Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

303 BIG-IP ASM Specialist Questions and Answers

Questions 4

Exhibit.

303 Question 4

Webserver_pool consists of 6 members. phpAuction_80_pool consists of 2 members LTM1 is the current Activemember.

LTM1 loses connectivity to 3 of the 6 members in the webserver_pool LTM2 still has connectivity to all

servers.

What is the expected failover behavior?

Options:

A.

LTM1 Standby / LTM2 Standby

B.

LTM1 Active /LTM2 Active

C.

LTM1 Active / LTM2 Standby

D.

LTM1Standby / LTM2 Active

Buy Now
Questions 5

Refer to the exhibit.

303 Question 5

A pool member fails the monitor checks for about 30 minutes and then starts passing the monitor

checks. New traffic is Not being sent to the pool member.

What is the likely reason for this problem?

Options:

A.

The pool member is disabled

B.

Monitor Type is TCP Half Open

C.

Manual resume is enabled

D.

Time Until Up is zero

Buy Now
Questions 6

-- Exhibit –

303 Question 6

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is troubleshooting a new HTTP monitor on a pool. The pool member is functioning correctly when accessed directly through a browser. However, the monitor is marking the member as down. The LTM Specialist captures the monitor traffic via tcpdump.

What is the issue?

Options:

A.

The server is marking the connection as closed.

B.

The pool member is rejecting the monitor request.

C.

The monitor request is NOT returning the page body.

D.

The 'time-until-up' setting on the monitor is incorrect.

Buy Now
Questions 7

Which command will identify the active LTM device currently handling client traffic?

Options:

A.

b ha table show

B.

tmsh list /sys ha-status

C.

tmsh show /cm traffic-group

D.

tmsh run /sys failover standby

E.

tmsh show /sys ha-status all-properties

Buy Now
Questions 8

An LTM Specialist is troubleshooting an HTTP monitor. The pool member is accessible directly through a browser, but the HTTP monitor is marking the pool member as down.

GET / HTTP/1.1

HTTP/1.1 400 Bad Request

DatE. Tue, 23 Oct 2012 21:39:07 GTM

Server: Apache/2.2.22 (FreeBSD) PHP/5.4.4

mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2

Content-LengtH. 226

Connection: close

Content-TypE. text/html; charset=iso-8859-1

How should the LTM Specialist resolve this issue?

Options:

A.

Add '200 OK' to the monitor's receive string.

B.

Add 'Connection: close\r\n' to the monitor's send string.

C.

Change the interval on the monitor from 5 seconds to 30 seconds.

D.

Change the HTTP version in the send string from HTTP/1.1 to HTTP/1.0.

Buy Now
Questions 9

The output of a tmsh command is: ------------------------------------------------------------ Net::Interface Name Status Bits Bits Errs Errs Drops Drops Colli In Out In Out In Out sions ------------------------------------------------------------ 1.1 down 0 0 0 0 0 0 0 1.2 up 191.4K 0 0 0 374 0 0 1.3 down 0 0 0 0 0 0 0 1.4 up 22.5K 0 0 0 44 0 0 2.1 miss 0 0 0 0 0 0 0 2.2 miss 0 0 0 0 0 0 0 mgmt up 43.2G 160.0G 0 0 0 0 0

Which command was executed on the LTM device to show the output?

Options:

A.

tmsh show /net interface

B.

tmsh /net show interface status

C.

tmsh /net show interface

D.

tmsh show /net interface status

Buy Now
Questions 10

A new web application is hosted at www.example.net, but some clients are still pointing to the legacy web application at www.example.com.

Which iRule will allow clients referencing www.example.com to access the new application?

Options:

A.

when HTTP_REQUEST {

if {[HTTP::host] equals "www.example.*" }{

HTTP::redirect "http://www.example.net" }

}

B.

when HTTP_REQUEST {

if {[HTTP::host] equals "www.example.com" }{

HTTP::redirect "http://www.example.net" }

}

C.

when HTTP_DATA {

if {[HTTP::host] equals "www.example.*" }{

HTTP::redirect "http://www.example.net" }

}

D.

when HTTP_RESPONSE {

if {[HTTP::host] equals "www.example.com" }{

HTTP::redirect "http://www.example.net" }

}

Buy Now
Questions 11

An LTM Specialist configured a virtual server to load balance a custom application. The application works when it is tested from within the firewall but it fails when tested externally. The pool member address is 192.168.200.10:80. A capture from an external client shows:

GET /index.jsp HTTP/1.1

Host: 207.206.201.100

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Connection: keep-alive

HTTP/1.1 302 Found

DatE. Wed, 17 Oct 2012 23:09:55 GMT

Server: Apache/2.2.15 (CentOS)

Location: http://192.168.200.10/user/home.jsp

Content-LengtH. 304

Connection: close

What is the solution to this issue?

Options:

A.

Assign a SNAT pool to the virtual server.

B.

Add a Web Acceleration Profile to the virtual server.

C.

Configure redirect rewrite option in the HTTP profile.

D.

Configure a content filter on the backend web server.

Buy Now
Questions 12

A custom HTTP monitor is failing to a pool member 10.10.3.75:8080 that serves up www.example.com.

A ping works to the pool member address.

The SEND string that the monitor is using is: GET/HTTP/l.l/r/n/Host.www.example.com/r/n/Connection

Close/r/n/r/n

Which CLI tool syntax will show that the web server returns the correct HTTP response?

