New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

Note: This exam is available on Demand only. You can Pre-Order this Exam and we will arrange this for you. Buy Now

303 Questions and Answers

Question # 6

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist has created a virtual server to balance connections to a pool of application servers and offload SSL decryption. Clients connect to the application at https://www.example.com/. The virtual server is configured with a clientssl profile but no serverssl profile. The application servers are listening on ports 80 and 443. Users are unable to connect to the application through the virtual server but are able to connect directly to the application server.

What is the root cause of the error?

A.

The LTM device is chunking responses.

B.

The LTM device is redirecting users to HTTPS.

C.

The pool members are configured with the wrong port.

D.

The application servers are redirecting users to HTTPS.

Full Access
Question # 7

In an iApp, which configuration protects against accidental changes to an application Services configuration?

A.

Components

B.

Strict Updates

C.

Name

D.

Template

Full Access
Question # 8

Refer to the exhibit.

A BIG-IP Administrator needs to configure health monitors for a newly configured server pool named

Pool_B.

Which health monitor settings will ensure that all pool members will be accurately marked as available

or unavailable?

A.

HTTPS, HTTP, FTP, and ICMP, with the Availability Requirement of all health monitors

B.

HTTPS, HTTP, FTP, and SSH, with the Availability Requirement of at least one monitor

C.

HTTPS and HTTP with the Availability Requirement of at least one health monitor

D.

HTTPS, HTTP, FTP, and SSH with the Availability Requirement of all health monitors

Full Access
Question # 9

Administrative user accounts have been defined on the remote LDAP server and are unable to log in to

the BIG-IP device.

Which log file should the BIG-IP Administrator check to find the related messages?

A.

/var/log/secure

B.

/var/log/messages

C.

/Nar/log/ltm

D.

/var/log/user.log

Full Access
Question # 10

A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing power

outages.

Which log file should the BIG-IP Administrator check to verify the suspicion?

A.

/war /log/daemon.log

B.

/var/log/kern.log

C.

/var/log/ltm

D.

/var/log/audit

Full Access
Question # 11

A user is having issues with connectivity to an HTTPS virtual server. The virtual server is on the LTM device's external vlan, and the pools associated with the virtual server are on the internal vlan. An LTM Specialist does a tcpdump on the external interface and notices that the host header is incomplete.

In which location should the LTM Specialist put a traffic analyzer to gather the most pertinent data?

A.

server

B.

external VLAN

C.

internal VLAN

D.

client machine

Full Access
Question # 12

A BIG-IP Administrator finds the following log entry:

tnm tmm[7141]: 011e0002:4: sweeperjjpdate: aggressive mode activated.

Which action should the BIG-IP Administrator to mitigate this memory issue?

A.

Configure the redundant par to be active-active

B.

Decrease the TCP profile ide Timeout value

C.

increase the TCP profile ide Timeout value

D.

Configure the serve to use Connection Mirroring

Full Access
Question # 13

An LTM Specialist has set up a custom SNMP alert.

Which command line tool should the LTM Specialist use to test the alert?

A.

logger

B.

logtest

C.

testlog

D.

snmptest

Full Access
Question # 14

A high-availability (HA) pair configuration uses only the hardwire serial cable connection to determine device state. A power outage occurs to the PDU powering the active unit. The standby unit takes over the active role as expected.

How is the peer unit able to determine the active unit is unavailable?

A.

voltage loss on serial cable

B.

no data stream received on serial port

C.

no response on management interface

D.

no heartbeat packets received on self IPs

Full Access
Question # 15

What should an LTM Specialist configure on an LTM device to send AVR notification emails?

A.

Email notification to be sent via iControl from the LTM device

B.

Syslog on the LTM device to send to an SMTP server

C.

Custom SNMP traps on the LTM device for AVR notifications

D.

Email notification to be sent via SMTP from the LTM device

Full Access
Question # 16

Refer to the exhibit.

How many nodes are represented on the network map shown?

A.

Four

B.

Three

C.

One

D.

