303 V12.35

IT Certification Guaranteed, The Easy Way!
Exam : 303
Title : BIG-IP ASM Specialist
Vendor : F5
Version : V12.35
1
NO.1 A web server's default gateway is the network router. The LTM Specialist needs to introduce an
LTM device to load balance to the web servers without changing the server's default gateway.
Which deployment method and settings should the LTM Specialist use to ensure correct traffic flow
and that the web servers can obtain the actual con IP addresses?
(A). route deployment with Automap configured and X-Forwarded-For inserted in HTTP headers
(B). route deployment without SNAT configuration
(C). SNAT deployment with automap configured and X-Forwarded-For inserted in HTTP headers
(D). SNAT deployment with automap configured
Answer: C
NO.2 An LTM Specialist needs to provide access to a 8BG-IP to device for a company's support
person access to the BIG IP device, but are NOT allowed to change any settings All support the
support remote access to the BIG-IP device, but are NOTallowed to change ant settings. All support
have accounts in the company's Active Directory Which method is appropriate to provide access for
the support personnel to the BIG-JP device?
(A). configure remote authentication for all users with a default userrole of Guest
(B). configure remote authentication and map support personnel users to the Guest user role
(C). configure remote authentication and map support personnel users to the Operator user role
(D). configure remote authentication for all users with adefault user role of Operator
Answer: B
NO.3 An IT support engineer needs to access and modify Virtual Servers in three partitions (Common
/Banking and Dev) daily on a BIG-IP device. The company operates a Least Privilege access policy.
What level of access does the IT support engineer need to ensure completion of daily roles?
(A). Manager in /common/Banking, and /Dev partitions
(B). Application Editor in /Common, /Banking, and /Dev partitions
(C). Manager in all partitions
(D). Application Editor in all partitions
Answer: A
NO.4 An LTM Specialist notices the following error on the stdout console:
mcpd[2395]: 01070608:0: License is not operational(expired or digital signature does not match
contents) Which command should be executed to verify the LTM device license?
(A). bigpipe version
(B). tmsh show /sys license
(C). tmsh /util bigpipe version
(D). tmsh show /sys license status
Answer: B
NO.5 An LTM Specialist discovers an issue with the custom http monitor that returns in a false
positive status.
The end users cannot get the right website, but thehttp monitor marks the pool member UP.
What is causing the false positive result?
2
(A). The end user should use another type of browser.

(B). The response is chunked.
(C). The response is compressed.
(D). The Content-Type has value "iso-8859-200".
Answer: D
NO.6 Refer to the exhibit.
An LTMSpecialist configures the two syslog destination Syslog destination #1 can receive messages
but the syslog destination #2 can NOT receive messages.
Which command sill correct the issue?
(A). {/Common)(tmos) # modify /syssyslog remote-servers modify (syslog_dest2 {local-ip
(B). {/Common)(tmos) # modify Ays syslog remote servers modify {syslog_dest2 {local- ip 10.208.102
254)}
(C). {/Common) (tmos) # modify /sys syslog remote-servers modify {syslog_dest2 {host 10
208.102.254 }}
(D). {Common(tmos) # modify/syslog remote-servers modify {syslog_dest2 {lost.10.10.10.28 }}
Answer: A
3
NO.7 A BIG-IP Administrator need to ensure that a pool member and down by the monitor the BIG-
IP system sends existing connections to another be pool member.
Which should the BIG-IP Administrator perform to meet this goal?
(A). Set Action on Service Down sing under the server configuration to reselect.
(B). Reconfigure the pool motor members as UP.
(C). Enable mirroring within the persistence profile.
(D). Set Action Service Down setting under the pool configuration to reselect.
Answer: D
NO.8 Refer to the following iRule:
What is a complete list of profiles that must be applied to the virtual server for this iRule?
(A). Fast L4, HTTP
(B). TCP, HTTP
(C). TCP, HTTP, Client SSL
(D). Fast L4 , HTTP, Stream
Answer: B
A BIG-IP Administrator configures the Virtual Server to pass HTTP traffic. Users report that they are
unable to access the application What should the administrator do to resolve this issue?
(A). Change the Virtual Server name
(B). Disable .he State
(C). Reconfigure the Source Address
4
(D). Reconfigure the Pool Members

Answer: D
NO.10 -- Exhibit -
-- Exhibit --
Refer to the exhibits.
Every monitor has the same Send String, Recv String, and an Alias of *:*. The LTM Specialist simplifies
the configuration to minimize the number of monitors.
How many unique monitors remain?
(A). 1
(B). 2
(C). 3
(D). 4
(E). 5
Answer: B
NO.11 An ITM Specialist has the configuration shown:
5
The LTM Specialist needs to create a new virtual server in part B.

Which virtual address(es) should be used for the new virtual server?
(A). 10.100.0.1 and.10.120.0.1
(B). 10.90.0.1 and 10.12.0.1
(C). 10.120.0.1 only
(D). 10.90.0.1 and 10.100.0.1
Answer: A
NO.12 An LTM Specialist is troubleshooting a problem on an eCommerce website. The user browses
the online store using port 80, adding items to the shopping cart. The user then clicks the "Checkout"
button on the site, which redirects the user to port 443 for the checkout process. Suddenly, the user's
shopping cart is shown as empty.
The shopping cart data is stored in memory on the server, and the default source address persistence
profile is used on both virtual servers.
What is the issue?
(A). The port 80 pool member is deleting the user's session cookie.
(B). The port 443 pool member is deleting the user's session cookie.
(C). The port 80 and port 443 connections are balanced to the same node.
(D). The port 80 and port 443 connections are balanced to different nodes.
Answer: D
NO.13 -- Exhibit -
6
-- Exhibit --
Refer to the exhibit.
An LTM Specialist configures a virtual server to load balance to a pool of FTP servers. File transfers
are failing. The virtual server is configured as follows:
ltm virtual ftp_vs {
destination 10.10.1.103:ftp
ip-protocol tcp
mask 255.255.255.255
pool ftp_pool
profiles {
tcp { }
}
vlans-disabled
}
Which change will resolve the problem?
(A). Add an FTP monitor to the pool.
(B). Add an FTP profile to the virtual server.
(C). Enable loose initiation in the TCP profile.
(D). Increase the TCP timeout value in the TCP profile.
Answer: B
NO.14 An LTM Specialist needs to configures virtual server that uses PVA or OPVA Which virtual
server type should be used?
(A). Stateless
(B). Performance (HTTP)
(C). Standard
(D). Performance (Layer 4)
Answer: D
NO.15 A BIG-IP Administrator adds new Pool Members into an existing, highly utilized pool. Soon
after, there are reports that the application is failing to load for some users. What pool level setting
should the BIG-IP Administrator check?
(A). Availability Requirement
7
(B). Allow SNAT

(C). Action On Service Down
(D). Slow Ramp Time
Answer: D
Explanation
Option ABC is a global configuration, has nothing to do with the new pool member, select D after
excluding
NO.16 -- Exhibit -
8
-- Exhibit --
Users are able to access the application when connecting to the virtual server but are unsuccessful
when connecting directly to the application servers. The LTM Specialist wants to allow direct access
to the application servers.
Which configuration change resolves this problem?
(A). Enable port 443 on the virtual server.
(B). Configure a SNAT pool on the LTM device.
(C). Disable address translation on the virtual server.
(D). Configure an IP Forwarding virtual server on the LTM device.
9
(E). Configure a route to the web server subnet on the network router.
Answer: D
NO.17 A BIG-IP Administrator needs to restore an encrypted UCS archive from the command line
using the TMSH utility.
Which TMSH command should the BIG-IP Administrator use to accomplish this?
(A). load/sys ucs <filepath> passphrase <password>
(B). load/sys config file <filepath> passphrase <password>
(C). load/sys config file <filepath>
(D). load/sys ucs <filepath> no-license
Answer: A
NO.18 A BIG-IP Administrator is performing maintenance on the active BIG-IP device of an HA pair.
The BIG-IP Administrator needs to minimize traffic disruptions.
What should the BIG-IP Administrator do to start the maintenance activity?
(A). Reboot the BIG-IP device.
(B). Move resources to a new Traffic Group.
(C). Force the BIG-IP device to standby.
(D). Disable switch ports of the BIG-IP device.
Answer: C
NO.19 What is the effect of an iRule error such as referencing an undefined variable?
(A). The iRule execution will continue with the next statement.
(B). The execution of the current event within the iRule will be terminated.
(C). The iRule execution will be terminated, and both the client and server side connections will be
reset.
(D). The connection will continue, but the iRule will NOT be executed again for the lifetime of the
connection.
Answer: C
NO.20 A new web application is being deployed Mutual SSL authentication must be used to
authenticate clients.
Which of the following two tasks must be completed to meet therequirements? (Choose two)
(A). configure the server SSL profile with "Client Certificate" Set to require
(B). configure the client SSL profile with "Client Certificate" set to require
(C). instruct the desktop team to update the web browser to the most recent release
(D). generate a CSR to register a certificate with the CA
(E). configure the client SSL profile with the Trusted .Certificate Authorities
Answer: B,E
NO.21 A BIG-IP Administrator needs to view the CPU utilization of a particular Virtual Server. Which
section of the Configuration Utility should the administrator use for this purpose?
(A). Statistics > Module Statistics > Local Traffic > Virtual Addresses
(B). Statistics > Module Statistics > Traffic Summary
(C). Statistics > Analytics > Process CPU Utilization
(D). Statistics > Module Statistics > Local Traffic > Virtual Servers
10
Answer: D
NO.22 Which command will identify the active LTM device currently handling client traffic?
(A). b ha table show
(B). tmsh list /sys ha-status
(C). tmsh show /cm traffic-group
(D). tmsh run /sys failover standby
(E). tmsh show /sys ha-status all-properties
Answer: C
NO.23 What is a benefit provided by F5 Enterprise Manager?

(A). Enterprise Manager allows administrators to analyze traffic flow and create custom application
IPS signatures.
(B). Enterprise Manager allows administrators to establish baseline application usage and generate
an alert if an administratively set threshold for the application is exceeded.
(C). Enterprise Manager allows administrators to identify application vulnerabilities. Virtual patches
are then automatically generated and applied to remediate the detected application vulnerability.
(D). Enterprise Manager allows administrators to monitor all application traffic. Configuration
optimization suggestions based on the observed traffic patterns are then generated for the
administrator to review and apply.
Answer: B
NO.24 A 816-IP Administrator recently deployed an application Users are experiencing slow
performance with the application on some remote networks.
Which two modifications can the BIG-IP Administrator make to address this issue? (Choose two)
(A). Apply dest addr profile to the Virtual Server
(B). Apply f5-tcp-wan profile to the Virtual Server
(C). Apply f5-tcp-lan profile to the Virtual Server
(D). Apply source_addr profile to the Virtual Server
(E). Apply fasti_4 profile to the Virtual Server
Answer: B,C
How many nodes are represented on the network map shown?

(A). Four
(B). Three
(C). One
(D). Two
Answer: B
11
NO.26 A Standard Virtual Server for a web application is configured with Automap for the Source
Address Translation option. The original source address of the client must be known by the backend
servers. What should the BIG-IP Administrator configure to meet this requirement?
(A). The Virtual Server type as Performance (HTTP)
(B). An HTTP profile to insert the X-Forward-For header
(C). An HTTP Transparent profile
(D). A SNAT Pool with the client IP
Answer: B
Explanation
Because it is a web application, you can insert the source IP in the xff field in the http profile.
NO.27 AN LTM Specialist is using an external monitor evaluate the hard drive usage of a node. The
monitor has marked the node down because it exceeded the specific threshold. The disk usage on
the server has been corrected below the threshold, however, the node remains offline.
Which feature is causing this problem?
(A). The parameter Time Until UP has a value greater than 0
(B). The value of Manual Resume is set to No
(C). The value for UP interval is enable with a value greater than 0
(D). The value for Manual Resume is set to Yes
Answer: D
12
How long will the persistence record remain in the table?

(A). 180 seconds after the last packet
(B). 180 seconds after the initial table entry
(C). 300 seconds after the initial table entry
(D). 300 seconds after the last packet
Answer: D
NO.29 A BIG-IP Administrator creates a new VLAN on BIG-IP Cluster Member A and attaches an
Interface to it.
Although the Auto Config Sync is in place, the new VLAN does NOT show up on Cluster Member B.
What should the BIG-IP Administrator do to ensure the new VLAN is configured on each Cluster
Member?
(A). Configure the new VLAN manually on Cluster Member B.
(B). Reset the Device Trust of the BIG-IP Cluster on either Cluster Member.
(C). Configure a Default Route for the new VLAN on Cluster Member A.
(D). Enable the Interface that is attached to the new VLAN on Cluster Member A.
Answer: A
NO.30 Remote office users are having performance issues with a virtual hosted on the F5 LTM. The
LTM Specialist reviews the configuration for the virtual server and determine that some settings are
set with default profiles.
13
Which profile should the LTM Specialist enable to improve virtual server performance?
(A). A WAN optimized client side profile
(B). A FastL4 profile on the virtual server
(C). An HTTP profile for the virtual server
(D). A Stream profile for the remote user networks
Answer: A
Explanation
They key word is that there are performance problem with Remote office users, no F5. The user
experience can be improved through tcp optimization. The expression should be wom-tcp-wan-
optimized in Protocol Profile (Client)
A BIG-IP Administrator creates a new Virtual Server. The end user is unable to access the page. During
troubleshooting, the administrator learns that the connection between the BIG-IP system and server
is NOT set up correctly.
What should the administrator do to solve this issue?
(A). Disable Address Translation
(B). Set Address Translation to Auto Map, configure a SNAT pool, and have pool members in the same
subnet of the servers
(C). Set Address Translation to SNAT and configure a specific translation address
(D). Set Address Translation to SNAT and have self-IP configured in the same subnet of servers
Answer: C
Explanation
The status of the pool can be seen that the members are all up, indicating that the network from F5
14
to the server is no problem, so there is no need to configure selfip on the same subnet. The monitor
is normal but the access is not normal, you have to consider the problem of snat, you can configure
automap or configure snat and specify snat ip.
NO.32 In which file would the LTM Specialist find virtual server configurations?
(A). bigip.conf
(B). bigip_sys.conf
(C). bigip_base.conf
(D). profile_base.conf
Answer: A
NO.33 An IT administrator wants to log which server is being load balanced to by a user with IP
address 10.10.10.25.
Which iRule should the LTM Specialist use to fulfill the request?
(A). when SERVER_CONNECTED {
if { [IP::addr [IP::remote_addr]] equals 10.10.10.25]} {
log local0. "client 10.10.10.25 connected to pool member [IP::addr [LB::server addr]]" }
}
(B). when CLIENT_ACCEPTED {
if { [IP::addr [clientside [IP::remote_addr]] equals 10.10.10.25]} {
}
(C). when SERVER_CONNECTED {
if { [IP::addr [clientside [IP::remote_addr]] equals 10.10.10.25]} {
}
(D). when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals 10.10.10.25]} {
}
Answer: C
NO.34 An LTM Specialist troubleshooting an issue looks at the following /var/log/ltm entries:
Oct 2 04:52:42 slot1/tmm7 crit tmm7[21734]: 01010201:2: Inet port exhaustion on 10.143.109.5 to
10.143.147.150:53 (proto 17)
10.143.147.150:53 (proto 17)
10.143.147.150:53 (proto 17)
10.143.147.150:53 (proto 17)
10.143.147.150:53 (proto 17)
10.143.147.150:53 (proto 17)
Which configuration item should the LTM Specialist review to fix the issue?
15
(A). SNAT Pool

