303 BIG-IP ASM Specialist Questions and Answers

An LTM Specialist has recently taken over administration or an LTM device that has experienced resource availability issues. The LTM device will need to be solely used for load balancing and SSL offload. Previously, the LTM device was also used to provide statistical analysis of application traffic. However, that functionality has been moved to a third party solution.

Based on the output below, which configuration change should be made to ensure the LTM module receives the most amount of resources?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

An LTM Specialist is troubleshooting an application configured on an LTM device on a one-armed configuration. The application is NOT working through the LTM device but does work when accessed directly via the application servers. The virtual server 192.168.1.211:443 is configured to SNAT using the address 192.168.1.144 and references a pool with the member 192.168.10.80:443. No Client or Server SSL profiles are associated. The LTM Specialist has collected two traffic captures to help determine the issue.

What is the problem with the configuration on the LTM device?

The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect.

The virtual server is configured with the default OneConnect profile.

The ACL is defined on the web server as:

Permit: 192.168.136.0/24

Deny: 192.168.116.0/24

The packet capture is taken of two individual client flows to a virtual server with IP address 192.168.136.100.

Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:

Clientside:

09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192 < mss 1460,nop,wscale 2,nop,nop,sackOK >

09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack 869998902 win 4380 < mss 1460,nop,wscale 0,sackOK,eol >

09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425

09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425

09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678

Serverside:

09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380 < mss 1460,nop,wscale 0,sackOK,eol >

09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack 685865803 win 5840 < mss 1460,nop,nop,sackOK,nop,wscale 6 >

09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380

09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380

09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108

Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100:

Clientside:

09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192 < mss 1460,nop,wscale 2,nop,nop,sackOK >

09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack 3320618939 win 4380 < mss 1460,nop,wscale 0,sackOK,eol >

09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425

09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425

09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678

Serverside:

09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904

09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142

Why was the second client flow permitted by the web server?

An LTM Specialist needs to force only FTP traffic, sourced from subnet 10.10.10.0/24 to virtual server 10.10.20.1 to the new FTP1 server. The following virtual servers are configured on the LTM device:

Traffic sourced from 10.10.10/24 must use the specific pool member for load balancing.

Which configuration change is needed to meet the requirements?

Interface 1.2 on a BIG-IP VE has a status of UNINITIALIZED. What is the reason for this status?

Which procedure should an LTM Specialist follow to move a configuration from a 1500 to a 1600 hardware platform during an upgrade?

A device group is made up of four members: LTM-A, LTM-B, LTM-C, and LTM-D. An LTM Specialist makes a configuration change on LTM-B. Later, a different LTM Specialist notices a "changes pending" message on all devices. When logged into LTM-D, the LTM Specialist attempts to config-sync to the device group. The sync operation fails.

Why is the LTM Specialist on LTM-D unable to synchronize the configuration to the group?

The web application team requests help from the LTM Specialist to Improve the performance of their web sites that are load balanced by the F5 LTM device with a Standard Virtual Server.

Which virtual server type will improve the performance of the web application servers?

An LTM Specialist plans to enable connection mirroring for a virtual server in an HA environment.

What must the LTM Specialist consider before implementing the configuration change?

An LTM Specialist needs to rewrite text within an HTML response from a web server. A client is sending the HTTP request below:

GET / HTTP/1.1

Host: www.f5.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-LanguagE. en-US,en;q=0.5

Accept-EncodinG. gzip, deflate

Cache-Control: no-cache

Connection: keep-alive

CookiE. somecookie=1

Although a stream profile has been added to the virtual server, the content within the HTTP response is NOT being matched, and therefore NOT modified.

Which HTTP header should the LTM Specialist remove from the request to ensure the content can be matched and modified?

An LTM device configured with a management IP address and route and a series of self-IPs and TMM routes. Both management and TMM have a routing entry for 101 10/24 Application traffic is being load balanced and sent to pool member 10.1.1.123 with SNAT Automap and configured.

Which route will the LTM device use?

A BIG-IP Administrator is configuring an SSH Pool with five members.

Which Health Monitor should be applied to ensure that available pool members are monitored

accordingly?

A BIG-IP Administrator needs to view the CPU utilization of a particular Virtual Server. Which section of the Configuration Utility should the administrator use for this purpose?

A BIG-IP Administrator needs to modify a virtual server that web offload web traffic compression tasks from the target server.

Which two profiles must the BIG-IP Administrator apply to a virtual server to enable compression? (Choose two)

An LTM Specialist needs to use a set of addresses to access an Internet website in an outbound configuration.

Which feature should the LTM Specialist configure?

The LTM Specialist is writing a custom HTTP monitor for a web application and has viewed the content by accessing the site directly via their browser. The monitor continually fails. The monitor configuration is:

ltm monitor http /Common/exampleComMonitor {

defaults-from /Common/http

destination *:*

interval 5

recv "Recent Searches"

send "GET /app/feed/current\?uid=20145 HTTP/1.1\\r\\nHost: www.example.com\\r\\nAccept-EncodinG. gzip, deflate\\r\\nConnection: close\\r\\n\\r\\n"

time-until-up 0

timeout 16

}

A trace shows the following request and response:

Request:

GET /app/feed/current?uid=20145 HTTP/1.1

Host www.example.com

Accept-Encoding gzip, deflate

Connection: close

Response:

HTTP/1.1 302 Moved Temporarily

Date Wed, 17 Oct 2012 18:45:52 GMT

Server Apache

Location https://example.com/login.jsp

Content-Encoding gzip

Content-Type text/html;charset=UTF-8

Set-CookiE. JSESSIONID=261EFFBDA8EC3036FBCC22D991AC6835; Path=/app/feed/current?uid=20145

What is the problem?