Two

Full Access
Question # 17

A virtual server for a set of web services is constructed on an LTM device. The LTM Specialist has created an iRule and applied this iRule to the virtual server:

when HTTP_REQUEST {

switch [HTTP::uri] {

"/WS1/ws.jsp" {

log local0. "[HTTP::uri]-Redirected to JSP Pool"

pool JSP

}

default { log local0. "[HTTP::uri]-Redirected to Non-JSP Pool"

pool NonJSP

}

}

}

However, the iRule is NOT behaving as expected. Below is a snapshot of the log:

/WS1/ws.jsp-Redirected to JSP Pool

/WS1/ws.jsp-Redirected to JSP Pool

/WS1/ws.jsp-Redirected to JSP Pool

/WS1/WS.jsp-Redirected to Non-JSP Pool

/ws1/WS.jsp-Redirected to Non-JSP Pool

/WS1/ws.jsp-Redirected to JSP Pool

/ws1/ws.jsp-Redirected to Non-JSP Pool

What is the problem?

A.

The condition in the iRule is case sensitive.

B.

The 'switch' command in the iRule has been used incorrectly.

C.

The pool members of both pools need to be set up as case-insensitive members.

D.

The "Process Case-Insensitivity" option for the virtual server needs to be selected.

Full Access
Question # 18

What does the following iRule do?

when CLIENT_ACCEPTED {

if { [matchclass [IP::client_addr] equals WebClient1-Whitelist1] }{

#log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"

#Pool WebClient1

} else {

log local0. "Invalid client IP: [IP::client_addr] - discarding"

discard

}

}

A.

The iRule compares a client IP to a list. If the client IP is on the list, discard and log the discard.

B.

The iRule compares a client IP to a list. If the client IP is NOT on the list, discard and log the discard.

C.

The iRule compares a client IP to a list. If the client IP is on the list, the client is sent to Pool WebClient1. Otherwise, discard and log the discard.

D.

The iRule compares a client IP to a list. If the client IP is NOT on the list, the client is sent to Pool WebClient1. Otherwise, discard and log the discard.

Full Access
Question # 19

A VLAN has the following objects configured:

Self-IP 10.10.10.100 with port lockdown set to Allow default

Virtual server 10.10.10.100:443 with UDP profile enabled

Virtual server 10.10.10.0/24 port forwarding virtual server

Global destination NAT forwarding 10.10.10.100 to internal server 172.168.10.100

Which object will process this request when https://10.10.10.100 is entered into a browser?

A.

self-IP 10.10.10.100 with port lockdown set to Allow default

B.

virtual server 10.10.100/24 port o forwarding virtual server

C.

global destination NAT forwarding 10.10.10.100 to internal server 172.168.10.100

D.

virtual server 10.10.10.100.443 with UDP profile enabled

Full Access
Question # 20

Exhibit.

Webserver_pool consists of 6 members. phpAuction_80_pool consists of 2 members LTM1 is the current Activemember.

LTM1 loses connectivity to 3 of the 6 members in the webserver_pool LTM2 still has connectivity to all

servers.

What is the expected failover behavior?

A.

LTM1 Standby / LTM2 Standby

B.

LTM1 Active /LTM2 Active

C.

LTM1 Active / LTM2 Standby

D.

LTM1Standby / LTM2 Active

Full Access
Question # 21

An LTM Specialist is tasked with ensuring that the syslogs for the LTM device are sent to a remote syslog server.

The following is an extract from the config file detailing the node and monitor that the LTM device is using for the

remote syslog server:

monitor

Syslog_15002 {

defaults from udp

dest *:15002

}

node 91.223.45.231 {

monitor Syslog_15002

screen RemoteSYSLOG

}

There seem to be problems communicating with the remote syslog server. However, the pool monitor shows that the remote server is up.

The network department has confirmed that there are no firewall rules or networking issues preventing the LTM device from

communicating with the syslog server. The department responsible for the remote syslog server indicates that there may

be problems with the syslog server. The LTM Specialist checks the BIG-IP LTM logs for errors relating to the remote syslog

server. None are found. The LTM Specialist does a tcpdump:

tcpdump -nn port 15002, with the following results:

21:28:36.395543 IP 192.168.100.100.44772 > 91.223.45.231.15002: UDP, length 19

21:28:36.429073 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169

21:28:36.430714 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181

21:28:36.840524 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169

21:28:36.846547 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181

21:28:39.886343 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 144

NotE. 192.168.100.100 is the self IP of the LTM device.

Why are there no errors for the remote syslog server in the log files?

A.

The -log option for tcpdump needs to be used.