(B). Pool Member
(C). Port Lockdown
(D). Virtual Server Port Translation
Answer: A
NO.35 TWO BIG-IP appliances need to be configured to load balance multiple firewall in a firewall
sandwich, Which health monitor setting should be used to verify that the firewalls are able to
forward traffic?
(A). Adaptive
(B). Reverse
(C). Transparent
(D). Up internal
Answer: C
Explanation
Sandwich architect firewalls are generally deployed transparently. You can enable Transparent to
point to the next-hop address of the firewall and associate it with the firewall pool member for
detection.
NO.36 An LTM device is running BIG-IP v10.2.0 software. The LTM Specialist is tasked with upgrading
the LTM device to BIG-IP v11.2.0 HF1. The LTM Specialist starts the upgrade process by selecting the
uploaded Hotfix and installing to an unused volume. After 10 minutes, the LTM Specialist checks the
status of the upgrade process and notices that the process is stalled at 0%.
What should the LTM Specialist verify?
(A). the selected volume has sufficient space available
(B). the base software version exists on the LTM device
(C). the LTM device has been restarted into maintenance mode
(D). the LTM device has an available Internet connection via the management interface
Answer: B
NO.37 These log entries can have different root causes:

Jun 28 05:01:21 LTM_A notice mcpd[27545]: 0107143a:5: CMI reconnect timer: enabled Jun 28
05:01:21 LTM_A notice mcpd[27545]: 01071431:5: Attempting to connect to CMI peer 1.1.1.2 port
6699
Jun 28 05:01:21 LTM_A notice mcpd[27545]: 01071432:5: CMI peer connection established to 1.1.1.2
port
6699
Jun 28 05:01:26 LTM_A notice mcpd[27545]: 0107143a:5: CMI reconnect timer: disabled, all peers
are connected Which two commands should be used to obtain additional information on these
entries? (Choose two.)
(A). tmsh show /sys mcpd
(B). bigstart status mcpd
(C). tmsh modify /sys db log.mcpd.level value debug
(D). tmsh modify /sys db log.cmi.level value debug
Answer: B,C
16
NO.38 The LTM Specialist is writing a custom HTTP monitor for a web application and has viewed
the content by accessing the site directly via their browser. The monitor continually fails. The monitor
configuration is:
ltm monitor http /Common/exampleComMonitor {
defaults-from /Common/http
destination *:*
interval 5
recv "Recent Searches"
send "GET /app/feed/current\?uid=20145 HTTP/1.1\\r\\nHost: www.example.com\\r\\nAccept-
EncodinG.
gzip, deflate\\r\\nConnection: close\\r\\n\\r\\n"
time-until-up 0
timeout 16
}
A trace shows the following request and response:
Request:
GET /app/feed/current?uid=20145 HTTP/1.1
Host www.example.com
Accept-Encoding gzip, deflate
Connection: close
Response:
HTTP/1.1 302 Moved Temporarily
Date Wed, 17 Oct 2012 18:45:52 GMT
Server Apache
Location https://example.com/login.jsp
Content-Encoding gzip
Content-Type text/html;charset=UTF-8
Set-CookiE. JSESSIONID=261EFFBDA8EC3036FBCC22D991AC6835;
Path=/app/feed/current?uid=20145 What is the problem?
(A). The request does NOT include a User-Agent header.
(B). The HTTP monitor does NOT support monitoring jsp pages.
(C). The request does NOT include any cookies and the application is expecting a session cookie.
(D). The request includes an Accept-Encoding so the server is responding with a gzipped result and
LTM monitors CANNOT handle gzipped responses.
Answer: C
NO.39 An LTM device pool has suddenly been marked down by a monitor. The pool consists of
members
10.0.1.1:443 and 10.0.1.2:443 and are verified to be listening. The affected virtual server is
10.0.0.1:80.
Which two tools should the LTM Specialist use to troubleshoot the associated HTTPS pool monitor via
the command line interface? (Choose two.)
(A). curl
(B). telnet
(C). ssldump
(D). tcpdump
17
Answer: A,C
NO.40 Which file should be modified to create custom SNMP alerts?

(A). /config/alert.conf
(B). /etc/alertd/alert.conf
(C). /config/user_alert.conf
(D). /etc/alertd/user_alert.conf
Answer: C
NO.41 -- Exhibit -
-- Exhibit --
A company uses a complex piece of client software that connects to one or more virtual servers (VS)
hosted on an LTM device. The client software is experiencing issues. An LTM Specialist is tasked with
finding the cause of the problem.
The LTM Specialist has the tcpdump extract and knows the client software has at least one
connection to a VS on port 1990. However, when a tcpdump runs on the internal VLAN, there is no
record of port 1990 in the tcpdump.
Why is there no record of port 1990 in the tcpdump?
(A). The LTM device drops the connection.
(B). Port 1990 is a well-known port, so its use is restricted.
(C). The LTM device performs a Port Address Translation (PAT).
(D). The LTM device performs a Network Address Translation (NAT).
Answer: C
NO.42 The network team has recently added a new syslog server with IP address 10.1.1.1.
Which command adds the new syslog entry on the F5 LTM device?
A)
18
B)
C)
D)
(A). Option A
19
(B). Option B
(C). Option C
(D). Option D
Answer: C
NO.43 An LTM device is load balancing SIP traffic. An LTM Specialist notices that sometimes the SIP
request is being load balanced to the same server as the initial connection.
Which setting in the UDP profile will make the LTM device more evenly distribute the SIP traffic?
(A). Enable Datagram LB
(B). Disable Datagram LB
(C). Set Timeout to Indefinite
(D). Set Timeout to Immediate
Answer: A
NO.44 Traffic to a pool of SFTP servers that share storage must be balanced by an LTM device.
What are therequired profile and persistence settings for a standard virtual server?
(A). tcp, ctientsst, ftp serverssl persistence
(B). tcp, clientssl, serverssl persistence
(C). tcp, ftp - Source address persistence
(D). tcp - no persistence profile will be used
Answer: C
NO.45 An LTM Specialist is troubleshooting a problem on an eCommerce website. The user browses
the online store using port 80, adding items to the shopping cart. The user then clicks the "Checkout"
button on the site, which redirects the user to port 443 for the checkout process. Suddenly, the user's
shopping cart is shown as empty.
The shopping cart data is stored in memory on the server, and the default source address persistence
profile is used on both virtual servers.
How should the LTM Specialist resolve this issue?
(A). Add an HTTP profile to both virtual servers.
(B). Enable SNAT Automap on both virtual servers.
(C). Create a custom persistence profile and enable "Map Proxies."
(D). Create a custom persistence profile and enable "Match Across Services."
Answer: D
NO.46 A BIG-IP Administrator defines a device Self IP . The Self IP is NOT reachable from the
network. What should the BIG-IP Administrator verify first?
(A). The correct interface has been selected.
(B). The correct VLAN has been selected.
(C). Verify if auto last hop is disabled.
(D). The correct Trunk has been selected.
Answer: B
NO.47 Six servers have a varying number of connections that change based on the user load.
Which load balancing method should an LTM Specialist apply to divided the web application traffic to
the servers on therelative performance trend?
20
(A). Least Sessions

(B). Least Connections
(C). Predictive
(D). Ratio
Answer: C
NO.48 An LTM device is configure with the wildcard virtual servers displayed below.
A client connection is made to 172.24.31.14:443.
(A). VS_172_24_1_WILDCARD
(B). VS_HTTP_WILDCARD
(C). VS_172_24_WILDCARD
(D). VS_HTTPS_WILDCARD
Answer: C
Explanation
Match the network segment first and then port.
NO.49 A BIG IP device delivers the online shopping website https://shop.example.com. Two pool
members handle the traffic. An iRule directs requests with the hip parameter
"environment=development" to a third pool member for a staging environment.
Which combination of profiles is needed at minimum?
(A). tcp, http, request logging
(B). tcp,http, clientssl
(C). tcp, clientssl, serverssl
(D). http, clientssl, persistence
Answer: B
NO.50 An LTM Specialist has been asked to configure a virtual server to distribute connections
between a pool of two application servers with addresses 172.16.20.1 and 172.16.20.2. The
application servers are listening on TCP ports 80 and 443. The application administrators have asked
that clients be directed to the same node for both HTTP and HTTPS requests within the same session.
Virtual servers vs_http and vs_https have been created, listening on 1.2.3.100:80 and 1.2.3.100:443,
respectively.
Which configuration option will result in the desired behavior?
(A). Create pool app_pool with members 172.16.20.1:any and 172.16.20.2:any Assign app_pool as
the default pool for both vs_http and vs_https Disable port translation for vs_http and vs_https
(B). Create pool http_pool with members 172.16.20.1:80 and 172.16.20.2:80 Assign pool http_pool as
the default pool for both vs_https and vs_https Disable port translation for vs_https Create an SSL
persistence profile with "match across virtual servers" enabled Assign the persistence profile to
vs_http.
(C). Create pool http_pool with members 172.16.20.1:80 and 172.16.20.2:80 Create pool https_pool
with members 172.16.20.1:443 and 172.16.20.2:443 Assign http_pool as the default pool for vs_http
Assign https_pool as the default pool for vs_https Create a source address persistence profile with
"match across services" enabled Assign the persistence profile to vs_http and vs_https
(D). Create pool http_pool with members 172.16.20.1:80 and 172.16.20.2:80 Create pool https_pool
with members 172.16.20.1:443 and 172.16.20.2:443 Assign http_pool as the default pool for vs_http
Assign https_pool as the default pool for vs_https Create an SSL persistence profile with "match
21
across virtual servers" enabled Assign the persistence profile to vs_http

Answer: C
NO.51 The BIG-IP Administrator disable all pool members in a pool Users are still able to reach the
pool members.
What is allowing users to continue to reach the disabled poo! members?
(A). A slow to time on Pool
(B). A persistence profile on the Virtual Server
(C). A slow ramp time on virtual Server
(D). A persistence profile on the Pool
Answer: B
NO.52 A BIG-IP Administrator assigns the default http health monitor to a pool that has three
members listening on port 80 When the administrator connects to each pool member via the CURL
utility, two of the members respond with a status of 404 Not Found while the third responds with
200 OK. What will the pool show for member availability?
(A). All members offline.
(B). Two members offline and one member online.
(C). Two members online and one member offline.
(D). All members online.
Answer: D
NO.53 A BIG-IP Administrator is receiving intermittent reports from users that SSL connections to
the BIG-IP device are failing. Upon checking the log files, the BIG-IP Administrator notices the
following error message:
ere tmm<instance>[<pid>]: 01260008:3: SSL transaction (TPS) rate limit reached After reviewing
statistics, the BIG-IP Administrator notices there are a maximum of 1200 client-side SSL TPS and a
maximum of 800 server-side SSL TPS.
What is the minimum SSL license limit capacity the BIG-IP Administrator should upgrade to handle
this peak?
(A). 2000
(B). 400
(C). 800
(D). 1200
Answer: D
NO.54 An LTM Specialist wants to allow access to the Always On Management (AOM) from the
network.
Which two methods should the LTM Specialist use to configure the AOM interface? (Choose two.)
(A). Configure the AOM IP from the front panel buttons and LCD.
(B). Choose the network configurator in the AOM menu on the serial port.
(C). Configure the AOM network address in the GUI under System>Platform.
(D). Log in to the Host via ssh, "ssh aom", and modify the network configuration file.
Answer: B,D
NO.55 A web developer needs a virtual server configured for an application.
22
The application details are asfollows:

Application is accessed on port 443.
The application traffic is encrypted by the server.
HTTP is not being used. No data manipulation is necessary.
Throughput is critical.
NO connections are terminated on the LTM.
Which configuration provides thebest performance?
A)
B)
23
C)
D)
24
(A). Option
(B). Option
(C). Option
(D). Option
Answer: B
The BIG-IP Administrator is investigating disk utilization on the BIG-IP device.

What should the BIG-IP Administrator check next?
(A). Large files on the / file system
(B). Results from the EUD test
(C). Results from the platform diagnostics test
(D). Large files on /usr file system
Answer: A
NO.57 A web application requires the client to provide the destination server and service
25
identification.
Which HTTP header will supply this information?
(A). Host
(B). From
(C). Expect
(D). Connection
Answer: A
NO.58 The BIG-IP Administrator needs to perform a BIG-IP device upgrade to the latest version of
TMOS. Where can the administrator obtain F5 documentation on upgrade requirements?
(A). AskF5
(B). DevCentral
(C). Bug Tracker
(D). iHealth
Answer: A
NO.59 An LTM device load balances a pool of routers. The LTM device needs to verify
pathavailability to an HTTP server with the IP address 192 168.10 10. located beyond the routers.
Which monitor type and parameters arc required?
(A). HTTP monitor alias address 192 168.10 10. and set the alias to port 80
(B). TCP monitor, alias address 192.168.10.10. and set the alias to port 80
(C). TCP monitor change transparent option to Yes. set alias address 192.168.10.10. and set the alias
to port
80
(D). TCP monitor, change transparent option to Yes, and sot the alias to port 80
Answer: C
NO.60 An LTMSpecialist must reconfigure a BIG-IP LTM system that load balances traffic to web
application servers. The application developer inform the LTM Specialist that TLS must be used to
communicate with the application servers.
Which additional profile isrequired as part of virtual server configuration?
(A). SPDV profile
(B). Server SSL
(C). Client SSL
(D). Rewrite profile
Answer: B
NO.61 A BIG-IP Administrator remotely connects to the appliance via out-of-band management
using
https://mybigip mycompany net. The management portal has been working all week. When the
administrator attempts to login today, the connection times out. Which two aspects should the
administrator verify? (Choose two)
(A). DNS is property resolving the FQDN of the device.
(B). The device is NOT redirecting them to http.
(C). The administrator has the latest version of the web browser.
(D). Packet Filters on the device are blocking port 80.
26
(E). The administrator has TCP connectivity to the device.

