Administrator need to change to accomplish this? A. CLIENT_ACCEPTED B. HTTP_RESPONSE C. HTTP_REQUEST D. SERVER_CONNECTED Answer: C Explanation: According to the UR! distribution is the category of HTTP requests, need to trigger HTTP_REQUEST event. 29 IT Certification Guaranteed, The Easy Way! QUESTION NO: 78 A BIG-IP Administrator applied the latest hotfix to an inactive boot location by mistake, and needs to downgrade back to the previous hotfix. What should the BIG-IP Administrator do to change the boot location to the previous hotfix? A. Uninstall the newest hotfix and reinstall the previous hotfix B. Reinstall the base version and install the previous hotfix C. Reinstall the previous hotfix and re-activate the license D. Uninstall the base version and restore the UCS Answer: B QUESTION NO: 79 A BIG-IP device sends out the following SNMP trap: big-ipo.f5.com - bigipExternalLinkChange Link: 1.0 is DOWN Where in the BIG-IP Configuration utility should the BIG-IP Administrator verify the current status of Link 1.0? A. System > Platform B. Network > Trunks > Trunk List C. Statistics > Performance > System D. Network > Interfaces > Interface List 1.0 is a physical interface, you can see the interface status from the physical interface in the network. Answer: D QUESTION NO: 80 Some users who connect to a busy Virtual Server have connections reset by the BIG-IP system. Pool member resources are NOT a factor in this behavior. What is a possible cause for this behavior? A. The Connection Rate Limit is set too high B. The server SSL Profile has NOT been reconfigured. C. The Connection Limit is set too low. D. The Rewrite Profile has NOT been configured. Answer: C Explanation: The topic explains that the connection reset behavior is caused by the vs configuration rather than the server resource problem. The answers B C are all configuration at the service forwarding level. If there is a problem with the configuration, it is all a problem rather than some users. Answer C's Connection Limit will cause a reset behavior when the connection reaches the threshold. QUESTION NO: 81 A BIG-IP Administrator needs to make sure that the automatic update check feature works properly. 30 IT Certification Guaranteed, The Easy Way! What must the administrator configure on the BIG-IP system? A. Update Check Schedule B. NTP servers C. DNS name servers D. SMTP servers Answer: A QUESTION NO: 82 Refer to the exhibit. How many nodes are represented on the network map shown? A. Four B. Three C. One D. Two Answer: B QUESTION NO: 83 A BIG-IP Administrator needs to install a HotFix on a standalone BIG-IP device, which has HD1.1 as the Active Boot Location. The BIG-IP Administrator has already re-activated the license and created an UCS archive of the configuration. In which sequence should the BIG- IP Administrator perform the remaining steps? A. Install HotFix in HD 1.1, Reboot the BIG-IP device. Install UCS Archive B. Install HotFix in HO 1.2, Install base Image in HD 1.2, Activate HD1.2 C. Install base Image in HD1.2, Install HotFix in HD1.2, Activate HD 1.2 D. Activate HD 1.2, Install base image in HD 1.2. Install HotFix in HD 1.2 Answer: C QUESTION NO: 84 A custom HTTP monitor is failing to a pool member 10.10.3.75:8080 that serves up www.example.com. A ping works to the pool member address. The SEND string that the monitor is using is: GET/HTTP/l.l/r/n/Host.www.example.com/r/n/Connection Close/r/n/r/n Which CLI tool syntax 31 IT Certification Guaranteed, The Easy Way! will show that the web server returns the correct HTTP response? A. curlhttp://10.10.10.3.75:8080/www.example.com/index.html B. curl-header 'Host:www.example.com' http://10.10.3.75:8080/ C. tracepath 'http://www.example.com:80 D. tracepath 10.10.3.75:8080 GET /index Answer: B QUESTION NO: 85 A BIG-IP has two load balancing virtual servers at 150.150.10.10:80 and 150.150.10.10:443. The port 80 virtual server has SNAT automap configured. There is also a SNAT configured at 150.150.10.11 set for a source address range of 200.200.1.0 / 255.255.255.0. All other settings are at their default states. If a client with the IP address 200.200.1.1 sends a request to https://150.150.10.10, What is the source IP address when the associated packet is sent to the pool member? A. 200.200.1.1 B. 150.150.10.11 C. Floating self IP address on VLAN where the packet leaves the system D. Floating self IP address on VLAN where the packet arrives on the system Answer: B QUESTION NO: 86 A virtual server is defined using a source address based persistence profile. The last five connections were A, B, C, A, C. Given the conditions shown in the graphic, if a client with IP address 205.12.45.52 opens a connection to the virtual server, which member will be used for the connection? 32 IT Certification Guaranteed, The Easy Way! A. 10.10.20.1:80 B. 10.10.20.2:80 C. 10.10.20.3:80 D. 10.10.20.4:80 E. 10.10.20.5:80 Answer: B QUESTION NO: 87 A BIG-IP Administrator is receiving intermittent reports from users that SSL connections to the BIG-IP device are failing. Upon checking the log files, the BIG-IP Administrator notices the following error message: ere tmm[]: 01260008:3: SSL transaction (TPS) rate limit reached After reviewing statistics, the BIG-IP Administrator notices there are a maximum of 1200 client-side SSL TPS and a maximum of 800 server-side SSL TPS. What is the minimum SSL license limit capacity the BIG-IP Administrator should upgrade to handle this peak? A. 2000 33 IT Certification Guaranteed, The Easy Way! B. 400 C. 800 D. 1200 Answer: D QUESTION NO: 88 What is the purpose of floating self-IP addresses? A. to define an address that grants administrative access to either system at any time B. to define an address that allows either system to initiate communication at any time C. to define an address that allows network devices to route traffic via a single IP address D. to define an address that gives network devices greater flexibility in choosing a path to forward traffic Answer: C QUESTION NO: 89 You have a pool of servers that need to be tested. All of the servers but one should be tested every 10 seconds, but one is slower and should only be tested every 20 seconds. How do you proceed? A. It cannot be done. All monitors test every five seconds. B. It can be done, but will require assigning monitors to each pool member. C. It cannot be done. All of the members of a pool must be tested at the same frequency. D. It can be done by assigning one monitor to the pool and a different monitor to the slower pool member. Answer: D QUESTION NO: 90 Where is persistence mirroring configured? A. It is always enabled. B. It is part of a pool definition. C. It is part of a profile definition. D. It is part of a virtual server definition. Answer: C QUESTION NO: 91 A user wants to use the iHealth Upgrade Advisor to determine any issues with upgrading TMOS from 13.0 to 13.1. Where can the user generate the QKView to upload to iHealth? A. System > Software Management B. System > Archives C. System > Configuration D. System > Support Answer: D 34 IT Certification