B.

The monitor type used is inappropriate.

C.

The "verbose" logging option needs to be enabled for the pool.

D.

When the remote syslog sever fails, it returns to service before the timeout for the monitor has expired.

Full Access
Question # 22

Exhibit.

The three VLANS shown provide connectivity to backend servers. The backend servers are being moved to unmanaged switches and require separate interfaces.

How should the F5 device interfaces be configured?

A.

Create a Trunk interface and combined interface 1.1.1.2 and 1.3.

B.

Create a Trunk interface and select VLAN„A, VLAN_B. and VLAN_C.

C.

Create VLAN named VLAN_A enter 100 under Tag and moveinterface 1.1 to tagged Create VLAN_B enter 200 and move interface 1.2 to tagged Create VLAN_C Center 300 and move interface 1.3 to tagged.

D.

Create VLAN_A move interface 1.1 to untagged. Create VLAN_B move interface 1.2 to untagged. Create VLAN_C move interface 1.3 to untagged.

Full Access
Question # 23

Refer to the exhibit.

A BIG-IP Administrator configures a now VLAN on an HA pair of devices that does NOT yet have any

traffic. This action causes the assigned traffic group to fail over to the standby device.

Which VLAN setting should be changed to prevent this issue?

A.

Auto Last Hop

B.

Fail-safe

C.

Customer Tag

D.

Source Check

Full Access
Question # 24

A BIG-IP Administrator creates a new VLAN on BIG-IP Cluster Member A and attaches an Interface to it. Although the Auto Config Sync is in place, the new VLAN does NOT show up on Cluster Member B. What should the BIG-IP Administrator do to ensure the new VLAN is configured on each Cluster Member?

A.

Configure the new VLAN manually on Cluster Member B.

B.

Reset the Device Trust of the BIG-IP Cluster on either Cluster Member.

C.

Configure a Default Route for the new VLAN on Cluster Member A.

D.

Enable the Interface that is attached to the new VLAN on Cluster Member A.

Full Access
Question # 25

An LTM Specialist decides to offload SSL traffic on the LTM device instead of just passing it through. The LTM Specialist needs to change the configure from a Performance (Layer 40 virtual server to a Standard virtual server with SSL offload.

Which two element the LTM Specialist consider when performance this task? (Choose two.)

A.

CPU load

B.

Sensitive connections

C.

Port exhaustion

D.

Memory load

E.

Connection mirroring

Full Access
Question # 26

An unwanted IP addresstries to connect to the configuration utility via Self IP An LTM Specialist needs to block the attempts based on the IP address.

How should the ITM Specialist block the attempts without affecting other users?

A.

SSH IP allow list

B.

Port lockdown

C.

Devicetrust

D.

Packet filter

Full Access
Question # 27

A node is a member of various pools and hosts different web applications. If a web application is unavailable, the BIG-IP appliance needs to mark the pool member down for that application pool. What should a BIG-IP Administrator deploy at the pool level to accomplish this?

A.

A UDP monitor with a custom interval/timeout

B.

A combination of ICMP + TCP monitor

C.

An HTTP monitor with custom send/receive strings

D.

A TCP monitor with a custom interval/timeout

Full Access
Question # 28

An application requires load balancing functionality. The application must beencrypted to the client.

Certain content must be manipulated by the following IRule:

Which set of profiles must be applied to the virtual server?

A.

TCP, HTTP server SSL Stream

B.

TCP, HTTP, Client SSL, Stream

C.

TCP, HTTP, OnceConnect, Stream

D.

Fast L4, HTTP server SSL Stream

Full Access
Question # 29

An LTM Specialist reports that an application si no longer reachable after it has beenupgraded.

Nothing has been changed in the configuration on the LTM device.

The logs indicates that health monitors to all servers have failed as shown:

What should the LTM Specialist verify next?

A.

That the TCP hand shake with the servers is stall completed using tcpdump

B.

That the custom receive string for the HTTP monitor has changed with the upgrade

C.

That the can still ping the servers from te BIG_ IP device.

D.

That the firewall between the BIG-ip device and servers is still allowing HTTP

Full Access
Question # 30

The BIG-IP Administrator generates QKView using tmsh command "qkview -SO". In which directory does the BIG-IP appliance save the QKView?

A.