Answer: A,E
NO.62 An LTM device configured with a management IP address and route and a series of self-IPs
and TMM routes.Both management and TMM have a routing entry for 101 10/24 Application traffic
is being load balanced and sent to pool member 10.1.1.123 with SNAT Automap and configured.
Which route will the LTM device use?
(A). TMM route regardless of the management port status
(B). both routes, which will duplicate traffic on both management and TMM interface
(C). equal cost multipath load balancing via both routes
(D). management route when TMM interface is down or TMM is offline
(E). management route regardless of the managementport status
Answer: A
NO.63 An LTM Specialist needs to rewrite text within an HTML response from a web server. A client
is sending the following HTTP request:
GET / HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-LanguagE. en-US,en;q=0.5
Accept-EncodinG. gzip, deflate Cache-Control: no-cache Connection: keep-alive CookiE.
somecookie=1 HTTP/1.1 200 OK Server: Apache/2.2.15 (Unix) Last-ModifieD. Wed, 12 Aug 2009
00:00:30 GMT Accept-Ranges: bytes Content-LengtH. 1063 X-Cnection: close Content-TypE.
text/html; charset=UTF-8 Vary: Accept-Encoding Content-EncodinG. gzip Connection: Keep-Alive
Although a stream profile has been added to the virtual server, the content within the HTTP response
is NOT being matched and therefore NOT modified.
Which header field is contributing to the issue?
(A). HTTP Method
(B). Cookie content
(C). User-Agent Value
(D). Accept-Encoding header
Answer: D
NO.64 An LTMSpecialist is the administrator of an HA pair that contains two BIG IP units and one
floating traffic group (TG1). A new project requires the creation of 30 virtual servers. The Specialist
decides to create a new floating traffic group (TG2) to handle this requirement. Objects for this
project created by the BIG-IP Managers must appears in the correct traffic group.
Which configuration should the LTM Specialist use to meet the requirement?
(A). Move the BIG-IP Managers from TG1 to TG2
(B). Create a new partition and set the default traffic group to TG2
(C). Modify the default traffic group of the Common partition to TG2
(D). Restrict the Traffic Group Access of BIG-I Managers to TG2
Answer: B
NO.65 A node is assigned two monitors as seen in this configuration.
27
What is the status of a member that runs on that node and listens on port 443?
(A). UNKNOWN
(B). UNAVAILABLE
(C). DOWN
(D). UP
Answer: B
NO.66 The BIG-IP Administrator needs to ensure the correct health monitor is being used lor a new
HTTP pool named P_example.
Where should the BIG-IP Administrator validate these settings in the Configuration Utility?
(A). Local Traffic > Nodes > Default Monitor
(B). Local Traffic > Profiles > Services > HTTP > http
(C). Local Traffic > Monitors > http
(D). Local Traffic > Pools > P_ example
Answer: D
NO.67 An LTM Specialist plans to enable connection mirroring for a virtualserver in an HA

environment.
What must the LTM Specialist consider before implementing the configuration change?
(A). Impact on system performance that might be noticeable
(B). The add-on license that is required for this feature to be available
(C). Creating the required separate interface for connection mirroring
(D). Decreased number of possible concurrent connections to that virtual server
Answer: A
Explanation
Connection mirroring will bring performance consumption
NO.68 -- Exhibit -
28
-- Exhibit --
An LTM Specialist is investigating reports that users are unable to perform some commands through
an FTP virtual server. The users are receiving the FTP error "500 Illegal PORT command." The virtual
server is configured to SNAT using automap. The LTM Specialist performs a capture on the server side
of the LTM device.
Why is the server returning this error?
(A). LIST command disallowed
(B). PORT command disallowed
(C). Active IP address in PORT command
(D). Active IP address in LOGIN command
Answer: C
NO.69 A BIG-IP Administrator needs to remove a pool specific health monitor. There is a pool named
Best Pool with two members, one named Best pool member and one named Best pool member2. In
the Local Traffic section of the administrative GUI, which stops should the BIG-IP Administrator take
to remove a pool level monitor?
(A). Pool > Pool List > Best Pool > Members > Health Monitors
(B). Nodes > Node List> Best _pool_memberl > Heath Monitors
(C). Monitors > Monitor Name> Instances
(D). Pool > Pool List> Best Pool > Health Monitors
Answer: D
NO.70 A BIG-IP Administrator discovers malicious brute-force attempts to access the BIG-IP device
on the management interface via SSH. The BIG-IP Administrator needs to restrict SSH access to the
management interface.
Where should this be accomplished?
(A). System > Configuration
(B). Network > Interfaces
(C). Network > Self IPs
(D). System > Platform
29
Answer: D
NO.71 An LTM Specialist needs to force only FTP traffic, sourced from subnet 10.10.10.0/24 to
virtual server 10.10.20.1 to the new FTP1 server. The following virtual servers are configured on the
LTM device:
Traffic sourced from 10.10.10/24 must use the specific pool member for load balancing.
Which configuration change is needed to meet the requirements?
(A). Create a newvirtual server for traffic sourced from 10.10.10.0/24 on port 80 that is destined to
10.10.20.1/32, and create a new pool has only the pool member FTP1 defined.
(B). Add FTP1 to the pool assigned to the MyVS4 virtual server, and remove all other pool
membersfrom the pool.
(C). Create a new virtual server for traffic sourced from 10.10.10.0/24 on traffic sourced from
10.10.10./24 on port 21 that is destined to 10.10.20.1/32, and create a new pool that has only the
pool member FTP1 defined.
(D). Add FTP1 to the pool assigned to the MyVS2 virtual server, and remove all other pool member
from the pool.
Answer: D
Explanation
According to the VS matching order, first match the destination host IP, then match the destination
port and finally match the source network segment. In the current network configuration,
10.10.10./24 access to 10.10.10.20.1 will hit MyVS2. If there is no error in the title, subnet 10.10.10.0
to virtual Server 10.10.20.1 to the FTP1 server,'' Is to distribute all traffic from 10.10.10.1 to
FTP1,then D That's right.
NO.72 The LTM device is configured for RADIUS authentication. Remote logins are failing and the
LTM Specialist must verify the RADIUS configuration.
How should the LTM Specialist check the RADIUS server and shared secret configured on the LTM
device?
(A). tmsh show running-config /auth radius
(B). tmsh show running-config /sys auth radius
(C). tmsh show running-config /auth configuration
(D). tmsh show running-config /sys auth radius-server
Answer: A
NO.73 A BIG-IP Administrator is checking the BIG-IP device for known vulnerabilities. What should
the 8IG-IP Administrator upload to BIG-IP iHealth for further analysis?
(A). QKView
(B). EUD
(C). UCS
(D). tcpdump
Answer: A
NO.74 -- Exhibit -
30
31
-- Exhibit --
After upgrading LTM from v10 to v11, users are unable to connect to an application. The virtual
server is using a client SSL profile for re-terminating SSL for payload inspection, but a server SSL
profile is being used to re-encrypt the request.
A client side ssldump did NOT show any differences between the traffic going directly to the server
and the traffic being processed by the LTM device. However, packet capture was done on the server,
and differences were noted.
Which modification will allow the LTM device to process the traffic correctly?
(A). Enable Strict Resume.
(B). Change Secure Renegotiation to "Request."
(C). Enable ProxySSL option in the server SSL profile.
(D). Change to different ciphers on the server SSL profile.
Answer: B
NO.75 An LTM Specialist configures the following iRule on an LTM device:
32
when HTTP_REQUEST {
if {[string tolower [HTTP::uri]] contains "/URI1/" } {
pool Pool1
}
elseif {[string tolower [HTTP::uri]] contains "/URI2/" } {
pool Pool2
}
elseif {[string tolower [HTTP::uri]] contains "/URI3/" } {
pool Pool3
}
else { pool Pool4}
}
Given
the following request: http://www.example.comURI1/index.html?fu=bar
&pass=1234
Which pool will be selected by the iRule?
(A). Pool1
(B). Pool2
(C). Pool3
(D). Pool4
Answer: D
NO.76 A new web application is hosted at www.example.net, but some clients are still pointing to
the legacy web application at www.example.com.
Which iRule will allow clients referencing www.example.com to access the new application?
(A). when HTTP_REQUEST {
if {[HTTP::host] equals "www.example.*" }{
HTTP::redirect
"http://www.example.net" }
}
(B). when HTTP_REQUEST {
if {[HTTP::host] equals "www.example.com" }{
HTTP::redirect
}
(C). when HTTP_DATA {
if {[HTTP::host] equals "www.example.*" }{
HTTP::redirect
}
(D). when HTTP_RESPONSE {
if {[HTTP::host] equals "www.example.com" }{
HTTP::redirect
}
Answer: B
33
NO.77 There are three servers in the pool: 172.16.20.1, 172.16.20.2, and 172.16.20.3, with the
virtual IP address
10.0.20.88.
A user CANNOT connect to an HTTP application. To understand the problem and find a solution, the
LTM Specialist runs two concurrent traces on the LTM device, with the following results:
Trace on client side:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type
EN10MB (Ethernet), capture size 96 bytes
22:22:07.423759 IP 172.16.20.100.53875 > 10.0.20.88.80: S 998346084:998346084(0) win 5840 <mss
1460,sackOK,timestamp 67942058 0,nop,wscale 4>
22:22:07.424056 IP 10.0.20.88.80 > 172.16.20.100.53875: S 4671780:4671780(0) ack 998346085 win
4380
<mss 1460,nop,wscale 0,nop,nop,timestamp 2392362490 67942058,sackOK,eol>
22:22:07.424776 IP 172.16.20.100.53875 > 10.0.20.88.80: . ack 1 win 365 <nop,nop,timestamp
67942058
2392362490>
22:22:07.424790 IP 172.16.20.100.53875 > 10.0.20.88.80: P 1:149(148) ack 1 win 365
<nop,nop,timestamp
67942058 2392362490>
22:22:07.424891 IP 10.0.20.88.80 > 172.16.20.100.53875: . ack 149 win 4528 <nop,nop,timestamp
2392362491 67942058>
22:22:12.024850 IP 10.0.20.88.80 > 172.16.20.100.53875: R 1:1(0) ack 149 win 4528
6 packets captured
6 packets received by filter
0 packets dropped by kernel
Trace on server side:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on internal, link-
type EN10MB (Ethernet), capture size 96 bytes
22:22:07.424881 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 <mss
1460,nop,wscale 0,nop,nop,timestamp 2392362491 0,sackOK,eol>
22:22:08.424893 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 <mss
22:22:09.625082 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 <mss
22:22:10.825194 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 <mss
1460,sackOK,eol>
4 packets captured
4 packets received by filter
0 packets dropped by kernel
What should the LTM Specialist do to solve the problem?
(A). Edit the packet filter rules.
(B). Modify the monitor of the pool.
(C). Enable the virtual server.
(D). Configure the virtual server to use SNAT.
Answer: D
34
NO.78 Users report that traffic is negatively affected every time a BIG-IP device fails over. The traffic
becomes stabilized after a few minutes.
What should the BIG-IP Administrator do to reduce the impact of future failovers?
(A). Enable Failover Multicast Configuration
(B). Set up Failover Method to HA Order
(C). Configure MAC Masquerade
(D). Configure a global SNAT Listener
Answer: C
NO.79 An LTM Specialist needs to apply SNAT using currently used SNAT pool to a new virtual
server.
What needs to be completed before applying that configuration change?
(A). Review connection for the selected SNAT pool and enlarge it if appropriate
(B). Make sure that the BIG-IP device is NOT operating under heavy load during peak times
(C). Verify that the IP address of the SNAT pool are in the same subnetas the pool members
(D). Verify that the IP address of the SNAT pool are in the same VLAN as the pool members.
Answer: A
Explanation
SNAT does not need to in the same vlan or same network segment as the pool member, as long as
the route is reachable ,excluding C and D he connection information of the SNAT pool to avoid port
exhaustion under high concurrency
NO.80 The end users of a web application need to verify that their browsers received the complete
message-body from the web server.
Which HTTP header will accomplish this?
(A). Range
(B). Expect
(C). Accept-Ranges
(D). Content-Length
Answer: D
NO.81 A BIG-IP Administrator needs to configure the BIG-IP system to perform load balancing for
FTP servers running passive mode FTP.
How should the administrator configure the Virtual Server to perform this load balancing?
(A). A Standard Virtual Server + FTP profile
(B). A Forwarding Virtual Server
(C). A Performance Layer 4 Virtual Server + FTP profile
(D). A Message Routing Virtual Server
Answer: A
NO.82 A BIG-IP Administrator sees the following error message in /var/log/ltm diskmonitor:
*******; Disk partition shared has less than 30$ free Which section of the Configuration Utility
should the BIG-IP Administrator access to investigate this error message?
(A). Statistics > Analytics
(B). System > File Management
35
(C). Statistics > Module Statistics > System

(D). System > Disk Management
Answer: D
NO.83 Which iRule statement demotes a virtual server from CMP?

(A). set ::foo 123
(B). set static::foo 123
(C). persist source_addr 1800
(D). [ class match $HTTP_CONTENT contains my_data_class ]
Answer: A
NO.84 An LTM Specialist is running the following packet capture on an LTM device:
ssldump -Aed -ni vlan301 'port 443'
Which two SSL record message details will the ssldump utility display by default? (Choose two.)
(A). HTTP Version
(B). User-Agent
(C). ClientHello
(D). ServerHello
(E). Issuer
Answer: C,D
NO.85 An ecommerce company is experiencing latency issues with online shops during Black Friday's
peak season.
The BIG-IP Administrator detects an overall high CPU load on the BIG-IP device and wants to move
the top utilized Virtual Servers to a dedicated BIG-IP device.
Where should the BIG-IP Administrator determine the problematic Virtual Servers?
(A). System > Plattform
(B). Local Traffic > Virtual Servers > Virtual Server List
(C). Local Traffic > Network Map
(D). Statistics > Module Statistics > Local Traffic > Virtual Servers
Answer: D
NO.86 An LTM Specialist must create a new virtual server for HTTP access. The LTM Specialist
creates a forwarding virtual server to reach the resource.
What is a potential result of this action?
(A). IP conflict result
(B). HTTP traffic is NOT allowed
(C). Other service ports could be allowed
(D). Packet filter allowances are also required
Answer: B
NO.87 The BIG-IP Administrator needs to perform a BIG-IP device upgrade to the latest version of
TMOS. Where can the administrator obtain F5 documentation on upgrade requirements?
(A). iHealth
(B). Network > Interfaces
(C). Local Traffic > Pools
36
(D). AsKFS
(E). Local Traffic > Virtual Servers
Answer: C
NO.88 An LTM Specialist has just captured trace /var/tmp/trace.cap for site www.example.com
while listening on virtual address 10.0.0.1:443 configured on partition ApplicationA. The data payload
being captured is SSL encrypted.
Which command should the LTM Specialist execute to decrypt the data payload?
(A). ssldump -Aed -nr /var/tmp/trace.cap -k
/config/filestore/files_d/Common_d/certificate_d/:Common:www.example.com.crt_1
(B). ssldump -Aed -nr /var/tmp/trace.cap -k
/config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1
(C). ssldump -Aed -nr /var/tmp/trace.cap -k
/config/filestore/files_d/ApplicationA_d/certificate_d/:ApplicationA:www.example.com.crt_1
(D). ssldump -Aed -nr /var/tmp/trace.cap -k
/config/filestore/files_d/ApplicationA_d/certificate_key_d/:ApplicationA:www.example.com.key_1
Answer: B
NO.89 A virtual server with SNAT automap enabled selects pool member 10.20.0.10.443 for the
server-side flow.
The client side flow source IP is 192.168.0.10 .
Which source IP should be expected inthe server-side connection?