Guaranteed, The Easy Way! QUESTION NO: 92 A user needs to determine known security vulnerabilities on an existing BIG-IP appliance and how to remediate these vulnerabilities. Which action should the BIG-IP Administrator recommend? A. Verify the TMOS version and review the release notes B. Create a UCS archive and upload to Health C. Create a UCS archive and open an F5 Support request D. Generate a view and upload to Heath Answer: D QUESTION NO: 93 The incoming client IP address is 205.12.45.52. The last five connections have been sent to members C, D, A, B, B. Given the virtual server and pool definitions and the statistics shown in the graphic, which member will be used for the next connection? A. 10.10.20.1:80 B. 10.10.20.2:80 C. 10.10.20.3:80 D. 10.10.20.4:80 E. 10.10.20.5:80 Answer: A QUESTION NO: 94 A BIG-IP Administrator notices that one of the servers that runs an application is NOT 35 IT Certification Guaranteed, The Easy Way! receiving any traffic. The BIG-IP Administrator examines the configuration status of the application and observes the displayed monitor configuration and affected Pool Member status. What is the possible cause of this issue? A. The Node Health Monitor is NOT responding. B. The application is NOT responding with the expected Receive String. C. HTTP 1.1 is NOT appropriate for monitoring purposes. D. The BIG-IP device is NOT able to reach the Pool. Answer: A QUESTION NO: 95 A BIG-IP Administrator uses backend servers to host multiple services per server. There are multiple virtual servers and pools defined, referencing the same backend servers. Which load balancing algorithm is most appropriate to have an equal number of connections on each backend server? A. Least Connections (member) B. Least Connections (node) C. Predictive (member) D. Predictive (node) Answer: B Explanation: The same set of servers provides multiple services, that is, using different ports to provide different services at the same time. The stem requirement is based on server connection balancing, not server + port, so it is node. QUESTION NO: 96 The BIG-IP Administrator configures an HTTP monitor with a specific receive string. The status is marked 'down'. Which tool should the administrator use to identify the problem? A. Ping B. Health C. tcpdump D. ifconfig Answer: C QUESTION NO: 97 A BIG-IP Administrator needs to purchase new licenses for a BIG-IP appliance. The administrator needs to know if a module is licensed and the memory requirement for that module. Where should the administrator view this information in the System menu? A. Resource Provisioning B. Configuration > Device C. Software Management D. Configuration >OVSDB 36 IT Certification Guaranteed, The Easy Way! Answer: A QUESTION NO: 98 Which Virtual Server type should be used to load balance HTTP traffic to a pool of servers? A. Standard B. Stateless C. Forwarding (IP) D. Forwarding (Layer 2) Answer: A QUESTION NO: 99 How should a BIG-IP Administrator control the amount of traffic that a newly enabled pool member receives. A. set the Slow Ramp Time B. set a Connection Limit C. set the Priority Group Activation D. set a Health Monitor Answer: A Explanation: Specifies the duration during which the system sends less traffic to a newly-enabled pool member. The amount of traffic is based on the ratio of how long the pool member has been available compared to the slow ramp time, in seconds. Once the pool member has been online for a time greater than the slow ramp time, the pool member receives a full proportion of the incoming traffic. Slow ramp time is particularly useful for the least connections load balancing mode. Setting this to a nonzero value can cause unexpected Priority Group behavior, such as load balancing to a low-priority member even with enough high-priority servers. QUESTION NO: 100 Which two can be a part of a pool's definition? (Choose two.) A. rule(s) B. profile(s) C. monitor(s) D. persistence type E. loadbalancing mode Answer: C,E QUESTION NO: 101 The BIG-IP Administrator creates a custom iRule that fails to work as expected. Which F5 online resource should the administrator use to help resolve this issue? A. DevCentral B. Bug Tracker C. University D. Health 37 IT Certification Guaranteed, The Easy Way! Answer: A QUESTION NO: 102 The owner of a web application asks the 8IG-IP Administrator to change the port that the BIG-IP device sends traffic to. This change must be made for each member in the server pool named app_pool for their Virtual Server named app_vs. In which area of the BIG-IP Configuration Utility should the BIG-P Administrator make this change? A. Local Traffic > Pools B. Local Traffic > Nodes C. Network > Interfaces D. Local Traffic > Virtual Servers Answer: A QUESTION NO: 103 A site has six members in a pool. All of the servers have been designed, built, and configured with the same applications. It is known that each client's interactions vary significantly and can affect the performance of the servers. If traffic should be sent to all members on a regular basis, which loadbalancing mode is most effective if the goal is to maintain a relatively even load across all servers? A. Ratio B. Priority C. Observed D. Round Robin Answer: C QUESTION NO: 104 What should the 816-IP Administrator provide when opening a new ticket with F5 Support? A. bigip.license file B. QKViewfile C. Device root password D. SSL private keys Answer: B QUESTION NO: 105 A BIG-IP Administrator creates an HTTP Virtual Server using an iApp template. After the Virtual Server is created, the user requests to change the destination IP addresses. The BIG- IP Administrator tries to change the destination IP address from 10.1.1.1 to 10.2.1.1 in Virtual Server settings, but receives the following error: The application service must be updated using an application management interface What is causing this error? A. The Application Service was NOT deleted before making the IP address change. B. The IP addresses are already in use. C. The Application Services have Strict Updates enabled. D. The IP addresses used are NOT from the same subnet as the Self IP. 38 IT Certification Guaranteed, The Easy Way! Answer: C Explanation: Strict Updates : Indicates whether the application service is tied to the template, so when the template is updated, the application service changes to reflect the updates. QUESTION NO: 106 A 8IG-IP device is replaced with an RMA device. The BIG-IP Administrator renews the license and tries to restore the configuration from a previously generated UCS archive on the RMA device. The device configuration is NOT fully loading. What is causing the configuration load to fail? A. The Device Group is NOT configured for Full Sync. B. The US does NOT contain the full config C. The clock is NOT set correctly D. The Master Key is NOT restored Answer: D QUESTION NO: 107 What is the purpose of provisioning? A. Provisioning allows modules that are not licensed to be fully tested. B. Provisioning allows modules that are licensed be granted appropriate resource levels. C. Provisioning allows the administrator to activate modules in nonstandard combinations. D. Provisioning allows the administrator to see what modules are licensed, but no user action is ever required. Answer: B QUESTION NO: 108 Which statement is true regarding failover? A. Hardware failover is disabled by default. B. Hardware failover can be used in conjunction with network failover. C. If the hardware failover cable is disconnected, both BIGIP devices will always assume the active role. D. By default, hardware fail over detects voltage across the failover cable and monitors traffic across the internal VLAN. Answer: B QUESTION NO: 109 Refer to the exhibit. 