Refer to the exhibit.

A BIG-IP Administrator creates a new Virtual Server to load balance SSH traffic. Users are unable to log on to the servers.

What should the BIG-IP Administrator do to resolve the issue?

A BIG-IP Administrator need to ensure that a pool member and down by the monitor the BIG-IP system

sends existing connections to another be pool member.

Which should the BIG-IP Administrator perform to meet this goal?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is troubleshooting a new HTTP monitor on a pool. The pool member is functioning correctly when accessed directly through a browser, although the monitor is marking the member as down. As part of the troubleshooting, the LTM Specialist has captured the monitor traffic via tcpdump.

How should the LTM Specialist resolve this issue?

An F5 LTM Specialist needs to perform an LTM device configuration backup prior to RMA swap.

Which command should be executed on the command line interface to create a backup?

A web server administrator informs the BIG-IP Administrator that web servers are overloaded Starting next month, the BIG-IP device will terminate SSL to reduce web server load. The BIG-IP device is ready using client SSL client profile and Rules on HTTP level. What actions should the BIG-IP Administrators to achieve the desired configuration?

An LTM Specialist needs to add a pool that will load balance MYSOL services. It has four members, each with differing hardware platforms. All pool members are already assigned to another pool for load balancing FTP traffic.

Which load balancing method is most effective when the LTM Specialist sets up the pool?

Which command should the LTM Specialist use to determine the current system time?

One LTM device in an HA pair of LTM devices is unable to reach its default gateway. An HA Failover event needs to happen.

Which configuration item enables this behavior?

The output of a tmsh command is: ------------------------------------------------------------ Net::Interface Name Status Bits Bits Errs Errs Drops Drops Colli In Out In Out In Out sions ------------------------------------------------------------ 1.1 down 0 0 0 0 0 0 0 1.2 up 191.4K 0 0 0 374 0 0 1.3 down 0 0 0 0 0 0 0 1.4 up 22.5K 0 0 0 44 0 0 2.1 miss 0 0 0 0 0 0 0 2.2 miss 0 0 0 0 0 0 0 mgmt up 43.2G 160.0G 0 0 0 0 0

Which command was executed on the LTM device to show the output?

There are three servers in the pool: 172.16.20.1, 172.16.20.2, and 172.16.20.3, with the virtual IP address 10.0.20.88.

A user CANNOT connect to an HTTP application. To understand the problem and find a solution, the LTM Specialist runs two concurrent traces on the LTM device, with the following results:

Trace on client side:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes

22:22:07.423759 IP 172.16.20.100.53875 > 10.0.20.88.80: S 998346084:998346084(0) win 5840 < mss 1460,sackOK,timestamp 67942058 0,nop,wscale 4 >

22:22:07.424056 IP 10.0.20.88.80 > 172.16.20.100.53875: S 4671780:4671780(0) ack 998346085 win 4380 < mss 1460,nop,wscale 0,nop,nop,timestamp 2392362490 67942058,sackOK,eol >

22:22:07.424776 IP 172.16.20.100.53875 > 10.0.20.88.80: . ack 1 win 365 < nop,nop,timestamp 67942058 2392362490 >

22:22:07.424790 IP 172.16.20.100.53875 > 10.0.20.88.80: P 1:149(148) ack 1 win 365 < nop,nop,timestamp 67942058 2392362490 >

22:22:07.424891 IP 10.0.20.88.80 > 172.16.20.100.53875: . ack 149 win 4528 < nop,nop,timestamp 2392362491 67942058 >

22:22:12.024850 IP 10.0.20.88.80 > 172.16.20.100.53875: R 1:1(0) ack 149 win 4528

6 packets captured

6 packets received by filter

0 packets dropped by kernel

Trace on server side:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on internal, link-type EN10MB (Ethernet), capture size 96 bytes

22:22:07.424881 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 < mss 1460,nop,wscale 0,nop,nop,timestamp 2392362491 0,sackOK,eol >

22:22:08.424893 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 < mss 1460,nop,wscale 0,nop,nop,timestamp 2392363491 0,sackOK,eol >

22:22:09.625082 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 < mss 1460,nop,wscale 0,nop,nop,timestamp 2392364691 0,sackOK,eol >

22:22:10.825194 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 < mss 1460,sackOK,eol >

4 packets captured

4 packets received by filter

0 packets dropped by kernel

What should the LTM Specialist do to solve the problem?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A failover has just occured on BIG-IP1. BIG-IP2 is now active and manages traffic as expected. Both Bigip's are set with a gateway failsafe to check the reachability of the main border router. Switches have performed as expected.

Where should the LTM Specialist check for potential issues?

An LTM Specialist receives a request to monitor the network path through a member, but NOT the member itself.

Which monitor option should the LTM Specialist enable or configure?