(A). 10.20.0.1
(B). 10.50.0.2
(C). 10.20.0.2
(D). 192.168.0.10
Answer: C
NO.90 An LTM Specialist needs to configure asetup for antivirus scanning of HTTP traffic with an
internet Contact adaption Protocol (ICAP) server.
Which two server type should be used? (Choose two.)
(A). Standard
(B). Internal
(C). Performance HTTP
(D). Forwarding IP
(E). Stateless
Answer: A,B
NO.91 When re-licensing an LTM device from the command line interface, which tmsh command
should the LTM Specialist use to generate the required information to provide on the F5 licensing
portal?
37
(A). tmsh run /util get-dossier

(B). tmsh generate /sys dossier
(C). tmsh list /sys registration-key
(D). tmsh install /sys license registration-key
Answer: A
NO.92 The LTM device is configured to provide load balancing to a set of web servers that
implement access control lists (ACL) based on the source IP address of the client. The ACL is at the
network level and the web server is configured to send a TCP reset back to the client if it is NOT
permitted to connect.
The virtual server is configured with the default OneConnect profile.
The ACL is defined on the web server as:
Permit: 192.168.136.0/24
Deny: 192.168.116.0/24
The packet capture is taken of two individual client flows to a virtual server with IP address
192.168.136.100.
Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:
Clientside:
09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win
8192 <mss
1460,nop,wscale 2,nop,nop,sackOK>
09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack
869998902 win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425
09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678 Serverside:
09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win
4380 <mss
1460,nop,wscale 0,sackOK,eol>
09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack
685865803 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380
09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380
09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108 Client B - Src IP
192.168.116.1 - Virtual Server 192.168.136.100:
Clientside:
09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win
8192
<mss 1460,nop,wscale 2,nop,nop,sackOK>
09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack
3320618939 win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425
09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678 Serverside:
09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904
09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142
38
Why was the second client flow permitted by the web server?
(A). A global SNAT is defined.
(B). SNAT automap was enabled on the virtual server.
(C). The idle TCP session from the first client was re-used.
(D). A source address persistence profile is assigned to the virtual server.
Answer: C
NO.93 An application is expected to maintain more than 100,000concurrent TCP connections to a

single pool member.
What is an appropriate SNAT configuration in this situation?
(A). A SNAT pool with 4 IP addresses
(B). SNAT automap enabled
(C). A static SNAT
(D). A SNAT pool with IP address
Answer: A
Explanation
One IP can establish 65,535 connections only the number of snapit's IP exceeds 100,000. AT least two
snaptips are required. Options B, C, and all have only IP, which is obviously not enough
NO.94 To improve application security, an LTM Specialist must configure a BIG application access.
The BIG IPsystem to authenticate the client certificate before permitting application access. The BIG-
IP system must also support the ability to red to redirect users to a certificate enrolment system
without generating a browser error.
Within the Client SSL profile, which value should the LTM Specialist select for the Client Certificate
option?
(A). Require
(B). Request
(C). Demand
(D). ignore
Answer: A
NO.95 Exhibit.
The server team has recently configured the three new DNS servers shown for the data center. No
current DNS servers are currently configured on the LTM device.
Which command should be used to configure the LTM device to use the new DNS servers?
(A). tmsh create/systins name-servers add {192 168.1.2.192.168.100.1O0.192.168.2O0.2OO}
(B). tmsh change /sysdns name-servers add {192.168.1.2.192.168.100.100.192.168.200.200}
39
(C). tmsh modify/sysdns name-servers add {192.168.1.2.192.168.100.100.192.168.200.200}

(D). tmsh set/sysdns name-servers add {192.168.2.192.168.100.100.192.168.200.200}
Answer: C
Modify the configuration with modify, and create the configuration with create. Excluding B and D,
and the question is to modify the DNSpointer of E5 itself the need to use is modify.
NO.96 An application is sensitive to packet loss and unexpected session termination. A pair of LTM
devices is configured in an Active/Standby high availability configuration. SNATS are NOT used and
the virtual server contains a Universal Persistence profile.
which two actions must an LTM Specialist take to ensure the sessions are maintained between the
client and server during an LTM device failover event while maintaining maximum uptime? (Choose
two.)
(A). configure a serial failover cable for mirror traffic
(B). configure a OneConnect profile to mirror connections
(C). configure a VLAN and primary mirroring address for mirror traffic
(D). enable Mirroring for a virtual server and persistence profile
(E). enable Clone Pools for a virtual server and a persistence profile
Answer: C,D
NO.97 New Syslog servers have been deployed in an organization. The BIG-IP Administrator must
reconfigure the BIG-IP system to send log messages to these servers.
In which location in the Configuration Utility can the BIG-IP Administrator make the needed
configuration changes to accomplish this?
(A). System > Logs > Configuration
(B). System > Configuration > Local Traffic
(C). System > Logs > Audit
(D). System > Configuration > Device
Answer: A
NO.98 -- Exhibit -
40
-- Exhibit --
A web application is configured to allow sessions to continue even after a user computer is shut
down for the night. A new LTM device is configured to load balance the web application to several
servers. The application owner reports that application users are logged out of the web application
whenever their browser is restarted or computer is rebooted.
What is the problem?
(A). The virtual server does NOT have persistence configured.
(B). The virtual server does NOT have persistence mirroring configured.
(C). The cookie set by the LTM device does NOT have an "Expires" value.
(D). The cookie set by the server is NOT being passed to client by the LTM device.
Answer: C
NO.99 -- Exhibit -
41
-- Exhibit --
An LTM Specialist is reviewing the 'test' partition.
Which objects, in order, can be removed from the partition?
(A). delete pool test1_pool, delete node 10.1.1.2
(B). delete node 10.1.1.2, delete pool test2_pool
(C). delete pool test1_pool, delete node 10.1.1.2, delete node 10.1.1.1
(D). delete virtual test1_vs, delete pool test2_pool, delete node 10.1.1.1
(E). delete pool test1_pool, delete pool test2_pool, delete node 10.1.1.3
Answer: A
NO.100 A BIG-IP Administrator needs to apply a license to the BIG-IP system to increase the user
count from the base license.
42
Which steps should the BIG-IP Administrator?

(A). System License > Re-activate> Add-On Registration> Edit
(B). System > License > Re-activate > Base Registration> Edit
(C). Device Management > Devices > Select BIG-IP System > Update
(D). System > Configuration >Device > General
Answer: A
NO.101 -- Exhibit --
-- Exhibit --
A company uses a complex piece of client software that connects to one or more virtual servers
hosted on an LTM device. The client software is experiencing issues. An LTM Specialist must
determine the cause of the problem.
The LTM Specialist has the tcpdump extract and knows the client source IP is 168.210.232.5.
Assuming no wildcard virtual servers, how many distinct virtual servers does the client connect to on
the LTM device?
(A). 2
(B). 3
(C). 4
(D). 6
Answer: B
NO.102 An LTM Specialist observes decreased performance and intermittent connection reap LTM
system.
43
Based on the configuration, which action will address these issues?

(A). Use an optimized TCP profile.
(B). Use a FastL4 profile on the virtual server
(C). Use a default caching profile on the virtual server.
(D). Use a shorter idle timeout on the TCP profile.
Answer: D
NO.103 -- Exhibit -
44
45
-- Exhibit --
An LTM Specialist has configured a virtual server to distribute connections to a pool of application
servers and to offload SSL processing. The application fails to work as expected when connecting to
the virtual server.
It does work when clients connect directly to the application. Two packet captures were taken at the
46
application server.
What is the root cause of the problem?
(A). The application servers are NOT listening on port 80.
(B). The LTM device is sending non-SSL traffic to an SSL port.
(C). The virtual server does NOT have a clientSSL profile assigned.
(D). The SSL handshake between the LTM device and the server is failing.
Answer: B
NO.104 A BIG-IP Administrator applied the latest hotfix to an inactive boot location by mistake, and
needs to downgrade back to the previous hotfix.
What should the BIG-IP Administrator do to change the boot location to the previous hotfix?
(A). Uninstall the newest hotfix and reinstall the previous hotfix
(B). Reinstall the base version and install the previous hotfix
(C). Reinstall the previous hotfix and re-activate the license
(D). Uninstall the base version and restore the UCS
Answer: B
NO.105 An active/standby pair of LTM devices deployed with network failover are working as
desired. After external personnel perform maintenance on the network, the LTM devices are
active/active rather than active/standby.
No changes were made on the LTM devices during the network maintenance.
Which two actions would help determine the cause of the malfunction? (Choose two.)
(A). checking that the configurations are synchronized
(B). checking the configuration of the VLAN used for failover
(C). checking the configuration of the VLAN used for mirroring
(D). checking the open ports in firewalls between the LTM devices
(E). checking synchronization of system clocks among the network devices
Answer: B,D
NO.106 A BIG-IP device is configured with both an internal external and two Corporate VLANs. The
virtual server has SNAT enabled and is set to listen on all VLANs Auto Last Hop is disabled. The
Corporate users are on
10.0.0.0./24 and 172.16.0.0/12. The BIG-IP has a Self-IP on the 1.0.0.0.0./24 subnet.
Internet users are able to access the virtual server. Only some of the Corporate users are able to
connect to the virtual server A BIG-IP Administrator performs a tcpdump on the BIG-IP and verifies
that traffic is arriving from users in 10.0.0.0/24.
What should the BIG-IP Administrator do to correct this behaviour?
(A). Disable the server on the internal VLAN
(B). Add a static route for the 172.16.0.0/12 subnet
(C). Change the default route to point to the extra firewall
(D). Modify the default route of the servers to point to the BIG-IP device
Answer: B
NO.107 Which command should the LTM Specialist use to determine the current system time?
(A). date
(B). time
47
(C). uname -a
(D). ntpq -p
Answer: A
NO.108 -- Exhibit -
-- Exhibit --
An LTM Specialist has created a virtual server to balance connections to a pool of application servers
and offload SSL decryption. Clients connect to the application at https://www.example.com/. The
virtual server is configured with a clientssl profile but no serverssl profile. The application servers are
listening on ports 80 and
443. Users are unable to connect to the application through the virtual server but are able to connect
directly to the application server.
What is the root cause of the error?
(A). The LTM device is chunking responses.
48
(B). The LTM device is redirecting users to HTTPS.

(C). The pool members are configured with the wrong port.
(D). The application servers are redirecting users to HTTPS.
Answer: D
NO.109 A virtual server is configured to offload SSL from a pool of backend servers. When users
connect to the virtual server, they successfully establish an SSL connection but no content is
displayed. A packet trace performed on the server shows that the server receives and responds to
the request. What should a BIG-IP Administrator do to resolve the problem?
(A). enable Server SSL profile
(B). disable Server SSL profile
(C). disable SNAT
(D). enable SNAT
Answer: B
NO.110 An LTM Specialist is troubleshooting an issue with a new virtual server. When connecting
through the virtual server, clients receive the message "Unable to connect" in the browser, although
connections directly to the pool member show the application is functioning correctly. The LTM
configuration is:
ltm virtual /Common/vs_https {
destination /Common/10.10.1.110:443
ip-protocol udp
mask 255.255.255.255
pool /Common/pool_https
profiles {
/Common/udp { }
}
translate-address enabled
translate-port enabled
vlans-disabled
}
ltm pool /Common/pool_https {
members {
/Common/172.16.20.1:443 {
address 172.16.20.1
}
}
}
(A). Remove an HTTP monitor from the pool.
(B). Add an HTTP profile to the virtual server.
(C). Enable the pool member on the correct VLAN.
(D). Select the correct protocol for the virtual server.
Answer: D
NO.111 AN LTM Specialist is deploying an iRule designed to determine the country of origin of an
49
incoming client connection. TheiRule needs to be used with an SSL-enabled web application.
Which profile required for the iRule to function properly?
(A). HTTP
(B). DNS
(C). TCP
(D). UDP
Answer: C
Explanation
Question stem requires the client IP to match the source region, so TCP ?UDP at thetransport layer
can meet the requirements. The title stem mentions that it is a Web application based on SSL, and it
does not mention F5 undertakes SSL offload, So TCP is enough.
NO.112 An LTM Specialist is troubleshooting virtual server 10.0.0.1:443 residing on VLAN vlan301.
The web application is accessed via www.example.com. The LTM Specialist wants to save a packet
capture with complete decrypted payload for external analysis.
Which command should the LTM Specialist execute on the LTM device command line interface?
(A). tcpdump -vvv -s 0 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap
(B). tcpdump -vvv -s 0 -ni vlan301 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap
(C). ssldump -Aed -k
/config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 >
/var/tmp/trace.cap
(D). ssldump -Aed -ni vlan301 -k
/config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 >
/var/tmp/trace.cap
Answer: D
through the virtual server, clients receive the message "The connection was reset" in the browser,
although connections directly to the pool member show the application is functioning correctly.
ltm pool srv1_https_pool {
members {
192.168.2.1:https{
address 192.168.2.1
}
}
}
ltm virtual https_example_vs {
destination 192.168.1.155:https
ip-protocol tcp
mask 255.255.255.255
pool srv1_https_pool
profiles {
http { }
tcp { }
}
snat automap
50
vlans-disabled
}
(A). Enable HTTP monitoring on the pool.
(B). Add a ClientSSL profile to the virtual server.
(C). Disable SNAT Automap on the virtual server.
(D). Remove the HTTP profile from the virtual server.
Answer: D
NO.114 A BIG-IP Administrator makes a configuration change to a Virtual Server on the Standby
device of an HA pair. The HA pair is currently configured with Auto-Sync Enabled. What effect will the
change have on the HA pair configuration?
(A). The change will be undone when Auto-Sync propagates the config to the HA pair.
(B). The change will be propagated next time a configuration change is made on the Active device.
(C). The change will be undone next time a configuration change is made on the Active device.
(D). The change will take effect when Auto-Sync propagates the config to the HA pair.
Answer: D
The LTM devices LTM3 and LTM2 have four Traffic Groups defined with approximately the sar of
failover objects defined in each group.
- Traffic Groups A and C have Default Device set to LTM1
- Traffic Groups Band D have Default Device set to LTM2.
- Traffic Groups B and C do NOT have Auto Failback enabled. TrafficGroups A and D have Auto Failback
enabled with a timeout value of 60 seconds.
- Traffic Groups A and D have Auto Fallback enabled with a timeout value of 60 seconds.
Both LTM devices are healthy and able to pass traffic for any Traffic Group.
LTM1 loses connectivity on interface 1.4. The LTM Specialists notified 60 seconds after the interface
goes down.
51
What is the state of the Traffic Groups on each LTM device?

(A). LTM1: Traffic Group C
LTM2: Traffic Groups A, B, and 0
(B). LTM1: No Traffic Groups
LTM2: Traffic Groups A, B, C, and D
(C). LTM1: Traffic Groups A, B, C, and D
LTM2: No Traffic Groups
(D). LTM1: Traffic Groups B and C
LTM2: Traffic Groups A and 0
Answer: B
Explanation
If the 1.4 port is down and failsafe is triggered, the whole machine will become a standby, and all
Traffic Groups will be cut away, and no Traffic Group will remain.
NO.116 -- Exhibit -
-- Exhibit --
An LTM Specialist is troubleshooting an issue with a new virtual server. When connecting through the
virtual server, clients receive the message "The connection was reset" in the browser. Connections
directly to the pool member show the application is functioning correctly.
What is the issue?
(A). The pool member is failing the monitor check.
(B). The pool member default gateway is set incorrectly.
(C). The virtual server is configured with the incorrect SNAT address.
(D). The virtual server is processing encrypted traffic as plain-text HTTP.
Answer: D
NO.117 Active connections to pool members are unevenly distributed. The load balancing method is
Least Connections (member) Priority Group Activation is disabled. What is a potential cause of the
52
event distribution?
(A). Priority Group Activation is disabled
(B). SSL Profile Server is applied
(C). Persistence profile is applied
(D). incorrect load balancing method
Answer: C
NO.118 A local user account (Users) on the BIG-IP device is assigned the User Manager role. Userl
attempts to modify the properties of another account (User2), but the action fails. The BIG-IP
Administrator can successfully modify the User2 account.
Assuming the principle of least privilege, what is the correct way to allow User 1 to modify User2
properties?
(A). Move User2 to the same partition as User1
(B). Grant User1 administrative privileges
(C). Move User to the same partition as User2.
(D). Modify the partition access for User 1
Answer: D
Due to a change in application requirements, a BIG-IP Administrator needs to modify the

configuration of a Virtual Server to include a Fallback Persistence Profile.
Which persistence profile type should the BIG-IP Administrator use for this purpose?
(A). SSL
(B). Hash
(C). Universal
(D). Source Address Affinity
Answer: D
NO.120 A device group is made up of four members: LTM-A, LTM-B, LTM-C, and LTM-D. An LTM
Specialist makes a configuration change on LTM-B. Later, a different LTM Specialist notices a
"changes pending" message on all devices. When logged into LTM-D, the LTM Specialist attempts to
config-sync to the device group. The sync operation fails.
Why is the LTM Specialist on LTM-D unable to synchronize the configuration to the group?
(A). The changes made on LTM-B are invalid.
(B). LTM-D has the lowest commit-id of the group.
53
(C). NTP is NOT configured on the devices in the group.