39 IT Certification Guaranteed, The Easy Way! Which TMSH command generated this output? A. tmsh list /cm sync-status B. tmsh show /sys sync-status C. tmsh list /sys sync-status D. tmsh show /cm sync status Answer: D QUESTION NO: 110 An LTM device has a virtual server mapped to www5f.com with a pool assigned. The objects are defined as follows: Virtual server. Destination 192.168.245.100.443 netmask 255.255.255.0 Persistence: Source address persistence netmask 255.0.0.0 SNAT:AutoMap Profiles: HnP/TCP How should the BIG-IP Administrator modify the persistence profile so that each unique IP address creates a persistence record? A. netmask 0.0.0.0 B. netmask 255.255.255.255 C. netmask 255.255.0.0 D. netmask 255.256.255.0 Answer: B QUESTION NO: 111 New Syslog servers have been deployed in an organization. The BIG-IP Administrator must reconfigure the BIG-IP system to send log messages to these servers. In which location in the Configuration Utility can the BIG-IP Administrator make the needed configuration changes to accomplish this? A. System > Logs > Configuration B. System > Configuration > Local Traffic C. System > Logs > Audit D. System > Configuration > Device Answer: A 40 IT Certification Guaranteed, The Easy Way! QUESTION NO: 112 Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server processing takes place. Also assume that the NAT definition specifies a NAT address and an origin address while all other settings are left at their defaults. If the origin server were to initiate traffic via the BIG-IP, What changes, if any, would take place when the BIG-IP processes such packets? A. The BIG-IP would drop the request since the traffic didn't arrive destined to the NAT address. B. The source address would not change, but the destination address would be changed to the NAT address. C. The source address would be changed to the NAT address and destination address would be left unchanged. D. The source address would not change, but the destination address would be changed to a self-IP of the BIG-IP. Answer: C QUESTION NO: 113 Refer to the exhibit. Which two pool members should be chosen for a new connection? (Choose two.) A. 172.16.15.9.80 B. 172.16.15.4.80 C. 172.10.15.2.80 D. 172.16.15.1.80 41 IT Certification Guaranteed, The Easy Way! E. 172.16.15.7.80 Answer: B,E QUESTION NO: 114 A BIG-IP system has the following configuration: * SNAT is set to Auto Map * There are two VLANs internal and external * Default route is pointed to the gateway on external VLAN * Self P for internal VLAN is 1921.1.2 * Self IP for external VLAN is 192.1.2.2 * Floating IP addresses for internal VLAN is 192.1.1.1 * Floating IP addresses for external VLAN is 192.1.2.1 * The Virtual Server IP address is 192.1.1.100 Which IP address does the BIG-IP system use first when traffic reaches the servers on the internal VLAN? A. 192.1.1.100 B. 192.1.2.2 C. 192.1.1.1 D. 192.1.2.1 Answer: C QUESTION NO: 115 One of the two members of a device group has been decommissioned. The BIG-IP Administrator tries to delete the device group, but is unsuccessful. Prior to removing the device group, which action should be performed? A. Disable the device group B. Remove all members from the device group C. Remove the decommissioned device from the device group D. Make sure all members of the device group are in sync Answer: B QUESTION NO: 116 Refer to the exhibit. 42 IT Certification Guaranteed, The Easy Way! During a planned upgrade lo a BIG-IP HA pair running Active/Standby, an outage to application traffic is reported shortly after the Active unit is forced to Standby Reverting the flower resolves the outage. What should the BIG-IP Administrator modify to avoid an outage during the next for over event? A. The Tag voice on the Standby device B. The interface on the Active device to 1.1 C. The Tag value on the Active device D. The Interface on the Standby device to 1.1 Answer: A QUESTION NO: 117 A BIG-IP Administrator opens a case with F5 Support. The support engineer requests the BIG-IP appliance chassis serial number. Which TMSH command will provide this information? A.. list /sys software B. show /sys version C. list/sys diags D. show /sys hardware Answer: D 43 IT Certification Guaranteed, The Easy Way! QUESTION NO: 118 Monitors can be assigned to which three resources? (Choose three.) A. NATs B. pools C. iRules D. nodes E. SNATs F. pool members G. virtual servers Answer: B,D,F QUESTION NO: 119 What is required for a virtual server to support clients whose traffic arrives on the internal VLAN and pool members whose traffic arrives on the external VLAN? A. That support is never available. B. The virtual server must be enabled for both VLANs. C. The virtual server must be enabled on the internal VLAN. D. The virtual server must be enabled on the external VLAN. Answer: C QUESTION NO: 120 A BIG-IP Administrator discovers malicious brute-force attempts to access the BIG-IP device on the management interface via SSH. The BIG-IP Administrator needs to restrict SSH access to the management interface. Where should this be accomplished? A. System > Configuration B. Network > Interfaces C. Network > Self IPs D. System > Platform Answer: D QUESTION NO: 121 Users report that traffic is negatively affected every time a BIG-IP device fails over. The traffic becomes stabilized after a few minutes. What should the BIG-IP Administrator do to reduce the impact of future failovers? A. Enable Failover Multicast Configuration B. Set up Failover Method to HA Order C. Configure MAC Masquerade D. Configure a global SNAT Listener Answer: C QUESTION NO: 122 Refer to the exhibit. The BIG-IP Administrator needs to avoid overloading any of the Pool 44 IT Certification Guaranteed, The Easy Way! Members with connections, when they become active. What should the BIG-IP Administrator configure to meet this requirement? A. Different Ratio for each member B. Same Priority Group to each member C. Action On Service Down to Reselect D. Slow Ramp Time to the Pool Answer: D QUESTION NO: 123 The BIG-IP Administrator disable all pool members in a pool Users are still able to reach the pool members. What is allowing users to continue to reach the disabled poo! members? A. A slow to time on Pool B. A persistence profile on the Virtual Server C. A slow ramp time on virtual Server D. A persistence profile on the Pool Answer: B QUESTION NO: 124 A development team needs to apply a software fix and troubleshoot one of its servers. The