Options:

A.

curlhttp://10.10.10.3.75:8080/www.example.com/index.html

B.

curl-header 'Host:www.example.com' http://10.10.3.75:8080/

C.

tracepath 'http://www.example.com:80

D.

tracepath 10.10.3.75:8080 GET /index

Buy Now
Questions 13

An LTM Specialist needs to loadbalance an application using an LTM device to meet the requirements:

The application servers do NOT Support SSL, but client access to the application should be secured.

Multiple requests from the same client should be sent to the same pool member.

All pool members will have roughly the same processing power, and traffic should be distributed evenly.

The LTM device is NOT the pool members' default gateway.

which configuration should the LTM Specialist.

Options:

A.

a performance 14 virtual server with a SNAT and cookie persistence

B.

a performance L4 virtual server with a Client SSL profile and Source Address persistence

C.

A performance L4 virtual server with a SNAT, HTTP profile. Server SSL profile, and cookie persistence

D.

A standard virtual server with a SNAT, HTTP profile Server SSL profile, and cookie persistence

E.

A standard virtual server with a SNAT, HTTP profile, Client profile, andd cookie persistance.

Buy Now
Questions 14

-- Exhibit –

303 Question 14

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is reviewing the 'test' partition.

Which objects, in order, can be removed from the partition?

Options:

A.

delete pool test1_pool, delete node 10.1.1.2

B.

delete node 10.1.1.2, delete pool test2_pool

C.

delete pool test1_pool, delete node 10.1.1.2, delete node 10.1.1.1

D.

delete virtual test1_vs, delete pool test2_pool, delete node 10.1.1.1

E.

delete pool test1_pool, delete pool test2_pool, delete node 10.1.1.3

Buy Now
Questions 15

-- Exhibit –

303 Question 15

-- Exhibit --

Refer to the exhibit.

An LTM Specialist sets up AVR alerts and notifications for a specific virtual server if the server latency exceeds 50ms. The LTM Specialist simulates a fault so that the server latency is consistently exceeding the 50ms threshold; however, no alerts are being received.

Which configuration should the LTM Specialist modify to achieve the expected results?

Options:

A.

The rule should be adjusted to trigger when server latency is above 50ms.

B.

SNMP alerting should be enabled to allow e-mail to be sent to the support team.

C.

User Agents needs to be enabled to ensure the correct information is collected to trigger the alert.

D.

The metric "Page Load Time" needs to be enabled to ensure that the correct information is collected.

Buy Now
Questions 16

Which Virtual Server type should be used to load balance HTTP traffic to a pool of servers?

Options:

A.

Standard

B.

Stateless

C.

Forwarding (IP)

D.

Forwarding (Layer 2)

Buy Now
Questions 17

An LTM Specialist creates an Analytics wide to show the type of browsers used to access a certain application. However, the generated statistics only sum up all transaction for that application under one item called ‘ Aggregated.’’

What should the LTM Specialist do to resolve this problem?

Options:

A.

Verify that the Analytics profile is assigned to the applications virtual server.

B.

Make sure ‘’User Agent’’ is selected in the Analytics profile.

C.

Drill down into the stats to show the User Agents correlated in the Aggregated group.

D.

Make sure ‘’User Sessions’’ is selected in the Analytics profile

Buy Now
Questions 18

There are three servers in the pool: 172.16.20.1, 172.16.20.2, and 172.16.20.3, with the virtual IP address 10.0.20.88.

A user CANNOT connect to an HTTP application. To understand the problem and find a solution, the LTM Specialist runs two concurrent traces on the LTM device, with the following results:

Trace on client side:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes

22:22:07.423759 IP 172.16.20.100.53875 > 10.0.20.88.80: S 998346084:998346084(0) win 5840

22:22:07.424056 IP 10.0.20.88.80 > 172.16.20.100.53875: S 4671780:4671780(0) ack 998346085 win 4380

22:22:07.424776 IP 172.16.20.100.53875 > 10.0.20.88.80: . ack 1 win 365

22:22:07.424790 IP 172.16.20.100.53875 > 10.0.20.88.80: P 1:149(148) ack 1 win 365

22:22:07.424891 IP 10.0.20.88.80 > 172.16.20.100.53875: . ack 149 win 4528

22:22:12.024850 IP 10.0.20.88.80 > 172.16.20.100.53875: R 1:1(0) ack 149 win 4528

6 packets captured

6 packets received by filter

0 packets dropped by kernel

Trace on server side:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on internal, link-type EN10MB (Ethernet), capture size 96 bytes

22:22:07.424881 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380

22:22:08.424893 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380

22:22:09.625082 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380

22:22:10.825194 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380

4 packets captured

4 packets received by filter

0 packets dropped by kernel

What should the LTM Specialist do to solve the problem?

Options:

A.

Edit the packet filter rules.

B.

Modify the monitor of the pool.

C.

Enable the virtual server.

D.

Configure the virtual server to use SNAT.

Buy Now
Questions 19

An LTM Specialist is configuring a virtual server with an IP address.

Which configuration is unsupported?

Options:

A.

Performance 14 virtual server with an HTTP profile

B.

Standard virtual server with an HTTP profile

C.

Performance 14 virtual server with a FastHTTP profile

D.

Standard virtual server with a TCP profile

Buy Now
Questions 20

A BIG-IP Administrator uses a device group to share the workload and needs to perform service on a BIG-IP device currently active for a traffic group. The administrator needs to enable the traffic group to run on another BIG-IP device in the device group. What should the administrator do to meet the requirement?