/etc/tmp

B.

/var/tmp

C.

/shared/qkview

D.

/var /tmp/qkview

Full Access
Question # 31

An IT support engineer needs to access and modify Virtual Servers in three partitions (Common /Banking and Dev) daily on a BIG-IP device. The company operates a Least Privilege access policy. What level of access does the IT support engineer need to ensure completion of daily roles?

A.

Manager in /common/Banking, and /Dev partitions

B.

Application Editor in /Common, /Banking, and /Dev partitions

C.

Manager in all partitions

D.

Application Editor in all partitions

Full Access
Question # 32

An ITM Specialist has the configuration shown:

The LTM Specialist needs to create a new virtual server in part B.

Which virtual address(es) should be used for the new virtual server?

A.

10.100.0.1 and.10.120.0.1

B.

10.90.0.1 and 10.12.0.1

C.

10.120.0.1 only

D.

10.90.0.1 and 10.100.0.1

Full Access
Question # 33

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is investigating reports that users are unable to perform some commands through an FTP virtual server. The LTM Specialist performs a capture on the server side of the LTM device.

What is the issue with the application?

A.

data connection failing

B.

LIST command disallowed

C.

PORT command disallowed

D.

command connection failing

Full Access
Question # 34

An LTM device pair is configured for failover and connection mirroring. The LTM devices are configured with virtual servers for HTTP, HTTPS with SSL offload, and SSH. An event occurs that causes a failover. HTTP and SSH sessions active at the time of failover remain active, but HTTPS sessions are dropped.

What is the root cause of this problem?

A.

The SSL certificates on the LTM devices do NOT match.

B.

Connection mirroring is incompatible with clientssl profiles.

C.

SNAT automap was NOT enabled for the HTTPS virtual servers.

D.

Connection mirroring was NOT enabled for the HTTPS virtual servers.

Full Access
Question # 35

The BIG-IP appliance fails to boot. The BIG-IP Administrator needs to run the End User Diagnostics (EUD)

utility to collect data to send to F5 Support.

Where can the BIG-IP Administrator access this utility?

A.

Console Port

B.

Internal VLAN interface

C.

External VLAN interface

D.

Management Port

Full Access
Question # 36

A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing power

outages.

Which log file should the BIG-IP Administrator check to verify the suspicion?

A.

/war /log/daemon.log

B.

/var/log/kern.log

C.

/var/log/ltm

D.

/var/log/audit

Full Access
Question # 37

Refer to the following iRule:

What is a complete list of profiles that must be applied to the virtual server for this iRule?

A.

Fast L4, HTTP

B.

TCP, HTTP

C.

TCP, HTTP, Client SSL

D.

Fast L4 , HTTP, Stream

Full Access
Question # 38

A BIG-IP Administrator must configure the BIG-IP device to send system log messages to a remote syslog server In addition, the log messages need to be sent over TCP for guaranteed delivery. What should the BIG-IP Administrator configure?

A.

syslog-ng

B.

Request Logging Profile

C.

HSL Logging

D.

Remote Logging

Full Access
Question # 39

An LTM Specialist has been asked to configure a virtual server to distribute connections between a pool of two application servers with addresses 172.16.20.1 and 172.16.20.2. The application servers are listening on TCP ports 80 and 443. The application administrators have asked that clients be directed to the same node for both HTTP and HTTPS requests within the same session.

Virtual servers vs_http and vs_https have been created, listening on 1.2.3.100:80 and 1.2.3.100:443, respectively.

Which configuration option will result in the desired behavior?

A.

Create pool app_pool with members 172.16.20.1:any and 172.16.20.2:any

Assign app_pool as the default pool for both vs_http and vs_https

Disable port translation for vs_http and vs_https

B.

Create pool http_pool with members 172.16.20.1:80 and 172.16.20.2:80

Assign pool http_pool as the default pool for both vs_https and vs_https

Disable port translation for vs_https

Create an SSL persistence profile with "match across virtual servers" enabled

Assign the persistence profile to vs_http.

C.

Create pool http_pool with members 172.16.20.1:80 and 172.16.20.2:80

Create pool https_pool with members 172.16.20.1:443 and 172.16.20.2:443

Assign http_pool as the default pool for vs_http

Assign https_pool as the default pool for vs_https

Create a source address persistence profile with "match across services" enabled

Assign the persistence profile to vs_http and vs_https

D.