BIG-IP Administrator needs to immediately remove all connections from the BIG-IP system to the back end server. The BIG-IP Administrator checks the Virtual Server configuration and finds that a persistence profile is assigned to it. What should the 8IG-IP Administrator do to meet this requirement? A. Set the pool member to a Forced Offline state and manually delete easting connections through the command line. B. Set the pool member to a Forced Offline state. C. Set the pool member to a Disabled state. D. Set the pool member to a Disabled state and manually delete existing connections through the command line. Answer: A QUESTION NO: 125 Which Virtual Server type prevents the use of a default pool? A. Performance (Layer 4) B. Forwarding (IP) C. Performance HTTP D. Standard Answer: B Explanation: Forwarding (IP) cannot be associated with the pool. QUESTION NO: 126 A 8IG-IP Administrator configures a Virtual Server to load balance traffic between 50 45 IT Certification Guaranteed, The Easy Way! webservers for an ecommerce website Traffic is being load balanced using the Least Connections (node) method. The webserver administrators report that customers are losing the contents from their shopping carts and are unable to complete their orders. What should the BIG-IP Administrator do to resolve the issue? A. Change Default Persistence Profile setting to cookie B. Change Load Balancing method to Ratio (member) C. Change Default Persistence Profile setting to sipjnfo D. Change Load Balancing method to Ratio (node) Answer: A QUESTION NO: 127 During a maintenance window, an EUD test was executed and the output displayed on the screen. The BIG-IP Administrator did NOT save the screen output. The BIG-IP device is currently handling business critical traffic. The BIG-IP Administrator needs to minimize impact. What should the BIG-IP Administrator do to provide the EUD results to F5 Support? A. Boot the device into EUD then collect output from console B. Execute EUD from tmsh and collect output from console C. Collect file /var/log/messages D. Collect file /shared/log/eud.log Answer: D QUESTION NO: 128 A virtual server is listening at 10.10.1.100:80 and has the following iRule associated with it: when HTTP_REQUEST { if {[HTTP::uri] ends_with "txt" } { pool pool1 } elseif {[HTTP::uri] ends_with "php" } { pool pool2 } If a user connects to http://10.10.1.100/foo.html, which pool will receive the request? A. pool1 B. pool2 C. None. The request will be dropped. D. Unknown. The pool cannot be determined from the information provided. Answer: D QUESTION NO: 129 A site is load balancing to a pool of web servers. Which statement is true concerning BIG IP's ability to verify whether the web servers are functioning properly or not? A. Web server monitors can test the content of any page on the server. B. Web server monitors always verify the contents of the index.html page. C. Web server monitors can test whether the server's address is reachable, but cannot test a page's content. D. Web server monitors can test the content of static web pages, but cannot test pages that would require the web server to dynamically build content. Answer: A 46 IT Certification Guaranteed, The Easy Way! QUESTION NO: 130 A configuration change is made on the standby member of a device group. What is displayed as "Recommended Action" on the Device Management Overview screen? A. Force active member of device group to standby B. Activate device with the most recent configuration C. Synchronize the active member configuration to the group. D. Synchronize the standby member configuration to the group Answer: D QUESTION NO: 131 The ICMP monitor has been assigned to all nodes. In addition, all pools have been assigned custom monitors. The pool is marked available. If a pool is marked available (green) which situation is sufficient to cause this? A. All of the pool member nodes are responding to the ICMP monitor as expected. B. Less than 50% of the pool member nodes responded to the ICMP echo request. C. All of the members of the pool have had their content updated recently and their responses no longer match the monitor. D. Over 25% of the pool members have had their content updated and it no longer matches the receive rule of the custom monitor. The other respond as expected. Answer: D QUESTION NO: 132 Which VLANs must be enabled for a SNAT to perform as desired (translating only desired packets)? A. The SNAT must be enabled for all VLANs. B. The SNAT must be enabled for the VLANs where desired packets leave the BIG-IP. C. The SNAT must be enabled for the VLANs where desired packets arrive on the BIG-IP. D. The SNAT must be enabled for the VLANs where desired packets arrive and leave the BIG-IP. Answer: C QUESTION NO: 133 A BIG-IP Administrator needs to apply a license to the BIG-IP system to increase the user count from the base license. Which steps should the BIG-IP Administrator? A. System License > Re-activate> Add-On Registration> Edit B. System > License > Re-activate > Base Registration> Edit C. Device Management > Devices > Select BIG-IP System > Update D. System > Configuration >Device > General Answer: A QUESTION NO: 134 A site needs to terminate client HTTPS traffic at the BIG-IP and forward that traffic unencrypted. Which two are profile types that must be associated with such a virtual server? 47 IT Certification Guaranteed, The Easy Way! (Choose two.) A. TCP B. HTTP C. HTTPS D. ClientSSL E. ServerSSL Answer: A,D QUESTION NO: 135 How is persistence configured? A. Persistence is an option within each pool's definition. B. Persistence is a profile type; an appropriate profile is created and associated with virtual server. C. Persistence is a global setting; once enabled, loadbalancing choices are superceded by the persistence method that is specified. 48 IT Certification Guaranteed, The Easy Way! D. Persistence is an option for each pool member. When a pool is defined, each member's definition includes the option for persistence. Answer: B QUESTION NO: 136 A BIG-IP Administrator plans to upgrade a BIG-IP device to the latest TMOS version. Which two tools could the administrator leverage to verify known issues for the target versions? (Choose two.) A. F5 University B. F5 Downloads C. F5 End User Diagnostics (EUD) D. FSiHealth E. F5 Bug Tracker Answer: D,E Explanation: F5 University -- F5 learning materials F5 Downloads - iso download page F5 End User Diagnostics (EUD) -- Hardware detection QUESTION NO: 137 A BIG-IP Administrator is working with a BIG-IP device and discovers that one of the Interfaces on a Trunk is DOWN. What is the reason for this Interface status? A. The switch is NOT connected to the Interface B. There is NO transceiver installed on the Interface C. There is NO default route configured for this trunk D. The media speed of the interface has NOT been set Answer: A QUESTION NO: 138 Which must be sent to the license server to generate a new license? A. the system's dossier B. the system's host name C. the system's base license D. the system's purchase order number Answer: A QUESTION NO: 139 Refer to the exhibit. 