Options:

A.

Create a new Traffic Group and then fail to Standby Unit

B.

Select Traffic Group and then select Failover

C.

Select Traffic Group and then select Force to Standby

D.

Select Traffic Group on Primary Unit and then select Demote

Buy Now
Questions 21

An LTM Specialist has a single HTTPS virtual server doing SSL termination. No server SSL profile is defined. The pool members are on the internal VLAN answering on HTTP port 80. Users with certain browsers are experiencing issues.

Which two locations are most appropriate to gather packets needed to determine the SSL issue? (Choose two.)

Options:

A.

server interface

B.

user's computer

C.

LTM device's external VLAN

D.

LTM device's internal VLAN

E.

LTM device's management interface

Buy Now
Questions 22

An LTM Specialist configures a new HTTP virtual server on an LTM device external VLAN. The web servers are connected to the LTM device internal VLAN. Clients trying to connect to the virtual server are unable to establish a connection. A packet capture shows an HTTP response from a web server to the client and then a reset from the client to the web server.

From which two locations could the packet capture have been collected? (Choose two.)

Options:

A.

network interface of web server

B.

network interface of client machine

C.

internal VLAN interface of the LTM device

D.

external VLAN interface of the LTM device

E.

management VLAN interface of the LTM device

Buy Now
Questions 23

Which iRule will instruct the client's browser to avoid caching HTML server responses?

Options:

A.

when HTTP_REQUEST {

if {[HTTP::header Content-Type] equals "html"} {

HTTP::header insert Pragma "no-cache"

HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"

HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"

}

}

B.

when HTTP_REQUEST {

if {[HTTP::header Content-Type] contains "html"} {

HTTP::header insert Pragma "no-cache"

HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"

HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"

}

}

C.

when HTTP_RESPONSE {

if {[HTTP::header Content-Type] contains "html"} {

HTTP::header insert Pragma "no-cache"

HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"

HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"

}

}

D.

when HTTP_RESPONSE {

if {[HTTP::header Content-Type] equals "html"} {

HTTP::header insert Pragma "no-cache"

HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"

HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"

}

}

Buy Now
Questions 24

A Standard Virtual Server for a web application is configured with Automap for the Source Address Translation option. The original source address of the client must be known by the backend servers. What should the BIG-IP Administrator configure to meet this requirement?

Options:

A.

The Virtual Server type as Performance (HTTP)

B.

An HTTP profile to insert the X-Forward-For header

C.

An HTTP Transparent profile

D.

A SNAT Pool with the client IP

Buy Now
Questions 25

Refer to the Exhibit.

303 Question 25

An LTM Specialist notices that two members in a pool are overloaded. To relive the existing members a fourth member (10.128.20.14) is brought up.

How many member will receive and process new connections?

Options:

A.

4

B.

3

C.

2

D.

1

Buy Now
Questions 26

Traffic to a pool of SFTP servers that share storage must be balanced by an LTM device.

What are therequired profile and persistence settings for a standard virtual server?

Options:

A.

tcp, ctientsst, ftp serverssl persistence

B.

tcp, clientssl, serverssl persistence

C.

tcp, ftp - Source address persistence

D.

tcp - no persistence profile will be used

Buy Now
Questions 27

When importing a PEM formatted SSL certificate, which text needs to appear first in the file?

Options:

A.

--START CERTIFICATE....

B.

...BEGIN CERTIFICATE....

C.

...SECURITY CERTIFICATE....

D.

...SSL CERTIFICATE....

Buy Now
Questions 28

Users in a branch office are reporting a website is always slow. No other users are experiencing the problem. The LTM Specialist tests the website from the external VLAN along with testing the servers directly. All tests indicate normal behavior. The environment is a single HTTP virtual server on the external VLAN with a single pool containing three HTTP pool members on the internal VLAN.

Which two locations are most appropriate to collect additional protocol analyzer data? (Choose two.)

Options:

A.

a user's machine

B.

the switch local to the user

C.

the LTM device's internal VLAN

D.

the LTM device's external VLAN

E.

a user's Active Directory authentication

Buy Now
Questions 29

The BIG-IP Administrator needs to ensure the correct health monitor is being used lor a new HTTP pool

named P_example.

Where should the BIG-IP Administrator validate these settings in the Configuration Utility?

Options:

A.

Local Traffic > Nodes > Default Monitor

B.

Local Traffic > Profiles > Services > HTTP > http

C.

Local Traffic > Monitors > http

D.

Local Traffic > Pools > P_ example

Buy Now
Questions 30

Exhibit.

303 Question 30

The three VLANS shown provide connectivity to backend servers. The backend servers are being moved to unmanaged switches and require separate interfaces.

How should the F5 device interfaces be configured?

Options:

A.

Create a Trunk interface and combined interface 1.1.1.2 and 1.3.

B.

Create a Trunk interface and select VLAN„A, VLAN_B. and VLAN_C.

C.

Create VLAN named VLAN_A enter 100 under Tag and moveinterface 1.1 to tagged Create VLAN_B enter 200 and move interface 1.2 to tagged Create VLAN_C Center 300 and move interface 1.3 to tagged.

D.

Create VLAN_A move interface 1.1 to untagged. Create VLAN_B move interface 1.2 to untagged. Create VLAN_C move interface 1.3 to untagged.