Create pool http_pool with members 172.16.20.1:80 and 172.16.20.2:80

Create pool https_pool with members 172.16.20.1:443 and 172.16.20.2:443

Assign http_pool as the default pool for vs_http

Assign https_pool as the default pool for vs_https

Create an SSL persistence profile with "match across virtual servers" enabled

Assign the persistence profile to vs_http

Full Access
Question # 40

Refer to the exhibit.

An LTM device has a virtual server mapped to www.f5.com. Users report that when they connect to

/resources/201.1.2h.l_l.com they are unable to receive content.

What is the likely cause of the issue?

A.

The pool associated with the virtual server does not have priority group activation enabled.

B.

The virtual address does not have ARP enabled.

C.

The virtual address does not have route advertising enabled.

D.

The pool associated with the virtual server is falling its health check.

Full Access
Question # 41

RADIUS authentication has been configured on the LTM device. The default remote user access requirements are as shown:

  • Read only access tothe configuration Utility
  • Access to TMOS shell

Which two items need to be configured in this situation? (Choose two)

A.

Console access is Advanced Shell

B.

Console access is Read Only

C.

Default remote user role is Guest

D.

In Console access is TMSH

E.

Default remote user role is Manager

F.

Default remote user role is Operator

Full Access
Question # 42

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A pair of LTM devices are deployed in a high-availability (HA) pair as the diagram shows. After inserting a new rule on the firewalls, the LTM devices become Standby. The rule drops all outbound sessions to the Internet. Only inbound connections are allowed from the Internet. There are no other changes to the environment.

What triggered the LTM device failover?

A.

HA Group

B.

Auto Failback

C.

VLAN Failsafe

D.

Gateway Failsafe

Full Access
Question # 43

An LTM device has a virtual server mapped to www.f5.com with a pool assigned. Users report that when browsing, they are periodically required to re-login to /resources/201.1.7.b.2_l.com. The objects are defined as follows:

Virtual server. Destination 192.168.245.100:443 netmask 255.255.255.0

Persistence: SSL session persistence

Profiles: HTTP/TCP

Which persistence method should the BIG-IP Administrator apply to resolve this issue?

A.

Source address affinity

B.

hexadecimal

C.

SIP

D.

Destination address affinity

Full Access
Question # 44

A 816-IP Administrator recently deployed an application Users are experiencing slow performance with

the application on some remote networks.

Which two modifications can the BIG-IP Administrator make to address this issue? (Choose two)

A.

Apply dest addr profile to the Virtual Server

B.

Apply f5-tcp-wan profile to the Virtual Server

C.

Apply f5-tcp-lan profile to the Virtual Server

D.

Apply source_addr profile to the Virtual Server

E.

Apply fasti_4 profile to the Virtual Server

Full Access
Question # 45

Four members in a server pool have similar hardware platforms. An LTM Specialist needs the load balancing method that canselect the server with the fewest entries in the persistence table.

Which load balancing method should the LTM Specialist use?

A.

Observed

B.

Dynamic Ratio

C.

Least Sessions

D.

Leas Connections

Full Access
Question # 46

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Users report that a web application works incorrectly. Sometimes contextual data displayed on the web pages is accurate; other times it is inaccurate.

The LTM administrator looks at the connection table with a filter on one of the client IP addresses currently connected using the command "tmsh show sys connection cs-client-addr 10.0.20.1"

with the following results:

10.0.20.1:60048 10.0.20.88:80 10.0.20.1:60048 172.16.20.1:80 tcp 3 (tmm: 0)

10.0.20.1:60050 10.0.20.88:80 10.0.20.1:60050 172.16.20.3:80 tcp 3 (tmm: 0)

10.0.20.1:60047 10.0.20.88:80 10.0.20.1:60047 172.16.20.2:80 tcp 3 (tmm: 0)

10.0.20.1:60049 10.0.20.88:80 10.0.20.1:60049 172.16.20.1:80 tcp 3 (tmm: 0)

What is the solution to the problem?

A.

Synchronize the clock of the LTM device with NTP.

B.

Modify the load balancing method attached to the pool.

C.

Set up an HTTP cookie insert profile in the virtual server.

D.

Modify the setup of the monitor bound to the pool used by the application.

