IT Certification Guaranteed, The Easy Way!

Exam : 201

Title : BIG-IP Administrator Exam

Vendor : F5

Version : V13.25

1
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 1
A BIG-IP Administrator is conducting maintenance on one BIG-IP appliance in an HA Pair.
Why should the BIG-IP Administrator put the appliance into FORCED_OFFLINE state?
A. To preserve existing connections to Virtual Servers and reduce the CPU load
B. To allow new connections to Virtual Servers and ensure the appliance becomes active
C. To terminate connections to the management IP and decrease persistent connections
D. To terminate existing connections to Virtual Servers and prevent the appliance from
becoming active
Answer: D

QUESTION NO: 2
When upgrading a BIG-IP redundant pair, what happens when one system has been updated
but the other has not?
A. Synching should not be performed.
B. The first system to be updated will assume the Active role.
C. This is not possible since both systems are updated simultaneously.
D. The older system will issue SNMP traps indicating a communication error with the partner.
Answer: A

QUESTION NO: 3
A BIG-IP Administrator is performing maintenance on the active BIG-IP device of an HA pair.
The BIG-IP Administrator needs to minimize traffic disruptions.
What should the BIG-IP Administrator do to start the maintenance activity?
A. Reboot the BIG-IP device.
B. Move resources to a new Traffic Group.
C. Force the BIG-IP device to standby.
D. Disable switch ports of the BIG-IP device.
Answer: C

QUESTION NO: 4
A site would like to ensure that a given web server's default page is being served correctly
prior to sending it client traffic. They assigned the default HTTP monitor to the pool. What
would the member status be if it sent an unexpected response to the GET request.?
A. The pool member would be marked offline (red).
B. The pool member would be marked online (green).
C. The pool member would be marked unknown (blue).
D. The pool member would alternate between red and green.
Answer: B

QUESTION NO: 5
Refer to the exhibit.

2
 IT Certification Guaranteed, The Easy Way!

Due to a change in application requirements, a BIG-IP Administrator needs to modify the

configuration of a Virtual Server to include a Fallback Persistence Profile.
Which persistence profile type should the BIG-IP Administrator use for this purpose?
A. SSL
B. Hash
C. Universal
D. Source Address Affinity
Answer: D

QUESTION NO: 6
Which event is always triggered when a client initially connects to a virtual server configured
with an HTTP profile?
A. HTTP_DATA
B. CLIENT_DATA
C. HTTP_REQUEST
D. CLIENT_ACCEPTED
Answer: D

QUESTION NO: 7
Assuming other failover settings are at their default state, what would occur if the failover
cable were to be disconnected for five seconds and then reconnected?
A. As long as network communication is not lost, no change will occur.
B. Nothing. Failover due to loss of voltage will not occur if the voltage is lost for less than ten
seconds.
C. When the cable is disconnected, both systems will become active. When the voltage is
restored, unit two will revert to standby mode.
D. When the cable is disconnected, both systems will become active. When the voltage is
restored, both systems will maintain active mode.
Answer: C

QUESTION NO: 8
The BIG-IP appliance fails to boot. The BIG-IP Administrator needs to run the End User

3
 IT Certification Guaranteed, The Easy Way!

Diagnostics (EUD) utility to collect data to send to F5 Support.

Where can the BIG-IP Administrator access this utility?
A. Console Port
B. Internal VLAN interface
C. External VLAN interface
D. Management Port
Answer: A

QUESTION NO: 9
Refer to the exhibit.

A user attempts to connect to 10.10.10.1.80 using FTP over SSL with an FTPS client. Which
virtual server will match and attempt to process the request?
A. vsjutps
B. vs_ftp
C. vs_http
D. nvfs
Answer: B

QUESTION NO: 10
The BIG-IP Administrator needs to perform a BIG-IP device upgrade to the latest version of
TMOS. Where can the administrator obtain F5 documentation on upgrade requirements?
A. iHealth
B. Network > Interfaces
C. Local Traffic > Pools
D. AsKFS
E. Local Traffic > Virtual Servers
Answer: C

QUESTION NO: 11
A BIG-IP Administrator contacts F5 Support, which identifies a suspected hardware failure.
Which information should the BIG-IP Administrator provide to F5 Support?
A. Qkview, EUD output

4
 IT Certification Guaranteed, The Easy Way!

B. Qkview, UCS archive, core files

C. Qkview, part numbers for failed components
D. Qkview, packet capture, UCS archive
Answer: A

QUESTION NO: 12
A BIG-IP device is configured with both an internal external and two Corporate VLANs. The
virtual server has SNAT enabled and is set to listen on all VLANs Auto Last Hop is disabled.
The Corporate users are on
10.0.0.0./24 and 172.16.0.0/12. The BIG-IP has a Self-IP on the 1.0.0.0.0./24 subnet.
Internet users are able to access the virtual server. Only some of the Corporate users are
able to connect to the virtual server A BIG-IP Administrator performs a tcpdump on the BIG-
IP and verifies that traffic is arriving from users in 10.0.0.0/24.
What should the BIG-IP Administrator do to correct this behaviour?
A. Disable the server on the internal VLAN
B. Add a static route for the 172.16.0.0/12 subnet
C. Change the default route to point to the extra firewall
D. Modify the default route of the servers to point to the BIG-IP device
Answer: B

QUESTION NO: 13
Which statement is true concerning SNATs using automap?
A. Only specified self-IP addresses are used as automap addresses.
B. SNATs using automap will translate all client addresses to an automap address.
C. A SNAT using automap will preferentially use a floating self-IP over a nonfloating self-IP.
D. A SNAT using automap can be used to translate the source address of all outgoing traffic
to the same address regardless of which VLAN the traffic is sent through.
Answer: C

QUESTION NO: 14
How should a BIG-IP Administrator persistent sessions from being sent to a pool member so
that the server administrator can perform maintenance?
A. force the pool member offline
B. disable the pool member
C. add an additional monitor to the poor
D. disable the virtual server
Answer: A

QUESTION NO: 15
Interface 1.2 on a BIG-IP VE has a status of UNINITIALIZED. What is the reason for this
status?
A. Interface 1.2 has been added to a trunk.
B. Interface 1.2 has NOT been assigned to a VLAN.
C. Interface 1.2 has been disabled.

5
 IT Certification Guaranteed, The Easy Way!

D. No default route has been created.

Answer: B
Explanation:
trunk is a portchannel, you need to add a physical interface.

QUESTION NO: 16
A BIG-IP Administrator must determine if a Virtual Address is configured to fail over to the
standby member of a device group in which area of the Configuration Utility can this be
confirmed?
A. Device Management > Traffic Groups
B. Device Management > Devices
C. Local Traffic > Virtual Servers
D. Device Management > Overview
Answer: C

QUESTION NO: 17
Refer of the exhibit.

The 816-IP Administrator runs the command shown and observes a device trust issue
between BIG-IP devices in a device group. The issue prevents config sync on device
bigip3.local.

6
 IT Certification Guaranteed, The Easy Way!

What is preventing the config sync?

A. Next Active Load factor is 0 on bigip1.local
B. Both devices are standby
C. Next Active Load factor is 1 on bigip1.local
D. Time Delta to local system is 12
Answer: A
Explanation:
Option A should be bioip3.local?. if choose bigip3.local, you should choose A.

QUESTION NO: 18
A BIG-IP Administrator runs the initial configuration wizard and learns that the NTP servers
were invalid. In which area of the Configuration Utility should the BIG-IP Administrator update
the list of configured NTP servers?
A. System > Configuration
B. System > Services
C. System > Preferences
D. System > Platform
Answer: A

QUESTION NO: 19
Given that VLAN failsafe is enabled on the external VLAN and the network that the active
BIG-IP's external VLAN is connected to has failed, which statement is always true about the
results?
A. The active system will note the failure in the HA table.
B. The active system will reboot and the standby system will go into active mode.
C. The active system will failover and the standby system will go into active mode.
D. The active system will restart the traffic management module to eliminate the possibility
that BIG-IP is the cause for the network failure.
Answer: A

QUESTION NO: 20
A set of servers is used for an FTP application as well as an HTTP website via separate BIG-
IP Pools. The server support team reports that some servers are receiving a lot more traffic
than others.
Which Load Balancing Method should the BIG-IP Administrator apply to even out the
connection count?
A. Ratio (Member)
B. Least Connections (Member)
C. Least Connections (Node)
D. Ratio (Node)
Answer: C
Explanation:
The connection is required to be balanced, and the unit is the server and the application port
is the unit, so it is node.

7
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 21
A standard virtual server has been associated with a pool with multiple members. Assuming
all other settings are left at their defaults, which statement is always true concerning traffic
processed by the virtual server?
A. The client IP address is unchanged between the client side connection and the serverside
connection.
B. The server IP address is unchanged between the client side connection and the
serverside connection.
C. The TCP ports used in the client side connection are the same as the TCP ports
serverside connection.
D. The IP addresses used in the clientside connection are the same as the IP addresses
used in the serverside connection.
Answer: A

QUESTION NO: 22
Which three properties can be assigned to nodes? (Choose three.)
A. ratio values
B. priority values
C. health monitors
D. connection limits
E. loadbalancing mode
Answer: A,C,D

QUESTION NO: 23
A Standard Virtual Server for a web application is configured with Automap for the Source
Address Translation option. The original source address of the client must be known by the
backend servers. What should the BIG-IP Administrator configure to meet this requirement?
A. The Virtual Server type as Performance (HTTP)
B. An HTTP profile to insert the X-Forward-For header
C. An HTTP Transparent profile
D. A SNAT Pool with the client IP
Answer: B
Explanation:
Because it is a web application, you can insert the source IP in the xff field in the http profile.

QUESTION NO: 24
A BIG-IP Administrator makes a configuration change to a Virtual Server on the Standby
device of an HA pair. The HA pair is currently configured with Auto-Sync Enabled. What
effect will the change have on the HA pair configuration?
A. The change will be undone when Auto-Sync propagates the config to the HA pair.
B. The change will be propagated next time a configuration change is made on the Active
device.
C. The change will be undone next time a configuration change is made on the Active device.

8
 IT Certification Guaranteed, The Easy Way!

D. The change will take effect when Auto-Sync propagates the config to the HA pair.
Answer: D

QUESTION NO: 25
Which IP address will the client address be changed to when SNAT automap is specified
within a Virtual Server configuration?
A. The floating self-IP address on the VLAN where the packet leaves the system.
B. The floating self-IP address on the VLAN where the packet arrives on the system.
C. It will alternate between the floating and non floating self-IP address on the VLAN where
the packet leaves the system so that port exhaustion is avoided.
D. It will alternate between the floating and non floating self-IP address on the VLAN where
the packet arrives on the system so that port exhaustion is avoided.
Answer: A

QUESTION NO: 26
Refer to the exhibit.

9
 IT Certification Guaranteed, The Easy Way!

A pool member fails the monitor checks for about 30 minutes and then starts passing the
monitor checks. New traffic is Not being sent to the pool member.
What is the likely reason for this problem?
A. The pool member is disabled
B. Monitor Type is TCP Half Open
C. Manual resume is enabled
D. Time Until Up is zero
Answer: C

QUESTION NO: 27

10
 IT Certification Guaranteed, The Easy Way!

The 8IG-IP Administrator generates a qkview using "qkview -SO" and needs to transfer the
output file via SCP.
Which directory contains the output file?
A. /var/log
B. /var/tmp
C. /var/local
D. /var/config
Answer: B

QUESTION NO: 28
A BIG-IP Administrator is creating a new Trunk on the BIG-IP device. What objects should be
added to the new Trunk being created?
A. Interfaces
B. Network routes
C. VLANS
D. IP addresses
Answer: A
Explanation:
trunk is a portchannel, you need to add a physical interface.

QUESTION NO: 29
Refer to the exhibit

A connection is being established to IP 1.1.1.1 on port 8080.

Which virtual server will handle the connection?
A. fwd_8080_vs
B. host_vs
C. host_ 8080_VS
D. fwdvs
Answer: B

QUESTION NO: 30
A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is
experiencing power outages.
Which log file should the BIG-IP Administrator check to verify the suspicion?
A. /war /log/daemon.log
B. /var/log/kern.log
C. /var/log/ltm
D. /var/log/audit

11
 IT Certification Guaranteed, The Easy Way!

Answer: C

QUESTION NO: 31
A virtual server is listening at 10.10.1.100:80 and has the following iRule associated with it:
when HTTP_REQUEST { if { [HTTP::header UserAgent] contains "MSIE" }
{ pool MSIE_pool }
else { pool Mozilla_pool }
If a user connects to http://10.10.1.100/foo.html and their browser does not specify a
UserAgent, which pool will receive the request?
A. MSIE_pool
B. Mozilla_pool
C. None. The request will be dropped.
D. Unknown. The pool cannot be determined from the information provided.
Answer: B

QUESTION NO: 32
A BIG-IP Administrator needs to collect HTTP status code and HTTP method for traffic
flowing through a virtual server.
Which default profile provides this information?
A. HTTP
B. Analytics
C. Request Adapt
D. Statistics
Answer: A

QUESTION NO: 33
In the BIG-IP Configuration Utility, a user requests a single screen view to determine the
status of all Virtual Servers and associated pool members, as well as any iRules in use.
Where should the BIG-IP Administrator instruct the user to find this view?
A. Local Traffic > Monitors
B. Local Traffic > Virtual Servers
C. Local Traffic > Network Map
D. Statistics
Answer: C
Explanation:
Network Map can display vs and its associated pool, pool member, and irule, can be
retrieved, and can be quickly linked.

QUESTION NO: 34
Assuming there are open connections through an active system's NAT and a fail over occurs,
by default, what happens to those connections?