(D). LTM-B is the device eligible to initiate a config-sync.
Answer: D
NO.121 What do the following iRule commands do when they are used in the same iRule?
set hsl [HSL::open -proto UDP -pool syslog_server_pool]
HSL::send $hsl "<190> [HTTP::host] from [whereis [IP::client_addr] country continent state city zip] ,
IP:
[IP::client_addr]"
(A). The commands set up a high-speed logging connection and then send the geographical database
to the server.
(B). The commands set up a high-speed logging connection and then send the host header and client
geographical detail to the connection.
(C). The commands set up a high-speed logging connection and then send the host header, HTTP
payload, and client geographical detail to the connection.
(D). The commands set up a high-speed logging connection to the LTM device and then send the host
header and client geographical detail to the connection.
Answer: B
NO.122 A virtual server configuration for traffic destined to a server is as shown:
FTP traffic is destined to the 192.168.1.101 server from the source of192.168.2.129.
Based on precedence, which virtual server accepts this traffic?
(A). MyVS4
(B). MyV53
(C). MyVS1
(D). MyVS2
Answer: D
NO.123 An F5 LTM Specialist needs to perform an LTM device configuration backup prior to RMA
swap.
Which command should be executed on the command line interface to create a backup?
(A). bigpipe config save /var/tmp/backup.ucs
(B). tmsh save /sys ucs /var/tmp/backup.ucs
(C). tmsh save /sys config /var/tmp/backup.ucs
(D). tmsh save /sys config ucs /var/tmp/backup.ucs
Answer: B
NO.124 An unwanted IP addresstries to connect to the configuration utility via Self IP An LTM
54
Specialist needs to block the attempts based on the IP address.

How should the ITM Specialist block the attempts without affecting other users?
(A). SSH IP allow list
(B). Port lockdown
(C). Devicetrust
(D). Packet filter
Answer: D
NO.125 An LTM device configuration is as shown:

An LTM device configuration is as shown
What should be the two expected outcomes based on this configuration? (Choose two.)
(A). A client session that has been idle for 16 minutes will be sent to the same pool member
(B). A client session that has been idle for 20 minutes will be balanced to a new pool member
(C). A client session that has been idle for 14 minutes will be balanced to a newpool member
(D). A client session that has been idle for 48 minutes will be sent to the same pool members
(E). A client session that has been idle for 12 minutes will be sent to the same pool member
Answer: B,E
55
A
user notifies the BIG-IP Administrator that http://remote company.com is NOT accessible. Remote
access to company resources must be encrypted.
What should the BIG-IP Administrator do to fix the issue?
(A). Change the Listening Port on remote.company.com_vs to Port 80
(B). Add a Pool to the Virtual Server remote.company.com_VS
(C). Add an iRule to remote.company.com_vs to redirect Traffic to HTTPS
(D). Change the Type of the Virtual Server remote.company.com_vs to Forwarding
Answer: C
Explanation
Requiring all traffic to be HTTPS access requires HTTP requests to be redirected directly to HTTPS.
NO.127 The pool members are serving up simple static web content.
The current virtual server configuration is given as follows:
tmsh list ltm virtual simple
ltm virtual simple {
destination 10.10.10.10:80
ip-protocol tcp
mask 255.255.255.255
profiles {
http { }
httpcompression { }
oneconnect { }
tcp { }
}
56
snat automap
vlans-disabled
}
tmsh list ltm pool simple_pool
ltm pool simple_pool {
members {
10.10.10.11:80 {
address 10.10.10.11 }
10.10.10.12:80 {
address 10.10.10.12 }
10.10.10.12:80 {
address 10.10.10.13 }
}
}
Which three objects in the virtual server configuration can be removed without disrupting
functionality of the virtual server? (Choose three.)
(A). tcp
(B). http
(C). oneconnect
(D). snat automap
(E). httpcompression
Answer: B,C,E
NO.128 TWO LTM devices are in the same Device Group and configured for Ac live/Standby Failover.
The LTM Specialist observes that the HA Active and Standby device constantly changes state. All
network links use the default route domain A dedicated fiber ink is used for the HA connection with a
latency of 250 ms but no packet loss.
What is causing the change in failover state to occur?
(A). The HA network is using the default routing domain.
(B). The HA network is using multicast IP.
(C). The HA network is not configured for mirroring.
(D). The HA network latency is too high.
Answer: B
NO.129 An LTM device is deployed in a one-armed topology. The virtual server, clients, and web
servers are connected on the LTM device internal VLAN. A client tries to connect to the virtual server
and is unable to establish a connection. A packet capture from the LTM device internal VLAN shows
that the HTTP request is being forwarded to the web server.
57
From which two additional locations should protocol analyzer data be collected? (Choose two.)
(A). network interface of web server
(B). network interface of client machine
(C). internal VLAN interface of LTM device
(D). external VLAN interface of LTM device
(E). any network interface of the Internet firewall
Answer: A,B
NO.130 A web server administrator informs the BIG-IP Administrator that web servers are
overloaded Starting next month, the BIG-IP device will terminate SSL to reduce web server load. The
BIG-IP device is ready using client SSL client profile and Rules on HTTP level. What actions should the
BIG-IP Administrators to achieve the desired configuration?
(A). Remove the server SSL profile and configure the Pool Members to use HTTP
(B). Remove the client SSL profile and configure the Pool Members to US HTTP
(C). Remove the chart SSL profile and change the Virtual Server to accept HTTP
(D). Remove the server SSL profile and change the Virtual Server to accept HTTP traffic
Answer: A
NO.131 A virtual server is using a TCP profile based on thetop-wan-optimized profile for a streaming
application Users report videos are loading slowly.
Which setting should be modified in the TCP profile to optimize the application?
(A). Disable Slow Start
(B). Disable Selective ACKs
(C). Disable Nagle's Algorithm
(D). Disable Reset on Timeout
Answer: A
NO.132 -- Exhibit -
-- Exhibit --
Based on the output of the tmsh interface show command, what is the issue?
(A). There is a duplex mismatch on the management interface.
(B). Interfaces 2.1 and 2.2 are defective and need replacement.
(C). Flow Control is NOT configured on the management interface.
(D). There are too many drops on inbound traffic on interface 1.1.
Answer: A
NO.133 When importing a PEM formatted SSL certificate, which text needs to appear first in the
file?
58
(A). --START CERTIFICATE....

(B). ...BEGIN CERTIFICATE....
(C). ...SECURITY CERTIFICATE....
(D). ...SSL CERTIFICATE....
Answer: B
NO.134 -- Exhibit -
-- Exhibit --
An LTM Specialist is troubleshooting an HTTP monitor that is marking a pool member as down.
Connecting to the pool member directly through a browser shows the application is up and
functioning correctly.
How should the send string be modified to correct this issue?
(A). GET /\r\n\r\n
(B). GET / HTTP/1.0\r\n\r\n
(C). GET /\r\nHost: \r\n\r\n
(D). GET /\r\nHTTP/1.0\r\n\r\n
Answer: B
NO.135 AN LTM Specialist needs to determine the delay between anLTM device and the internal
web server for a specific client.
Which two AVR reporting options should the LTM Specialist enable to measure the delay? (Choose
two.)
(A). User agents
(B). Methods
(C). Response codes
59
(D). Server latency

(E). Client IP
Answer: D,E
Explanation
The problem is to specify the server delay of the client
NO.136 An LTM Specialist has installed a hotfix that updated the SCCP firmware package.
Which command will ensure that the host subsystem and SCCP reboot?
(A). reboot
(B). full_box_reboot
(C). shutdown -r now
(D). The reboot should be initiated via the HTTPS administration GUI.
Answer: B
NO.137 Which two alerting capabilities can be enabled from within an application visibility reporting
(AVR) analytics profile? (Choose two.)
(A). sFlow
(B). SNMP
(C). e-mail
(D). LCD panel alert
(E). high speed logging (HSL)
Answer: B,C
NO.138 A BIG-IP Administrator uses backend servers to host multiple services per server. There are
multiple virtual servers and pools defined, referencing the same backend servers.
Which load balancing algorithm is most appropriate to have an equal number of connections on each
backend server?
(A). Least Connections (member)
(B). Least Connections (node)
(C). Predictive (member)
(D). Predictive (node)
Answer: B
Explanation
The same set of servers provides multiple services, that is, using different ports to provide different
services at the same time. The stem requirement is based on server connection balancing, not server
+ port, so it is node.
NO.139 A pool has four members. Ail of the servers have been designed and configured with the
same application.
Each client's request can significantly the performance of the servers.
Which load balancing method should the LTM Specialist use to maintain a relatively even loadacross
all servers?
(A). Least Connections
(B). Priority Group
(C). Ratio
(D). Observed
60
Answer: A
NO.140 An LTM Specialist needs to configure a virtual server with the requirements displayed
below.
Application is currently an internal HTTPapplication
Encrypted external user access
Links are hard for siteA example.com and need to rewritten to siteB.Example.com Which profiles
must the LTM Specialist use to provide the proper functionality?
(A). Clientssll, Stream
(B). Serverless, Stream
(C). Clientssl, fastL4, Stream
(D). Serverless, fastL4, Stream
Answer: A
Explanation
For http application and external encryption, clientssl is required, and if the message content needs
to be modified, the steam profile is required. FastL4 profile cannot coexist with clientssl and stream.
Which two pool members should be chosen for a new connection? (Choose two.)
(A). 172.16.15.9.80
(B). 172.16.15.4.80
(C). 172.10.15.2.80
(D). 172.16.15.1.80
(E). 172.16.15.7.80
Answer: B,E
61
NO.142 An LTM Specialist needs to create an iRule that creates persistence records based on a
JSESSIONID cookie.
If a persistence record already exists, then the iRule must persist the client connection according to
the existing record.
Which persistence profile enables the iRule to meet these requirements?
(A). Universal
(B). SSL
(C). Destination Address Affinity
(D). Cookie
(E). Source Address Affinity
Answer: A
NO.143 An LTM device an application that requires all connections to be secured via SSL The device
must verify that request contain a specific cookie before allowing the request to be sent to the pool
member.
Which virtual server type should an LTM Specialist configure on the LTM device?
(A). Stateless
(C). Standard
(E). Forwarding (IP)
Answer: C
NO.144 A BIG-IP Administrator needs to determine which pool members in a pool have been
manually forced offline and are NOT accepting any new traffic. Which status icon indicates this?
A)
B)
C)
D)
(A). Option
(B). Option
(C). Option
(D). Option
Answer: A
NO.145 A BIG-IP Administrator must configure the BIG-IP device to send system log messages to a
remote syslog server In addition, the log messages need to be sent over TCP for guaranteed delivery.
62
What should the BIG-IP Administrator configure?

(A). syslog-ng
(B). Request Logging Profile
(C). HSL Logging
(D). Remote Logging
Answer: D
NO.146 An LTM Specialist has a single HTTPS virtual server doing SSL termination. No server SSL
profile is defined. The pool members are on the internal VLAN answering on HTTP port 80. Users with
certain browsers are experiencing issues.
Which two locations are most appropriate to gather packets needed to determine the SSL issue?
(Choose two.)
(A). server interface
(B). user's computer
(C). LTM device's external VLAN
(D). LTM device's internal VLAN
(E). LTM device's management interface
Answer: B,C
NO.147 -- Exhibit -
63
-- Exhibit --
An LTM Specialist is troubleshooting an HTTP monitor that is marking a pool member as down.
Connecting to the pool member directly through a browser shows the application is up and
functioning correctly.
ltm monitor http http_mon {
defaults-from http
destination *:*
interval 5
recv "200 OK"
send "GET /\\r\\n"
time-until-up 0
timeout 16
}
What is the issue?
(A). The HTTP headers are compressed.
(B). The pool member is responding with a 404.
(C). The pool member is responding without HTTP headers.
(D). The request is NOT being received by the pool member.
Answer: C
NO.148 Which file should the BIG-IP Administrator check to determine when a Virtual Server
changed its status
(A). /var/log/audit
(B). /var/log/lastlog
(C). /var/log/tm
(D). /var/log/monitors
Answer: C
NO.149 An LTM device has a virtual server mapped to www5f.com with a pool assigned. The objects
64
are defined as follows:

Virtual server. Destination 192.168.245.100.443 netmask 255.255.255.0
Persistence: Source address persistence netmask 255.0.0.0
SNAT:AutoMap
Profiles: HnP/TCP
How should the BIG-IP Administrator modify the persistence profile so that each unique IP address
creates a persistence record?
(A). netmask 0.0.0.0
(B). netmask 255.255.255.255
(C). netmask 255.255.0.0
(D). netmask 255.256.255.0
Answer: B
NO.150 Which Standard Virtual Server settings should an LTM Specialist use toload balance across
routed path of two different ISPs?
(A). address translation enabled and port translation disabled
(B). both address and port translation enabled
(C). both address and port translation disabled
(D). address translation disabled and port translation enabled
Answer: B
NO.151 A pool with a default connection limit is configured to use Round Robin as the load
balancing method. An LTM Specialist needs to ensure that the LTM device selects a serverwith the
fewest number of connections when new clients connect. Another pool is using the same set of
backend servers.
Which load balancing-method should the pool be changed to?
(A). Weighted Least Connections (node]
(B). Weighted Least Connections (member)
(C). Least Connections
(D). Least Connections
Answer: C
NO.152 -- Exhibit -
-- Exhibit --
An LTM Specialist is investigating intermittent page load issues being reported by users.
What should the LTM Specialist do to resolve the issue?
65
(A). Remove HTTP monitor on the pool.