Buy Now
Questions 31

Given this as the first packet displayed of an ssldump:

2 2 1296947622.6313 (0.0001) S>CV3.1(74) Handshake

ServerHello

Version 3.1

random[32]=

19 21 d7 55 c1 14 65 63 54 23 62 b7 c4 30 a2 f0

b8 c4 20 06 86 ed 9c 1f 9e 46 0f 42 79 45 8a 29

session_id[32]=

c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad

4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9

cipherSuite TLS_RSA_WITH_RC4_128_SHA

compressionMethod NULL

In reviewing the rest of the ssldump, the application data is NOT being decrypted.

Why is ssldump failing to decrypt the application data?

Options:

A.

The application data is encrypted with SSLv3.

B.

The application data is encrypted with TLSv1.

C.

The data is contained within a resumed TLS session.

D.

The BigDB Key Log.Tcpdump.Level needs to be adjusted.

Buy Now
Questions 32

A BIG-IP Administrator runs the initial configuration wizard and learns that the NTP servers were invalid. In which area of the Configuration Utility should the BIG-IP Administrator update the list of configured NTP servers?

Options:

A.

System > Configuration

B.

System > Services

C.

System > Preferences

D.

System > Platform

Buy Now
Questions 33

DNS queries from two internal DNS servers are being load balanced to external DNS Servers via a Virtual

Server on a BIG-P device. The DNS queries originate from 192.168.101.100 and 192.168.101.200 and

target 192.168.21.50

All DNS queries destined for the external DNS Servers fail

Which property change should the BIG-IP Administrator make in the Virtual Server to resolve this issue?

Options:

A.

Protocol Profile (Client) to DNS-OPTIMZED

B.

Type to Performance (HTTP)

C.

Protocol to UDP

D.

Source Address to 192.168.101.0/24

Buy Now
Questions 34

The LTM Specialist is writing a custom HTTP monitor for a web application and has viewed the content by accessing the site directly via their browser. The monitor continually fails. The monitor configuration is:

ltm monitor http /Common/exampleComMonitor {

defaults-from /Common/http

destination *:*

interval 5

recv "Recent Searches"

send "GET /app/feed/current\?uid=20145 HTTP/1.1\\r\\nHost: www.example.com\\r\\nAccept-EncodinG. gzip, deflate\\r\\nConnection: close\\r\\n\\r\\n"

time-until-up 0

timeout 16

}

A trace shows the following request and response:

Request:

GET /app/feed/current?uid=20145 HTTP/1.1

Host www.example.com

Accept-Encoding gzip, deflate

Connection: close

Response:

HTTP/1.1 302 Moved Temporarily

Date Wed, 17 Oct 2012 18:45:52 GMT

Server Apache

Location https://example.com/login.jsp

Content-Encoding gzip

Content-Type text/html;charset=UTF-8

Set-CookiE. JSESSIONID=261EFFBDA8EC3036FBCC22D991AC6835; Path=/app/feed/current?uid=20145

What is the problem?

Options:

A.

The request does NOT include a User-Agent header.

B.

The HTTP monitor does NOT support monitoring jsp pages.

C.

The request does NOT include any cookies and the application is expecting a session cookie.

D.

The request includes an Accept-Encoding so the server is responding with a gzipped result and LTM monitors CANNOT handle gzipped responses.

Buy Now
Questions 35

Internet clients connecting to a virtual server to download a file are experiencing about 150 ms of latency and no packet loss.

Which built-in client-side TCP profile provides the highest throughput?

Options:

A.

tcp

B.

tcp-legacy

C.

tcp-lan-optimized

D.

tcp-wan-optimized

Buy Now
Questions 36

A BIG-IP Administrator defines a device Self IP . The Self IP is NOT reachable from the network. What should the BIG-IP Administrator verify first?

Options:

A.

The correct interface has been selected.

B.

The correct VLAN has been selected.

C.

Verify if auto last hop is disabled.

D.

The correct Trunk has been selected.

Buy Now
Questions 37

A virtual server is using a TCP profile based on thetop-wan-optimized profile for a streaming application Users report videos are loading slowly.

Which setting should be modified in the TCP profile to optimize the application?

Options:

A.

Disable Slow Start

B.

Disable Selective ACKs

C.

Disable Nagle's Algorithm

D.

Disable Reset on Timeout

Buy Now
Questions 38

Given:

Filesystem Size Used Avail Use% Mounted on

/dev/md11 248M 248M 0 100% /

/dev/md13 3.0G 76M 2.8G 3% /config

/dev/md12 1.7G 1.1G 476M 71% /usr

/dev/md14 3.0G 214M 2.6G 8% /var

/dev/md0 30G 2.2G 26G 8% /shared

/dev/md1 6.9G 288M 6.3G 5% /var/log

none 3.9G 452K 3.9G 1% /dev/shm

none 3.9G 19M 3.9G 1% /var/tmstat

none 3.9G 1.2M 3.9G 1% /var/run

prompt 4.0M 12K 4.0M 1% /var/prompt

/dev/md15 12G 8.3G 3.1G 74% /var/lib/mysql

Which command is used to produce this output?

Options:

A.

df

B.

du

C.

lsof

D.

ps

E.

vmstat

Buy Now
Questions 39

RADIUS authentication has been configured on the LTM device. The default remote user access requirements are as shown:

  • Read only access tothe configuration Utility
  • Access to TMOS shell

Which two items need to be configured in this situation? (Choose two)

Options:

A.