12
 IT Certification Guaranteed, The Easy Way!

A. All open connections will be lost.

B. All open connections will be maintained.
C. The "Mirror" option must be chosen on the NAT and the setting synchronized prior to the
connection establishment.
D. Longlived connections such as Telnet and FTP will be maintained while shortlived
connections such as HTTP will be lost.
E. All open connections are lost, but new connections are initiated by the newly active BIG IP,
resulting in minimal client downtime.
Answer: B

QUESTION NO: 35
A BIG-IP Administrator remotely connects to the appliance via out-of-band management
using https://mybigip mycompany net. The management portal has been working all week.
When the administrator attempts to login today, the connection times out. Which two aspects
should the administrator verify? (Choose two)
A. DNS is property resolving the FQDN of the device.
B. The device is NOT redirecting them to http.
C. The administrator has the latest version of the web browser.
D. Packet Filters on the device are blocking port 80.
E. The administrator has TCP connectivity to the device.
Answer: A,E

13
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 36
When using the setup utility to configure a redundant pair, you are asked to provide a
"Failover Peer IP". Which address is this?
A. an address of the other system in its management network
B. an address of the other system in a redundant pair configuration
C. an address on the current system used to listen for failover messages from the partner
BIG-IP
D. an address on the current system used to initiate mirroring and network failover heartbeat
messages
Answer: B

QUESTION NO: 37
Which statement is true about the synchronization process, as performed by the
Configuration Utility or by typing b config sync all?
A. The process should always be run from the standby system.
B. The process should always be run from the system with the latest configuration.
C. The two /config/bigip.conf configuration files are synchronized (made identical) each time
the process is run.
D. Multiple files, including /config/bigip.conf and /config/bigip_base.conf, are synchronized
(made identical) each time the process is run.
Answer: C

QUESTION NO: 38
A BIG-IP Administrator adds new Pool Members into an existing, highly utilized pool. Soon
after, there are reports that the application is failing to load for some users. What pool level
setting should the BIG-IP Administrator check?
A. Availability Requirement
B. Allow SNAT
C. Action On Service Down
D. Slow Ramp Time
Answer: D
Explanation:
Option ABC is a global configuration, has nothing to do with the new pool member, select D
after excluding

QUESTION NO: 39
Which statement is true concerning iRule events?
A. All iRule events relate to HTTP processes.
B. All client traffic has data that could be used to trigger iRule events.
C. All iRule events are appropriate at any point in the clientserver communication.
D. If an iRule references an event that doesn't occur during the client's communication, the
client's connection will be terminated prematurely.
Answer: B

14
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 40
A BIG-IP Administrator sees the following error message in /var/log/ltm diskmonitor: *******;
Disk partition shared has less than 30$ free Which section of the Configuration Utility should
the BIG-IP Administrator access to investigate this error message?
A. Statistics > Analytics
B. System > File Management
C. Statistics > Module Statistics > System
D. System > Disk Management
Answer: D

QUESTION NO: 41
During a high-demand traffic event, the BIG-IP Administrator needs to limit the number of
new connections per second allowed to a Virtual Server.
What should the administrator apply to accomplish this task?
A. An HTTP Compression profile to the Virtual Server
B. A connection rate limit to the Virtual Server
C. A connection limit to the Virtual Server
D. A OneConnect profile to the Virtual Server
Answer: B

QUESTION NO: 42
A BIG-IP Administrator needs to apply a health monitor for a pool of database servers named
DB_Pool that uses TCP port 1521.
Where should the BIG-IP Administrator apply this monitor?
A. Local Traffic > Profiles > Protocol > TCP
B. Local Traffic > Nodes > Default Monitor
C. Local Traffic > Pools > De Pool > Members
D. Local Traffic > Pools > DB Pool > Properties
Answer: D

QUESTION NO: 43
Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the
pool members?
A. No SSL certificates are required on the pool members.
B. The pool members.SSL certificates must only exist.
C. The pool members.SSL certificates must be issued from a certificate authority.
D. The pool members.SSL certificates must be created within the company hosting the
BIGIPs.
Answer: B

QUESTION NO: 44
An LTM device has a virtual server mapped to www.f5.com with a pool assigned. Users
report that when browsing, they are periodically required to re-login to
/resources/201.1.7.b.2_l.com. The objects are defined as follows:

15
 IT Certification Guaranteed, The Easy Way!

Virtual server. Destination 192.168.245.100:443 netmask 255.255.255.0

Persistence: SSL session persistence
Profiles: HTTP/TCP
Which persistence method should the BIG-IP Administrator apply to resolve this issue?
A. Source address affinity
B. hexadecimal
C. SIP
D. Destination address affinity
Answer: A

QUESTION NO: 45
A BIG-IP Administrator wants to add a new Self IP to the BIG-IP device. Which item should
be assigned to the new Self IP being configured?
A. Interface
B. Route
C. VLAN
D. Trunk
Answer: C

QUESTION NO: 46
Under what condition must an appliance license be reactivated?
A. Licenses only have to be reactivated for RMAs no other situations.
B. Licenses generally have to be reactivated during system software upgrades.
C. Licenses only have to be reactivated when new features are added (IPv6, Routing
Modules, etc) no other situations.
D. Never. Licenses are permanent for the platform regardless the version of software
installed.
Answer: B

QUESTION NO: 47
Refer to the exhibit.

16
 IT Certification Guaranteed, The Easy Way!

During maintenance, the BIG-IP Administrator manually disables a pool member as shown.
What is the result?
A. All pool members continue to process persistent connections
B. All pool members stop accepting new connections.
C. The disabled pool member stops processing persistent connections.
D. The disabled pool member stops processing existing connections
Answer: A

QUESTION NO: 48
Refer to the exhibit.

17
 IT Certification Guaranteed, The Easy Way!

A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL
offload and re-encrypt the traffic to pool members.
During testing, users are unable to connect to the application.
What must the BIG-IP Administrator do to resolve the issue?
A. Remove the configured SSL Profile (Client)
B. Configure Protocol Profile (Server) as splitsession-default-tcp
C. Enable Forward Proxy in the SSL Profile (Client)
D. Configure an SSL Profile (Server)
Answer: D
Explanation:
According to the requirements of the subject, the client and server must be configured with

18
 IT Certification Guaranteed, The Easy Way!

ssl profile.

QUESTION NO: 49
Refer to the exhibit.

An organization is reporting slow performance accessing their Intranet website, hosted in a

public cloud. All employees use a single Proxy Server with the public IP of 104.219.110.168
to connect to the Internet. What should the BIG-IP Administrator of the Intranet website do to
fix this issue?
A. Change Source Address to 104.219.110.168/32
B. Change Load Balancing Method to Least Connection
C. Change Fallback Persistence Profile to source_addr

19
 IT Certification Guaranteed, The Easy Way!

D. Change Default Persistence Profile to cookie

Answer: D

QUESTION NO: 50
A BIG-IP Administrator receives an RMA replacement for a failed F5 device. The BIG-IP
Administrator tries to restore a UCS taken from the previous device, but the restore fails. The
following error appears inthe/var/log/itm.
mcpd [****J: ******;0; License is not operational (expired or digital signature does not match
contents.) What should the BIG-IP Administrator do to avoid this error?
A. Use the appropriate tmsh command with the no-license option
B. Revoke the license prior to restoring
C. Reactivate the license on the new device using the manual activation method
D. Remove the license information from the UCS archive
Answer: A

QUESTION NO: 51
A BIG-IP Administrator defines a device Self IP . The Self IP is NOT reachable from the
network. What should the BIG-IP Administrator verify first?
A. The correct interface has been selected.
B. The correct VLAN has been selected.
C. Verify if auto last hop is disabled.
D. The correct Trunk has been selected.
Answer: B

QUESTION NO: 52
A BIG-IP Administrator reviews the log files to determine the cause of a recent problem and
finds the following entry.
Mar 27.07.58.48 local/BIG-IP notice mcpd {5140} 010707275 Pool member
172.16.20.1.10029 monitor status down.
What is the cause of this log message?
A. The pool member has been disabled.
B. The pool member has been marked as Down by the BIG-IP Administrator.
C. The monitor attached to the pool member needs a higher timeout value.
D. The monitor attached to the pool member has failed.
Answer: D

QUESTION NO: 53
A BIG-IP Administrator has configured a BIG-IP cluster with remote user authentication
against dcOl f5trn.com. Only local users can successfully log into the system. Configsync is
also failing.
Which two tools should the 8IG-IP Administrator use to further investigate these issues?
(Choose two)
A. ntpq
B. pam_timestamp_check

20
 IT Certification Guaranteed, The Easy Way!

C. passwd
D. pwck
E. dig
Answer: A,C

QUESTION NO: 54
Refer to the exhibit
The BIG-IP Administrator is unable to access the management console via Self-IP 10.10 1.33
and port 443.
What is the reason for this problem?
A. Packet Filter needs to be configured to allow a source
B. Self IP is configured to allow TCP All
C. Self IP is configured to allow UDP 443
D. Packet Filter is configured to allow port 443
Answer: C

QUESTION NO: 55
You need to terminate client SSL traffic at the BIG-IP and also to persist client traffic to the
same pool member based on a BIG IP supplied cookie.
Which four are profiles that would normally be included in the virtual server's definition?
(Choose four.)
A. TCP
B. HTTP
C. HTTPS
D. ClientSSL
E. ServerSSL
F. CookieBased Persistence
Answer: A,B,D,F

QUESTION NO: 56
A BIG-IP Administrator finds the following log entry after a report of user issues connecting to
a virtual server:
01010201: 2: Inet port exhaustion on 10.70.110.112 to 192.28.123.250:80 (proto 6) How
should the BIG-IP Administrator modify the SNAT pool that is associated with the virtual
server?
A. Remove the SNAT pool and apply SNAT Automap.
B. Remove an IP address from the SNAT pool.
C. Add an address to the SNAT pool.
D. Increase the timeout of the SNAT addresses.
Answer: C

QUESTION NO: 57
Refer to the exhibit.

21
 IT Certification Guaranteed, The Easy Way!

The BIG-IP Administrator has modified an iRule on one device of an HA pair. The BIG-IP
Administrator notices there is NO traffic on the BIG-IP device in which they are logged into.
What should the BIG-IP Administrator do to verify if the iRule works correctly?
A. Push configuration from this device to the group and start to monitor traffic on this device
B. Pull configuration to this device to the cluster and start to monitor traffic on this device
C. Log in to the other device in the cluster, push configuration from it, and start to monitor
traffic on that device
D. Log in to the other device in the cluster, pull configuration to it, and start to monitor traffic
on that device
Answer: D
Explanation:
The device in the picture is a standby machine, of course there is no traffic, you need to log
in to the host, and then pull the configuration to the host.

QUESTION NO: 58
A BIG-IP Administrator needs to modify a virtual server that web offload web traffic
compression tasks from the target server.
Which two profiles must the BIG-IP Administrator apply to a virtual server to enable
compression? (Choose two)
A. Server SSL profile
B. Stream profile
C. Persistence profile
D. HITP profile
E. Compression profile
Answer: D,E

QUESTION NO: 59
Refer to the exhibit.

22
 IT Certification Guaranteed, The Easy Way!

Which two pool members are eligible to receive new connections? (Choose two)
A. 10.21.0.102.80
B. 10.21.0.104.80
C. 10.21.0.105.80
D. 10.21.0.101.80
E. 10.21.0.103.80
Answer: B,D

QUESTION NO: 60
A 8IG-IP Administrator is making adjustments to an iRule and needs to identify which of the
235 virtual server configured on the BIG-IP device will be affected.
How should the administrator obtain this information in an effective way?
A. Local Traffic > Virtual Server
B. Local traffio Pools
C. LOCAL Traffic > Network Map
D. Local traffic > Rules
Answer: C

QUESTION NO: 61
Refer to the exhibit.

How many nodes are represented on the network map shown?

23
 IT Certification Guaranteed, The Easy Way!

A. Four
B. Three
C. One
D. Two
Answer: B

QUESTION NO: 62
A BIG-IP Administrator needs to restore an encrypted UCS archive from the command line
using the TMSH utility.
Which TMSH command should the BIG-IP Administrator use to accomplish this?
A. load/sys ucs <filepath> passphrase <password>
B. load/sys config file <filepath> passphrase <password>
C. load/sys config file <filepath>
D. load/sys ucs <filepath> no-license
Answer: A

QUESTION NO: 63
A BIG-IP Administrator upgrades the BIG-IP LTM to a newer software version. After the
administrator reboots into the new volume, the Configuration fails to load. Why is the
Configuration failing to load?
A. The license needs to be reactivated before the upgrade.
B. The upgrade was performed on the standby unit.
C. A minimum of at least two reboots is required.
D. Connectivity to the DNS server failed to be established.
Answer: A

QUESTION NO: 64
Refer to the exhibit
The network team creates a new VLAN on the switches. The BIG-IP Administrator needs to
create a configuration on the BIG-IP device. The BIG-IP Administrator creates a new VLAN
and Self IP, but the servers on the new VLAN are NOT reachable from the BIG-IP device.
Which action should the BIG-IP Administrators to resolve this issue?
A. Set Port Lockdown of Set IP to Allow All
B. Change Auto Last Hop to enabled
C. Assign a physical interface to the new VLAN
D. Create a Floating Set IP Address
Answer: C

QUESTION NO: 65
Which statement is true concerning cookie persistence?
A. Cookie persistence allows persistence independent of IP addresses.
B. Cookie persistence allows persistence even if the data are encrypted from client to pool
member.