49 IT Certification Guaranteed, The Easy Way! According to the shown Configuration Utility stings What is the setting of the User Directory configuration under the Authentication submenu? A. Local B. Managed C. Remote-TACACS+ D. Default system configuration Answer: C QUESTION NO: 140 Assume a BIG-IP has no NATs or SNATs configured. Which two scenarios are possible when client traffic arrives on a BIG-IP that is NOT destined to a self-IP? (Choose two.) A. If the destination of the traffic does not match a virtual server, the traffic will be discarded. B. If the destination of the traffic does not match a virtual server, the traffic will be forwarded based on routing tables. C. If the destination of the traffic matches a virtual server, the traffic will be processed per the virtual server definition. D. If the destination of the traffic matches a virtual server, the traffic will be forwarded, but it cannot be loadbalanced since no SNAT has been configured. Answer: A,C QUESTION NO: 141 Assume a virtual server is configured with a ClientSSL profile. What would the result be if the virtual server's destination port were not 443? A. SSL termination could not be performed if the virtual server's port was not port 443. B. Virtual servers with a ClientSSL profile are always configured with a destination port of 443. C. As long as client traffic was directed to the alternate port, the virtual server would work as intended. D. Since the virtual server is associated with a ClientSSL profile, it will always process traffic sent to port 443. 50 IT Certification Guaranteed, The Easy Way! Answer: C QUESTION NO: 142 Refer to the exhibit. A BIG-IP Administrator configures a Virtual Server to handle HTTPS traffic. Users report that the application is NOT working. Which actional configuration is regard to resolve this issue? A. Configure SSL Profile (Client) B. Configure Protocol Profile (Server) C. Configure Service Profile HTTP D. Configure SSL Profile (Server) Answer: A QUESTION NO: 143 The BIG-IP Administrator needs to perform a BIG-IP device upgrade to the latest version of TMOS. Where can the administrator obtain F5 documentation on upgrade requirements? A. AskF5 B. DevCentral C. Bug Tracker D. iHealth Answer: A QUESTION NO: 144 When configuring a Virtual Server to use an iRule with an HTTP_REQUEST event, which lists required steps in a proper order to create all necessary objects? A. create profiles, create the iRule, create required pools, create the Virtual Server B. create the Virtual Server, create required pools, create the iRule, edit the Virtual Server C. create a custom HTTP profile, create required pools, create the Virtual Server, create the iRule D. create required pools, create a custom HTTP profile, create the iRule, create the Virtual Server 51 IT Certification Guaranteed, The Easy Way! Answer: B QUESTION NO: 145 A node is a member of various pools and hosts different web applications. If a web application is unavailable, the BIG-IP appliance needs to mark the pool member down for that application pool. What should a BIG-IP Administrator deploy at the pool level to accomplish this? A. A UDP monitor with a custom interval/timeout B. A combination of ICMP + TCP monitor C. An HTTP monitor with custom send/receive strings D. A TCP monitor with a custom interval/timeout Answer: C Explanation: Requiring all traffic to be HTTPS access requires HTTP requests to be redirected directly to HTTPS. QUESTION NO: 146 When configuring a pool member's monitor, which three association options are available? (Choose three.) A. inherit the pool's monitor B. inherit the node's monitor C. configure a default monitor D. assign a monitor to the specific member E. do not assign any monitor to the specific member Answer: A,D,E QUESTION NO: 147 A BIG-IP Administrator needs to find which modules have been licensed for use on the BIG- IP system. In which section of the Configuration Utility can the BIG-IP Administrator find this information? A. System > Services B. System > Resource Provisioning C. System > Platform D. System > Support Answer: B QUESTION NO: 148 A 8IG-IP Administrator configures a node with a standard icmp Health Monitor. The Node shows as DOWN although the Backend Server is configured to answer ICMP requests. Which step should the administrator take next to find the root cause of this issue? A. Run a curl Run a qkview B. Run a qkview C. Runatcpdump D. Runanssldump 52 IT Certification Guaranteed, The Easy Way! Answer: C QUESTION NO: 149 A virtual server is listening at 10.10.1.100:any and has the following iRule associated with it: when CLIENT_ACCEPTED { if {[TCP::local_port] equals 80 } { pool pool1 } elseif {[TCP::local_port] equals 443} { pool pool2 } If a user connects to 10.10.1.100 and port 22, which pool will receive the request? A. pool1 B. pool2 C. None. The request will be dropped. D. Unknown. The pool cannot be determined from the information provided. Answer: D QUESTION NO: 150 Refer to the exhibit. How long will the persistence record remain in the table? A. 180 seconds after the last packet 53 IT Certification Guaranteed, The Easy Way! B. 180 seconds after the initial table entry C. 300 seconds after the initial table entry D. 300 seconds after the last packet Answer: D QUESTION NO: 151 Which process or system can be monitored by the BIG-IP system and used as a failover trigger in a redundant pair configuration? A. bandwidth utilization B. duplicate IP address C. CPU utilization percentage D. VLAN communication ability Answer: D QUESTION NO: 152 When network failover is enabled, which of the following is true? A. The failover cable status is ignored. Failover is determined by the network status only. B. Either a network failure or loss of voltage across the failover cable will cause a failover. C. A network failure will not cause a failover as long as there is a voltage across the failover cable. D. The presence or absence of voltage over the fail over cable takes precedence over network failover. Answer: C QUESTION NO: 153 When can a single virtual server be associated with multiple profiles? A. Never. Each virtual server has a maximum of one profile. B. Often. Profiles work on different layers and combining profiles is common. C. Rarely. One combination, using both the TCP and HTTP profile does occur, but it is the exception. D. Unlimited. Profiles can work together in any combination to ensure that all traffic types are supported in a given virtual server. Answer: B QUESTION NO: 154 Where is the loadbalancing mode specified? A. within the pool definition B. within the node definition C. within the virtual server definition D. within the pool member definition Answer: A QUESTION NO: 155 54 IT Certification Guaranteed, The Easy Way! A site has assigned the ICMP monitor to all nodes and a custom monitor, based on the HTTP template, to a pool of web servers. The HTTP based monitor is working in all cases. The ICMP monitor is failing for 2 of the pool member 5 nodes. All other settings are default. What is the status of the