An LTM Specialist notices the following error on the stdout console:

mcpd[2395]: 01070608:0: License is not operational(expired or digital signature does not match contents)

Which command should be executed to verify the LTM device license?

A 816-IP Administrator recently deployed an application Users are experiencing slow performance with

the application on some remote networks.

Which two modifications can the BIG-IP Administrator make to address this issue? (Choose two)

An LTM Specialist has been asked to configure a virtual server to distribute connections between a pool of two application servers with addresses 172.16.20.1 and 172.16.20.2. The application servers are listening on TCP ports 80 and 443. The application administrators have asked that clients be directed to the same node for both HTTP and HTTPS requests within the same session.

Virtual servers vs_http and vs_https have been created, listening on 1.2.3.100:80 and 1.2.3.100:443, respectively.

Which configuration option will result in the desired behavior?

A BIG-IP Administrator remotely connects to the appliance via out-of-band management using https://mybigip mycompany net. The management portal has been working all week. When the administrator attempts to login today, the connection times out. Which two aspects should the administrator verify? (Choose two)

Refer to the exhibit.

A BIG-IP Administrator configures a Virtual Server to handle HTTPS traffic. Users report that the

application is NOT working.

Which actional configuration is regard to resolve this issue?

An LTM Specialist is troubleshooting a problem on an eCommerce website. The user browses the online store using port 80, adding items to the shopping cart. The user then clicks the "Checkout" button on the site, which redirects the user to port 443 for the checkout process. Suddenly, the user's shopping cart is shown as empty. The shopping cart data is stored in memory on the server, and the default source address persistence profile is used on both virtual servers.

What is the issue?

A BIG-IP Administrator is receiving intermittent reports from users that SSL connections to the BIG-IP device are failing. Upon checking the log files, the BIG-IP Administrator notices the following error message:

ere tmm < instance > [ < pid > ]: 01260008:3: SSL transaction (TPS) rate limit reached

After reviewing statistics, the BIG-IP Administrator notices there are a maximum of 1200 client-side SSL

TPS and a maximum of 800 server-side SSL TPS.

What is the minimum SSL license limit capacity the BIG-IP Administrator should upgrade to handle this

peak?

A BIG-IP Administrator must configure the BIG-IP device to send system log messages to a remote syslog server In addition, the log messages need to be sent over TCP for guaranteed delivery. What should the BIG-IP Administrator configure?

Internet clients connecting to a virtual server to download a file are experiencing about 150 ms of latency and no packet loss.

Which built-in client-side TCP profile provides the highest throughput?

A BIG-IP Administrator reviews the log files to determine the cause of a recent problem and finds the

following entry.

Mar 27.07.58.48 local/BIG-IP notice mcpd {5140} 010707275 Pool member 172.16.20.1.10029 monitor

status down.

What is the cause of this log message?

Windows PC clients are connecting to a virtual server over a high-speed, low-latency network with no packet loss.

Which built-in client-side TCP profile provides the highest throughput for HTTP downloads?

Given LTM device ltm log:

Sep 26 20:51:08 local/lb-d-1 notice promptstatusd[3695]: 01460006:5: semaphore mcpd.running(1) held

Sep 26 20:51:08 local/lb-d-1 notice promptstatusd[3695]: 01460006:5:

Sep 26 20:51:08 local/lb-d-1 warning promptstatusd[3695]: 01460005:4: mcpd.running(1) held, wait for mcpd

Sep 26 20:51:08 local/lb-d-1 info sod[3925]: 010c0009:6: Lost connection to mcpd - reestablishing.

Sep 26 20:51:08 local/lb-d-1 err bcm56xxd[3847]: 012c0004:3: Lost connection with MCP: 16908291 ... Exiting bsx_connect.cpp(174)

Sep 26 20:51:08 local/lb-d-1 info bcm56xxd[3847] : 012c0012:6: MCP Exit Status

Sep 26 20:51:08 local/lb-d-1 info bcm56xxd[3847]: 012c0012:6: Info: LACP stats (time now:1348717868) : no traffic

Sep 26 20:51:08 local/lb-d-1 info bcm56xxd[3847]: 012c0014:6: Exiting...

Sep 26 20:51:08 local/lb-d-1 err lind[3842]: 013c0004:3: IO error on recv from mcpd - connection lost

Sep 26 20:51:08 local/lb-d-1 notice bigd[3837]: 01060110:5: Lost connection to mcpd with error 16908291, will reinit connection.

Sep 26 20:51:08 local/lb-d-1 err statsd[3857]: 011b0004:3: Initial subscription for system configuration failed with error ''

Sep 26 20:51:08 local/lb-d-1 err statsd[3857]: 011b0001:3: Connection to mcpd failed with error '011b0004:3: Initial subscription for system configuration failed with error '''

Sep 26 20:51:08 local/lb-d-1 err csyncd[3851]: 013b0004:3: IO error on recv from mcpd - connection lost

.............skipping more logs.....

Sep 26 20:51:30 local/lb-d-1 notice sod[3925]: 01140030:5: HA proc_running bcm56xxd is now responding.

Sep 26 20:51:34 local/lb-d-1 notice sod[3925]: 01140030:5: HA proc_running mcpd is now responding.