24
 IT Certification Guaranteed, The Easy Way!

C. Cookie persistence uses a cookie that stores the virtual server, pool name, and member IP
address in clear text.
D. If a client's browser accepts cookies, cookie persistence will always cause a cookie to be
written to the client's file system.
Answer: A

QUESTION NO: 66
Which two statements are true about SNATs? (Choose two.)
A. SNATs are enabled on all VLANs, by default.
B. SNATs can be configured within a Profile definition.
C. SNATs can be configured within a Virtual Server definition.
D. SNAT's are enabled only on the VLAN where origin traffic arrives, by default.
Answer: A,C

QUESTION NO: 67
Which two methods can be used to determine which BIG-IP is currently active? (Choose
two.)
A. The bigtop command displays the status.
B. Only the active system's configuration screens are active.
C. The status (Active/Standby) is embedded in the command prompt.
D. The ifconfig a command displays the floating addresses on the active system.
Answer: A,C

QUESTION NO: 68
A BIG-IP device has only LTM and ASM modules provisioned. Both have nominal
provisioning level. The BI6-IP Administrator wants to dedicate more resources to the LTM
module. The ASM module must remain enabled. Which tmsh command should the BIG-IP
Administrator execute to obtain the desired result?
A. modify/sys provision asm level minimum
B. modify /sys provision Itm level dedicated
C. modify /sys provision asm level none
D. modify /sys provision Itm level minimum
Answer: A

QUESTION NO: 69
Generally speaking, should the monitor templates be used as production monitors or should
they be customized prior to use.
A. Most templates, such as http and tcp, are as effective as customized monitors.
B. Monitor template customization is only a matter of preference, not an issue of
effectiveness or performance.
C. Most templates, such as https, should have the receive rule customized to make the
monitor more robust.
D. While some templates, such as ftp, must be customized, those that can be used without
modification are not improved by specific changes.

25
 IT Certification Guaranteed, The Easy Way!

Answer: C

QUESTION NO: 70
A web server administrator informs the BIG-IP Administrator that web servers are overloaded
Starting next month, the BIG-IP device will terminate SSL to reduce web server load. The
BIG-IP device is ready using client SSL client profile and Rules on HTTP level. What actions
should the BIG-IP Administrators to achieve the desired configuration?
A. Remove the server SSL profile and configure the Pool Members to use HTTP
B. Remove the client SSL profile and configure the Pool Members to US HTTP
C. Remove the chart SSL profile and change the Virtual Server to accept HTTP
D. Remove the server SSL profile and change the Virtual Server to accept HTTP traffic
Answer: A

QUESTION NO: 71
As a part of the Setup Utility, the administrator sets the host name for the BIG IP. What would
be the result if the two systems in a redundant pair were set to the same host name?
A. Host names do not matter in redundant pair communication.
B. In a redundant pair, the two systems will always have the same host name. The parameter
is synchronized between the systems.
C. The first time the systems are synchronized the receiving system will be assigned the
same self-IP addresses as the source system.
D. When the administrator attempts to access the configuration utility using the host name,
they will always connect to the active system.
Answer: C

QUESTION NO: 72
Refer to the exhibit

26
 IT Certification Guaranteed, The Easy Way!

27
 IT Certification Guaranteed, The Easy Way!

The network team creates a new VLAN on the switches. The BIG-IP Administrator needs to
create a configuration on the BIG-IP device. The BIG-IP Administrator creates a new VLAN
and Self IP, but the servers on the new VLAN are NOT reachable from the BIG-IP device.
Which action should the BIG-IP Administrators to resolve this issue?
A. Set Port Lockdown of Set IP to Allow All
B. Change Auto Last Hop to enabled
C. Assign a physical interface to the new VLAN
D. Create a Floating Set IP Address
Answer: C

QUESTION NO: 73
For a given Virtual Server, the BIG-IP must perform SSL Offload and negotiate secure
communication overTLSvl.2only.
What should the BIG-IP Administrator do to meet this requirement?
A. Configure a custom SSL Profile (Client) and select no TLSvl in the options list
B. Configure a custom SSL Profile (Client) with a custom TLSV1.2 cipher string
C. Configure a custom SSL Profile (Server) and select no TLSvl in the options list
D. Configure a custom SSL Profile (Server) with a custom TLSV1.2 cipher string
Answer: B
Explanation:

28
 IT Certification Guaranteed, The Easy Way!

no TLSvl only disables TLS1.0, TLS1.1 is still used and does not meet the requirements.

QUESTION NO: 74
Which cookie persistence method requires the fewest configuration changes on the web
servers to be implemented correctly?
A. insert
B. rewrite
C. passive
D. session
Answer: A

QUESTION NO: 75
A BIG-IP Administrator configures a Virtual Server. Users report that they always receive a
TCP RST packet to the BIG-IP system when attempting to connect to it. What is the possible
reason for this issue?
A. The virtual server Type is set to Internal
B. The virtual server Type is set to Reject
C. The virtual server Type is set to Drop
D. The virtual server Type is set to Stateless
Answer: B

QUESTION NO: 76
A pool of four servers has been partially upgraded for two new servers with more memory
and CPU capacity. The BIG-IP Administrator must change the load balance method to
consider more connections for the two new servers. Which load balancing method considers
pool member CPU and memory load?
A. Round Robin
B. Dynamic Ratio
C. Ratio
D. Least Connection
Answer: C

QUESTION NO: 77
A Virtual Server uses an iRule to send traffic to pool members depending on the URI. The
BIG-IP Administrator needs to modify the pool member in the iRule.
Which event declaration does the BIG-IP Administrator need to change to accomplish this?
A. CLIENT_ACCEPTED
B. HTTP_RESPONSE
C. HTTP_REQUEST
D. SERVER_CONNECTED
Answer: C
Explanation:
According to the UR! distribution is the category of HTTP requests, need to trigger
HTTP_REQUEST event.

29
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 78
A BIG-IP Administrator applied the latest hotfix to an inactive boot location by mistake, and
needs to downgrade back to the previous hotfix.
What should the BIG-IP Administrator do to change the boot location to the previous hotfix?
A. Uninstall the newest hotfix and reinstall the previous hotfix
B. Reinstall the base version and install the previous hotfix
C. Reinstall the previous hotfix and re-activate the license
D. Uninstall the base version and restore the UCS
Answer: B

QUESTION NO: 79
A BIG-IP device sends out the following SNMP trap:
big-ipo.f5.com - bigipExternalLinkChange Link: 1.0 is DOWN
Where in the BIG-IP Configuration utility should the BIG-IP Administrator verify the current
status of Link
1.0?
A. System > Platform
B. Network > Trunks > Trunk List
C. Statistics > Performance > System
D. Network > Interfaces > Interface List
1.0 is a physical interface, you can see the interface status from the physical interface in the
network.
Answer: D

QUESTION NO: 80
Some users who connect to a busy Virtual Server have connections reset by the BIG-IP
system. Pool member resources are NOT a factor in this behavior. What is a possible cause
for this behavior?
A. The Connection Rate Limit is set too high
B. The server SSL Profile has NOT been reconfigured.
C. The Connection Limit is set too low.
D. The Rewrite Profile has NOT been configured.
Answer: C
Explanation:
The topic explains that the connection reset behavior is caused by the vs configuration rather
than the server resource problem. The answers B C are all configuration at the service
forwarding level. If there is a problem with the configuration, it is all a problem rather than
some users. Answer C's Connection Limit will cause a reset behavior when the connection
reaches the threshold.

QUESTION NO: 81
A BIG-IP Administrator needs to make sure that the automatic update check feature works
properly.

30
 IT Certification Guaranteed, The Easy Way!

What must the administrator configure on the BIG-IP system?

A. Update Check Schedule
B. NTP servers
C. DNS name servers
D. SMTP servers
Answer: A

QUESTION NO: 82
Refer to the exhibit.

How many nodes are represented on the network map shown?

A. Four
B. Three
C. One
D. Two
Answer: B

QUESTION NO: 83
A BIG-IP Administrator needs to install a HotFix on a standalone BIG-IP device, which has
HD1.1 as the Active Boot Location. The BIG-IP Administrator has already re-activated the
license and created an UCS archive of the configuration. In which sequence should the BIG-
IP Administrator perform the remaining steps?
A. Install HotFix in HD 1.1, Reboot the BIG-IP device. Install UCS Archive
B. Install HotFix in HO 1.2, Install base Image in HD 1.2, Activate HD1.2
C. Install base Image in HD1.2, Install HotFix in HD1.2, Activate HD 1.2
D. Activate HD 1.2, Install base image in HD 1.2. Install HotFix in HD 1.2
Answer: C

QUESTION NO: 84
A custom HTTP monitor is failing to a pool member 10.10.3.75:8080 that serves up
www.example.com.
A ping works to the pool member address.
The SEND string that the monitor is using is:
GET/HTTP/l.l/r/n/Host.www.example.com/r/n/Connection Close/r/n/r/n Which CLI tool syntax

31
 IT Certification Guaranteed, The Easy Way!

will show that the web server returns the correct HTTP response?
A. curlhttp://10.10.10.3.75:8080/www.example.com/index.html
B. curl-header 'Host:www.example.com' http://10.10.3.75:8080/
C. tracepath 'http://www.example.com:80
D. tracepath 10.10.3.75:8080 GET /index
Answer: B

QUESTION NO: 85
A BIG-IP has two load balancing virtual servers at 150.150.10.10:80 and 150.150.10.10:443.
The port 80 virtual server has SNAT automap configured. There is also a SNAT configured at
150.150.10.11 set for a source address range of 200.200.1.0 / 255.255.255.0. All other
settings are at their default states. If a client with the IP address 200.200.1.1 sends a request
to https://150.150.10.10, What is the source IP address when the associated packet is sent to
the pool member?
A. 200.200.1.1
B. 150.150.10.11
C. Floating self IP address on VLAN where the packet leaves the system
D. Floating self IP address on VLAN where the packet arrives on the system
Answer: B

QUESTION NO: 86
A virtual server is defined using a source address based persistence profile. The last five
connections were A, B, C, A, C . Given the conditions shown in the graphic, if a client with IP
address 205.12.45.52 opens a connection to the virtual server, which member will be used
for the connection?

32
 IT Certification Guaranteed, The Easy Way!

A. 10.10.20.1:80
B. 10.10.20.2:80
C. 10.10.20.3:80
D. 10.10.20.4:80
E. 10.10.20.5:80
Answer: B

QUESTION NO: 87
A BIG-IP Administrator is receiving intermittent reports from users that SSL connections to
the BIG-IP device are failing. Upon checking the log files, the BIG-IP Administrator notices
the following error message:
ere tmm<instance>[<pid>]: 01260008:3: SSL transaction (TPS) rate limit reached After
reviewing statistics, the BIG-IP Administrator notices there are a maximum of 1200 client-side
SSL TPS and a maximum of 800 server-side SSL TPS.
What is the minimum SSL license limit capacity the BIG-IP Administrator should upgrade to
handle this peak?
A. 2000

33
 IT Certification Guaranteed, The Easy Way!

B. 400
C. 800
D. 1200
Answer: D

QUESTION NO: 88
What is the purpose of floating self-IP addresses?
A. to define an address that grants administrative access to either system at any time
B. to define an address that allows either system to initiate communication at any time
C. to define an address that allows network devices to route traffic via a single IP address
D. to define an address that gives network devices greater flexibility in choosing a path to
forward traffic
Answer: C

QUESTION NO: 89
You have a pool of servers that need to be tested. All of the servers but one should be tested
every 10 seconds, but one is slower and should only be tested every 20 seconds. How do
you proceed?
A. It cannot be done. All monitors test every five seconds.
B. It can be done, but will require assigning monitors to each pool member.
C. It cannot be done. All of the members of a pool must be tested at the same frequency.
D. It can be done by assigning one monitor to the pool and a different monitor to the slower
pool member.
Answer: D

QUESTION NO: 90
Where is persistence mirroring configured?
A. It is always enabled.
B. It is part of a pool definition.
C. It is part of a profile definition.
D. It is part of a virtual server definition.
Answer: C

QUESTION NO: 91
A user wants to use the iHealth Upgrade Advisor to determine any issues with upgrading
TMOS from 13.0 to 13.1.
Where can the user generate the QKView to upload to iHealth?
A. System > Software Management
B. System > Archives
C. System > Configuration
D. System > Support
Answer: D

34
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 92
A user needs to determine known security vulnerabilities on an existing BIG-IP appliance and
how to remediate these vulnerabilities.
Which action should the BIG-IP Administrator recommend?
A. Verify the TMOS version and review the release notes
B. Create a UCS archive and upload to Health
C. Create a UCS archive and open an F5 Support request
D. Generate a view and upload to Heath
Answer: D

QUESTION NO: 93
The incoming client IP address is 205.12.45.52. The last five connections have been sent to
members C, D, A, B, B. Given the virtual server and pool definitions and the statistics shown
in the graphic, which member will be used for the next connection?

A. 10.10.20.1:80
B. 10.10.20.2:80
C. 10.10.20.3:80
D. 10.10.20.4:80
E. 10.10.20.5:80
Answer: A

QUESTION NO: 94
A BIG-IP Administrator notices that one of the servers that runs an application is NOT

35
 IT Certification Guaranteed, The Easy Way!

receiving any traffic. The BIG-IP Administrator examines the configuration status of the
application and observes the displayed monitor configuration and affected Pool Member
status. What is the possible cause of this issue?
A. The Node Health Monitor is NOT responding.
B. The application is NOT responding with the expected Receive String.
C. HTTP 1.1 is NOT appropriate for monitoring purposes.
D. The BIG-IP device is NOT able to reach the Pool.
Answer: A

QUESTION NO: 95
A BIG-IP Administrator uses backend servers to host multiple services per server. There are
multiple virtual servers and pools defined, referencing the same backend servers.
Which load balancing algorithm is most appropriate to have an equal number of connections
on each backend server?
A. Least Connections (member)
B. Least Connections (node)
C. Predictive (member)
D. Predictive (node)
Answer: B
Explanation:
The same set of servers provides multiple services, that is, using different ports to provide
different services at the same time. The stem requirement is based on server connection
balancing, not server + port, so it is node.