monitor is working in all cases? A. All pool members are up since the HTTPbased monitor is successful. B. All pool members are down since the ICMPbased monitor is failing in some cases. C. The pool members whose nodes are failing the ICMPbased monitor will be marked disabled. D. The pool members whose nodes are failing the ICMPbased monitor will be marked unavailable. Answer: D QUESTION NO: 156 Which parameters are set to the same value when a pair of BIG-IP devices are synchronized? A. host names B. system clocks C. profile definitions D. VLAN failsafe settings E. MAC masquerade addresses Answer: C QUESTION NO: 157 Where is connection mirroring configured? A. It an option within a TCP profile. B. It is an optional feature of each pool. C. It is not configured; it is default behavior. D. It is an optional feature of each virtual server. Answer: D QUESTION NO: 158 A BIG-IP Administrator plans to resolve a non-critical issue with a BIG-IP device in 2 weeks. What Severity level should be assigned to this type of F5 support ticket? A. 4 B. 2 C. 3 D. 1 Answer: A QUESTION NO: 159 When initially configuring the BIG-IP system using the config utility, which two parameters can be set? (Choose two.) A. the netmask of the SCCP 55 IT Certification Guaranteed, The Easy Way! B. the IP address of the SCCP C. the port lockdown settings for the SCCP D. the netmask of the host via the management port E. the IP address of the host via the management port F. the port lockdown settings for the host via the management port Answer: D,E QUESTION NO: 160 A BIG-IP Administrator is checking the BIG-IP device for known vulnerabilities. What should the 8IG-IP Administrator upload to BIG-IP iHealth for further analysis? A. QKView B. EUD C. UCS D. tcpdump Answer: A QUESTION NO: 161 Active connections to pool members are unevenly distributed. The load balancing method is Least Connections (member) Priority Group Activation is disabled. What is a potential cause of the event distribution? A. Priority Group Activation is disabled B. SSL Profile Server is applied C. Persistence profile is applied D. incorrect load balancing method Answer: C QUESTION NO: 162 A BIGJP Administrator needs to load a UCS file but must exclude the license file. How should the administrator perform this task? A. From the CLI with command U tmsh load /$ys ucs no-license B. From the GUI, select the UCS file, unchcck the license box, and click restore C. From the CLI with command(tmos) tmsh load /sys ucs no-license D. From the GUI, select the UCS file and click restore Answer: A QUESTION NO: 163 Assume the bigd daemon fails on the active system. Which three are possible results? (Choose three.) A. The active system will restart the bigd daemon and continue in active mode. B. The active system will restart the tmm daemon and continue in active mode. C. The active system will reboot and the standby system will go into active mode. D. The active system will failover and the standby system will go into active mode. E. The active system will continue in active mode but gather member and node state 56 IT Certification Guaranteed, The Easy Way! information from the standby system. Answer: A,C,D QUESTION NO: 164 Refer to the exhibit. A BIG-IP Administrator needs to configure health monitors for a newly configured server pool named Pool_B. Which health monitor settings will ensure that all pool members will be accurately marked as available or unavailable? A. HTTPS, HTTP, FTP, and ICMP, with the Availability Requirement of all health monitors B. HTTPS, HTTP, FTP, and SSH, with the Availability Requirement of at least one monitor C. HTTPS and HTTP with the Availability Requirement of at least one health monitor D. HTTPS, HTTP, FTP, and SSH with the Availability Requirement of all health monitors Answer: B Explanation: From the port, the four members are HTTP, FTP, HTTPS, and SSH applications. If you want to monitor at the same time, you must configure at least one. QUESTION NO: 165 The BIG-IP Administrator needs to ensure the correct health monitor is being used lor a new HTTP pool named P_example. Where should the BIG-IP Administrator validate these settings in the Configuration Utility? A. Local Traffic > Nodes > Default Monitor B. Local Traffic > Profiles > Services > HTTP > http C. Local Traffic > Monitors > http D. Local Traffic > Pools > P_ example Answer: D QUESTION NO: 166 57 IT Certification Guaranteed, The Easy Way! Refer to the exhibit. A BIG-IP Administrator creates a new Virtual Server to load balance SSH traffic. Users are unable to log on to the servers. What should the BIG-IP Administrator do to resolve the issue? A. Set Protocol to UDP B. Set HTTP Profile to None C. Set Source Address to 10.1.1.2 D. Set Destination Addresses/Mask to 0.0.0.0/0 Answer: B QUESTION NO: 167 A BIG-IP has a virtual server at 150.150.10.10:80 with SNAT automap configured. This BIG- IP also has a SNAT at 150.150.10.11 set for a source address range of 200.200.1.0 / 255.255.255.0. All other settings are at their default states. If a client with the IP address 200.200.1.1 sends a request to the virtual server, what is the source IP address when the associated packet is sent to the pool member? A. 200.200.1.1 B. 150.150.10.11 C. Floating self IP address on VLAN where the packet leaves the system D. Floating self IP address on VLAN where the packet arrives on the system Answer: C 58 IT Certification Guaranteed, The Easy Way! QUESTION NO: 168 A virtual server is configured to offload SSL from a pool of backend servers. When users connect to the virtual server, they successfully establish an SSL connection but no content is displayed. A packet trace performed on the server shows that the server receives and responds to the request. What should a BIG-IP Administrator do to resolve the problem? A. enable Server SSL profile B. disable Server SSL profile C. disable SNAT D. enable SNAT Answer: B QUESTION NO: 169 A BIG-IP Administrator is configuring an SSH Pool with five members. Which Health Monitor should be applied to ensure that available pool members are monitored accordingly? A. https B. udp C. http D. tcp Answer: D QUESTION NO: 170 A site needs a virtual server that will use an iRule to parse HTTPS traffic based on HTTP header values. Which two profile types must be associated with such a virtual server? (Choose two.) A. TCP B. HTTP C. HTTPS D. ServerSSL Answer: A,B QUESTION NO: 171 A BIG-IP Administrator is configuring a pool with members who have differing capabilities. Connections to pool members must be load balanced appropriately. Which load balancing method should the BIG-IP Administrator use? A. Least Sessions B. Least Connections (member) C. Fastest (node) D. Weighted Least Connections (member) Answer: D QUESTION NO: 172 A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing power outages. 