Sep 26 20:51:34 local/lb-d-1 notice sod[3925]: 010c0018:5: Standby

Which daemon failed?

A BIG-IP Operator has made a grave error and deleted a few virtual servers on the active LTM device fronting the web browsing proxies. The BIG-IP Operator has NOT yet performed a configuration sync.

Which command should the LTM Specialist execute on the active LTM device to force a failover to the standby node and restore web browsing?

The LTM device is configured for RADIUS authentication. Remote logins are failing and the LTM Specialist must verify the RADIUS configuration.

How should the LTM Specialist check the RADIUS server and shared secret configured on the LTM device?

A pool of four servers has been partially upgraded for two new servers with more memory and CPU capacity. The BIG-IP Administrator must change the load balance method to consider more connections for the two new servers. Which load balancing method considers pool member CPU and memory load?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

A customer requests to offload SSL for an internal website. The front page of the website loads correctly; however, selecting links on the page fails.

How should the LTM Specialist fix the issue?

A BIG-IP Administrator makes a configuration change to the BIG-IP device. Which file logs the message regarding the configuration change?

An LTM device is load balancing SIP traffic. An LTM Specialist notices that sometimes the SIP request is being load balanced to the same server as the initial connection.

Which setting in the UDP profile will make the LTM device more evenly distribute the SIP traffic?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

After upgrading LTM from v10 to v11, users are unable to connect to an application. The virtual server is using a client SSL profile for re-terminating SSL for payload inspection, but a server SSL profile is being used to re-encrypt the request.

A client side ssldump did NOT show any differences between the traffic going directly to the server and the traffic being processed by the LTM device. However, packet capture was done on the server, and differences were noted.

Which modification will allow the LTM device to process the traffic correctly?

When importing a PEM formatted SSL certificate, which text needs to appear first in the file?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Which step should an LTM Specialist take next to finish upgrading to HD1.3?

Refer to the exhibit.

A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL offload and

re-encrypt the traffic to pool members.

During testing, users are unable to connect to the application.

What must the BIG-IP Administrator do to resolve the issue?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A user is unable to access an HTTP application via a virtual server.

What is the cause of the failure?

An LTM Specialist sees these entries in /var/log/ltm:

Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Assume 172.16.20.0/24 is attached to the VLAN "internal."

What should the LTM Specialist use to troubleshoot this issue?

What should the BIG-IP Administrator do to apply and activate a hotfix to a BIG-IP device that is currently running version 11.0.0 on active partition HD1.1?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

How should the LTM Specialist minimize the configuration?

A BIG-IP Administrator configures remote authentication and needs to make sure that users can still

login even when the remote authentication server is unavailable.

Which action should the BIG-IP Administrators in the remote authentication configuration to meet this

requirement?

An LTM specialist needs to upgrade a VCMP quest in an HA Setup with minimum interruption for all VCMP guest instances.

In which should the LTM Specialist perform this upgrade?

Refer to the exhibit.

The pool shown is configured with four pool members in a variety of states. The application is receiving a large number of request. The LTM Specialist needs to make changes to make sure that all members receive the same levels of traffic.

Which changes need to be made?

Refer to the exhibit.

A pool is contoured with four members. A user has a current connection established with 10.18.1.40. The virtual server has a persistence Profile configured.

A BIG-IP Administrator wants to add the ASM Module to an HA pair of BIG-IP devices. The BIG-IP Administrator has already installed a new Add-On License on both devices in the HA pair. What should the BIG-IP Administrator do next to use the module?

An LTM Specialist is customizing local traffic logging.

Which traffic management OS alert level provides the most detail?

The network team introduces a new subnet 10.10.22.0/24 to the network. The route needs to be configured on the F5 device to access this network via the 30.30.30.158 gateway.

How should the LTM Specialist configure this route?

What should an LTM Specialist configure on an LTM device to send AVR notification emails?

An LTM is configure an application that is separated into several subdomains across multiple virtual servers. Many of these subdomains require encryption and could be accessed by anyone on the internet. The configuration must NOT result in SSL warnings to end users.

How should the LTM Specialist configure the SSL profiles for these virtual servers?

set payload {CACHE :: payload}

}

Which two profiles should be used on the virtual server? (Choose two.)

A VCMP guest has the following characteristics:

• Resources allocated for CPU memory, network interfaces, and disk space

• Virtual disk created

• The guest is NOT running

The guest is NOT running in which state is the VCMP guest

A BIG-IP Administrator receives an RMA replacement for a failed F5 device. The BIG-IP Administrator

tries to restore a UCS taken from the previous device, but the restore fails. The following error appears

inthe/var/log/itm.

mcpd [****J: •*****»;0; License is not operational (expired or digital signature does not match

contents.)

What should the BIG-IP Administrator do to avoid this error?

A web server is being overloaded with HTTPS traffic. To decrease the load on the server, the LTM Specialist and the Server. Administrator decide to perform SSL offloading on the LTM device. The configuration of the virtual server is as follows:

Which change must be made to the configuration to perform SSL offloading?

A BIG-IP Administrator adds new Pool Members into an existing, highly utilized pool. Soon after, there are reports that the application is failing to load for some users. What pool level setting should the BIG-IP Administrator check?

Refer to the exhibit.

Which Pool Members are receiving traffic?