QUESTION NO: 96
The BIG-IP Administrator configures an HTTP monitor with a specific receive string. The
status is marked
'down'.
Which tool should the administrator use to identify the problem?
A. Ping
B. Health
C. tcpdump
D. ifconfig
Answer: C

QUESTION NO: 97
A BIG-IP Administrator needs to purchase new licenses for a BIG-IP appliance.
The administrator needs to know if a module is licensed and the memory requirement for that
module.
Where should the administrator view this information in the System menu?
A. Resource Provisioning
B. Configuration > Device
C. Software Management
D. Configuration >OVSDB

36
 IT Certification Guaranteed, The Easy Way!

Answer: A

QUESTION NO: 98
Which Virtual Server type should be used to load balance HTTP traffic to a pool of servers?
A. Standard
B. Stateless
C. Forwarding (IP)
D. Forwarding (Layer 2)
Answer: A

QUESTION NO: 99
How should a BIG-IP Administrator control the amount of traffic that a newly enabled pool
member receives.
A. set the Slow Ramp Time
B. set a Connection Limit
C. set the Priority Group Activation
D. set a Health Monitor
Answer: A
Explanation:
Specifies the duration during which the system sends less traffic to a newly-enabled pool
member. The amount of traffic is based on the ratio of how long the pool member has been
available compared to the slow ramp time, in seconds. Once the pool member has been
online for a time greater than the slow ramp time, the pool member receives a full proportion
of the incoming traffic. Slow ramp time is particularly useful for the least connections load
balancing mode.
Setting this to a nonzero value can cause unexpected Priority Group behavior, such as load
balancing to a low-priority member even with enough high-priority servers.

QUESTION NO: 100

Which two can be a part of a pool's definition? (Choose two.)
A. rule(s)
B. profile(s)
C. monitor(s)
D. persistence type
E. loadbalancing mode
Answer: C,E

QUESTION NO: 101

The BIG-IP Administrator creates a custom iRule that fails to work as expected. Which F5
online resource should the administrator use to help resolve this issue?
A. DevCentral
B. Bug Tracker
C. University
D. Health

37
 IT Certification Guaranteed, The Easy Way!

Answer: A

QUESTION NO: 102

The owner of a web application asks the 8IG-IP Administrator to change the port that the
BIG-IP device sends traffic to. This change must be made for each member in the server
pool named app_pool for their Virtual Server named app_vs. In which area of the BIG-IP
Configuration Utility should the BIG-P Administrator make this change?
A. Local Traffic > Pools
B. Local Traffic > Nodes
C. Network > Interfaces
D. Local Traffic > Virtual Servers
Answer: A

QUESTION NO: 103

A site has six members in a pool. All of the servers have been designed, built, and configured
with the same applications. It is known that each client's interactions vary significantly and
can affect the performance of the servers.
If traffic should be sent to all members on a regular basis, which loadbalancing mode is most
effective if the goal is to maintain a relatively even load across all servers?
A. Ratio
B. Priority
C. Observed
D. Round Robin
Answer: C

QUESTION NO: 104

What should the 816-IP Administrator provide when opening a new ticket with F5 Support?
A. bigip.license file
B. QKViewfile
C. Device root password
D. SSL private keys
Answer: B

QUESTION NO: 105

A BIG-IP Administrator creates an HTTP Virtual Server using an iApp template. After the
Virtual Server is created, the user requests to change the destination IP addresses. The BIG-
IP Administrator tries to change the destination IP address from 10.1.1.1 to 10.2.1.1 in Virtual
Server settings, but receives the following error:
The application service must be updated using an application management interface What is
causing this error?
A. The Application Service was NOT deleted before making the IP address change.
B. The IP addresses are already in use.
C. The Application Services have Strict Updates enabled.
D. The IP addresses used are NOT from the same subnet as the Self IP.

38
 IT Certification Guaranteed, The Easy Way!

Answer: C
Explanation:
Strict Updates : Indicates whether the application service is tied to the template, so when the
template is updated, the application service changes to reflect the updates.

QUESTION NO: 106

A 8IG-IP device is replaced with an RMA device. The BIG-IP Administrator renews the
license and tries to restore the configuration from a previously generated UCS archive on the
RMA device. The device configuration is NOT fully loading. What is causing the configuration
load to fail?
A. The Device Group is NOT configured for Full Sync.
B. The US does NOT contain the full config
C. The clock is NOT set correctly
D. The Master Key is NOT restored
Answer: D

QUESTION NO: 107

What is the purpose of provisioning?
A. Provisioning allows modules that are not licensed to be fully tested.
B. Provisioning allows modules that are licensed be granted appropriate resource levels.
C. Provisioning allows the administrator to activate modules in nonstandard combinations.
D. Provisioning allows the administrator to see what modules are licensed, but no user action
is ever required.
Answer: B

QUESTION NO: 108

Which statement is true regarding failover?
A. Hardware failover is disabled by default.
B. Hardware failover can be used in conjunction with network failover.
C. If the hardware failover cable is disconnected, both BIGIP devices will always assume the
active role.
D. By default, hardware fail over detects voltage across the failover cable and monitors traffic
across the internal VLAN.
Answer: B

QUESTION NO: 109

Refer to the exhibit.

39
 IT Certification Guaranteed, The Easy Way!

Which TMSH command generated this output?

A. tmsh list /cm sync-status
B. tmsh show /sys sync-status
C. tmsh list /sys sync-status
D. tmsh show /cm sync status
Answer: D

QUESTION NO: 110

An LTM device has a virtual server mapped to www5f.com with a pool assigned. The objects
are defined as follows:
Virtual server. Destination 192.168.245.100.443 netmask 255.255.255.0
Persistence: Source address persistence netmask 255.0.0.0
SNAT:AutoMap
Profiles: HnP/TCP
How should the BIG-IP Administrator modify the persistence profile so that each unique IP
address creates a persistence record?
A. netmask 0.0.0.0
B. netmask 255.255.255.255
C. netmask 255.255.0.0
D. netmask 255.256.255.0
Answer: B

QUESTION NO: 111

New Syslog servers have been deployed in an organization. The BIG-IP Administrator must
reconfigure the BIG-IP system to send log messages to these servers.
In which location in the Configuration Utility can the BIG-IP Administrator make the needed
configuration changes to accomplish this?
A. System > Logs > Configuration
B. System > Configuration > Local Traffic
C. System > Logs > Audit
D. System > Configuration > Device
Answer: A

40
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 112

Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server
processing takes place. Also assume that the NAT definition specifies a NAT address and an
origin address while all other settings are left at their defaults. If the origin server were to
initiate traffic via the BIG-IP, What changes, if any, would take place when the BIG-IP
processes such packets?
A. The BIG-IP would drop the request since the traffic didn't arrive destined to the NAT
address.
B. The source address would not change, but the destination address would be changed to
the NAT address.
C. The source address would be changed to the NAT address and destination address would
be left unchanged.
D. The source address would not change, but the destination address would be changed to a
self-IP of the BIG-IP.
Answer: C

QUESTION NO: 113

Refer to the exhibit.

Which two pool members should be chosen for a new connection? (Choose two.)
A. 172.16.15.9.80
B. 172.16.15.4.80
C. 172.10.15.2.80
D. 172.16.15.1.80

41
 IT Certification Guaranteed, The Easy Way!

E. 172.16.15.7.80
Answer: B,E

QUESTION NO: 114

A BIG-IP system has the following configuration:
* SNAT is set to Auto Map
* There are two VLANs internal and external
* Default route is pointed to the gateway on external VLAN
* Self P for internal VLAN is 1921.1.2
* Self IP for external VLAN is 192.1.2.2
* Floating IP addresses for internal VLAN is 192.1.1.1
* Floating IP addresses for external VLAN is 192.1.2.1
* The Virtual Server IP address is 192.1.1.100
Which IP address does the BIG-IP system use first when traffic reaches the servers on the
internal VLAN?
A. 192.1.1.100
B. 192.1.2.2
C. 192.1.1.1
D. 192.1.2.1
Answer: C

QUESTION NO: 115

One of the two members of a device group has been decommissioned. The BIG-IP
Administrator tries to delete the device group, but is unsuccessful.
Prior to removing the device group, which action should be performed?
A. Disable the device group
B. Remove all members from the device group
C. Remove the decommissioned device from the device group
D. Make sure all members of the device group are in sync
Answer: B

QUESTION NO: 116

Refer to the exhibit.

42
 IT Certification Guaranteed, The Easy Way!

During a planned upgrade lo a BIG-IP HA pair running Active/Standby, an outage to

application traffic is reported shortly after the Active unit is forced to Standby Reverting the
flower resolves the outage. What should the BIG-IP Administrator modify to avoid an outage
during the next for over event?
A. The Tag voice on the Standby device
B. The interface on the Active device to 1.1
C. The Tag value on the Active device
D. The Interface on the Standby device to 1.1
Answer: A

QUESTION NO: 117

A BIG-IP Administrator opens a case with F5 Support. The support engineer requests the
BIG-IP appliance chassis serial number.
Which TMSH command will provide this information?
A. . list /sys software
B. show /sys version
C. list/sys diags
D. show /sys hardware
Answer: D

43
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 118

Monitors can be assigned to which three resources? (Choose three.)
A. NATs
B. pools
C. iRules
D. nodes
E. SNATs
F. pool members
G. virtual servers
Answer: B,D,F

QUESTION NO: 119

What is required for a virtual server to support clients whose traffic arrives on the internal
VLAN and pool members whose traffic arrives on the external VLAN?
A. That support is never available.
B. The virtual server must be enabled for both VLANs.
C. The virtual server must be enabled on the internal VLAN.
D. The virtual server must be enabled on the external VLAN.
Answer: C

QUESTION NO: 120

A BIG-IP Administrator discovers malicious brute-force attempts to access the BIG-IP device
on the management interface via SSH. The BIG-IP Administrator needs to restrict SSH
access to the management interface.
Where should this be accomplished?
A. System > Configuration
B. Network > Interfaces
C. Network > Self IPs
D. System > Platform
Answer: D

QUESTION NO: 121

Users report that traffic is negatively affected every time a BIG-IP device fails over. The traffic
becomes stabilized after a few minutes.
What should the BIG-IP Administrator do to reduce the impact of future failovers?
A. Enable Failover Multicast Configuration
B. Set up Failover Method to HA Order
C. Configure MAC Masquerade
D. Configure a global SNAT Listener
Answer: C

QUESTION NO: 122

Refer to the exhibit. The BIG-IP Administrator needs to avoid overloading any of the Pool

44
 IT Certification Guaranteed, The Easy Way!

Members with connections, when they become active.

What should the BIG-IP Administrator configure to meet this requirement?
A. Different Ratio for each member
B. Same Priority Group to each member
C. Action On Service Down to Reselect
D. Slow Ramp Time to the Pool
Answer: D

QUESTION NO: 123

The BIG-IP Administrator disable all pool members in a pool Users are still able to reach the
pool members.
What is allowing users to continue to reach the disabled poo! members?
A. A slow to time on Pool
B. A persistence profile on the Virtual Server
C. A slow ramp time on virtual Server
D. A persistence profile on the Pool
Answer: B

QUESTION NO: 124

A development team needs to apply a software fix and troubleshoot one of its servers. The
BIG-IP Administrator needs to immediately remove all connections from the BIG-IP system to
the back end server. The BIG-IP Administrator checks the Virtual Server configuration and
finds that a persistence profile is assigned to it. What should the 8IG-IP Administrator do to
meet this requirement?
A. Set the pool member to a Forced Offline state and manually delete easting connections
through the command line.
B. Set the pool member to a Forced Offline state.
C. Set the pool member to a Disabled state.
D. Set the pool member to a Disabled state and manually delete existing connections
through the command line.
Answer: A

QUESTION NO: 125

Which Virtual Server type prevents the use of a default pool?
A. Performance (Layer 4)
B. Forwarding (IP)
C. Performance HTTP
D. Standard
Answer: B
Explanation:
Forwarding (IP) cannot be associated with the pool.