Full Access
Question # 47

A Standard Virtual Server for a web application is configured with Automap for the Source Address Translation option. The original source address of the client must be known by the backend servers. What should the BIG-IP Administrator configure to meet this requirement?

A.

The Virtual Server type as Performance (HTTP)

B.

An HTTP profile to insert the X-Forward-For header

C.

An HTTP Transparent profile

D.

A SNAT Pool with the client IP

Full Access
Question # 48

A BIG-IP Administrator explicitly creates a traffic group on a BIG-IP device.

Which two types of configuration objects can be associated with this traffic group? (Choose two.)

A.

Pool Members

B.

Virtual Addresses

C.

iRules

D.

VLANS

E.

Application Instances

Full Access
Question # 49

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

Users are able to access the application when connecting directly to the web server but are unsuccessful when connecting to the virtual server. Return traffic bypasses the LTM device using Layer 2 nPath routing.

Which configuration change resolves this problem?

A.

Enable a SNAT pool on the LTM device.

B.

Disable address translation on the LTM device.

C.

Configure a route on the web server to the client subnet.

D.

Configure the virtual server to listen on port 80 on the LTM device.

E.

Configure the VIP address on the loopback interface of the web server.

Full Access
Question # 50

In the BIG-IP Configuration Utility, a user requests a single screen view to determine the status of all Virtual Servers and associated pool members, as well as any iRules in use. Where should the BIG-IP Administrator instruct the user to find this view?

A.

Local Traffic > Monitors

B.

Local Traffic > Virtual Servers

C.

Local Traffic > Network Map

D.

Statistics

Full Access
Question # 51

An LTM Specialist plans to enable connection mirroring for a virtualserver in an HA environment.

What must the LTM Specialist consider before implementing the configuration change?

A.

Impact on system performance that might be noticeable

B.

The add-on license that is required for this feature to be available

C.

Creating the required separate interface for connection mirroring

D.

Decreased number of possible concurrent connections to that virtual server

Full Access
Question # 52

A web application sends information about message integrity and content life time to the client.

Which two HTTP headers should be used in sending the client information? (Choose two.)

A.

ETag

B.

Expect

C.

Expires

D.

Content-MD5

E.

Content-Range

F.

Content-Length

Full Access
Question # 53

Refer to the exhibit

Given the bigip conf extract shown where the servers only talk http on port 80, which node will receive thenext user request?

A.

72.10.1.1

B.

10.1.1.1

C.

10.1.1.2 0

D.

10.1.1.3

Full Access
Question # 54

An LTM Specialist needs to configures virtual server that uses PVA or OPVA Which virtual server type should be used?

A.

Stateless

B.

Performance (HTTP)

C.

Standard

D.

Performance (Layer 4)

Full Access
Question # 55

Which Virtual Server type prevents the use of a default pool?

A.

Performance (Layer 4)

B.

Forwarding (IP)

C.

Performance HTTP

D.

Standard

Full Access
Question # 56

An LTM Specialist is configuring a virtual server with an IP address.

Which configuration is unsupported?

A.

Performance 14 virtual server with an HTTP profile

B.

Standard virtual server with an HTTP profile

C.

Performance 14 virtual server with a FastHTTP profile

D.

Standard virtual server with a TCP profile

Full Access
Question # 57

A new web application is being deployed Mutual SSL authentication must be used to authenticate clients.

Which of the following two tasks must be completed to meet therequirements? (Choose two)

A.

configure the server SSL profile with "Client Certificate" Set to require

B.

configure the client SSL profile with "Client Certificate" set to require

C.

instruct the desktop team to update the web browser to the most recent release

D.

generate a CSR to register a certificate with the CA

E.

configure the client SSL profile with the Trusted .Certificate Authorities

Full Access
Question # 58

A BIG-IP Administrator is performing maintenance on the active BIG-IP device of an HA pair. The BIG-IP

Administrator needs to minimize traffic disruptions.

What should the BIG-IP Administrator do to start the maintenance activity?

A.

Reboot the BIG-IP device.

B.

Move resources to a new Traffic Group.

C.

Force the BIG-IP device to standby.

D.

Disable switch ports of the BIG-IP device.