(B). Assign an HTTP monitor to the pool.
(C). Select least connections load balancing method on virtual server.
(D). Remove least connections load balancing method on virtual server.
Answer: B
NO.153 In preparation for a maintenance task, an LTM Specialist performs a "Force to Standby" on
LTM device Unit
1. LTM device Unit 2 becomes active as expected. The maintenance task requires the reboot of Unit
1. Shortly after the reboot is complete, the LTM Specialist discovers that Unit 1 has become active
and Unit 2 has returned to standby.
What would cause this behavior?
(A). Unit 1 is set with the redundancy state preference of active in devices groups.
(B). Unit 1 is set with the redundancy state preference of active in high availability.
(C). A traffic group is configured with Auto Failback, and Unit 1 is the default device.
(D). A device group is configured with Auto Failback, and Unit 1 is the default device.
Answer: C
NO.154 An LTM Specialist is working with an LTM device configured with 10 virtual servers on the
same domain with a different key/cert pair per virtual. For examplE. www.example.com;
ftp.example.com; ssh.example.com; ftps.example.com.
What should the LTM Specialist do to reduce the number of objects on the LTM device?
(A). create a 0 port virtual server and have it answer for all protocols
(B). create a 0.0.0.0:0 virtual server thus eliminating all virtual servers
(C). create a transparent virtual server thus eliminating all virtual servers
(D). create a wildcard certificate and use it on all *.example.com virtual servers
Answer: D
NO.155 An LTM device pair is configured for failover and connection mirroring. The LTM devices are
configured with virtual servers for HTTP, HTTPS with SSL offload, and SSH. An event occurs that
causes a failover.
HTTP and SSH sessions active at the time of failover remain active, but HTTPS sessions are dropped.
What is the root cause of this problem?
(A). The SSL certificates on the LTM devices do NOT match.
(B). Connection mirroring is incompatible with clientssl profiles.
(C). SNAT automap was NOT enabled for the HTTPS virtual servers.
(D). Connection mirroring was NOT enabled for the HTTPS virtual servers.
Answer: B
NO.156 An LTM device has been configured to log the reasons for generating TCP RST packets.
The following log entry occurs:
"01230140:3: RST sent from 192.168.1.100:80 to 192.168.1.124:39272, [0x112d82a:1721] {peer} TCP
RST from remote system." Which condition will trigger this log entry?
(A). A virtual server connection limit has been reached.
(B). The host at the other end terminated the TCP connection.
(C). The LTM device reset the connection because no pool members are available.
66
(D). The LTM device has reached the maximum number of allowed attempts to send the data
segment to the affected TCP connection.
Answer: B
NO.157 Windows PC clients are connecting to a virtual server over a high-speed, low-latency
network with no packet loss.
Which built-in client-side TCP profile provides the highest throughput for HTTP downloads?
(A). tcp
(B). tcp-legacy
(C). tcp-lan-optimized
(D). tcp-wan-optimized
Answer: C
The http monitor is applied to a pool. All members are enabled. One server responds as follows.
67
What is the resulting status of this poo! member?

(A). Offline (Disabled)
(B). Offline (Enabled)
(C). Unavailable (Disabled)
(D). Available (Enabled)
Answer: B
Explanation
The first picture "Send String" and "Receive String" are not clear. Send String should be "GOOD",
theresponse packet does not contain this keyword. Receive Disable String is completely unclear. If
the response packet contains the content of Receive Disable String at this time, it will be Available
(Disabled), If the content of Receive Disable String is not included, then Offline (Enabled).
NO.159 The web application team requests help from the LTM Specialist to Improve the
performance of their web sites that are load balanced by the F5 LTM device with a Standard Virtual
Server.
Which virtual server type will improve the performance of the web application servers?
(A). Performance (HTTP)
(B). Performance (Layer 4)
(C). Stateless
(D). Forwarding (IP)
Answer: A
NO.160 A BIG-IP Administrator needs to collect HTTP status code and HTTP method for traffic
flowing through a virtual server.
Which default profile provides this information?
(A). HTTP
(B). Analytics
(C). Request Adapt
(D). Statistics
Answer: A
NO.161 -- Exhibit -
68
-- Exhibit --
69
An LTM Specialist is troubleshooting an issue with an application configured on an LTM device. The
application works properly when accessed directly via the servers; however, it does not work when
accessed via the LTM device. The virtual server, 192.168.1.211:443, is configured to SNAT using the
address
192.168.1.144 and references a pool with the member 192.168.10.80:443. The virtual server has no
Client or Server SSL profiles associated.
Which configuration change will allow the application to function through the virtual server?
(A). Change pool member port to 8443.
(B). Change virtual server port to 8443.
(C). Add SSL off-loading to the pool member.
(D). Add Client and Server SSL profiles to the virtual server.
Answer: A
NO.162 Refer to the exhibit
Given the bigip conf extract shown where the servers only talk http on port 80, which node will
receive thenext user request?
(A). 72.10.1.1
(B). 10.1.1.1
(C). 10.1.1.2 0
(D). 10.1.1.3
Answer: D
NO.163 Given the log entry:

011f0005:3: HTTP header (32800) exceeded maximum allowed size of 32768 (Client sidE.
vip=/Common/VS_web profile=http pool=/Common/POOL_web client_ip=10.0.0.1) Which HTTP
profile setting can be modified temporarily to resolve the issue?
(A). Increase Maximum Requests
(B). Decrease Maximum Requests
(C). Increase Maximum Header Count
(D). Decrease Maximum Header Count
70
(E). Increase Maximum Header size

(F). Decrease Maximum Header size
Answer: E
An LTM Specialist has multiple SNAT and virtual server objects configured as in the bigip.conf shown.
The LTMSpecialist tests a connection from a client with. IP 172.163.31.11 to 192.168.0.100:80.
Which two objects will show an increase in Local Traffic statistics connections?
(A). VS_A&SNAT_B
(B). VS_B&SNAT_B
(C). VS_ B & SNAT A
(D). VS_A & SNAT A
Answer: A
NO.165 A new HITP server has been deployed on an LTM device. The application running on the
server must be monitored by the LIM device. The following is required:
A new HITP server has been deployed on an LTM device. The application running on theserver must
be monitored by the LIM device. The following is required:
When the server is unavailable, it will send an HTTP status code of 200 in response to a request for
the status html page.
When the server is available. I will send and HTTP status code of 201 in response to a request for the
status html page.
When the 200 status code is received, the pool member should receive No new connections.
Which configuration change should be made to meet these requirements?
(A). set the Send String to GET/status html and the Receive String to 200 and Receive Disable String to
201.
(B). set the Send String to GET Arian and the Receive String to 200 and Receive Disable String to 201.
(C). set the Send String to GET Arian and the Receive Disable String to 200 andReceive String to 201.
(D). set the Send String to Get /status html and the Receive Disable String to 200 and Receive String
to 201.
Answer: D
71
NO.166 An LTM Specialist needs to loadbalance an application using an LTM device to meet the
requirements:
The application servers do NOT Support SSL, but client access to the application should be secured.
Multiple requests from the same client should be sent to the same pool member.
All pool members will have roughly the same processing power, and traffic should be distributed
evenly.
The LTM device is NOT the pool members' default gateway.
which configuration should the LTM Specialist.
(A). a performance 14 virtual server with a SNAT and cookie persistence
(B). a performance L4 virtual server with a Client SSL profile and Source Address persistence
(C). A performance L4 virtual server with a SNAT, HTTP profile. Server SSL profile, and cookie
persistence
(D). A standard virtual server with a SNAT, HTTP profile Server SSL profile, and cookie persistence
(E). A standard virtual server with a SNAT, HTTP profile, Client profile, andd cookie persistance.
Answer: E
NO.167 A BIG-IP Administrator reviews the log files to determine the cause of a recent problem and
finds the following entry.
Mar 27.07.58.48 local/BIG-IP notice mcpd {5140} 010707275 Pool member 172.16.20.1.10029
monitor status down.
What is the cause of this log message?
(A). The pool member has been disabled.
(B). The pool member has been marked as Down by the BIG-IP Administrator.
(C). The monitor attached to the pool member needs a higher timeout value.
(D). The monitor attached to the pool member has failed.
Answer: D
NO.168 An LTM Specialist needs to rewrite text within an HTML response from a web server. A
client is sending the HTTP request below:
GET / HTTP/1.1
Host: www.f5.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-LanguagE. en-US,en;q=0.5
Accept-EncodinG. gzip, deflate Cache-Control: no-cache Connection: keep-alive CookiE.
somecookie=1 Although a stream profile has been added to the virtual server, the content within the
HTTP response is NOT being matched, and therefore NOT modified.
Which HTTP header should the LTM Specialist remove from the request to ensure the content can be
matched and modified?
(A). Connection
(B). Accept
(C). Cache-Control
(D). Accept-Encoding
Answer: D
NO.169 For a given Virtual Server, the BIG-IP must perform SSL Offload and negotiate secure
72
communication overTLSvl.2only.
What should the BIG-IP Administrator do to meet this requirement?
(A). Configure a custom SSL Profile (Client) and select no TLSvl in the options list
(B). Configure a custom SSL Profile (Client) with a custom TLSV1.2 cipher string
(C). Configure a custom SSL Profile (Server) and select no TLSvl in the options list
(D). Configure a custom SSL Profile (Server) with a custom TLSV1.2 cipher string
Answer: B
Explanation
no TLSvl only disables TLS1.0, TLS1.1 is still used and does not meet the requirements.
NO.170 The following decoded TCPDump capture shows the trace of a failing health monitor.
00:00:13.245104 IP 10.29.29.60.51947 > 10.0.0.12.http: P 1:59(58) ack 1 win 46 <nop,nop,timestamp
2494782300 238063789> out slot1/tmm3 lis=
0x0000: 4500 006e 3b19 4000 4006 ce0c 0a1d 1d3c E..n;.@.@......<
0x0010: 0a00 000c caeb 0050 8be5 aca3 dd65 e3e1 .......P.....e..
0x0020: 8018 002e 1b41 0000 0101 080a 94b3 5b5c .....A........[\
0x0030: 0e30 90ad 4745 5420 2f74 6573 745f 7061 .0..GET./test_pa
0x0040: 6765 2e68 746d 6c20 4854 5450 312e 310d ge.html.HTTP1.1.
0x0050: 0a48 6f73 743a 200d 0a43 6f6e 6e65 6374 .Host:...Connect
0x0060: 696f 6e3a 2043 6c6f 7365 0d0a 0d0a 0105 ion:.Close......
0x0070: 0100 0003 00 .....
00:00:13.245284 IP 10.0.0.12.http > 10.29.29.60.51947: . ack 59 win 362 <nop,nop,timestamp
238063789
2494782300> in slot1/tmm3 lis=
0x0000 0ffd 0800 4500 00c9 6f68 4000 8006 755d ....E...oh@...u]
0x0010 0a29 0015 0a29 0103 0050 e0d6 4929 90eb .)...)...P..I)..
0x0020 6f12 d83c 8019 fab3 9b31 0000 0101 080a o..<.....1......
0x0030 0068 4e10 5240 6150 4854 5450 2f31 2e31 .hN.R@aPHTTP/1.1
0x0040 2034 3030 2042 6164 2052 6571 7565 7374 .400.Bad.Request
0x0050 0d0a 436f 6e74 656e 742d 5479 7065 3a20 ..Content-Type:.
0x0060 7465 7874 2f68 746d 6c0d 0a44 6174 653a text/html..Date:
0x0070 2054 6875 2c20 3231 204a 616e 2032 3031 .Mon,.01.Jan.201
0x0080 3020 3138 3a35 383a 3537 2047 4d54 0d0a 2.00:00:01.GMT..
0x0090 436f 6e6e 6563 7469 6f6e 3a20 636c 6f73 Connection:.clos
0x00a0 650d 0a43 6f6e 7465 6e74 2d4c 656e 6774 e..Content-Lengt
0x00b0 683a 2032 300d 0a0d 0a3c 6831 3e42 6164 h:.20....<h1>Bad
0x00c0 2052 6571 7565 7374 3c2f 6831 3e .Request</h1>
The health monitor is sending the string shown in the capture; however, the server response is NOT
as expected. The correct response should be an HTML page including the string 'SERVER IS UP'.
What is the issue?
(A). The /test_page.html does NOT exist on the web server.
(B). Incorrect syntax in send string. 'HTTP1.1' should be 'HTTP/1.1'.
(C). Incorrect syntax in send string. 'Connection: Close' should be 'Connection: Open'.
(D). The wrong HTTP version is specified in the send string. Version 1.2 should be used instead of
version
1.1.
73
Answer: B
NO.171 AN LTM Specialist is setting up a new HTTPS virtual server to decrypt client traffic. SNAT the
traffic and send the encrypted traffic to the poor member, the client's IP address must be included in
the traffic sent to the pool member.
What is a complete set of profiles that must be configured for the virtual server to meet these
requirements?
(A). TCP, Client SSL, Server SSL
(B). TCP , Server SSL, HTTP
(C). TCP, Client SSL, HTTP
(D). TCP, Client SSL, Server SSL, HTTP
Answer: D
NO.172 An LTM Specialist is troubleshooting an issue where one LTM device in a three LTM device
group is failing to synchronize after a synchronize to group command is issued. The LTM Specialist
verifies there are no packet filters, port lock down, or network issues preventing the connection.
What are two reasons the synchronization group is having issues? (Choose two.)
(A). Certificates expired on all of the peer LTM devices.
(B). Certificates stored for the device trusts on all of the peer LTM devices are corrupted.
(C). Admin passwords changed on one of the peer LTM devices that are able to synchronize.
(D). Admin password changed on the LTM device NOT receiving the synchronized configurations.
(E). Certificates stored for the device trusts on the LTM device NOT receiving the configuration are
corrupted.
Answer: D,E
NO.173 A BIG-IP Administrator is configuring an SSH Pool with five members.

Which Health Monitor should be applied to ensure that available pool members are monitored
accordingly?
(A). https
(B). udp
(C). http
(D). tcp
Answer: D
NO.174 Exhibit.
The LTM devicesLTM1 and LTM2 are configured in a Device Group (Sync Failover) with Network
Failover configured on both the management and HA and Internal VLANS. and ConfigSync is confined
in a Device Group (Sync Failover) with Network Failover and internal are tagged ona single trunk with
subnets Connection Mirroring is configured on both the HA interlace directly connected between
LTM1 and LTM2, and the management interlace is connected to a management switch. The LTM
74
devices have four Traffic Groups defined, and both LTM devices are healthy and capable of passing
traffic for any of the Traffic Groups.
An LTM Specialist disconnects the cable for the HA network in an effort to test failover.
Which HA functionality works in this case?
(A). ConfigSync does NOT work. Connection Mirroring floes NOT work.
(B). ConfigSync works Connection Mirroring works
(C). ConfigSync works. Connection Mirroring docs NOT work
(D). ConfigSync does NOT work; Connection Mirroring works
Answer: D
NO.175 The BIG-IP Administrator configures an HTTP monitor with a specific receive string. The
status is marked
'down'.
Which tool should the administrator use to identify the problem?
(A). Ping
(B). Health
(C). tcpdump
(D). ifconfig
Answer: C
NO.176 Exhibit.
An LTM Specialist needs to configure VS^HTTP and VS_DB for an online shopping site. The VS HTTP
passes the client requests to the webservers. The webservers query the database serversthrough the
VS_DB.
Initially, the LTM Specialist finds the database servers directly return the packets to the webservers.
which setting must be enabled for the configuration to function correctly?
75
(A). VS_HTTP snat auto map

(B). VS.HTTP auto last hop
(C). VS DB auto last hop
(D). VS_DB snat auto map
Answer: C
NO.177 A failover event is recorded in the log messages:

Jan 01 00:00:50 BIG-IP notice sod[5855]: 01140029:5: HA proc_running tmm fails action is go offline
and down links.
Jan 01 00:00:50 BIG-IP notice sod[5855]: 010c0050:5: Sod requests links down.
Jan 01 00:00:50 BIG-IP notice sod[5855]: 010c0054:5: Offline for traffic group /Common/traffic-
group-1.
Jan 01 00:00:50 BIG-IP notice sod[5855]: 010c003e:5: Offline
Jan 01 00:00:50 BIG-IP notice logger: /usr/bin/tmipsecd --tmmcount 4 ==> /usr/bin/bigstart stop
racoon Jan 01 00:00:50 BIG-IP info lacpd[5502]: 01160016:6: Failover event detected. (Switchboard
failsafe disabled while offline) Jan 01 00:00:51 BIG-IP err bcm56xxd[5296]: 012c0010:3: Failover
event detected. Marking external interfaces down. bsx.c(3633) Jan 01 00:00:51 BIG-IP info
bcm56xxd[5296]: 012c0015:6: Link: 1.1 is DOWN Jan 01 00:00:56 BIG-IP notice mcpd[5318]:
0107143c:5: Connection to CMI peer 10.0.0.3 has been removed Jan 01 00:00:56 BIG-IP notice
mcpd[5318]: 0107143a:5: CMI reconnect timer: enabled Jan 01 00:00:56 BIG-IP notice mcpd[5318]:
01071431:5: Attempting to connect to CMI peer 10.0.0.3 port
6699
What is the cause of the failover?
(A). TMM failed, and VLAN fail-safe initiated the failover.
(B). TMM failed, and system fail-safe initiated the failover.
(C). Loss of connection to CMI peer 10.0.0.3 initiated the failover.
(D). A switchboard failure caused system fail-safe to initiate the failover.
Answer: B
NO.178 -- Exhibit -
76
-- Exhibit --
A user is unable to access an application.
(A). The User-Agent is incorrect.
(B). The 'Content-Length' is zero.
(C). The user failed authentication.
(D). The GET request uses the wrong syntax.
Answer: C
NO.179 -- Exhibit -
77
-- Exhibit --
An LTM Specialist has uploaded a qkview to F5 iHealth.
Within the GUI, what is the correct procedure to comply with the recommendation shown in the
exhibit?
(A). Obtain product version image from release.f5.com.
Overwrite existing image with new product version image.
Select product version image and click Install.
Select the available disk and volume set name.
(B). Obtain product version image from images.f5.com.
Overwrite existing image with new product version image.
(C). Obtain product version image from downloads.f5.com.
Import product version image.
Install image onto BIG-IP platform.
(D). Log a call requesting the product version image via websupport.f5.com Import product version
image.
Install image onto BIG-IP platform.
Answer: C
NO.180 A customer needs to intercept all of the redirects its application is sending to clients. When
78
a redirect is matched, the customer needs to log a message including the client IP address.
Which iRule should be used?
(A). when HTTP_RESPONSE {
if { [HTTP::is_3xx] } {
log local0. "redirecting client ip address [IP::addr [IP::remote_addr]]"
}
}
if { [HTTP::is_301] } {
}
}
(C). when HTTP_REQUEST {
if { [HTTP::is_redirect] } {
}
}
if { [HTTP::is_redirect] } {
}
}
Answer: D
How many nodes are represented on the network map shown?

(A). Four
(B). Three
(C). One
(D). Two
Answer: B
NO.182 RADIUS authentication has been configured on the LTM device. The default remote user
access requirements are as shown:
* Read only access tothe configuration Utility
79
* Access to TMOS shell

Which two items need to be configured in this situation? (Choose two)
(A). Console access is Advanced Shell
(B). Console access is Read Only
(C). Default remote user role is Guest
(D). In Console access is TMSH
(E). Default remote user role is Manager
(F). Default remote user role is Operator
Answer: D
NO.183 An LTM Specialist needs to provide statistics regarding the round-trip time betweenthe
clients and the servers.
Which metric should be part of the analytics profile to provide that information?
(A). Page Load Time
(B). User Sessions
(C). Max TPS and Throughout
(D). Response Codes
Answer: A
NO.184 An LTM Administrator receives an email from the NOC stating that the switch connected to
the backend server was shut down for maintenance. The BIG-IP device handles only UDP traffic. The
BIG IP device did not fail over to a DR location when no pool members were available.
When theLTM Administrator checks the pool, it confirms that the monitor is still marking UP the pool
member.
A tcpdump of the traffic shows the following output:
A list of the monitor configuration shows the following:
80
Which two modifications to the LTMconfiguration will mark this pool member down, when the switch
is down? (Choose two.)
(A). increase the timeout to three times the interval
(B). add a reverse string to the game monitor
(C). enable reverse and wait for the next connection
(D). also assign a gatewayjcmp monitor to the pool
(E). enable manuai-resume on the same monitor
Answer: B,D
NO.185 Which Virtual Server type prevents the use of a default pool?
(A). Performance (Layer 4)
(B). Forwarding (IP)
(C). Performance HTTP
(D). Standard
Answer: B
Explanation
Forwarding (IP) cannot be associated with the pool.
NO.186 An LTM Specialist is troubleshooting an HTTP monitor. The pool member is accessible
directly through a browser, but the HTTP monitor is marking the pool member as down.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
DatE. Tue, 23 Oct 2012 21:39:07 GTM
Server: Apache/2.2.22 (FreeBSD) PHP/5.4.4
mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2
Content-LengtH. 226
Connection: close
Content-TypE. text/html; charset=iso-8859-1
(A). Add '200 OK' to the monitor's receive string.
(B). Add 'Connection: close\r\n' to the monitor's send string.
(C). Change the interval on the monitor from 5 seconds to 30 seconds.
(D). Change the HTTP version in the send string from HTTP/1.1 to HTTP/1.0.
Answer: D
NO.187 A BIG-IP Administrator is configuring a pool with members who have differing capabilities.
Connections to pool members must be load balanced appropriately.
Which load balancing method should the BIG-IP Administrator use?
(A). Least Sessions
(B). Least Connections (member)
(C). Fastest (node)
(D). Weighted Least Connections (member)
Answer: D
NO.188 A BIG-IP Administrator makes a configuration change to the BIG-IP device. Which file logs
the message regarding the configuration change?
81
(A). /var/log/messages
(B). /var/log/audit
(C). /var/log/user.log
(D). /var/log/secure
Answer: B
Explanation
About audit logging
Audit logging is an optional feature that togs messages whenever a BIG-IP system object, such as a
virtual server or a load balancing pool, is confined (that is. created, modified, or deleted). The BiGIP
system logs the messages for these auditing events in the file /var/log'audit There are three ways
that objects can be configured
* By user action
* By system action
* By loading configuration data
Whenever an object is configured in one of these ways, the BIG-IP system logs a message to the audit
log
NO.189 An LTM Specialist with the Administrator role and terminal access of "tmsh" logs in via ssh
and is in the Traffic Manager Shell. The LTM Specialist wants to enter the bash shell to review log
files.
Which command does the LTM Specialist need to run to access the bash shell?
(A). exit
(B). quit
(C). run /cli bash
(D). run /util bash
Answer: D
NO.190 A BIG-IP Administrator is conducting maintenance on one BIG-IP appliance in an HA Pair.

Why should the BIG-IP Administrator put the appliance into FORCED_OFFLINE state?
(A). To preserve existing connections to Virtual Servers and reduce the CPU load
(B). To allow new connections to Virtual Servers and ensure the appliance becomes active
(C). To terminate connections to the management IP and decrease persistent connections
(D). To terminate existing connections to Virtual Servers and prevent the appliance from becoming
active
Answer: D
NO.191 -- Exhibit -
82
-- Exhibit --
An LTM Specialist configures a virtual server for an internal application to perform client-side
encryption while allowing the server-side traffic to be unencrypted. Application users report that
images are NOT loading through the virtual server; however, images load when going directly to the
server.
What should the LTM Specialist configure to allow the images to load through the virtual server?
(A). HTTP profile with "SSL Offload" enabled
(B). HTTP profile with "SSL Offload" disabled
(C). Stream profile with source "http:" and target "https:"
(D). Stream profile with target "http:" and source "https:"
Answer: C
NO.192 -- Exhibit -
83
-- Exhibit --
An LTM Specialist is troubleshooting a sync-failover group of three BIG-IP LTM devices. The command
used is "tmsh run cm watch-devicegroup-device." What does the output mean?
(A). Configuration is synchronized between all the devices.
(B). Configuration is not synchronized. Some modifications have been done on bigipA.
(C). Configuration is not synchronized. Some modifications have been done on bigipB.
(D). Configuration is not synchronized. Some modifications have been done on bigipC.
Answer: C
NO.193 Given:
Filesystem Size Used Avail Use% Mounted on
/dev/md11 248M 248M 0 100% /
/dev/md13 3.0G 76M 2.8G 3% /config
/dev/md12 1.7G 1.1G 476M 71% /usr
/dev/md14 3.0G 214M 2.6G 8% /var
/dev/md0 30G 2.2G 26G 8% /shared
/dev/md1 6.9G 288M 6.3G 5% /var/log
none 3.9G 452K 3.9G 1% /dev/shm
none 3.9G 19M 3.9G 1% /var/tmstat
none 3.9G 1.2M 3.9G 1% /var/run
prompt 4.0M 12K 4.0M 1% /var/prompt
/dev/md15 12G 8.3G 3.1G 74% /var/lib/mysql
Which command is used to produce this output?
(A). df
(B). du
(C). lsof
(D). ps
(E). vmstat
Answer: A
NO.194 An LTM Specialist needs to use the tmsh command to create a pool named http_pool with
member
10.10.101:80 on an LTM device.
Which expression should the LTM Specialist use?
(A). # tmsh create pool http_pool members {10.10.10.101:80}
(B). # tmsh create pool http_pool members add {10.10.10.101:80}
(C). # tmsh create it pool http_pool members {10.10.10.101:80}
(D). # tmsh create itm pool http_pool member {10.10.10.101:80}
Answer: C
Explanation
84
The option should be wrong, it should ne itm instead of it, the correct command is:tmsh create itm
pool
http_pool members add(10.10.10.101:80}
NO.195 An LTM Specialist reports that an application si no longer reachable after it has
beenupgraded.
Nothing has been changed in the configuration on the LTM device.
The logs indicates that health monitors to all servers have failed as shown:
What should the LTM Specialist verify next?
(A). That the TCP hand shake with the servers is stall completed using tcpdump
(B). That the custom receive string for the HTTP monitor has changed with the upgrade
(C). That the can still ping the servers from te BIG_ IP device.
(D). That the firewall between the BIG-ip device and servers is still allowing HTTP
Answer: B
Explanation
The log shows that tcp detection is normal, but http detection is abnormal. So we should pay
attention to the detection problem of http level
NO.196 AN LIM Specialist must upgrade the VCMP Guest active/standby LTM pair from version 11.3
to 11.5.3 on two VCMP Hosts.
where should the LTM Specialist import the latest 11.5.3 ISO images?
(A). to the primary VCMP Host and the active Guest instance
(B). to both VCMP Hosts
(C). to the secondary vCMP Host and the standby Guest instance
(D). to the VCMP Guest instances
Answer: D
NO.197 A failover event is recorded in the following log messages:

Jan 01 00:56:56 BIG-IP notice mcpd[5318]: 01070727:5: Pool /Common/my-pool member
/Common/10.0.0.10:80 monitor status down.
Jan 01 00:56:56 BIG-IP notice sod[5855]: 010c0045:5: Leaving active, group score 10 peer group score
20.
Jan 01 00:56:56 BIG-IP notice sod[5855]: 010c0052:5: Standby for traffic group /Common/traffic-
group-1.
Jan 01 00:56:56 BIG-IP notice sod[5855]: 010c0018:5: Standby
Jan 01 00:57:06 BIG-IP notice logger: /usr/bin/tmipsecd --tmmcount 4 ==> /usr/bin/bigstart stop
racoon What is the cause of the failover?
(A). The HA group score changed.
(B). No traffic is seen on traffic-group-1.
(C). The peer device left the traffic group.
(D). The racoon service stopped responding.
Answer: A
NO.198 What should the 816-IP Administrator provide when opening a new ticket with F5 Support?
(A). bigip.license file
(B). QKViewfile
85
(C). Device root password

(D). SSL private keys
Answer: B
NO.199 An HTTP 1.1 application utilizes chunking.

Which header should be used to notify the client's browser that there are additional HTTP headers at
the end of the message?
(A). ETag
(B). From
(C). Trailer
(D). Expect
Answer: C
NO.200 A Web Server Administrator uses a manual process to display a page when the service is
down.
Which feature on the LTM device should be used to automate the service down page? :
(A). Enable Request Queueing
(B). Action on Service Down
(C). Redirect Rewrite
(D). Fallback Host
Answer: D
NO.201 Interface 1.2 on a BIG-IP VE has a status of UNINITIALIZED. What is the reason for this
status?
(A). Interface 1.2 has been added to a trunk.
(B). Interface 1.2 has NOT been assigned to a VLAN.
(C). Interface 1.2 has been disabled.
(D). No default route has been created.
Answer: B
Explanation
trunk is a portchannel, you need to add a physical interface.
NO.202 -- Exhibit -
86
-- Exhibit --
An LTM Specialist is reviewing the virtual server configuration on an LTM device.
Which two actions should the LTM Specialist perform to minimize the virtual server configuration?
(Choose two.)
(A). Remove 'snat automap' from the virtual server.
(B). Remove the 'http' profile from the virtual server.
(C). Remove the 'default_class' from the virtual server.
(D). Combine 'acct_class' and 'marketing_class' into one class and update associations on the virtual
server.
(E). Combine 'marketing_class' and 'default_class' into one class and update associations on the
virtual server.
Answer: C,D
NO.203 An LTM Specialist needs to gather website statistics such as latency and throughput on the
existing virtual server. This virtual server loadBalances the backend web servers.
87
Which F5 feature will provide this?