QUESTION NO: 126

A 8IG-IP Administrator configures a Virtual Server to load balance traffic between 50

45
 IT Certification Guaranteed, The Easy Way!

webservers for an ecommerce website Traffic is being load balanced using the Least
Connections (node) method.
The webserver administrators report that customers are losing the contents from their
shopping carts and are unable to complete their orders.
What should the BIG-IP Administrator do to resolve the issue?
A. Change Default Persistence Profile setting to cookie
B. Change Load Balancing method to Ratio (member)
C. Change Default Persistence Profile setting to sipjnfo
D. Change Load Balancing method to Ratio (node)
Answer: A

QUESTION NO: 127

During a maintenance window, an EUD test was executed and the output displayed on the
screen. The BIG-IP Administrator did NOT save the screen output. The BIG-IP device is
currently handling business critical traffic. The BIG-IP Administrator needs to minimize
impact. What should the BIG-IP Administrator do to provide the EUD results to F5 Support?
A. Boot the device into EUD then collect output from console
B. Execute EUD from tmsh and collect output from console
C. Collect file /var/log/messages
D. Collect file /shared/log/eud.log
Answer: D

QUESTION NO: 128

A virtual server is listening at 10.10.1.100:80 and has the following iRule associated with it:
when HTTP_REQUEST { if {[HTTP::uri] ends_with "txt" } { pool pool1 } elseif {[HTTP::uri]
ends_with "php" } { pool pool2 } If a user connects to http://10.10.1.100/foo.html, which pool
will receive the request?
A. pool1
B. pool2
C. None. The request will be dropped.
D. Unknown. The pool cannot be determined from the information provided.
Answer: D

QUESTION NO: 129

A site is load balancing to a pool of web servers. Which statement is true concerning BIG IP's
ability to verify whether the web servers are functioning properly or not?
A. Web server monitors can test the content of any page on the server.
B. Web server monitors always verify the contents of the index.html page.
C. Web server monitors can test whether the server's address is reachable, but cannot test a
page's content.
D. Web server monitors can test the content of static web pages, but cannot test pages that
would require the web server to dynamically build content.
Answer: A

46
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 130

A configuration change is made on the standby member of a device group.
What is displayed as "Recommended Action" on the Device Management Overview screen?
A. Force active member of device group to standby
B. Activate device with the most recent configuration
C. Synchronize the active member configuration to the group.
D. Synchronize the standby member configuration to the group
Answer: D

QUESTION NO: 131

The ICMP monitor has been assigned to all nodes. In addition, all pools have been assigned
custom monitors. The pool is marked available. If a pool is marked available (green) which
situation is sufficient to cause this?
A. All of the pool member nodes are responding to the ICMP monitor as expected.
B. Less than 50% of the pool member nodes responded to the ICMP echo request.
C. All of the members of the pool have had their content updated recently and their
responses no longer match the monitor.
D. Over 25% of the pool members have had their content updated and it no longer matches
the receive rule of the custom monitor. The other respond as expected.
Answer: D

QUESTION NO: 132

Which VLANs must be enabled for a SNAT to perform as desired (translating only desired
packets)?
A. The SNAT must be enabled for all VLANs.
B. The SNAT must be enabled for the VLANs where desired packets leave the BIG-IP.
C. The SNAT must be enabled for the VLANs where desired packets arrive on the BIG-IP.
D. The SNAT must be enabled for the VLANs where desired packets arrive and leave the
BIG-IP.
Answer: C

QUESTION NO: 133

A BIG-IP Administrator needs to apply a license to the BIG-IP system to increase the user
count from the base license.
Which steps should the BIG-IP Administrator?
A. System License > Re-activate> Add-On Registration> Edit
B. System > License > Re-activate > Base Registration> Edit
C. Device Management > Devices > Select BIG-IP System > Update
D. System > Configuration >Device > General
Answer: A

QUESTION NO: 134

A site needs to terminate client HTTPS traffic at the BIG-IP and forward that traffic
unencrypted. Which two are profile types that must be associated with such a virtual server?

47
 IT Certification Guaranteed, The Easy Way!

(Choose two.)
A. TCP
B. HTTP
C. HTTPS
D. ClientSSL
E. ServerSSL
Answer: A,D

QUESTION NO: 135

How is persistence configured?

A. Persistence is an option within each pool's definition.

B. Persistence is a profile type; an appropriate profile is created and associated with virtual
server.
C. Persistence is a global setting; once enabled, loadbalancing choices are superceded by
the persistence method that is specified.

48
 IT Certification Guaranteed, The Easy Way!

D. Persistence is an option for each pool member. When a pool is defined, each member's
definition includes the option for persistence.
Answer: B

QUESTION NO: 136

A BIG-IP Administrator plans to upgrade a BIG-IP device to the latest TMOS version.
Which two tools could the administrator leverage to verify known issues for the target
versions?
(Choose two.)
A. F5 University
B. F5 Downloads
C. F5 End User Diagnostics (EUD)
D. FSiHealth
E. F5 Bug Tracker
Answer: D,E
Explanation:
F5 University -- F5 learning materials
F5 Downloads - iso download page
F5 End User Diagnostics (EUD) -- Hardware detection

QUESTION NO: 137

A BIG-IP Administrator is working with a BIG-IP device and discovers that one of the
Interfaces on a Trunk is DOWN.
What is the reason for this Interface status?
A. The switch is NOT connected to the Interface
B. There is NO transceiver installed on the Interface
C. There is NO default route configured for this trunk
D. The media speed of the interface has NOT been set
Answer: A

QUESTION NO: 138

Which must be sent to the license server to generate a new license?
A. the system's dossier
B. the system's host name
C. the system's base license
D. the system's purchase order number
Answer: A

QUESTION NO: 139

Refer to the exhibit.

49
 IT Certification Guaranteed, The Easy Way!

According to the shown Configuration Utility stings What is the setting of the User Directory
configuration under the Authentication submenu?
A. Local
B. Managed
C. Remote-TACACS+
D. Default system configuration
Answer: C

QUESTION NO: 140

Assume a BIG-IP has no NATs or SNATs configured. Which two scenarios are possible
when client traffic arrives on a BIG-IP that is NOT destined to a self-IP? (Choose two.)
A. If the destination of the traffic does not match a virtual server, the traffic will be discarded.
B. If the destination of the traffic does not match a virtual server, the traffic will be forwarded
based on routing tables.
C. If the destination of the traffic matches a virtual server, the traffic will be processed per the
virtual server definition.
D. If the destination of the traffic matches a virtual server, the traffic will be forwarded, but it
cannot be loadbalanced since no SNAT has been configured.
Answer: A,C

QUESTION NO: 141

Assume a virtual server is configured with a ClientSSL profile. What would the result be if the
virtual server's destination port were not 443?
A. SSL termination could not be performed if the virtual server's port was not port 443.
B. Virtual servers with a ClientSSL profile are always configured with a destination port of
443.
C. As long as client traffic was directed to the alternate port, the virtual server would work as
intended.
D. Since the virtual server is associated with a ClientSSL profile, it will always process traffic
sent to port 443.

50
 IT Certification Guaranteed, The Easy Way!

Answer: C

QUESTION NO: 142

Refer to the exhibit.

A BIG-IP Administrator configures a Virtual Server to handle HTTPS traffic. Users report that
the application is NOT working.
Which actional configuration is regard to resolve this issue?
A. Configure SSL Profile (Client)
B. Configure Protocol Profile (Server)
C. Configure Service Profile HTTP
D. Configure SSL Profile (Server)
Answer: A

QUESTION NO: 143

The BIG-IP Administrator needs to perform a BIG-IP device upgrade to the latest version of
TMOS. Where can the administrator obtain F5 documentation on upgrade requirements?
A. AskF5
B. DevCentral
C. Bug Tracker
D. iHealth
Answer: A

QUESTION NO: 144

When configuring a Virtual Server to use an iRule with an HTTP_REQUEST event, which
lists required steps in a proper order to create all necessary objects?
A. create profiles, create the iRule, create required pools, create the Virtual Server
B. create the Virtual Server, create required pools, create the iRule, edit the Virtual Server
C. create a custom HTTP profile, create required pools, create the Virtual Server, create the
iRule
D. create required pools, create a custom HTTP profile, create the iRule, create the Virtual
Server

51
 IT Certification Guaranteed, The Easy Way!

Answer: B

QUESTION NO: 145

A node is a member of various pools and hosts different web applications. If a web
application is unavailable, the BIG-IP appliance needs to mark the pool member down for
that application pool. What should a BIG-IP Administrator deploy at the pool level to
accomplish this?
A. A UDP monitor with a custom interval/timeout
B. A combination of ICMP + TCP monitor
C. An HTTP monitor with custom send/receive strings
D. A TCP monitor with a custom interval/timeout
Answer: C
Explanation:
Requiring all traffic to be HTTPS access requires HTTP requests to be redirected directly to
HTTPS.

QUESTION NO: 146

When configuring a pool member's monitor, which three association options are available?
(Choose three.)
A. inherit the pool's monitor
B. inherit the node's monitor
C. configure a default monitor
D. assign a monitor to the specific member
E. do not assign any monitor to the specific member
Answer: A,D,E

QUESTION NO: 147

A BIG-IP Administrator needs to find which modules have been licensed for use on the BIG-
IP system. In which section of the Configuration Utility can the BIG-IP Administrator find this
information?
A. System > Services
B. System > Resource Provisioning
C. System > Platform
D. System > Support
Answer: B

QUESTION NO: 148

A 8IG-IP Administrator configures a node with a standard icmp Health Monitor. The Node
shows as DOWN although the Backend Server is configured to answer ICMP requests.
Which step should the administrator take next to find the root cause of this issue?
A. Run a curl Run a qkview
B. Run a qkview
C. Runatcpdump
D. Runanssldump

52
 IT Certification Guaranteed, The Easy Way!

Answer: C

QUESTION NO: 149

A virtual server is listening at 10.10.1.100:any and has the following iRule associated with it:
when CLIENT_ACCEPTED { if {[TCP::local_port] equals 80 } { pool pool1 } elseif
{[TCP::local_port] equals 443} { pool pool2 } If a user connects to 10.10.1.100 and port 22,
which pool will receive the request?
A. pool1
B. pool2
C. None. The request will be dropped.
D. Unknown. The pool cannot be determined from the information provided.
Answer: D

QUESTION NO: 150

Refer to the exhibit.

How long will the persistence record remain in the table?

A. 180 seconds after the last packet

53
 IT Certification Guaranteed, The Easy Way!

B. 180 seconds after the initial table entry

C. 300 seconds after the initial table entry
D. 300 seconds after the last packet
Answer: D

QUESTION NO: 151

Which process or system can be monitored by the BIG-IP system and used as a failover
trigger in a redundant pair configuration?
A. bandwidth utilization
B. duplicate IP address
C. CPU utilization percentage
D. VLAN communication ability
Answer: D

QUESTION NO: 152

When network failover is enabled, which of the following is true?
A. The failover cable status is ignored. Failover is determined by the network status only.
B. Either a network failure or loss of voltage across the failover cable will cause a failover.
C. A network failure will not cause a failover as long as there is a voltage across the failover
cable.
D. The presence or absence of voltage over the fail over cable takes precedence over
network failover.
Answer: C

QUESTION NO: 153

When can a single virtual server be associated with multiple profiles?
A. Never. Each virtual server has a maximum of one profile.
B. Often. Profiles work on different layers and combining profiles is common.
C. Rarely. One combination, using both the TCP and HTTP profile does occur, but it is the
exception.
D. Unlimited. Profiles can work together in any combination to ensure that all traffic types are
supported in a given virtual server.
Answer: B

QUESTION NO: 154

Where is the loadbalancing mode specified?
A. within the pool definition
B. within the node definition
C. within the virtual server definition
D. within the pool member definition
Answer: A

QUESTION NO: 155

54
 IT Certification Guaranteed, The Easy Way!

A site has assigned the ICMP monitor to all nodes and a custom monitor, based on the HTTP
template, to a pool of web servers. The HTTP based monitor is working in all cases. The
ICMP monitor is failing for 2 of the pool member 5 nodes.
All other settings are default. What is the status of the monitor is working in all cases?
A. All pool members are up since the HTTPbased monitor is successful.
B. All pool members are down since the ICMPbased monitor is failing in some cases.
C. The pool members whose nodes are failing the ICMPbased monitor will be marked
disabled.
D. The pool members whose nodes are failing the ICMPbased monitor will be marked
unavailable.
Answer: D

QUESTION NO: 156

Which parameters are set to the same value when a pair of BIG-IP devices are
synchronized?
A. host names
B. system clocks
C. profile definitions
D. VLAN failsafe settings
E. MAC masquerade addresses
Answer: C

QUESTION NO: 157

Where is connection mirroring configured?
A. It an option within a TCP profile.
B. It is an optional feature of each pool.
C. It is not configured; it is default behavior.
D. It is an optional feature of each virtual server.
Answer: D

QUESTION NO: 158

A BIG-IP Administrator plans to resolve a non-critical issue with a BIG-IP device in 2 weeks.
What Severity level should be assigned to this type of F5 support ticket?
A. 4
B. 2
C. 3
D. 1
Answer: A

QUESTION NO: 159

When initially configuring the BIG-IP system using the config utility, which two parameters
can be set? (Choose two.)
A. the netmask of the SCCP

55
 IT Certification Guaranteed, The Easy Way!

B. the IP address of the SCCP

C. the port lockdown settings for the SCCP
D. the netmask of the host via the management port
E. the IP address of the host via the management port
F. the port lockdown settings for the host via the management port
Answer: D,E

QUESTION NO: 160

A BIG-IP Administrator is checking the BIG-IP device for known vulnerabilities. What should
the 8IG-IP Administrator upload to BIG-IP iHealth for further analysis?
A. QKView
B. EUD
C. UCS
D. tcpdump
Answer: A

QUESTION NO: 161

Active connections to pool members are unevenly distributed. The load balancing method is
Least Connections (member) Priority Group Activation is disabled. What is a potential cause
of the event distribution?
A. Priority Group Activation is disabled
B. SSL Profile Server is applied
C. Persistence profile is applied
D. incorrect load balancing method
Answer: C

QUESTION NO: 162

A BIGJP Administrator needs to load a UCS file but must exclude the license file. How should
the administrator perform this task?
A. From the CLI with command U tmsh load /$ys ucs <ucs filename> no-license
B. From the GUI, select the UCS file, unchcck the license box, and click restore
C. From the CLI with command(tmos) tmsh load /sys ucs <ucs filename> no-license
D. From the GUI, select the UCS file and click restore
Answer: A

QUESTION NO: 163

Assume the bigd daemon fails on the active system. Which three are possible results?
(Choose three.)
A. The active system will restart the bigd daemon and continue in active mode.
B. The active system will restart the tmm daemon and continue in active mode.
C. The active system will reboot and the standby system will go into active mode.
D. The active system will failover and the standby system will go into active mode.
E. The active system will continue in active mode but gather member and node state

56
 IT Certification Guaranteed, The Easy Way!

information from the standby system.