Refer to the exhibit.

How long will the persistence record remain in the table?

An LTM Specialist needs to modify the logging level for tcpdump execution events. Checking the BigDB Key, the following is currently configured:

sys db log.tcpdump.level {

value "Notice"

}

Which command should the LTM Specialist execute on the LTM device to change the logging level to informational?

A web developer has created a custom HTTP call to a backend application. The HTTP headers being sent by the HTTP call are:

GET / HTTP/1.1

User-Agent: MyCustomApp (v1.0)

Accept: text/html

Cache-Control: no-cache

Connection: keep-alive

CookiE. somecookie=1

The backend server is responding with the following:

HTTP/1.1 400 Bad Request

DatE. Wed, 20 Jul 2012 17:22:41 GMT

Connection: close

Why is the HTTP web server responding with a HTTP 400 Bad Request?

A BIG-IP Administrator assigns the default http health monitor to a pool that has three members listening on port 80 When the administrator connects to each pool member via the CURL utility, two of the members respond with a status of 404 Not Found while the third responds with 200 OK. What will the pool show for member availability?

A OneConnect profile is applied to a virtual server. The LTM Specialist would like the client source IP addresses within the 10.10.10.0/25 range to reuse an existing server side connection.

Which OneConnect profile source mask should the LTM Specialist use?

Refer to the Exhibit.

An LTM Specialist notices that two members in a pool are overloaded. To relive the existing members a fourth member (10.128.20.14) is brought up.

How many member will receive and process new connections?

A BIG-IP Administrator needs to apply a license to the BIG-IP system to increase the user count from the

base license.

Which steps should the BIG-IP Administrator?

An HTTP 1.1 application utilizes chunking.

Which header should be used to notify the client's browser that there are additional HTTP headers at the end of the message?

A BIG-IP Administrator makes a configuration change to a Virtual Server on the Standby device of an HA pair. The HA pair is currently configured with Auto-Sync Enabled. What effect will the change have on the HA pair configuration?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is performing an HTTP trace on the client side of the LTM device and notices there are many undesired headers being sent by the server in the response. The LTM Specialist wants to remove all response headers except "Set-Cookie" and "Location."

How should the LTM Specialist modify the HTTP profile to remove undesired headers from the HTTP response?

Active connections to pool members are unevenly distributed. The load balancing method is Least Connections (member) Priority Group Activation is disabled. What is a potential cause of the event distribution?

New Syslog servers have been deployed in an organization. The BIG-IP Administrator must reconfigure the BIG-IP system to send log messages to these servers.

In which location in the Configuration Utility can the BIG-IP Administrator make the needed configuration changes to accomplish this?

A BIG-IP Administrator runs the initial configuration wizard and learns that the NTP servers were invalid. In which area of the Configuration Utility should the BIG-IP Administrator update the list of configured NTP servers?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist has created a virtual server to balance connections to a pool of application servers and offload SSL decryption. Clients connect to the application at https://www.example.com/. The virtual server is configured with a clientssl profile but no serverssl profile. The application servers are listening on ports 80 and 443. Users are unable to connect to the application through the virtual server but are able to connect directly to the application server.

What is the root cause of the error?

Which two items can be logged by the Application Visibility Reporting analytics profile? (Choose two.)

The BIG-IP Administrator configures an HTTP monitor with a specific receive string. The status is marked

'down'.

Which tool should the administrator use to identify the problem?

A virtual server configuration for traffic destined to a server is as shown:

FTP traffic is destined to the 192.168.1.101 server from the source of 192.168.2.129.

Based on precedence, which virtual server accepts this traffic?

An LTM Specialist is troubleshooting an issue with a new virtual server. When connecting through the virtual server, clients receive the message "Unable to connect" in the browser, although connections directly to the pool member show the application is functioning correctly. The LTM configuration is:

ltm virtual /Common/vs_https {

destination /Common/10.10.1.110:443

ip-protocol udp

mask 255.255.255.255

pool /Common/pool_https

profiles {

/Common/udp { }

}

translate-address enabled

translate-port enabled

vlans-disabled

}

ltm pool /Common/pool_https {

members {

/Common/172.16.20.1:443 {

address 172.16.20.1

}

}

}

How should the LTM Specialist resolve this issue?

A LTM device needs to load balance active and passive FTP traffic while using only a single virtual server.

Which virtual server type should an LTM Specialist configure on the LTM device?

A customer wants to select the pool for an application based on information found in the path of the URL.

For example:

http://www.example.com/app 1 should be sent to the app 1 pool

http.//www.exampie.com/app 2 should be sent to the app2 pool

Which two profiles need to be assigned to the virtual server? (Choose two.)

AN LIM Specialist must upgrade the VCMP Guest active/standby LTM pair from version 11.3 to 11.5.3 on two VCMP Hosts.

where should the LTM Specialist import the latest 11.5.3 ISO images?

An LTM Specialist needs to create a pool with a set of monitor that checks both the pool members and corresponding application service ports. The pool members have services on port 80. The application service is on port 8009.

The LTM device should load balance traffic to the pool member when the pool member and corresponding application service pass monitor.