59 IT Certification Guaranteed, The Easy Way! Which log file should the BIG-IP Administrator check to verify the suspicion? A. /war /log/daemon.log B. /var/log/kern.log C. /var/log/ltm D. /var/log/audit Answer: C QUESTION NO: 173 A 816-IP Administrator recently deployed an application Users are experiencing slow performance with the application on some remote networks. Which two modifications can the BIG-IP Administrator make to address this issue? (Choose two) A. Apply dest addr profile to the Virtual Server B. Apply f5-tcp-wan profile to the Virtual Server C. Apply f5-tcp-lan profile to the Virtual Server D. Apply source_addr profile to the Virtual Server E. Apply fasti_4 profile to the Virtual Server Answer: B,C QUESTION NO: 174 The incoming client IP address is 195.64.45.52 and the last five connections have been sent to members A, C, E, D and B. Given the virtual server, pool, and persistence definitions and statistics shown in the above graphic, which member will be used for the next connection? 60 IT Certification Guaranteed, The Easy Way! A. 10.10.20.1:80 B. 10.10.20.2:80 C. 10.10.20.3:80 D. 10.10.20.4:80 E. 10.10.20.5:80 F. It cannot be determined with the information given. Answer: C QUESTION NO: 175 Which two statements are true concerning the default communication between a redundant pair of BIG-IP systems? (Choose two.) A. Synchronization occurs via a TCP connection using ports 683 and 684. B. Connection mirroring data is shared via a TCP connection using port 1028. 61 IT Certification Guaranteed, The Easy Way! C. Persistence mirroring data is shared via a TCP connection using port 1028. D. Connection mirroring data is shared through the serial fail over cable unless network failover is enabled. Answer: B,C QUESTION NO: 176 Which statement is true concerning the default communication between a redundant pair of BIG-IP devices? A. Communication between the systems cannot be effected by port lockdown settings. B. Data for both connection and persistence mirroring are shared through the same TCP connection. C. Regardless of the configuration, some data is communicated between the systems at regular intervals. D. Connection mirroring data is shared through the serial fail over cable unless network failover is enabled. Answer: B QUESTION NO: 177 A virtual server at 10.10.1.100:80 has the rule listed below applied. when HTTP_REQUEST { if {[HTTP::uri] ends_with "htm" } { pool pool1 } else if {[HTTP::uri] ends_with "xt" } { pool pool2 } If a user connects to http://10.10.1.100/foo.txt which pool will receive the request? A. pool1 B. pool2 C. None. The request will be dropped. D. Unknown. The pool cannot be determined from the information provided. Answer: B QUESTION NO: 178 How is MAC masquerading configured? A. Specify the desired MAC address for each VLAN for which you want this feature enabled. B. Specify the desired MAC address for each selfIP address for which you want this feature enabled. C. Specify the desired MAC address for each VLAN on the active system and synchronize the systems. D. Specify the desired MAC address for each floating selfIP address for which you want this feature enabled. Answer: A QUESTION NO: 179 What is the purpose of MAC masquerading? A. to prevent ARP cache errors B. to minimize ARP entries on routers C. to minimize connection loss due to ARP cache refresh delays D. to allow both BIGIP devices to simultaneously use the same MAC address 62 IT Certification Guaranteed, The Easy Way! Answer: C QUESTION NO: 180 Which three statements describe a characteristic of profiles? (Choose three.) A. Default profiles cannot be created or deleted. B. Custom profiles are always based on a parent profile. C. A profile can be a child of one profile and a parent of another. D. All changes to parent profiles are propagated to their child profiles. E. While most virtual servers have at least one profile associated with them, it is not required. Answer: A,B,C QUESTION NO: 181 An ecommerce company is experiencing latency issues with online shops during Black Friday's peak season. The BIG-IP Administrator detects an overall high CPU load on the BIG-IP device and wants to move the top utilized Virtual Servers to a dedicated BIG-IP device. Where should the BIG-IP Administrator determine the problematic Virtual Servers? A. System > Plattform B. Local Traffic > Virtual Servers > Virtual Server List C. Local Traffic > Network Map D. Statistics > Module Statistics > Local Traffic > Virtual Servers Answer: D QUESTION NO: 182 Refer to the exhibit. 63 IT Certification Guaranteed, The Easy Way! An LTM device has a virtual server mapped to www.f5.com. Users report that when they connect to /resources/201.1.2h.l_l.com they are unable to receive content. What is the likely cause of the issue? A. The pool associated with the virtual server does not have priority group activation enabled. B. The virtual address does not have ARP enabled. C. The virtual address does not have route advertising enabled. D. The pool associated with the virtual server is falling its health check. Answer: B QUESTION NO: 183 A BIG-IP Administrator configures remote authentication and needs to make sure that users can still login even when the remote authentication server is unavailable. Which action should the BIG-IP Administrators in the remote authentication configuration to meet this requirement? A. Set partition access to "All" B. Enable the Fallback to Local option C. Configure a remote role grove D. Configure a second remote user directory Answer: B QUESTION NO: 184 Refer to the exhibit. 64 IT Certification Guaranteed, The Easy Way! A user notifies the BIG-IP Administrator that http://remote company.com is NOT accessible. Remote access to company resources must be encrypted. What should the BIG-IP Administrator do to fix the issue? A. Change the Listening Port on remote.company.com_vs to Port 80 B. Add a Pool to the Virtual Server remote.company.com_VS C. Add an iRule to remote.company.com_vs to redirect Traffic to HTTPS D. Change the Type of the Virtual Server remote.company.com_vs to Forwarding Requiring all traffic to be HTTPS access requires HTTP requests to be redirected directly to HTTPS. Answer: C QUESTION NO: 185 A BIG-IP Administrator needs to have a BIG-IP linked to two upstream switches for resilience of the external network. The network engineer who is going to configure the switch instructs the BIG-IP Administrator to configure interface binding with LACP. Which configuration should the administrator use? A. A virtual server with an LACP profile and the switches' management IPs as pool members. B. A virtual server with an LACP profile and the interfaces connected to the switches as pool 65 IT Certification Guaranteed, The Easy Way! members. C. A Trunk listing the allowed VLAN IDs and MAC addresses configured on the switches. D. A Trunk containing an interface connected to each switch. Answer: D QUESTION NO: 186 A local user account (Users) on the BIG-IP device is assigned the User Manager role. Userl attempts to modify the properties of another account (User2), but the action fails. The BIG-IP Administrator can successfully modify the User2 account. Assuming the principle of least privilege, what is the correct way to allow User 1 to modify User2 properties? A. Move User2 to the same partition as User1 B. Grant