Answer: A,C,D

QUESTION NO: 164

Refer to the exhibit.

A BIG-IP Administrator needs to configure health monitors for a newly configured server pool
named Pool_B.
Which health monitor settings will ensure that all pool members will be accurately marked as
available or unavailable?
A. HTTPS, HTTP, FTP, and ICMP, with the Availability Requirement of all health monitors
B. HTTPS, HTTP, FTP, and SSH, with the Availability Requirement of at least one monitor
C. HTTPS and HTTP with the Availability Requirement of at least one health monitor
D. HTTPS, HTTP, FTP, and SSH with the Availability Requirement of all health monitors
Answer: B
Explanation:
From the port, the four members are HTTP, FTP, HTTPS, and SSH applications. If you want
to monitor at the same time, you must configure at least one.

QUESTION NO: 165

The BIG-IP Administrator needs to ensure the correct health monitor is being used lor a new
HTTP pool named P_example.
Where should the BIG-IP Administrator validate these settings in the Configuration Utility?
A. Local Traffic > Nodes > Default Monitor
B. Local Traffic > Profiles > Services > HTTP > http
C. Local Traffic > Monitors > http
D. Local Traffic > Pools > P_ example
Answer: D

QUESTION NO: 166

57
 IT Certification Guaranteed, The Easy Way!

Refer to the exhibit.

A BIG-IP Administrator creates a new Virtual Server to load balance SSH traffic. Users are
unable to log on to the servers.
What should the BIG-IP Administrator do to resolve the issue?
A. Set Protocol to UDP
B. Set HTTP Profile to None
C. Set Source Address to 10.1.1.2
D. Set Destination Addresses/Mask to 0.0.0.0/0
Answer: B

QUESTION NO: 167

A BIG-IP has a virtual server at 150.150.10.10:80 with SNAT automap configured. This BIG-
IP also has a SNAT at 150.150.10.11 set for a source address range of 200.200.1.0 /
255.255.255.0. All other settings are at their default states. If a client with the IP address
200.200.1.1 sends a request to the virtual server, what is the source IP address when the
associated packet is sent to the pool member?
A. 200.200.1.1
B. 150.150.10.11
C. Floating self IP address on VLAN where the packet leaves the system
D. Floating self IP address on VLAN where the packet arrives on the system
Answer: C

58
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 168

A virtual server is configured to offload SSL from a pool of backend servers. When users
connect to the virtual server, they successfully establish an SSL connection but no content is
displayed. A packet trace performed on the server shows that the server receives and
responds to the request. What should a BIG-IP Administrator do to resolve the problem?
A. enable Server SSL profile
B. disable Server SSL profile
C. disable SNAT
D. enable SNAT
Answer: B

QUESTION NO: 169

A BIG-IP Administrator is configuring an SSH Pool with five members.
Which Health Monitor should be applied to ensure that available pool members are
monitored accordingly?
A. https
B. udp
C. http
D. tcp
Answer: D

QUESTION NO: 170

A site needs a virtual server that will use an iRule to parse HTTPS traffic based on HTTP
header values. Which two profile types must be associated with such a virtual server?
(Choose two.)
A. TCP
B. HTTP
C. HTTPS
D. ServerSSL
Answer: A,B

QUESTION NO: 171

A BIG-IP Administrator is configuring a pool with members who have differing capabilities.
Connections to pool members must be load balanced appropriately.
Which load balancing method should the BIG-IP Administrator use?
A. Least Sessions
B. Least Connections (member)
C. Fastest (node)
D. Weighted Least Connections (member)
Answer: D

QUESTION NO: 172

A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is
experiencing power outages.

59
 IT Certification Guaranteed, The Easy Way!

Which log file should the BIG-IP Administrator check to verify the suspicion?
A. /war /log/daemon.log
B. /var/log/kern.log
C. /var/log/ltm
D. /var/log/audit
Answer: C

QUESTION NO: 173

A 816-IP Administrator recently deployed an application Users are experiencing slow
performance with the application on some remote networks.
Which two modifications can the BIG-IP Administrator make to address this issue? (Choose
two)
A. Apply dest addr profile to the Virtual Server
B. Apply f5-tcp-wan profile to the Virtual Server
C. Apply f5-tcp-lan profile to the Virtual Server
D. Apply source_addr profile to the Virtual Server
E. Apply fasti_4 profile to the Virtual Server
Answer: B,C

QUESTION NO: 174

The incoming client IP address is 195.64.45.52 and the last five connections have been sent
to members A, C, E, D and B. Given the virtual server, pool, and persistence definitions and
statistics shown in the above graphic, which member will be used for the next connection?

60
 IT Certification Guaranteed, The Easy Way!

A. 10.10.20.1:80
B. 10.10.20.2:80
C. 10.10.20.3:80
D. 10.10.20.4:80
E. 10.10.20.5:80
F. It cannot be determined with the information given.
Answer: C

QUESTION NO: 175

Which two statements are true concerning the default communication between a redundant
pair of BIG-IP systems? (Choose two.)
A. Synchronization occurs via a TCP connection using ports 683 and 684.
B. Connection mirroring data is shared via a TCP connection using port 1028.

61
 IT Certification Guaranteed, The Easy Way!

C. Persistence mirroring data is shared via a TCP connection using port 1028.
D. Connection mirroring data is shared through the serial fail over cable unless network
failover is enabled.
Answer: B,C

QUESTION NO: 176

Which statement is true concerning the default communication between a redundant pair of
BIG-IP devices?
A. Communication between the systems cannot be effected by port lockdown settings.
B. Data for both connection and persistence mirroring are shared through the same TCP
connection.
C. Regardless of the configuration, some data is communicated between the systems at
regular intervals.
D. Connection mirroring data is shared through the serial fail over cable unless network
failover is enabled.
Answer: B

QUESTION NO: 177

A virtual server at 10.10.1.100:80 has the rule listed below applied. when HTTP_REQUEST {
if {[HTTP::uri] ends_with "htm" } { pool pool1 } else if {[HTTP::uri] ends_with "xt" } { pool pool2
} If a user connects to http://10.10.1.100/foo.txt which pool will receive the request?
A. pool1
B. pool2
C. None. The request will be dropped.
D. Unknown. The pool cannot be determined from the information provided.
Answer: B

QUESTION NO: 178

How is MAC masquerading configured?
A. Specify the desired MAC address for each VLAN for which you want this feature enabled.
B. Specify the desired MAC address for each selfIP address for which you want this feature
enabled.
C. Specify the desired MAC address for each VLAN on the active system and synchronize
the systems.
D. Specify the desired MAC address for each floating selfIP address for which you want this
feature enabled.
Answer: A

QUESTION NO: 179

What is the purpose of MAC masquerading?
A. to prevent ARP cache errors
B. to minimize ARP entries on routers
C. to minimize connection loss due to ARP cache refresh delays
D. to allow both BIGIP devices to simultaneously use the same MAC address

62
 IT Certification Guaranteed, The Easy Way!

Answer: C

QUESTION NO: 180

Which three statements describe a characteristic of profiles? (Choose three.)
A. Default profiles cannot be created or deleted.
B. Custom profiles are always based on a parent profile.
C. A profile can be a child of one profile and a parent of another.
D. All changes to parent profiles are propagated to their child profiles.
E. While most virtual servers have at least one profile associated with them, it is not required.
Answer: A,B,C

QUESTION NO: 181

An ecommerce company is experiencing latency issues with online shops during Black
Friday's peak season.
The BIG-IP Administrator detects an overall high CPU load on the BIG-IP device and wants
to move the top utilized Virtual Servers to a dedicated BIG-IP device.
Where should the BIG-IP Administrator determine the problematic Virtual Servers?
A. System > Plattform
B. Local Traffic > Virtual Servers > Virtual Server List
C. Local Traffic > Network Map
D. Statistics > Module Statistics > Local Traffic > Virtual Servers
Answer: D

QUESTION NO: 182

Refer to the exhibit.

63
 IT Certification Guaranteed, The Easy Way!

An LTM device has a virtual server mapped to www.f5.com. Users report that when they
connect to
/resources/201.1.2h.l_l.com they are unable to receive content.
What is the likely cause of the issue?
A. The pool associated with the virtual server does not have priority group activation enabled.
B. The virtual address does not have ARP enabled.
C. The virtual address does not have route advertising enabled.
D. The pool associated with the virtual server is falling its health check.
Answer: B

QUESTION NO: 183

A BIG-IP Administrator configures remote authentication and needs to make sure that users
can still login even when the remote authentication server is unavailable.
Which action should the BIG-IP Administrators in the remote authentication configuration to
meet this requirement?
A. Set partition access to "All"
B. Enable the Fallback to Local option
C. Configure a remote role grove
D. Configure a second remote user directory
Answer: B

QUESTION NO: 184

Refer to the exhibit.

64
 IT Certification Guaranteed, The Easy Way!

A user notifies the BIG-IP Administrator that http://remote company.com is NOT accessible.
Remote access to company resources must be encrypted.
What should the BIG-IP Administrator do to fix the issue?
A. Change the Listening Port on remote.company.com_vs to Port 80
B. Add a Pool to the Virtual Server remote.company.com_VS
C. Add an iRule to remote.company.com_vs to redirect Traffic to HTTPS
D. Change the Type of the Virtual Server remote.company.com_vs to Forwarding Requiring
all traffic to be HTTPS access requires HTTP requests to be redirected directly to HTTPS.
Answer: C

QUESTION NO: 185

A BIG-IP Administrator needs to have a BIG-IP linked to two upstream switches for resilience
of the external network. The network engineer who is going to configure the switch instructs
the BIG-IP Administrator to configure interface binding with LACP. Which configuration
should the administrator use?
A. A virtual server with an LACP profile and the switches' management IPs as pool members.
B. A virtual server with an LACP profile and the interfaces connected to the switches as pool

65
 IT Certification Guaranteed, The Easy Way!

members.
C. A Trunk listing the allowed VLAN IDs and MAC addresses configured on the switches.
D. A Trunk containing an interface connected to each switch.
Answer: D

QUESTION NO: 186

A local user account (Users) on the BIG-IP device is assigned the User Manager role. Userl
attempts to modify the properties of another account (User2), but the action fails. The BIG-IP
Administrator can successfully modify the User2 account.
Assuming the principle of least privilege, what is the correct way to allow User 1 to modify
User2 properties?
A. Move User2 to the same partition as User1
B. Grant User1 administrative privileges
C. Move User to the same partition as User2.
D. Modify the partition access for User 1
Answer: D

QUESTION NO: 187

A BIG-IP Administrator is unable to connect to the management interface via HTTPS. What is
a possible reason for this issue?
A. The port lockdown setting is configured to Allow None.
B. An incorrect management route is specified.
C. The IP address of the device used to access the management interface is NOT included in
the "P Allow" list in the Configuration Utility.
D. The IP address of the device used to access the management interface is NOT included in
the "httpd Allow" list in the CLI.
Answer: D

QUESTION NO: 188

A BIG-IP Administrator makes a configuration change to the BIG-IP device. Which file logs
the message regarding the configuration change?
A. /var/log/messages
B. /var/log/audit
C. /var/log/user.log
D. /var/log/secure
Answer: B
Explanation:
About audit logging
Audit logging is an optional feature that togs messages whenever a BIG-IP® system object,
such as a virtual server or a load balancing pool, is confined (that is. created, modified, or
deleted). The BiGIP system logs the messages for these auditing events in the file
/var/log'audit There are three ways that objects can be configured
* By user action
* By system action

66
 IT Certification Guaranteed, The Easy Way!

* By loading configuration data

Whenever an object is configured in one of these ways, the BIG-IP system logs a message to
the audit log

QUESTION NO: 189

Administrative user accounts have been defined on the remote LDAP server and are unable
to log in to the BIG-IP device.
Which log file should the BIG-IP Administrator check to find the related messages?
A. /var/log/secure
B. /var/log/messages
C. /Nar/log/ltm
D. /var/log/user.log
Answer: A

QUESTION NO: 190

Refer to the exhibit.

A BIG-IP Administrator creates a new Virtual Server. The end user is unable to access the

67
 IT Certification Guaranteed, The Easy Way!

page. During troubleshooting, the administrator learns that the connection between the BIG-
IP system and server is NOT set up correctly.
What should the administrator do to solve this issue?
A. Disable Address Translation
B. Set Address Translation to Auto Map, configure a SNAT pool, and have pool members in
the same subnet of the servers
C. Set Address Translation to SNAT and configure a specific translation address
D. Set Address Translation to SNAT and have self-IP configured in the same subnet of
servers
Answer: C
Explanation:
The status of the pool can be seen that the members are all up, indicating that the network
from F5 to the server is no problem, so there is no need to configure selfip on the same
subnet. The monitor is normal but the access is not normal, you have to consider the problem
of snat, you can configure automap or configure snat and specify snat ip.