Which monitor and parameter set meets this requirement?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A web application is configured to allow sessions to continue even after a user computer is shut down for the night. A new LTM device is configured to load balance the web application to several servers. The application owner reports that application users are logged out of the web application whenever their browser is restarted or computer is rebooted.

What is the problem?

What is the recommended procedure for upgrading a major TMOS release on a BIG-IP platform?

An LTM Specialist is configuring a client profile to offload processing a new application Company policy requires that clients can resume session for up to 30 minutes, but must renegotiate a new session after that.

Which setting should the LTM Specialist change to satisfy this requirement?

An LTM Specialist is troubleshooting a problem on an eCommerce website. The user browses the online store using port 80, adding items to the shopping cart. The user then clicks the "Checkout" button on the site, which redirects the user to port 443 for the checkout process. Suddenly, the user's shopping cart is shown as empty. The shopping cart data is stored in memory on the server, and the default source address persistence profile is used on both virtual servers.

How should the LTM Specialist resolve this issue?

An LTM Specialist wants to allow access to the Always On Management (AOM) from the network.

Which two methods should the LTM Specialist use to configure the AOM interface? (Choose two.)

Refer of the exhibit.

The 816-IP Administrator runs the command shown and observes a device trust issue between BIG-IP

devices in a device group. The issue prevents config sync on device bigip3.local.

What is preventing the config sync?

Which command should an LTM Specialist use on the command line interface to show the health of RAID array hard drives?

An LTM device is monitoring pool members on port 80. The LTM device is using an HTTP monitor with a send string of GET / and a blank receive string.

What would cause the pool members to be marked down?

A BIG-IP Administrator needs to restore a UCS file to an F5 device using the Configuration Utility. Which section of the Configuration Utility should the BIG-IP Administrator access to perform this task?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is investigating reports that users are unable to perform some commands through an FTP virtual server. The LTM Specialist performs a capture on the server side of the LTM device.

What is the issue with the application?

Six servers have a varying number of connections that change based on the user load.

Which load balancing method should an LTM Specialist apply to divided the web application traffic to the servers on the relative performance trend?

An LTM device load balances a pool of routers. The LTM device needs to verify path availability to an HTTP server with the IP address 192 168.10 10. located beyond the routers.

Which monitor type and parameters arc required?

A BIG-IP Administrator needs to check the memory utilization on a BIG-IP system. Which two methods can the UIG IP Administrator use? (Choose two.)

An LTM Specialist must perform a packet capture on a virtual server with an applied standard FastL4 profile. The virtual server 10.0.0.1:443 resides on vlan301.

Which steps should the LTM Specialist take to capture the data payload successfully while ensuring no other virtual servers are affected?

Which Virtual Server type should be used to load balance HTTP traffic to a pool of servers?

A BIG-IP Administrator needs to apply a health monitor for a pool of database servers named DB_Pool

that uses TCP port 1521.

Where should the BIG-IP Administrator apply this monitor?

A BIG-IP Administrator is conducting maintenance on one BIG-IP appliance in an HA Pair. Why should the BIG-IP Administrator put the appliance into FORCED_OFFLINE state?

-- Exhibit --

-- Exhibit --

Refer to the exhibit.

A company uses a complex piece of client software that connects to one or more virtual servers (VS) hosted on an LTM device. The client software is experiencing issues. An LTM Specialist must determine the cause of the problem.

The LTM Specialist is seeing a client source IP of 168.210.232.5 in the tcpdump. However, the client source IP is actually 10.123.17.12.

Why does the IP address of 10.123.17.12 fail to appear in the tcpdump?

Refer to the exhibit.

Which two pool members should be chosen for a new connection? (Choose two.)

Refer to the exhibit

The BIG-IP Administrator is unable to access the management console via Self-IP 10.10 1.33 and port 443.

What is the reason for this problem?

An LTM device pair is configured for failover and connection mirroring. The LTM devices are configured with virtual servers for HTTP, HTTPS with SSL offload, and SSH. An event occurs that causes a failover. HTTP and SSH sessions active at the time of failover remain active, but HTTPS sessions are dropped.

What is the root cause of this problem?

A BIG-IP Administrator has configured a BIG-IP cluster with remote user authentication against dcOl

f5trn.com. Only local users can successfully log into the system. Configsync is also failing.

Which two tools should the 8IG-IP Administrator use to further investigate these issues? (Choose two)

Which process can be eliminated by terminating SSL communication on the LTM device rather than the backend pool members?

In an iApp, which configuration protects against accidental changes to an application Services configuration?

An LTM Specialist is troubleshooting an HTTP monitor. The pool member is accessible directly through a browser, but the HTTP monitor is marking the pool member as down.

GET / HTTP/1.1

HTTP/1.1 400 Bad Request

DatE. Tue, 23 Oct 2012 21:39:07 GTM

Server: Apache/2.2.22 (FreeBSD) PHP/5.4.4

mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2

Content-LengtH. 226

Connection: close

Content-TypE. text/html; charset=iso-8859-1

How should the LTM Specialist resolve this issue?

An LTM Specialist observes decreased performance and intermittent connection reap LTM system.

Based on the configuration, which action will address these issues?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist creates a virtual server to load balance traffic to a pool of HTTPS servers. The servers use client certificates for user authentication. The virtual server has clientssl, serverssl, and http profiles enabled. Clients are unable to connect to the application through the virtual server, but they are able to connect to the application servers directly.