Full Access
Question # 59

An LTM Specialist needs to rewrite text within an HTML response from a web server. A client is sending the following HTTP request:

GET / HTTP/1.1

Host: www.example.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-LanguagE. en-US,en;q=0.5

Accept-EncodinG. gzip, deflate

Cache-Control: no-cache

Connection: keep-alive

CookiE. somecookie=1

HTTP/1.1 200 OK

Server: Apache/2.2.15 (Unix)

Last-ModifieD. Wed, 12 Aug 2009 00:00:30 GMT

Accept-Ranges: bytes

Content-LengtH. 1063

X-Cnection: close

Content-TypE. text/html; charset=UTF-8

Vary: Accept-Encoding

Content-EncodinG. gzip

Connection: Keep-Alive

Although a stream profile has been added to the virtual server, the content within the HTTP response is NOT being matched and therefore NOT modified.

Which header field is contributing to the issue?

A.

HTTP Method

B.

Cookie content

C.

User-Agent Value

D.

Accept-Encoding header

Full Access
Question # 60

An LTM Specialist is creating a custom EAV monitor.

In which directory should the LTM Specialist upload the script?

A.

/usr/monitor

B.

/usr/monitors

C.

/config/monitors

D.

/usr/bin/monitors

E.

/config/templates

Full Access
Question # 61

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Which URL should be reported to the server/application team as getting user-visible errors?

A.

/env.cgi

B.

/page14.cgi

C.

/reflector.php

D.

/browserspecific.html

Full Access
Question # 62

During a high-demand traffic event, the BIG-IP Administrator needs to limit the number of new

connections per second allowed to a Virtual Server.

What should the administrator apply to accomplish this task?

A.

An HTTP Compression profile to the Virtual Server

B.

A connection rate limit to the Virtual Server

C.

A connection limit to the Virtual Server

D.

A OneConnect profile to the Virtual Server

Full Access
Question # 63

An LTM Specialist configures a new virtual server with a single pool member. The LTM Specialist has NOT defined a health monitor for the pool, pool member or node.

What is the status of the virtual server?

A.

Available (Enabled)

B.

Offline (Disabled)

C.

Unavailable (Enabled)

D.

Unknown (Enabled)

Full Access
Question # 64

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Which step should an LTM Specialist take to utilize AVR?

A.

provision AVR

B.

reboot the device

C.

install the AVR add-on

D.

license the device for AVR

Full Access
Question # 65

What should the LT'M Specialist add to the virtual server?

A.

one Stream profile and an iRule with the command of STREAM expression (@http:// @https:// @@internalapp@publicapp@)

B.

two Stream profiles and an iRule with the command of STREAM expression (@http:// @https:// @@internalapp@publicapp@)

C.

one Stream profile with the expression of @http:// @https:// @

D.

Two Stream profiles, one profile for each rewrite requirement

Full Access
Question # 66

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A client attempts to connect from a Google Chrome browser to a virtual server on a BIG-IP LTM. The virtual server is SSL Offloaded. When the client connects, the client receives an SSL error. After trying Mozilla Firefox and Internet Explorer browsers, the client still receives the same errors.

The LTM Specialist does an ssldump on the virtual server and receives the results as per the exhibit.

What is the problem?

A.

The SSL key length is incorrect.

B.

The BIG-IP LTM is NOT serving a certificate.

C.

The BIG-IP LTM is NOT listening on port 443.

D.

The client needs to be upgraded to the appropriate cipher-suite.

Full Access
Question # 67

A new HITP server has been deployed on an LTM device. The application running on the server must be monitored by the LIM device. The following is required:

A new HITP server has been deployed on an LTM device. The application running on theserver must be monitored by the LIM device. The following is required:

When the server is unavailable, it will send an HTTP status code of 200 in response to a request for the status html page.

When the server is available. I will send and HTTP status code of 201 in response to a request for the status html page.

When the 200 status code is received, the pool member should receive No new connections.

Which configuration change should be made to meet these requirements?

A.

set the Send String to GET/status html and the Receive String to 200 and Receive Disable String to 201.

B.

set the Send String to GET Arian and the Receive String to 200 and Receive Disable String to 201.

C.

set the Send String to GET Arian and the Receive Disable String to 200 andReceive String to 201.

D.

set the Send String to Get /status html and the Receive Disable String to 200 and Receive String to 201.