QUESTION NO: 191

Which action will take place when a failover trigger is detected by the active system?
A. The active device will take the action specified for the failure.
B. The standby device also detects the failure and assumes the active role.
C. The active device will wait for all connections to terminate and then failover.
D. The standby device will begin processing virtual servers that have failed, but the active
device will continue servicing the functional virtual servers.
Answer: A

QUESTION NO: 192

Which two statements are true about NATs? (Choose two.)
A. NATs support UDP, TCP, and ICMP traffic.
B. NATs can be configured with mirroring enabled or disabled.
C. NATs provide a one-to-one mapping between IP addresses.
D. NATs provide a many-to-one mapping between IP addresses.
Answer: A,C

QUESTION NO: 193

A BIG-IP Administrator needs to restore a UCS file to an F5 device using the Configuration
Utility. Which section of the Configuration Utility should the BIG-IP Administrator access to
perform this task?
A. Local Traffic > Virtual Servers
B. Local Traffic > Policies
C. System > Archives
D. System > Configuration
Answer: C

QUESTION NO: 194

68
 IT Certification Guaranteed, The Easy Way!

A BIG-IP Administrator is informed that traffic on Interface 1.1 is expected to increase over
the maximum bandwidth capacity on the link. There is a single VLAN on the Interface. What
should the 8IG-IP Administrator do to increase the total available bandwidth?
A. Assign two Interfaces to the VLAN
B. Set the media speed of Interface 1.1 manually
C. Create a trunk object with two Interfaces
D. Increase the MTU on the VLAN using Interface 1.1
Answer: C

QUESTION NO: 195

A Standard Virtual Server configured for an application reports poor network performance.
This application is accessed mainly from computers on the Internet.
What should the BIG-IP Administrator configure on the Virtual Server to achieve better
network performance?
A. Protocol Profile (Client) with f5-tcp-wan and Protocol Profile (Server) with f5-tcp-lan
B. Protocol Profile (Client) with f5-tcp-lan
C. Protocol Profile (Client) with fS-tcp-lan and Protocol Profile (Server) with f5-tcp-wan
D. Protocol Profile (Client) with f5-tcp-optimized
Answer: A

QUESTION NO: 196

A new BIG-IP VE is deployed with default settings. The BIG-IP Administrator completes the
setup utility in the Configuration Utility. The internal self IP address fails to respond to a ping
request. What is a possible cause of this issue?
A. Port lockdown on internal self IP is set to Allow None
B. Route is NOT assigned to internal self IP.
C. Internal interface VLAN is set to untagged
D. Internal interface VLAN is set to tagged
Answer: D

QUESTION NO: 197

Which statement is true concerning a functional iRule?
A. iRules use a proprietary syntax language.
B. iRules must contain at least one event declaration.
C. iRules must contain at least one conditional statement.
D. iRules must contain at least one pool assignment statement.
Answer: B

QUESTION NO: 198

A BIG-IP Administrator must configure the BIG-IP device to send system log messages to a
remote syslog server In addition, the log messages need to be sent over TCP for guaranteed
delivery. What should the BIG-IP Administrator configure?
A. HSL Logging
B. syslog-ng

69
 IT Certification Guaranteed, The Easy Way!

C. Remote Logging
D. Request Logging Profile
Answer: C

QUESTION NO: 199

Refer to the exhibit.

How are new connections load balanced?

A. To the first two members listed with the same priority group
B. To the pool member with the least number of connections
C. To the pool member with a high priority group value defined
D. To the pool member with a low priority group value defined
Answer: B

QUESTION NO: 200

DNS queries from two internal DNS servers are being load balanced to external DNS Servers
via a Virtual Server on a BIG-P device. The DNS queries originate from 192.168.101.100 and
192.168.101.200 and target 192.168.21.50 All DNS queries destined for the external DNS
Servers fail Which property change should the BIG-IP Administrator make in the Virtual
Server to resolve this issue?
A. Protocol Profile (Client) to DNS-OPTIMZED
B. Type to Performance (HTTP)
C. Protocol to UDP
D. Source Address to 192.168.101.0/24
Answer: C

QUESTION NO: 201

Which method is recommended for creating a new user from the CLI?
A. Run f5adduser username' then 'f5passwd username' from bash or tmsh
B. Run tmsh create auth user username prompt for password' from bash
C. edit bigip.conf to add the new user and the user's clear-text password
D. Run useradd username' then 'passwd username' from bash tmsh
Answer: B
Reference:
The f5adduser commands were removed and tmsh is the recommended way to create users.
https://support.f5.com/csp/article/K11677

70
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 202

A BIG-IP Administrator uses a device group to share the workload and needs to perform
service on a BIG-IP device currently active for a traffic group. The administrator needs to
enable the traffic group to run on another BIG-IP device in the device group. What should the
administrator do to meet the requirement?
A. Create a new Traffic Group and then fail to Standby Unit
B. Select Traffic Group and then select Failover
C. Select Traffic Group and then select Force to Standby
D. Select Traffic Group on Primary Unit and then select Demote
Answer: C

QUESTION NO: 203

Users are unable to reach an application. The BIG-IP Administrator checks the Configuration
Utility and observes that the Virtual Server has a red diamond in front of the status. What is
causing this issue?
A. All pool members are down.
B. The Virtual Server is receiving HTTPS traffic over HTTP virtual.
C. The Virtual Server is disabled.
D. All pool members have been disabled.
Answer: A

QUESTION NO: 204

You have created a custom profile named TEST2. The parent profile of TEST2 is named
TEST1. If additional changes are made to TEST1, what is the effect on TEST2?
A. All changes to TEST1 are propagated to TEST2.
B. Some of the changes to TEST1 may propagate to TEST2.
C. Changes to TEST1 cannot affect TEST2 once TEST2 is saved.
D. When TEST1 is changed, the administrator is prompted and can choose whether to
propagate changes to TEST2.
Answer: B

QUESTION NO: 205

A BIG-IP Administrator wants to add the ASM Module to an HA pair of BIG-IP devices. The
BIG-IP Administrator has already installed a new Add-On License on both devices in the HA
pair. What should the BIG-IP Administrator do next to use the module?
A. Provision the new module on both BIG-IP device's
B. Synchronize both BIG-IP devices
C. Reboot both BIG-IP devices
D. Reactivate the Licenses on both BIG IP devices
Answer: A

QUESTION NO: 206

An application is configured so that the same pool member must be used for an entire
session, as well as for HTTP and FTP traffic.

71
 IT Certification Guaranteed, The Easy Way!

A user reports that a session has terminated, and the user must restart the session. The BIG-
IP Administrator determines that the active BIG-IP device failed over to the standby BIG-IP
device. Which configuration settings should the BIG-IP Administrator verify to ensure proper
behaviour when BIG-IP failover occurs?
A. cookie persistence and session timeout
B. Stateful failover and Network Failover detection
C. Persistence mirroring and Match Across Services
D. syn-cookie insertion threshold and connection low-water mark
Answer: C

QUESTION NO: 207

Refer to the exhibit.

Why is the virtual server responsive to incoming connections?

A. The pool member is disabled
B. The pool member monitor failed
C. The node is disabled.
D. The node monitor failed
Answer: B

QUESTION NO: 208

A BIG-IP Administrator is setting up a new BIG-IP device. The network administrator reports
that the interface has an incompatible media speed. The BIG-IP Administrator needs to
change this setting manually.
From which location should the BIG-IP Administrator perform this task?
A. On the Front Console
B. In the TMOS Shell Command line
C. In the Configuration Utility, Network > Interface
D. In the Configuration Utility, System > Configuration
Answer: C

QUESTION NO: 209

A BIG-IP Administrator need to ensure that a pool member and down by the monitor the BIG-
IP system sends existing connections to another be pool member.
Which should the BIG-IP Administrator perform to meet this goal?

72
 IT Certification Guaranteed, The Easy Way!

A. Set Action on Service Down sing under the server configuration to reselect.
B. Reconfigure the pool motor members as UP.
C. Enable mirroring within the persistence profile.
D. Set Action Service Down setting under the pool configuration to reselect.
Answer: D

QUESTION NO: 210

A BIG-IP Administrator needs to configure the BIG-IP system to perform load balancing for
FTP servers running passive mode FTP.
How should the administrator configure the Virtual Server to perform this load balancing?
A. A Standard Virtual Server + FTP profile
B. A Forwarding Virtual Server
C. A Performance Layer 4 Virtual Server + FTP profile
D. A Message Routing Virtual Server
Answer: A

QUESTION NO: 211

Which three methods can be used for initial access to a BIG-IP system? (Choose three.)
A. CLI access to the serial console port
B. SSH access to the management port
C. SSH access to any of the switch ports
D. HTTP access to the management port
E. HTTP access to any of the switch ports
F. HTTPS access to the management port
G. HTTPS access to any of the switch ports
Answer: A,B,F

QUESTION NO: 212

A BIG-IP Administrator explicitly creates a traffic group on a BIG-IP device.
Which two types of configuration objects can be associated with this traffic group? (Choose
two.)
A. Pool Members
B. Virtual Addresses
C. iRules
D. VLANS
E. Application Instances
Answer: B,E

QUESTION NO: 213

On the VCMP system, a BIG-IP host administrator imports a new ISO image into the host's
/shared/images folder. The new ISO images that reside on the vCMP host are available for
installation on the guest. How should the BIG-IP Administrator install one image from within
the guest?

73
 IT Certification Guaranteed, The Easy Way!

A. Install the new software on the host and wait for it to automatically be installed on all
guests.
B. Run the following command on guest
tmsh install sys software block-device-image image_name volume < volume_name>
C. Run the following command on guest
tmsh install sys software image image_name volume < volume_name>
D. Run the following command on host
tmsh install sys software block-device-image image_name volume < volume_name>
Answer: D

QUESTION NO: 214

Which statement describes a typical purpose of iRules?
A. iRules can be used to add individual control characters to an HTTP data stream.
B. iRules can be used to update the timers on monitors as a server load changes.
C. iRules can examine a server response and remove it from a pool if the response is
unexpected.
D. iRules can be used to look at client requests and server responses to choose a pool
member to select for load balancing
Answer: A

QUESTION NO: 215

Which file should the BIG-IP Administrator check to determine when a Virtual Server
changed its status
A. /var/log/audit
B. /var/log/lastlog
C. /var/log/tm
D. /var/log/monitors
Answer: C

QUESTION NO: 216

A virtual server is defined per the charts. The last five client connections were to members C,
D, A, B, B. Given the conditions shown in the above graphic, if a client with IP address
205.12.45.52 opens a connection to the virtual server, which member will be used for the
connection.

74
 IT Certification Guaranteed, The Easy Way!

A. 172.16.20.1:80
B. 172.16.20.2:80
C. 172.16.20.3:80
D. 172.16.20.4:80
E. 172.16.20.5:80
Answer: D

QUESTION NO: 217

The BIG-IP Administrator generates QKView using tmsh command "qkview -SO". In which
directory does the BIG-IP appliance save the QKView?
A. /etc/tmp
B. /var/tmp
C. /shared/qkview
D. /var /tmp/qkview
Answer: B

QUESTION NO: 218

To increase available bandwidth of an existing Trunk, the BIG-IP Administrator is adding
additional interfaces.
Which command should the BIG-IP Administrator run from within bosh shell?
A. tmsh create /net trunk trunk_A interfaces add {1.3.1.4}

75
 IT Certification Guaranteed, The Easy Way!

B. tmsh create/sys trunk trunk_A interfaces add {1.3.1.4}

C. tmsh modify/sys trunk trunk^A interfaces add {1.3.1.4}
D. tmsh modify /net trunk trunk_A interfaces add {1.3.1.4}
Answer: D

QUESTION NO: 219

The interface 1.1 of the BIG-IP device has been connected to a link dedicated to traffic on
VLAN 120. What should the BIG-IP Administrator do to receive traffic from the VLAN?
A. Create a new VLAN object and set Customer Tag to 120
B. Create a new VLAN object and assign the interface 1.1 untagged
C. Create a new trunk object with interface 1.1 assigned
D. Create a new trunk object and assign it to the VLAN
Answer: B

QUESTION NO: 220

If a client's browser does not accept cookies, what occurs when the client connects to a
virtual server using cookie persistence?
A. The connection request is not processed.
B. The connection request is sent to a pology server.
C. The connection request is loadbalanced to an available pool member.
D. The connection request is refused and the client is sent a "server not available" message.
Answer: C

QUESTION NO: 221

Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the
BIG-IP?
A. No SSL certificates are required on the BIG-IP.
B. The BIG-IP's SSL certificates must only exist.
C. The BIG-IP's SSL certificates must be issued from a certificate authority.
D. The BIG-IP's SSL certificates must be created within the company hosting the BIG-IPs.
Answer: A

QUESTION NO: 222

Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server
processing takes place. Also assume that the NAT definition specifies a NAT address and an
origin address while all other settings are left at their defaults. If a client were to initiate traffic
to the NAT address, what changes, if any, would take place when the BIG-IP processes such
packets?
A. The source address would not change, but the destination address would be translated to
the origin address.
B. The destination address would not change, but the source address would be translated to
the origin address.
C. The source address would not change, but the destination address would be translated to
the NAT's address.

76
 IT Certification Guaranteed, The Easy Way!

D. The destination address would not change, but the source address would be translated to
the NAT's address.
Answer: A

QUESTION NO: 223

Refer to the exhibit.

Which Pool Members are receiving traffic?

A. Serv1, serv2,serv3, serv4
B. serv1, serv3
C. serv1, serv3, serv4
D. serv1
Answer: C

QUESTION NO: 224

Refer to the exhibit.

77
 IT Certification Guaranteed, The Easy Way!

A BIG-IP Administrator configures the Virtual Server to pass HTTP traffic. Users report that
they are unable to access the application What should the administrator do to resolve this
issue?
A. Change the Virtual Server name
B. Disable .he State
C. Reconfigure the Source Address
D. Reconfigure the Pool Members
Answer: D

QUESTION NO: 225

Which two can be a part of a virtual server's definition? (Choose two.)
A. rule(s)
B. pool(s)
C. monitor(s)
D. node address(es)
E. loadbalancing method(s)
Answer: A,B

QUESTION NO: 226

A standard virtual server is defined with a pool and a SNAT using automap. All other settings
for the virtual server are at defaults. When client traffic is processed by the BIG-IP, what will
occur to the IP addresses?
A. Traffic initiated by the pool members will have the source address translated to a self-IP
address but the destination address will not be changed.
B. Traffic initiated to the virtual server will have the destination address translated to a pool
member address and the source address translated to a self-IP address.
C. Traffic initiated by selected clients, based on their IP address, will have the source address
translated to a self-IP address but the destination will only be translated if the traffic is
destined to the virtual server.