Which change to the LTM device configuration will resolve the problem?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist configures a virtual server to perform client-side encryption while allowing the server-side traffic to be unencrypted. Application owners report that images are failing to load through the virtual server; however, images load when going directly to the server.

What is the problem with the images loading through the virtual server?

An LTM Specialist has just manually failed the active LTM device over to the standby LTM device. The LTM Specialist notices the newly active LTM device is NOT currently receiving traffic. The LTM Specialist verifies the newly active device is responding to ARP but still no traffic is hitting the virtual servers. The LTM Specialist also notices that the virtual servers eventually start responding.

What should be added to the configuration to resolve the problem?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

Users are able to access the application when connecting directly to the web server but are unsuccessful when connecting to the virtual server. Return traffic bypasses the LTM device using Layer 2 nPath routing.

Which configuration change resolves this problem?

A node is assigned two monitors as seen in this configuration.

What is the status of a member that runs on that node and listens on port 443?

An LTM Specialist is tasked with ensuring that the syslogs for the LTM device are sent to a remote syslog server.

The following is an extract from the config file detailing the node and monitor that the LTM device is using for the

remote syslog server:

monitor

Syslog_15002 {

defaults from udp

dest *:15002

}

node 91.223.45.231 {

monitor Syslog_15002

screen RemoteSYSLOG

}

There seem to be problems communicating with the remote syslog server. However, the pool monitor shows that the remote server is up.

The network department has confirmed that there are no firewall rules or networking issues preventing the LTM device from

communicating with the syslog server. The department responsible for the remote syslog server indicates that there may

be problems with the syslog server. The LTM Specialist checks the BIG-IP LTM logs for errors relating to the remote syslog

server. None are found. The LTM Specialist does a tcpdump:

tcpdump -nn port 15002, with the following results:

21:28:36.395543 IP 192.168.100.100.44772 > 91.223.45.231.15002: UDP, length 19

21:28:36.429073 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169

21:28:36.430714 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181

21:28:36.840524 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169

21:28:36.846547 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181

21:28:39.886343 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 144

NotE. 192.168.100.100 is the self IP of the LTM device.

Why are there no errors for the remote syslog server in the log files?

An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1

Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)

Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only client traffic specifically for this virtual server?

An organization’s development team creates an application to put behind the F5 LTM device. The application can be quite load intensive at first, and then evens out over time. The team’s load balancing method needs to select a pool after taking into account the pool member’s response over the time to avoid landing on a busy pool member.

Which of the following load balancing methods meets this requirement?

An LTM Specialist is troubleshooting an HTTP monitor. The pool member is accessible directly through a browser, but the HTTP monitor is marking the pool member as down.

GET / HTTP/1.1

HTTP/1.1 400 Bad Request

DatE. Tue, 23 Oct 2012 21:39:07 GTM

Server: Apache/2.2.22 (FreeBSD) PHP/5.4.4

mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2

Content-LengtH. 226

Connection: close

Content-TypE. text/html; charset=iso-8859-1

Which issue is the pool member having?

An application requires load balancing functionality. The application must be encrypted to the client.

Certain content must be manipulated by the following IRule:

Which set of profiles must be applied to the virtual server?

The BIG-IP Administrator creates a custom iRule that fails to work as expected. Which F5 online resource should the administrator use to help resolve this issue?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist sets up AVR alerts and notifications for a specific virtual server if the server latency exceeds 50ms. The LTM Specialist simulates a fault so that the server latency is consistently exceeding the 50ms threshold; however, no alerts are being received.

Which configuration should the LTM Specialist modify to achieve the expected results?

A company plans to launch a huge marketing campaign and expects increase demand of their secure website. With the current virtual server setup, the LTM Specialist expects that the LTM device will reach its capacity limits. For the wen application to function properly. Cookies persistence is required. The LTM Specialist needs to reduce LTM device load without breaking the application.

Which two settings should the LTM Specialist modify to meet the requirement? (Choose two.)

An active/standby pair of LTM devices deployed with network failover are working as desired. After external personnel perform maintenance on the network, the LTM devices are active/active rather than active/standby. No changes were made on the LTM devices during the network maintenance.

Which two actions would help determine the cause of the malfunction? (Choose two.)

An TLM Specialist needs to configure a virtual server to terminate SSL connection on the LTM device.

Cryptographic information must be re-authorized for SSL sessions that remain open for longer than 30 seconds.

Which settings should the LTM Specialist configure in the client SSL profile?

An unwanted IP address tries to connect to the configuration utility via Self IP An LTM Specialist needs to block the attempts based on the IP address.

How should the ITM Specialist block the attempts without affecting other users?

Users are unable to reach an application. The BIG-IP Administrator checks the Configuration Utility and observes that the Virtual Server has a red diamond in front of the status. What is causing this issue?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

Every monitor has the same Send String, Recv String, and an Alias of *:*. The LTM Specialist simplifies the configuration to minimize the number of monitors.

How many unique monitors remain?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Users report that a web application works incorrectly. Sometimes contextual data displayed on the web pages is accurate; other times it is inaccurate.