User1 administrative privileges C. Move User to the same partition as User2. D. Modify the partition access for User 1 Answer: D QUESTION NO: 187 A BIG-IP Administrator is unable to connect to the management interface via HTTPS. What is a possible reason for this issue? A. The port lockdown setting is configured to Allow None. B. An incorrect management route is specified. C. The IP address of the device used to access the management interface is NOT included in the "P Allow" list in the Configuration Utility. D. The IP address of the device used to access the management interface is NOT included in the "httpd Allow" list in the CLI. Answer: D QUESTION NO: 188 A BIG-IP Administrator makes a configuration change to the BIG-IP device. Which file logs the message regarding the configuration change? A. /var/log/messages B. /var/log/audit C. /var/log/user.log D. /var/log/secure Answer: B Explanation: About audit logging Audit logging is an optional feature that togs messages whenever a BIG-IP® system object, such as a virtual server or a load balancing pool, is confined (that is. created, modified, or deleted). The BiGIP system logs the messages for these auditing events in the file /var/log'audit There are three ways that objects can be configured * By user action * By system action 66 IT Certification Guaranteed, The Easy Way! * By loading configuration data Whenever an object is configured in one of these ways, the BIG-IP system logs a message to the audit log QUESTION NO: 189 Administrative user accounts have been defined on the remote LDAP server and are unable to log in to the BIG-IP device. Which log file should the BIG-IP Administrator check to find the related messages? A. /var/log/secure B. /var/log/messages C. /Nar/log/ltm D. /var/log/user.log Answer: A QUESTION NO: 190 Refer to the exhibit. A BIG-IP Administrator creates a new Virtual Server. The end user is unable to access the 67 IT Certification Guaranteed, The Easy Way! page. During troubleshooting, the administrator learns that the connection between the BIG- IP system and server is NOT set up correctly. What should the administrator do to solve this issue? A. Disable Address Translation B. Set Address Translation to Auto Map, configure a SNAT pool, and have pool members in the same subnet of the servers C. Set Address Translation to SNAT and configure a specific translation address D. Set Address Translation to SNAT and have self-IP configured in the same subnet of servers Answer: C Explanation: The status of the pool can be seen that the members are all up, indicating that the network from F5 to the server is no problem, so there is no need to configure selfip on the same subnet. The monitor is normal but the access is not normal, you have to consider the problem of snat, you can configure automap or configure snat and specify snat ip. QUESTION NO: 191 Which action will take place when a failover trigger is detected by the active system? A. The active device will take the action specified for the failure. B. The standby device also detects the failure and assumes the active role. C. The active device will wait for all connections to terminate and then failover. D. The standby device will begin processing virtual servers that have failed, but the active device will continue servicing the functional virtual servers. Answer: A QUESTION NO: 192 Which two statements are true about NATs? (Choose two.) A. NATs support UDP, TCP, and ICMP traffic. B. NATs can be configured with mirroring enabled or disabled. C. NATs provide a one-to-one mapping between IP addresses. D. NATs provide a many-to-one mapping between IP addresses. Answer: A,C QUESTION NO: 193 A BIG-IP Administrator needs to restore a UCS file to an F5 device using the Configuration Utility. Which section of the Configuration Utility should the BIG-IP Administrator access to perform this task? A. Local Traffic > Virtual Servers B. Local Traffic > Policies C. System > Archives D. System > Configuration Answer: C QUESTION NO: 194 68 IT Certification Guaranteed, The Easy Way! A BIG-IP Administrator is informed that traffic on Interface 1.1 is expected to increase over the maximum bandwidth capacity on the link. There is a single VLAN on the Interface. What should the 8IG-IP Administrator do to increase the total available bandwidth? A. Assign two Interfaces to the VLAN B. Set the media speed of Interface 1.1 manually C. Create a trunk object with two Interfaces D. Increase the MTU on the VLAN using Interface 1.1 Answer: C QUESTION NO: 195 A Standard Virtual Server configured for an application reports poor network performance. This application is accessed mainly from computers on the Internet. What should the BIG-IP Administrator configure on the Virtual Server to achieve better network performance? A. Protocol Profile (Client) with f5-tcp-wan and Protocol Profile (Server) with f5-tcp-lan B. Protocol Profile (Client) with f5-tcp-lan C. Protocol Profile (Client) with fS-tcp-lan and Protocol Profile (Server) with f5-tcp-wan D. Protocol Profile (Client) with f5-tcp-optimized Answer: A QUESTION NO: 196 A new BIG-IP VE is deployed with default settings. The BIG-IP Administrator completes the setup utility in the Configuration Utility. The internal self IP address fails to respond to a ping request. What is a possible cause of this issue? A. Port lockdown on internal self IP is set to Allow None B. Route is NOT assigned to internal self IP. C. Internal interface VLAN is set to untagged D. Internal interface VLAN is set to tagged Answer: D QUESTION NO: 197 Which statement is true concerning a functional iRule? A. iRules use a proprietary syntax language. B. iRules must contain at least one event declaration. C. iRules must contain at least one conditional statement. D. iRules must contain at least one pool assignment statement. Answer: B QUESTION NO: 198 A BIG-IP Administrator must configure the BIG-IP device to send system log messages to a remote syslog server In addition, the log messages need to be sent over TCP for guaranteed delivery. What should the BIG-IP Administrator configure? A. HSL Logging B. syslog-ng 69 IT Certification Guaranteed, The Easy Way! C. Remote Logging D. Request Logging Profile Answer: C QUESTION NO: 199 Refer to the exhibit. How are new connections load balanced? A. To the first two members listed with the same priority group B. To the pool member with the least number of connections C. To the pool member with a high priority group value defined D. To the pool member with a low priority group value defined Answer: B QUESTION NO: 200 DNS queries from two internal DNS servers are being load balanced to external DNS Servers via a Virtual Server on a BIG-P device. The DNS queries originate from 192.168.101.100 and 192.168.101.200 and target 192.168.21.50 All DNS queries destined for the external DNS Servers fail Which property change should the BIG-IP Administrator make in the Virtual Server to resolve this issue? A. Protocol Profile (Client) to DNS-OPTIMZED B. Type to Performance (HTTP) C. Protocol to UDP D. Source Address to