78
 IT Certification Guaranteed, The Easy Way!

D. Traffic initiated to the virtual server will have the destination address translated to a pool
member address and the source address translated to a self-IP address. Traffic arriving
destined to other destinations will have the source translated to a self-IP address only.
Answer: B

QUESTION NO: 227

What should the BIG-IP Administrator do to apply and activate a hotfix to a BIG-IP device
that is currently running version 11.0.0 on active partition HD1.1?
A. 1. confirm that 11.0.0 is installed on inactive partition HD1.2
2. apply a hotfix to partition HD 1.2
3. activate partition HD1.2
B. 1. reactivate the license on partition HD1.1
2. apply a hotfix to partition HD1.1
C. 1. activate partition HD1.2
2 confirm version 11.0.0 on partition HD1.2
3. install a hotfix on partition HD1.2
D. 1. set partition HD1.2 active
2. apply a hotfix to partition HD1.2
Answer: A

QUESTION NO: 228

What is the status of a pool member when manual resume is enabled and a health check first
fails and then passes?
A. Offline (Disabled)
B. Offline (Enabled)
C. Available (Disabled)
D. Available (Enabled)
Answer: A

QUESTION NO: 229

A BIG-IP Administrator assigns the default http health monitor to a pool that has three
members listening on port 80 When the administrator connects to each pool member via the
CURL utility, two of the members respond with a status of 404 Not Found while the third
responds with 200 OK. What will the pool show for member availability?
A. All members offline.
B. Two members offline and one member online.
C. Two members online and one member offline.
D. All members online.
Answer: D

QUESTION NO: 230

A BIG-IP Administrator finds the following log entry:
tnm tmm[7141]: 011e0002:4: sweeperjjpdate: aggressive mode activated.
Which action should the BIG-IP Administrator to mitigate this memory issue?

79
 IT Certification Guaranteed, The Easy Way!

A. Configure the redundant par to be active-active

B. Decrease the TCP profile ide Timeout value
C. increase the TCP profile ide Timeout value
D. Configure the serve to use Connection Mirroring
Answer: D

QUESTION NO: 231

A BIG-IP Administrator must configure the BIG-IP device to send system log messages to a
remote syslog server In addition, the log messages need to be sent over TCP for guaranteed
delivery. What should the BIG-IP Administrator configure?
A. syslog-ng
B. Request Logging Profile
C. HSL Logging
D. Remote Logging
Answer: D

QUESTION NO: 232

Which is an advantage of terminating SSL communication at the BIGIP rather than the
ultimate web server?
A. Terminating SSL at the BIG-IP can eliminate SSL processing at the web servers.
B. Terminating SSL at IP the eliminates BIG all unencrypted traffic from the internal network.
C. Terminating SSL at the BIG-IP eliminates the need to purchase SSL certificates from a
certificate authority.
D. Terminating SSL at the BIG-IP eliminates the need to use SSL acceleration hardware
anywhere in the network.
Answer: A

QUESTION NO: 233

The current status of a given pool member is unknown. Which condition could explain that
state?
A. The member has no monitor assigned to it.
B. The member has a monitor assigned to it and the most recent monitor was successful.
C. The member has a monitor assigned to it and the monitor did not succeed during the most
recent timeout period.
D. The member's node has a monitor assigned to it and the monitor did not succeed during
the most recent timeout period.
Answer: A

QUESTION NO: 234

Refer to the exhibit.

80
 IT Certification Guaranteed, The Easy Way!

A BIG-IP Administrator configures a now VLAN on an HA pair of devices that does NOT yet
have any traffic. This action causes the assigned traffic group to fail over to the standby
device.
Which VLAN setting should be changed to prevent this issue?
A. Auto Last Hop
B. Fail-safe
C. Customer Tag
D. Source Check
Answer: B

81
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 235

Which statement is true concerning SSL termination?
A. A virtual server that has both ClientSSL and ServerSSL profiles can still support cookie
persistence.
B. Decrypting traffic at the BIG-IP allows the use of iRules for traffic management, but
increases the load on the pool member.
C. When any virtual server uses a ClientSSL profile, all SSL traffic sent to the BIG-IP is
decrypted before it is forwarded to servers.
D. If a virtual server has both a ClientSSL and ServerSSL profile, the pool members have
less SSL processing than if the virtual server had only a ClientSSL profile.
Answer: A

QUESTION NO: 236

Which type of Virtual Server requires the use of a FastL4 profile?
A. Performance (Layer 4)
B. Stateless
C. Performance (HTTP)
D. Standard
Answer: A

QUESTION NO: 237

An IT support engineer needs to access and modify Virtual Servers in three partitions
(Common /Banking and Dev) daily on a BIG-IP device. The company operates a Least
Privilege access policy. What level of access does the IT support engineer need to ensure
completion of daily roles?
A. Manager in /common/Banking, and /Dev partitions
B. Application Editor in /Common, /Banking, and /Dev partitions
C. Manager in all partitions
D. Application Editor in all partitions
Answer: A

QUESTION NO: 238

All pool members are online. All other virtual server settings are at default What might after
the load balancing behavior?
A. enabing SNAT automap
B. enabing a falback host in the http profile
C. adding a oneconnect profile
D. adding a persistence profile
Answer: D

QUESTION NO: 239

A BIG-IP Administrator reviews the Plane CPU Usage performance chart and discovers a
high percentage of Control Plane utilization.

82
 IT Certification Guaranteed, The Easy Way!

Which type of traffic does this indicate a higher usage of?

A. Administrative
B. Tunnel
C. Accelerated ,
D. Application
Answer: A

QUESTION NO: 240

Refer to the exhibit.

A BIG-IP Administrator needs to fall over the active device. The administrator logs into the
Configuration Unity and navigates to Device Management > Traffic Group. However, Force to
Standby is greyed out What is causing this issue?
A. The BIG-IP Administrator is NOT logged into command line to tail over
B. The BIG-IP Administrator is on the Standby Device
C. The BIG-IP Administrator is logged in as root
D. The BIG-IP Administrator is logged in as administrator
Answer: B

QUESTION NO: 241

Which statement accurately describes the difference between two loadbalancing modes
specified as "member" and "node"?
A. There is no difference; the two terms are referenced for backward compatibility purposes.

83
 IT Certification Guaranteed, The Easy Way!

B. When the loadbalancing choice references "node", priority group activation is unavailable.
C. Loadbalancing options referencing "nodes" are available only when the pool members are
defined for the "any" port.
D. When the loadbalancing choice references "node", the addresses' parameters are used to
make the loadbalancing choice rather than the member's parameters.
Answer: B

QUESTION NO: 242

A virtual server is listening at 10.10.1.100:any and has the following iRule associated with it:
when CLIENT_ACCEPTED { if {[TCP::local_port] equals 21 } { pool
ftppool } elseif {[TCP::local_port] equals 23 } { pool telnetpool }
If a user connects to 10.10.1.100 and port 22, which pool will receive the request?
A. ftppool
B. telnetpool
C. None. The request will be dropped.
D. Unknown. The pool cannot be determined from the information provided.
Answer: D

QUESTION NO: 243

A VLAN has the following objects configured:
Self-IP 10.10.10.100 with port lockdown set to Allow default
Virtual server 10.10.10.100:443 with UDP profile enabled
Virtual server 10.10.10.0/24 port forwarding virtual server
Global destination NAT forwarding 10.10.10.100 to internal server 172.168.10.100 Which
object will process this request when https://10.10.10.100 is entered into a browser?
A. self-IP 10.10.10.100 with port lockdown set to Allow default
B. virtual server 10.10.100/24 port o forwarding virtual server
C. global destination NAT forwarding 10.10.10.100 to internal server 172.168.10.100
D. virtual server 10.10.10.100.443 with UDP profile enabled
Answer: A

QUESTION NO: 244

A site wishes to perform source address translation on packets from some clients but not
others. The determination is not based on the client's IP address, but on the virtual servers
their packets arrive on. What could best accomplish this goal?
A. A SNAT for all addresses could be defined, and then disable the SNAT processing for
select VLANs.
B. Some virtual servers could be associated with SNAT pools and others not associated with
SNAT pools.
C. The decision to perform source address translation is always based on VLAN. Thus, the
goal cannot be achieved.
D. The decision to perform source address translation is always based on a client's address
(or network). Thus, this goal cannot be achieved.
Answer: B

84
 IT Certification Guaranteed, The Easy Way!

QUESTION NO: 245

The current status of a given pool is offline (red). Which condition could explain that state?
Assume the descriptions below include all monitors assigned for each scenario.
A. No monitors are currently assigned to any pool, member or node.
B. The pool has a monitor assigned to it, and none of the pool members passed the test.
C. The pool has a monitor assigned to it, and only some of the pool's members passed the
test.
D. A monitor is assigned to all nodes and all nodes have passed the test. The pool's
members have no specific monitor assigned to them.
Answer: B

QUESTION NO: 246

Which two statements describe differences between the active and standby systems?
(Choose two.)
A. Monitors are performed only by the active system.
B. Failover triggers only cause changes on the active system.
C. Virtual server addresses are hosted only by the active system.
D. Configuration changes can only be made on the active system.
E. Floating selfIP addresses are hosted only by the active system.
Answer: C,E

QUESTION NO: 247

A BIG-IP Administrator needs to determine which pool members in a pool have been
manually forced offline and are NOT accepting any new traffic. Which status icon indicates
this?
A)

B)

C)

D)

A. Option
B. Option
C. Option

85
 IT Certification Guaranteed, The Easy Way!

D. Option
Answer: A

QUESTION NO: 248

Which log file should the BIG-IP Administrator check to determine if a specific user tried to
log in to the 8IG-IP Configuration by utility?
A. /var/log/pam/tally/log
B. /ver/log/secure
C. /var/log/trn
D. /var/log/http.d
Answer: B

QUESTION NO: 249

Refer to the exhibit.

The BIG-IP Administrator is investigating disk utilization on the BIG-IP device.

What should the BIG-IP Administrator check next?
A. Large files on the / file system
B. Results from the EUD test
C. Results from the platform diagnostics test
D. Large files on /usr file system
Answer: A

QUESTION NO: 250

A BIG-IP Administrator needs to check the memory utilization on a BIG-IP system. Which two
methods can the UIG IP Administrator use? (Choose two.)
A. Run the tmsh show/sys memory command

86
 IT Certification Guaranteed, The Easy Way!

B. Run the tmsh show/sys traffic command

C. Go to Statistics > Module Statistics > Traffic Summary in the configuration utility
D. Go to Statistics > Module Statistics > Memory in the configuration utility
E. Go to System > Disk Management in the configuration utility
Answer: A,D

QUESTION NO: 251

A BIG-IP Administrator creates a new VLAN on BIG-IP Cluster Member A and attaches an
Interface to it. Although the Auto Config Sync is in place, the new VLAN does NOT show up
on Cluster Member B.
What should the BIG-IP Administrator do to ensure the new VLAN is configured on each
Cluster Member?
A. Configure the new VLAN manually on Cluster Member B.
B. Reset the Device Trust of the BIG-IP Cluster on either Cluster Member.
C. Configure a Default Route for the new VLAN on Cluster Member A.
D. Enable the Interface that is attached to the new VLAN on Cluster Member A.
Answer: A

QUESTION NO: 252

A BIG-IP Administrator needs to remove a pool specific health monitor. There is a pool
named Best Pool with two members, one named Best pool member and one named Best
pool member2. In the Local Traffic section of the administrative GUI, which stops should the
BIG-IP Administrator take to remove a pool level monitor?
A. Pool > Pool List > Best Pool > Members > Health Monitors
B. Nodes > Node List> Best _pool_memberl > Heath Monitors
C. Monitors > Monitor Name> Instances
D. Pool > Pool List> Best Pool > Health Monitors
Answer: D

QUESTION NO: 253

Which three iRule events are likely to be seen in iRules designed to select a pool for load
balancing? (Choose three.)
A. CLIENT_DATA
B. SERVER_DATA
C. HTTP_REQUEST
D. HTTP_RESPONSE
E. CLIENT_ACCEPTED
F. SERVER_SELECTED
G. SERVER_CONNECTED
Answer: A,C,E

QUESTION NO: 254

Assuming that systems are synchronized, which action could take place if the fail over cable

87
 IT Certification Guaranteed, The Easy Way!

is connected correctly and working properly, but the systems cannot communicate over the
network due to external network problems?
A. If network failover is enabled, the standby system will assume the active mode.
B. Whether or not network failover is enabled, the standby system will stay in standby mode.
C. Whether or not network failover is enabled, the standby system will assume the active
mode.
D. If network failover is enabled, the standby system will go into active mode but only until the
network recovers.
Answer: B

QUESTION NO: 255

A BIG-IP Administrator needs to view the CPU utilization of a particular Virtual Server. Which
section of the Configuration Utility should the administrator use for this purpose?
A. Statistics > Module Statistics > Local Traffic > Virtual Addresses
B. Statistics > Module Statistics > Traffic Summary
C. Statistics > Analytics > Process CPU Utilization
D. Statistics > Module Statistics > Local Traffic > Virtual Servers
Answer: D

88