Console access is Advanced Shell

B.

Console access is Read Only

C.

Default remote user role is Guest

D.

In Console access is TMSH

E.

Default remote user role is Manager

F.

Default remote user role is Operator

Buy Now
Questions 40

-- Exhibit –

303 Question 40

303 Question 40

-- Exhibit --

Refer to the exhibits.

Which URL on which server is causing the highest latency for users?

Options:

A.

/slow1.php on 172.16.20.3

B.

/slow2.php on 172.16.20.1

C.

/reflector.php on 172.16.20.2

D.

/Compress.HTML on 172.16.20.1

Buy Now
Questions 41

An LTM Specialist needs to upgrade all guests on a Viprion eight CMP guests.

What is the maximum number of guests that the LTM Specialist should upgrade at once?

Options:

A.

Eight

B.

One

C.

TWO

D.

Four

Buy Now
Questions 42

-- Exhibit –

303 Question 42

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is investigating reports that users are unable to perform some commands through an FTP virtual server. The LTM Specialist performs a capture on the server side of the LTM device.

What is the issue with the application?

Options:

A.

data connection failing

B.

LIST command disallowed

C.

PORT command disallowed

D.

command connection failing

Buy Now
Questions 43

-- Exhibit –

303 Question 43

-- Exhibit --

Refer to the exhibit.

An LTM Specialist has uploaded a qkview to F5 iHealth.

Within the GUI, what is the correct procedure to comply with the recommendation shown in the exhibit?

Options:

A.

Obtain product version image from release.f5.com.

Overwrite existing image with new product version image.

Select product version image and click Install.

Select the available disk and volume set name.

B.

Obtain product version image from images.f5.com.

Overwrite existing image with new product version image.

Select product version image and click Install.

Select the available disk and volume set name.

C.

Obtain product version image from downloads.f5.com.

Import product version image.

Install image onto BIG-IP platform.

Select product version image and click Install.

Select the available disk and volume set name.

D.

Log a call requesting the product version image via websupport.f5.com

Import product version image.

Install image onto BIG-IP platform.

Select product version image and click Install.

Select the available disk and volume set name.

Buy Now
Questions 44

An LI M device is experiencing a high volume of traffic. The virtual server is struggling under the load. The problem appears to be on the server side connections. The virtual server isaccepting connections . The virtual server is accepting connections on https and is configured with an SSL profile and http pool.

What should be added to increase the performance of the device?

Options:

A.

an HTTP Compression profile

B.

a One Connect profile

C.

smaller key to the SSL profile

D.

a SPDY profile

Buy Now
Questions 45

A BIG-IP Administrator uses backend servers to host multiple services per server. There are multiple virtual servers and pools defined, referencing the same backend servers.

Which load balancing algorithm is most appropriate to have an equal number of connections on each backend server?

Options:

A.

Least Connections (member)

B.

Least Connections (node)

C.

Predictive (member)

D.

Predictive (node)

Buy Now
Questions 46

Refer to the exhibit.

303 Question 46

How are new connections load balanced?

Options:

A.

To the first two members listed with the same priority group

B.

To the pool member with the least number of connections

C.

To the pool member with a high priority group value defined

D.

To the pool member with a low priority group value defined

Buy Now
Questions 47

An LTM device supports two power supplies. The value of the BigDB key "platform.powersupplymonitor" is equal to enable.

Where would the error message be visible if one of the power supplies fails or is NOT plugged in?

Options:

A.

visible only via the console

B.

in the /var/log/ltm log file

C.

in the /var/log/kern.log file

D.

in the /var/log/tmm log file

Buy Now
Questions 48

Refer to the exhibit.

303 Question 48

A BIG-IP Administrator creates a new Virtual Server. The end user is unable to access the page. During

troubleshooting, the administrator learns that the connection between the BIG-IP system and server is

NOT set up correctly.

What should the administrator do to solve this issue?

Options:

A.

Disable Address Translation

B.

Set Address Translation to Auto Map, configure a SNAT pool, and have pool members in the same subnet of the servers

C.

Set Address Translation to SNAT and configure a specific translation address

D.

Set Address Translation to SNAT and have self-IP configured in the same subnet of servers

Buy Now
Questions 49

An application is making heavy use of a large, high-quality JPEG image file. An LTM Specialist needs to enhance page load times without increasing server load.

Which profile should be applied to the virtual server to perform this task?

Options:

A.

Response Adapt

B.

OneConnect

C.

FastHTTP

D.

Web Acceleration

Buy Now
Questions 50

An HTTP 1.1 application utilizes chunking.

Which header should be used to notify the client's browser that there are additional HTTP headers at the end of the message?

Options:

A.

ETag

B.

From

C.

Trailer

D.

Expect

Buy Now
Questions 51

A 8IG-IP Administrator is making adjustments to an iRule and needs to identify which of the 235 virtual

server configured on the BIG-IP device will be affected.

How should the administrator obtain this information in an effective way?

Options:

A.

Local Traffic > Virtual Server

B.

Local traffio Pools

C.

LOCAL Traffic > Network Map

D.

Local traffic > Rules

Buy Now
Questions 52

A BIG-IP Administrator needs to determine which pool members in a pool have been manually forced offline and are NOT accepting any new traffic. Which status icon indicates this?

A)

303 Question 52

B)

303 Question 52

C)

303 Question 52

D)

303 Question 52

Options:

A.