The LTM administrator looks at the connection table with a filter on one of the client IP addresses currently connected using the command "tmsh show sys connection cs-client-addr 10.0.20.1"

with the following results:

10.0.20.1:60048 10.0.20.88:80 10.0.20.1:60048 172.16.20.1:80 tcp 3 (tmm: 0)

10.0.20.1:60050 10.0.20.88:80 10.0.20.1:60050 172.16.20.3:80 tcp 3 (tmm: 0)

10.0.20.1:60047 10.0.20.88:80 10.0.20.1:60047 172.16.20.2:80 tcp 3 (tmm: 0)

10.0.20.1:60049 10.0.20.88:80 10.0.20.1:60049 172.16.20.1:80 tcp 3 (tmm: 0)

What is the solution to the problem?

The BIG-IP Administrator disable all pool members in a pool Users are still able to reach the pool

members.

What is allowing users to continue to reach the disabled poo! members?

A new BIG-IP VE is deployed with default settings. The BIG-IP Administrator completes the setup utility in the Configuration Utility. The internal self IP address fails to respond to a ping request. What is a possible cause of this issue?

An LTM device has been configured to log the reasons for generating TCP RST packets.

The following log entry occurs:

"01230140:3: RST sent from 192.168.1.100:80 to 192.168.1.124:39272, [0x112d82a:1721] {peer} TCP RST from remote system."

Which condition will trigger this log entry?

What is a benefit provided by F5 Enterprise Manager?

Which two alerting capabilities can be enabled from within an application visibility reporting (AVR) analytics profile? (Choose two.)

An LTM Specialist regularly provides analytics reports that show that traffic generated by different subnets within the organization. The LTM Specialist needs show the associate department names next the IP addresses in the reports.

Which step should the LTM Specialist take to meet this requirement?

An LTM Specialist is removing some of the load off an existing cluster by adding a adding a third BIG-IP

device to the device group. The new device can deliver twice the performance of the other two devices.

The LTM Specialist needs to make sure that the BIG-IP device with the highest available capacity is

always selected to take over a traffic group in the event of a failover.

Which failover method is most appropriate?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist has a virtual server set up on the LTM device as per the exhibit. The LTM Specialist receives reports of intermittent issues. Some clients are connecting fine while others are failing to connect.

The LTM Specialist does a tcpdump on the relevant interfaces, with the following results extracted:

What is causing the intermittent issues?

A 8IG-IP device is replaced with an RMA device. The BIG-IP Administrator renews the license and tries to restore the configuration from a previously generated UCS archive on the RMA device. The device configuration is NOT fully loading. What is causing the configuration load to fail?

Refer to the exhibit.

An LTM Specialist has multiple SNAT and virtual server objects configured as in the bigip.conf shown.

The LTM Specialist tests a connection from a client with. IP 172.163.31.11 to 192.168.0.100:80.

Which two objects will show an increase in Local Traffic statistics connections?

An ecommerce company is experiencing latency issues with online shops during Black Friday's peak season.

The BIG-IP Administrator detects an overall high CPU load on the BIG-IP device and wants to move the

top utilized Virtual Servers to a dedicated BIG-IP device.

Where should the BIG-IP Administrator determine the problematic Virtual Servers?

An LTM Specialist needs to provide statistics regarding the round-trip time between the clients and the servers.

Which metric should be part of the analytics profile to provide that information?

An LTM device has a virtual server configured as a Performance Layer 4 virtual listening on 0.0.0.0:0 to perform routing of packets to an upstream router. The client machine at IP address 192.168.0.4 is attempting to contact a host upstream of the LTM device on IP address 10.0.0.99.

The network flow is asymmetrical, and the following TCP capture displays:

# tcpdump -nnni 0.0 'host 192.168.0.4 and host 10.0.0.99'

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes

05:07:55.499954 IP 192.168.0.4.35345 > 10.0.0.99.443: S 3205656213:3205656213(0) ack 3267995082 win 1480

05:07:55.499983 IP 10.0.0.99.443 > 192.168.0.4.35345: R 1:1(0) ack 1 win 0

05:07:56.499960 IP 192.168.0.4.35345 > 10.0.0.99.443: S 3205656213:3205656213(0) ack 3267995082 win 1480

05:07:56.499990 IP 10.0.0.99.443 > 192.168.0.4.35345: R 1:1(0) ack 1 win 0

4 packets captured

Which option within the fastL4 profile needs to be enabled by the LTM Specialist to prevent the LTM device from rejecting the flow?

What do the following iRule commands do when they are used in the same iRule?

set hsl [HSL::open -proto UDP -pool syslog_server_pool]

HSL::send $hsl " < 190 > [HTTP::host] from [whereis [IP::client_addr] country continent state city zip] , IP: [IP::client_addr] "

An LTM Specialist is troubleshooting virtual server 10.0.0.1:443 residing on VLAN vlan301. The web application is accessed via www.example.com. The LTM Specialist wants to save a packet capture with complete decrypted payload for external analysis.

Which command should the LTM Specialist execute on the LTM device command line interface?

What does the following iRule do?

when CLIENT_ACCEPTED {

if { [matchclass [IP::client_addr] equals WebClient1-Whitelist1] }{

#log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"

#Pool WebClient1

} else {

log local0. "Invalid client IP: [IP::client_addr] - discarding"

discard

}

}