Full Access
Question # 68

An LTM Specialist wants to allow access to the Always On Management (AOM) from the network.

Which two methods should the LTM Specialist use to configure the AOM interface? (Choose two.)

A.

Configure the AOM IP from the front panel buttons and LCD.

B.

Choose the network configurator in the AOM menu on the serial port.

C.

Configure the AOM network address in the GUI under System>Platform.

D.

Log in to the Host via ssh, "ssh aom", and modify the network configuration file.

Full Access
Question # 69

A BIG-IP Administrator has configured a BIG-IP cluster with remote user authentication against dcOl

f5trn.com. Only local users can successfully log into the system. Configsync is also failing.

Which two tools should the 8IG-IP Administrator use to further investigate these issues? (Choose two)

A.

ntpq

B.

pam_timestamp_check

C.

passwd

D.

pwck

E.

dig

Full Access
Question # 70

Windows PC clients are connecting to a virtual server over a high-speed, low-latency network with no packet loss.

Which built-in client-side TCP profile provides the highest throughput for HTTP downloads?

A.

tcp

B.

tcp-legacy

C.

tcp-lan-optimized

D.

tcp-wan-optimized

Full Access
Question # 71

The 8IG-IP Administrator generates a qkview using "qkview -SO" and needs to transfer the output file via

SCP.

Which directory contains the output file?

A.

/var/log

B.

/var/tmp

C.

/var/local

D.

/var/config

Full Access
Question # 72

An HA pair of LTM devices configured in Active-Standby mode stops responding to traffic and causes an outage. The Active device becomes Standby, but the partner device stays in Standby mode instead of taking over as Active. A reboot and restart of the services brings the LTM device to Active mode for a short time, but then it goes into Standby mode again.

Which two configuration components caused this condition? (Choose two.)

A.

VLAN Fail-safe

B.

System Fail-safe

C.

Gateway Fail-safe

D.

Switch Board Failure

E.

Link down on Failover

Full Access
Question # 73

An LTM Specialist needs to loadbalance an application using an LTM device to meet the requirements:

The application servers do NOT Support SSL, but client access to the application should be secured.

Multiple requests from the same client should be sent to the same pool member.

All pool members will have roughly the same processing power, and traffic should be distributed evenly.

The LTM device is NOT the pool members' default gateway.

which configuration should the LTM Specialist.

A.

a performance 14 virtual server with a SNAT and cookie persistence

B.

a performance L4 virtual server with a Client SSL profile and Source Address persistence

C.

A performance L4 virtual server with a SNAT, HTTP profile. Server SSL profile, and cookie persistence

D.

A standard virtual server with a SNAT, HTTP profile Server SSL profile, and cookie persistence

E.

A standard virtual server with a SNAT, HTTP profile, Client profile, andd cookie persistance.

Full Access
Question # 74

Refer of the exhibit.

The 816-IP Administrator runs the command shown and observes a device trust issue between BIG-IP

devices in a device group. The issue prevents config sync on device bigip3.local.

What is preventing the config sync?

A.

Next Active Load factor is 0 on bigip1.local

B.

Both devices are standby

C.

Next Active Load factor is 1 on bigip1.local

D.

Time Delta to local system is 12

Full Access
Question # 75

An LTM Specialist regularly provides analytics reports that show that traffic generated by different subnets within the organization. The LTM Specialist needs show the associate department names next the IP addresses in the reports.

Which step should the LTM Specialist take to meet this requirement?

A.

use an iRule to change the output of the report

B.

export the report and add the department names manually

C.

create VLANs for each subnet and set the name accordingly

D.

define active subnetsand assign a name to certain subnets

Full Access
Question # 76

A BIG-IP Administrator plans to resolve a non-critical issue with a BIG-IP device in 2 weeks. What Severity level should be assigned to this type of F5 support ticket?

A.

4

B.

2

C.

3

D.

1

Full Access
Question # 77

An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1

Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)

Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only server traffic specifically for this application?

A.

tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap

B.

tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

C.

tcpdump -ni vlan302 -s 0 'port 8080 and (host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

D.

tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

Full Access
Question # 78

Refer to the exhibit.

According to the shown Configuration Utility stings What is the setting of the User Directory configuration under the Authentication submenu?

A.

Local

B.

Managed

C.

Remote-TACACS+

D.

Default system configuration

Full Access