Option

B.

Option

C.

Option

D.

Option

Buy Now
Questions 53

The network team has recently added a new syslog server with IP address 10.1.1.1.

Which command adds the new syslog entry on the F5 LTM device?

A)

303 Question 53

B)

303 Question 53

C)

303 Question 53

D)

303 Question 53

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 54

Which iRule statement demotes a virtual server from CMP?

Options:

A.

set ::foo 123

B.

set static::foo 123

C.

persist source_addr 1800

D.

[ class match $HTTP_CONTENT contains my_data_class ]

Buy Now
Questions 55

Refer to the exhibit.

303 Question 55

An LTM device has a virtual server mapped to www.f5.com. Users report that when they connect to

/resources/201.1.2h.l_l.com they are unable to receive content.

What is the likely cause of the issue?

Options:

A.

The pool associated with the virtual server does not have priority group activation enabled.

B.

The virtual address does not have ARP enabled.

C.

The virtual address does not have route advertising enabled.

D.

The pool associated with the virtual server is falling its health check.

Buy Now
Questions 56

A BIG-IP Administrator needs to modify a virtual server that web offload web traffic compression tasks from the target server.

Which two profiles must the BIG-IP Administrator apply to a virtual server to enable compression? (Choose two)

Options:

A.

Server SSL profile

B.

Stream profile

C.

Persistence profile

D.

HITP profile

E.

Compression profile

Buy Now
Questions 57

The following decoded TCPDump capture shows the trace of a failing health monitor.

00:00:13.245104 IP 10.29.29.60.51947 > 10.0.0.12.http: P 1:59(58) ack 1 win 46 out slot1/tmm3 lis=

0x0000: 4500 006e 3b19 4000 4006 ce0c 0a1d 1d3c E..n;.@.@......<

0x0010: 0a00 000c caeb 0050 8be5 aca3 dd65 e3e1 .......P.....e..

0x0020: 8018 002e 1b41 0000 0101 080a 94b3 5b5c .....A........[\

0x0030: 0e30 90ad 4745 5420 2f74 6573 745f 7061 .0..GET./test_pa

0x0040: 6765 2e68 746d 6c20 4854 5450 312e 310d ge.html.HTTP1.1.

0x0050: 0a48 6f73 743a 200d 0a43 6f6e 6e65 6374 .Host:...Connect

0x0060: 696f 6e3a 2043 6c6f 7365 0d0a 0d0a 0105 ion:.Close......

0x0070: 0100 0003 00 .....

00:00:13.245284 IP 10.0.0.12.http > 10.29.29.60.51947: . ack 59 win 362 in slot1/tmm3 lis=

0x0000 0ffd 0800 4500 00c9 6f68 4000 8006 755d ....E...oh@...u]

0x0010 0a29 0015 0a29 0103 0050 e0d6 4929 90eb .)...)...P..I)..

0x0020 6f12 d83c 8019 fab3 9b31 0000 0101 080a o..<.....1......

0x0030 0068 4e10 5240 6150 4854 5450 2f31 2e31 .hN.R@aPHTTP/1.1

0x0040 2034 3030 2042 6164 2052 6571 7565 7374 .400.Bad.Request

0x0050 0d0a 436f 6e74 656e 742d 5479 7065 3a20 ..Content-Type:.

0x0060 7465 7874 2f68 746d 6c0d 0a44 6174 653a text/html..Date:

0x0070 2054 6875 2c20 3231 204a 616e 2032 3031 .Mon,.01.Jan.201

0x0080 3020 3138 3a35 383a 3537 2047 4d54 0d0a 2.00:00:01.GMT..

0x0090 436f 6e6e 6563 7469 6f6e 3a20 636c 6f73 Connection:.clos

0x00a0 650d 0a43 6f6e 7465 6e74 2d4c 656e 6774 e..Content-Lengt

0x00b0 683a 2032 300d 0a0d 0a3c 6831 3e42 6164 h:.20....

Bad

0x00c0 2052 6571 7565 7374 3c2f 6831 3e .Request

The health monitor is sending the string shown in the capture; however, the server response is NOT as expected. The correct response should be an HTML page including the string 'SERVER IS UP'.

What is the issue?

Options:

A.

The /test_page.html does NOT exist on the web server.

B.

Incorrect syntax in send string. 'HTTP1.1' should be 'HTTP/1.1'.

C.

Incorrect syntax in send string. 'Connection: Close' should be 'Connection: Open'.

D.

The wrong HTTP version is specified in the send string. Version 1.2 should be used instead of version 1.1.

Buy Now
Questions 58

-- Exhibit –

303 Question 58

303 Question 58

-- Exhibit --

Refer to the exhibits.

After upgrading LTM from v10 to v11, users are unable to connect to an application. The virtual server is using a client SSL profile for re-terminating SSL for payload inspection, but a server SSL profile is being used to re-encrypt the request.

A client side ssldump did NOT show any differences between the traffic going directly to the server and the traffic being processed by the LTM device. However, packet capture was done on the server, and differences were noted.

Which modification will allow the LTM device to process the traffic correctly?

Options:

A.

Enable Strict Resume.

B.

Change Secure Renegotiation to "Request."

C.

Enable ProxySSL option in the server SSL profile.

D.

Change to different ciphers on the server SSL profile.

Buy Now
Questions 59

Refer to the exhibit.

303 Question 59

Which TMSH command generated this output?

Options:

A.

tmsh list /cm sync-status

B.

tmsh show /sys sync-status

C.

tmsh list /sys sync-status

D.

tmsh show /cm sync status

Buy Now
Questions 60

AN LIM Specialist must upgrade the VCMP Guest active/standby LTM pair from version 11.3 to 11.5.3 on two VCMP Hosts.

where should the LTM Specialist import the latest 11.5.3 ISO images?

Options:

A.

to the primary VCMP Host and the active Guest instance

B.

to both VCMP Hosts

C.

to the secondary vCMP Host and the standby Guest instance

D.

to the VCMP Guest instances

Buy Now
Questions 61

The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect.

The virtual server is configured with the default OneConnect profile.

The ACL is defined on the web server as:

Permit: 192.168.136.0/24

Deny: 192.168.116.0/24

The packet capture is taken of two individual client flows to a virtual server with IP address 192.168.136.100.

Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:

Clientside:

09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192

09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack 869998902 win 4380

09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425

09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425

09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678

Serverside:

09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380

09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack 685865803 win 5840

09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380

09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380

09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108

Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100:

Clientside:

09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192

09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack 3320618939 win 4380

09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425

09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425

09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678

Serverside:

09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904

09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142

Why was the second client flow permitted by the web server?

Options:

A.

A global SNAT is defined.

B.

SNAT automap was enabled on the virtual server.

C.

The idle TCP session from the first client was re-used.

D.

A source address persistence profile is assigned to the virtual server.

Buy Now
Questions 62

An LTM Specialist has a OneConnect profile and HTTP profile configured on a virtual server to load balance an HTTP application.

The following HTTP headers are seen in a network trace when a client connects to the virtual server:

Clientside:

GET / HTTP/1.1

Host: 192.168.136.100

User-Agent: Mozilla/5.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-EncodinG. gzip, deflate

Connection: keep-alive

Serverside:

HTTP/1.1 200 OK

DatE. 5 Jun 1989 17:06:55 GMT

Server: Apache/2.2.14 (Ubuntu)

Vary: Accept-Encoding

Content-EncodinG. gzip

Content-LengtH. 3729

X-Cnection: close

Content-TypE. text/html

The LTM Specialist notices the OneConnect feature is working incorrectly.

Why is OneConnect functioning incorrectly?

Options:

A.

Client must support HTTP/1.0.

B.

Client must support HTTP keep-alive.

C.

Server must support HTTP/0.9.

D.

Server must support HTTP keep-alive.

Buy Now
Questions 63

A BIG-IP Administrator wants to add the ASM Module to an HA pair of BIG-IP devices. The BIG-IP Administrator has already installed a new Add-On License on both devices in the HA pair. What should the BIG-IP Administrator do next to use the module?

Options:

A.

Provision the new module on both BIG-IP device's

B.

Synchronize both BIG-IP devices

C.

Reboot both BIG-IP devices

D.

Reactivate the Licenses on both BIG IP devices

Buy Now
Questions 64

-- Exhibit –

303 Question 64

303 Question 64

-- Exhibit --

Refer to the exhibits.

An LTM device has been configured for load balancing a number of different application servers. Configuration changes need to be made to the LTM device to allow administrative management of the servers in 172.16.10/24, 172.16.20/24, and 172.16.30/24 networks. The servers require outbound access to numerous destinations for operations.

Which solution has the simplest configuration changes while maintaining functionality and basic security?

Options:

A.

Remove 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24, and keep 0.0.0.0:0/0.0.0.0 enabled on all VLANs.

B.

Replace 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24, with 172.16.0.0:0/16, and keep 0.0.0.0:0/0.0.0.0.

C.

Enable 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24 on ingress VLAN(s), and enable 0.0.0.0:0/0.0.0.0 on egress VLAN(s).

D.

Enable 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24 on egress VLAN(s), and enable 0.0.0.0:0/0.0.0.0 on ingress VLAN(s).

Buy Now
Questions 65

An LTM is configure an application that isseparated into several subdomains across multiple virtual servers. Many of these subdomains require encryption and could be accessed by anyone on the internet. The configuration must NOT result in SSL warnings to end users.

How should the LTM Specialist configure the SSL profiles for these virtual servers?

Options:

A.

Obtain an SSL certificate for each subdomain, make a ServerSSL profile for each subdomain, and apply to the related SSL Virtual Server.

B.

Obtain a wildcard certificate, create one ClientSSL profile and apply to all SSL Virtual Servers

C.

Create a self-singed SSL certificate for each subdomain make a ClientSSL profile for each subdomain, and apply to the related SSL Virtual server

D.

Create a self-singed SSL certificate for each subdomain make a Clientprofile for each SSL Virtual Server

Buy Now
Questions 66

An TLM Specialist needs to configure a virtual server to terminate SSL connection on the LTM device.

Cryptographic information must be re-authorized for SSL sessions that remain open for longer than 30 seconds.

Which settings should the LTM Specialist configure in the client SSL profile?

Options:

A.

set the Handshake Timeout to 30 seconds

B.

enable Require Peer SN1 Support

C.

set the Renegotiate Period to 30 seconds

D.

set the Renegotiate Max Record Delay to 30

Buy Now
Questions 67

When re-licensing an LTM device from the command line interface, which tmsh command should the LTM Specialist use to generate the required information to provide on the F5 licensing portal?

Options:

A.

tmsh run /util get-dossier

B.

tmsh generate /sys dossier

C.

tmsh list /sys registration-key

D.

tmsh install /sys license registration-key

Buy Now
Questions 68

Refer to the exhibit.

303 Question 68

A BIG-IP Administrator needs to fall over the active device. The administrator logs into the Configuration

Unity and navigates to Device Management > Traffic Group. However, Force to Standby is greyed out

What is causing this issue?

Options:

A.

The BIG-IP Administrator is NOT logged into command line to tail over

B.

The BIG-IP Administrator is on the Standby Device

C.

The BIG-IP Administrator is logged in as root

D.

The BIG-IP Administrator is logged in as administrator

Buy Now
Questions 69

The BIG-IP Administrator creates a custom iRule that fails to work as expected. Which F5 online resource should the administrator use to help resolve this issue?

Options:

A.

DevCentral

B.

Bug Tracker

C.

University

D.

Health

Buy Now
Questions 70

-- Exhibit –

303 Question 70

303 Question 70

-- Exhibit --

Refer to the exhibits.

An LTM Specialist is reconfiguring a virtual server to redirect all clients to HTTPS. Testing reveals that the redirect is functioning incorrectly. As part of the troubleshooting process, the LTM Specialist performs a packet capture.

What is the issue?

Options:

A.

The redirect is causing an infinite loop.

B.

The virtual server is missing a clientssl profile.

C.

The redirect is sending the client to the incorrect location.

D.

The virtual server is incorrectly processing the HTTP request.

Buy Now
Questions 71

An LTM Specialist needs to create a virtual server to pass TCP traffic to three pool members.

Which two virtual server types should be used to meet the requirements? (Choose two)

Options:

A.

Performance (Layer A)

B.

Standard

C.

Forwarding (IP)

D.

Stateless

E.

Forwarding (Layer 2)

Buy Now
Questions 72

A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing power

outages.

Which log file should the BIG-IP Administrator check to verify the suspicion?

Options:

A.

/war /log/daemon.log

B.

/var/log/kern.log

C.

/var/log/ltm

D.

/var/log/audit

Buy Now
Questions 73

Some users who connect to a busy Virtual Server have connections reset by the BIG-IP system. Pool member resources are NOT a factor in this behavior. What is a possible cause for this behavior?

Options:

A.

The Connection Rate Limit is set too high

B.

The server SSL Profile has NOT been reconfigured.

C.

The Connection Limit is set too low.

D.

The Rewrite Profile has NOT been configured.

Buy Now
Questions 74

What should the LT'M Specialist add to the virtual server?

303 Question 74

Options:

A.

one Stream profile and an iRule with the command of STREAM expression (@http:// @https:// @@internalapp@publicapp@)

B.

two Stream profiles and an iRule with the command of STREAM expression (@http:// @https:// @@internalapp@publicapp@)

C.

one Stream profile with the expression of @http:// @https:// @

D.

Two Stream profiles, one profile for each rewrite requirement

Buy Now
Questions 75

While investigating the cause of a device failover, an LTM Specialist discovers the following events in /var/log/ltm:

01010029:5: Clock advanced by 518 ticks

01010029:5: Clock advanced by 505 ticks

01010029:5: Clock advanced by 590 ticks

01010029:5: Clock advanced by 568 ticks

01010029:5: Clock advanced by 1681 ticks

01010029:5: Clock advanced by 6584 ticks

01140029:5: HA daemon_heartbeat tmm fails action is failover and restart.

010c0026:5: Failover condition, active attempting to go standby.

Which issue caused the failover?

Options:

A.

NTP being out of sync

B.

TMM being descheduled

C.

VLAN Fail-safe heartbeats

D.

HA missing heartbeat packets

Buy Now
Questions 76

Refer to the exhibit.

303 Question 76

The BIG-IP Administrator has modified an iRule on one device of an HA pair. The BIG-IP Administrator

notices there is NO traffic on the BIG-IP device in which they are logged into.

What should the BIG-IP Administrator do to verify if the iRule works correctly?

Options:

A.

Push configuration from this device to the group and start to monitor traffic on this device

B.

Pull configuration to this device to the cluster and start to monitor traffic on this device

C.

Log in to the other device in the cluster, push configuration from it, and start to monitor traffic on that device

D.

Log in to the other device in the cluster, pull configuration to it, and start to monitor traffic on that device

Buy Now
Questions 77

An LTM Specialist has noticed in the audit log that there are numerous attempts to loginto the Admin account. Theses attempts are sourced from a suspicious IP address range to the Configuration Utility of the LTM device.

How should the LTM Specialist block these attempts?

Options:

A.

add the permitted source IP addresses to the httpd allow list viatmsh

B.

add the suspicious source IP addresses to the httpd deny list via tmsh

C.

add the suspicious source IP addresses to the httpd deny list via Configuration Utility

D.

add the permitted source IP addresses to the allow list viaConfiguration Utility

Buy Now
Questions 78

An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1

Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)

Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only client traffic specifically for this virtual server?

Options:

A.

tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap

B.

tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

C.

tcpdump -ni vlan301 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap

D.

tcpdump -ni vlan302 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap

E.

tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

Buy Now
Exam Code: 303
Exam Name: BIG-IP ASM Specialist
Last Update: Nov 30, 2024
Questions: 520

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now 303 testing engine

PDF (Q&A)

$36.75  $104.99
buy now 303 pdf