(A). the Performance panel
(B). the AVR module
(C). the Dashboard
(D). the Statistics panel
Answer: B
NO.204 An LTM Specialist needs to deploy a virtual server that will load balance traffic targeting
https://register.example.com to a set of three webservers. Persistence needs to be ensured. No
persistence mirroring is allowed SSL offloading is required.
A fourth web server with fewer resources will be used to handle requests from engine bots to
https://register.example.comvrobots.txt by an iRule. The(Rule will use the HTTP_REQUEST event. .
What are the required profile and persistence settings to implement this
(A). tcp. dientssl, hup, source address persistence
(B). tcp, clientssl, http. cookie persistence
(C). tcp, clientssl, serverssl, ssl persistence
(D). tcp, clientssl, http, serverssl cookie persistence
Answer: B
Explanation
The option is wrong, it should be clientssl and serverssl. If the title requires ssl offload instead of
encryption, you need clientssl instead of serverssl. irule needs HTTP profile to enable HTTP_REQUEST.
If the session cannot be mirrored, the cookie session remains to meet the demand.
NO.205 -- Exhibit -
-- Exhibit --
Which step should an LTM Specialist take next to finish upgrading to HD1.3?
(A). Install image to HD1.3
(B). Install hotfix to HD1.3
(C). Activate HD1.3
(D). Relicense HD1.3
Answer: C
NO.206 Refer to the Exhibit.
88
An LTM Specialist notices that two members in a pool are overloaded. To relive the existing members
a fourth member (10.128.20.14) is brought up.
How many member will receive and process new connections?
(A). 4
(B). 3
(C). 2
(D). 1
Answer: C
NO.207 -- Exhibit -
89
-- Exhibit --
An LTM device is used to load balance web content over a secure channel.
The developers of the web content have done a trace using an HTTP profiler application. They believe
that allowing the LTM device to compress traffic to the client will improve performance. The client
can utilize GZIP or deflate compression algorithms.
An LTM Specialist must implement the compression.
The LTM Specialist has completed the following actions:
1. Create the relevant profile.
2. Apply the relevant profile to the virtual server (VS).
After applying the relevant profile, the LTM device is failing to compress the traffic. Instead, the
traffic is being served with an error.
(A). The incorrect compression algorithm is applied to the compression profile.
90
(B). The LTM device CANNOT SSL offload the traffic in order to read and compress it.
(C). The Protocol Profile (Client) option of "Allow Compression" needs to be enabled.
(D). The Protocol Profile (Server) option of "Allow Compression" needs to be enabled.
Answer: B
NO.208 An LTM Specialist needs to add a pool that will load balanceMYSOL services. It has four
members, each with differing hardware platforms. All pool members are already assigned to another
pool for load balancing FTP traffic.
Which load balancing method is most effective when the LTM Specialist sets up the pool?
(A). Observed (node)
(B). Predictive member)
(C). Round Robin
(D). Least Connections (node)
Answer: A
NO.209 An LTM Specialist needs to terminate client SSL traffic and based on the cookie presented by
client.
Which set of profiles should the LTM Specialist use?
(A). HTTPS, Client SSL, Cookie Persistence Profile
(B). HTTP, Server SSL, SSL Cookie Profile
(C). HTTPS, Server SSL, SSL Cookie Profile
(D). HTTP, Client SSL, Cookie Persistence Profile,
Answer: D
NO.210 Which method is recommended for creating a new user from the CLI?
(A). Run f5adduser username' then 'f5passwd username' from bash or tmsh
(B). Run tmsh create auth user username prompt for password' from bash
(C). edit bigip.conf to add the new user and the user's clear-text password
(D). Run useradd username' then 'passwd username' from bash tmsh
Answer: B
NO.211 A BIG-IP device sends out the following SNMP trap:

big-ipo.f5.com - bigipExternalLinkChange Link: 1.0 is DOWN
Where in the BIG-IP Configuration utility should the BIG-IP Administrator verify the current status of
Link
1.0?
(A). System > Platform
(B). Network > Trunks > Trunk List
(C). Statistics > Performance > System
(D). Network > Interfaces > Interface List
Answer: D
Explanation
1.0 is a physical interface, you can see the interface status from the physical interface in the network.
NO.212 A company plans to launch a huge marketing campaign and expects increase demand of
their secure website.
91
With the current virtual server setup, the LTM Specialist expects that the LTM device will reach its
capacity limits. For the wen application to function properly. Cookies persistence is required. The
LTM Specialist needsto reduce LTM device load without breaking the application.
Which two settings should the LTM Specialist modify to meet the requirement? (Choose two.)
(A). Remove HTTP compression profile
(B). Remove HTTP profile
(C). Remove web acceleration profile.
(D). Modify virtual Server type to performance (Layer 4)
(E). Remove ClientSSL profile
Answer: A,C
Explanation
It is required that cookie persist must be used and http profile must be used, and SSL offloading must
also be required. It must be in standard mode,excluding BD E.
Why is the virtual server responsive to incoming connections?

(A). The pool member is disabled
(B). The pool member monitor failed
(C). The node is disabled.
(D). The node monitor failed
Answer: B
NO.214 A new BIG-IP VE is deployed with default settings. The BIG-IP Administrator completes the
setup utility in the Configuration Utility. The internal self IP address fails to respond to a ping request.
What is a possible cause of this issue?
(A). Port lockdown on internal self IP is set to Allow None
(B). Route is NOT assigned to internal self IP.
(C). Internal interface VLAN is set to untagged
(D). Internal interface VLAN is set to tagged
Answer: D
NO.215 Which two items can be logged by the Application Visibility Reporting analytics profile?
(Choose two.)
(A). User Agent
(B). HTTP version
(C). HTTP Response Codes
(D). Per Virtual Server CPU Utilization
Answer: A,C
92
NO.216 A BIG-IP Administrator configures a Virtual Server. Users report that they always receive a
TCP RST packet to the BIG-IP system when attempting to connect to it. What is the possible reason
for this issue?
(A). The virtual server Type is set to Internal
(B). The virtual server Type is set to Reject
(C). The virtual server Type is set to Drop
(D). The virtual server Type is set to Stateless
Answer: B
A BIG-IP Administrator creates a new Virtual Server to load balance SSH traffic. Users are unable to
log on to the servers.
What should the BIG-IP Administrator do to resolve the issue?
(A). Set Protocol to UDP
(B). Set HTTP Profile to None
(C). Set Source Address to 10.1.1.2
(D). Set Destination Addresses/Mask to 0.0.0.0/0
Answer: B
93
How are new connections load balanced?

(A). To the first two members listed with the same priority group
(B). To the pool member with the least number of connections
(C). To the pool member with a high priority group value defined
(D). To the pool member with a low priority group value defined
Answer: B
NO.219 -- Exhibit -
-- Exhibit --
Which two servers are missing two frequently used URLs? (Choose two.)
(A). 172.16.20.1 /text.one /text.txt
(B). 172.16.20.2 /text.one /text.txt
(C). 172.16.20.1 /text.txt /browserspecific.html
(D). 172.16.20.2 /text.one /browserspecific.html
(E). 172.16.20.3 /text.one /browserspecific.html
Answer: B,E
94
NO.220 -- Exhibit -
95
-- Exhibit --
An LTM Specialist is reconfiguring a virtual server to redirect all clients to HTTPS. Testing reveals that
the redirect is functioning incorrectly. As part of the troubleshooting process, the LTM Specialist
performs a packet capture.
What is the issue?
(A). The redirect is causing an infinite loop.
(B). The virtual server is missing a clientssl profile.
(C). The redirect is sending the client to the incorrect location.
96
(D). The virtual server is incorrectly processing the HTTP request.

Answer: C
NO.221 Which process can be eliminated by terminating SSL communication on the LTM device
rather than the backend pool members?
(A). generating CSRS
(B). obtaining SSL certificatesfrom a certificate authority
(C). administering SSL on the web servers
(D). applying security patches on the backend pool members
Answer: C
NO.222 A 8IG-IP device is replaced with an RMA device. The BIG-IP Administrator renews the license
and tries to restore the configuration from a previously generated UCS archive on the RMA device.
The device configuration is NOT fully loading. What is causing the configuration load to fail?
(A). The Device Group is NOT configured for Full Sync.
(B). The US does NOT contain the full config
(C). The clock is NOT set correctly
(D). The Master Key is NOT restored
Answer: D
NO.223 A BIG-IP Administrator plans to resolve a non-critical issue with a BIG-IP device in 2 weeks.
What Severity level should be assigned to this type of F5 support ticket?
(A). 4
(B). 2
(C). 3
(D). 1
Answer: A
NO.224 -- Exhibit -
-- Exhibit --
97

An LTM Specialist is performing an HTTP trace on the client side of the LTM device and notices there
are many undesired headers being sent by the server in the response. The LTM Specialist wants to
remove all response headers except "Set-Cookie" and "Location." How should the LTM Specialist
modify the HTTP profile to remove undesired headers from the HTTP response?
(A). Enter the desired header names in the 'Request Header Insert' field.
(B). Enter the undesired header names in the 'Request Header Erase' field.
(C). Enter the undesired header names in the 'Response Header Erase' field.
(D). Enter the desired header names in the 'Response Headers Allowed' field.
Answer: D
The http monitor is applied to a pool All members are enabled One pool member stops responding
TCP port
80. The server still responds to ping.
What is the resulting status ofthis pool member?
(A). Available (Enabled)
(B). Offline (Disabled)
(C). Unavailable (Disabled)
(D). Unknown (Enabled)
Answer: A
NO.226 A web application requires the client to provide the destination server and service
identification.
(A). Connection
(B). Host
(C). From
(D). Expect
Answer: B
98
-- Exhibit --
99

determine the cause of the problem. The LTM Specialist has the tcpdump extract. The client loses
connection with the LTM device.
Where is the reset originating?
(A). the local switch
(B). the application server
(C). the device initiating the connection
(D). the destination device of the initial connection
Answer: C
NO.228 A stand-alone LTM device is to be paired with a second LTM device to create an
active/standby pair. The current stand-alone LTM device is in production and has several VLANs with
floating IP addresses configured. The appropriate device service clustering (DSC) configurations are in
place on both LTM devices.
Which two non-specific DSC settings should the LTM Specialist configure on the second LTM device to
ensure no errors are reported when attempting to synchronize for the first time? (Choose two.)
(A). pools
(B). VLANs
(C). default route
(D). self IP addresses
Answer: B,D
NO.229 An LTM Specialist configures a new HTTP virtual server on an LTM device external VLAN. The
web servers are connected to the LTM device internal VLAN. Clients trying to connect to the virtual
server are unable to establish a connection. A packet capture shows an HTTP response from a web
server to the client and then a reset from the client to the web server.
From which two locations could the packet capture have been collected? (Choose two.)
(A). network interface of web server
(B). network interface of client machine
(C). internal VLAN interface of the LTM device
(D). external VLAN interface of the LTM device
(E). management VLAN interface of the LTM device
Answer: A,B
NO.230 An LTM Specialist creates an Analytics wide to show the type of browsers used to access a
certain application. However, the generated statistics only sum up all transaction for that application
under one item called ' Aggregated.'' What should the LTM Specialist do to resolve this problem?
(A). Verify that the Analytics profile is assigned to the applications virtual server.
(B). Make sure ''User Agent'' is selected in the Analytics profile.
(C). Drill down into the stats to show the User Agents correlated in the Aggregated group.
(D). Make sure ''User Sessions'' is selected in the Analytics profile
Answer: B
NO.231 A BIG-IP Administrator needs to have a BIG-IP linked to two upstream switches for resilience
100
of the external network. The network engineer who is going to configure the switch instructs the BIG-
IP Administrator to configure interface binding with LACP. Which configuration should the
administrator use?
(A). A virtual server with an LACP profile and the switches' management IPs as pool members.
(B). A virtual server with an LACP profile and the interfaces connected to the switches as pool
members.
(C). A Trunk listing the allowed VLAN IDs and MAC addresses configured on the switches.
(D). A Trunk containing an interface connected to each switch.
Answer: D
NO.232 While investigating the cause of a device failover, an LTM Specialist discovers the following
events in
/var/log/ltm:
01010029:5: Clock advanced by 518 ticks
01140029:5: HA daemon_heartbeat tmm fails action is failover and restart.
010c0026:5: Failover condition, active attempting to go standby.
Which issue caused the failover?
(A). NTP being out of sync
(B). TMM being descheduled
(C). VLAN Fail-safe heartbeats
(D). HA missing heartbeat packets
Answer: B
NO.233 Which command should an LTM Specialist use on the command line interface to show the
health of RAID array hard drives?
(A). tmsh show /sys raid disk
(B). tmsh show /ltm raid disk
(C). tmsh show /sys raid status
(D). tmsh show /ltm disk status
Answer: A
NO.234
101
A BIG-IP Administrator notices that one of the servers that runs an application is NOT receiving any
traffic.
The BIG-IP Administrator examines the configuration status of the application and observes the
displayed monitor configuration and affected Pool Member status. What is the possible cause of this
issue?
(A). The Node Health Monitor is NOT responding.
(B). The application is NOT responding with the expected Receive String.
(C). HTTP 1.1 is NOT appropriate for monitoring purposes.
(D). The BIG-IP device is NOT able to reach the Pool.
Answer: A
NO.235 An LTM Specialist has a OneConnect profile and HTTP profile configured on a virtual server
to load balance an HTTP application.
The following HTTP headers are seen in a network trace when a client connects to the virtual server:
Clientside:
GET / HTTP/1.1
Host: 192.168.136.100
User-Agent: Mozilla/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-EncodinG. gzip,
deflate Connection: keep-alive Serverside:
HTTP/1.1 200 OK
DatE. 5 Jun 1989 17:06:55 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-EncodinG. gzip
Content-LengtH. 3729
X-Cnection: close
Content-TypE. text/html
The LTM Specialist notices the OneConnect feature is working incorrectly.
Why is OneConnect functioning incorrectly?
(A). Client must support HTTP/1.0.
(B). Client must support HTTP keep-alive.
(C). Server must support HTTP/0.9.
(D). Server must support HTTP keep-alive.
102
Answer: D
NO.236 An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)
SNAT IP: 10.0.0.1
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302) Which packet capture
should the LTM Specialist perform on the LTM device command line interface to capture only server
traffic specifically for this application?
(A). tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap
(B). tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap
(C). tcpdump -ni vlan302 -s 0 'port 8080 and (host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w
/var/tmp/trace.cap
(D). tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host
10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap
Answer: C
NO.237 A BIG-IP Administrator is creating a new Trunk on the BIG-IP device. What objects should be
added to the new Trunk being created?
(A). Interfaces
(B). Network routes
(C). VLANS
(D). IP addresses
Answer: A
Explanation
trunk is a portchannel, you need to add a physical interface.
NO.238 -- Exhibit -
103
-- Exhibit --
A client attempts to connect from a Google Chrome browser to a virtual server on a BIG-IP LTM. The
virtual server is SSL Offloaded. When the client connects, the client receives an SSL error. After trying
Mozilla Firefox and Internet Explorer browsers, the client still receives the same errors.
The LTM Specialist does an ssldump on the virtual server and receives the results as per the exhibit.
(A). The SSL key length is incorrect.
(B). The BIG-IP LTM is NOT serving a certificate.
(C). The BIG-IP LTM is NOT listening on port 443.
(D). The client needs to be upgraded to the appropriate cipher-suite.
Answer: B
NO.239 Administrative user accounts have been defined on the remote LDAP server and are unable
to log in to the BIG-IP device.
Which log file should the BIG-IP Administrator check to find the related messages?
104
(A). /var/log/secure
(B). /var/log/messages
(C). /Nar/log/ltm
(D). /var/log/user.log
Answer: A
NO.240 A node is a member of various pools and hosts different web applications. If a web
application is unavailable, the BIG-IP appliance needs to mark the pool member down for that
application pool. What should a BIG-IP Administrator deploy at the pool level to accomplish this?
(A). A UDP monitor with a custom interval/timeout
(B). A combination of ICMP + TCP monitor
(C). An HTTP monitor with custom send/receive strings
(D). A TCP monitor with a custom interval/timeout
Answer: C
Explanation
Requiring all traffic to be HTTPS access requires HTTP requests to be redirected directly to HTTPS.
NO.241 A high-availability (HA) pair configuration uses only the hardwire serial cable connection to
determine device state. A power outage occurs to the PDU powering the active unit. The standby unit
takes over the active role as expected.
How is the peer unit able to determine the active unit is unavailable?
(A). voltage loss on serial cable
(B). no data stream received on serial port
(C). no response on management interface
(D). no heartbeat packets received on self IPs
Answer: A
NO.242 A virtual serverconfiguration for traffic destined to a server is as shown:
HTTP traffic is destined to the 10 10.20.1 server from the source

Based on precedence, which virtual server accepts this traffic?
(A). MyvS1
(B). MyVS2
(C). MyVS3
(D). MyVS4
Answer: B
NO.243 Which iRule will instruct the client's browser to avoid caching HTML server responses?
(A). when HTTP_REQUEST {
105
if {[HTTP::header Content-Type] equals "html"} {

HTTP::header insert Pragma "no-cache"
HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT"
HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate"
}
}
if {[HTTP::header Content-Type] contains "html"} {
}
}
(C). when HTTP_RESPONSE {
if {[HTTP::header Content-Type] contains "html"} {
}
}
if {[HTTP::header Content-Type] equals "html"} {
}
}
Answer: C
NO.244 A BIG-IP Administrator explicitly creates a traffic group on a BIG-IP device.

Which two types of configuration objects can be associated with this traffic group? (Choose two.)
(A). Pool Members
(B). Virtual Addresses
(C). iRules
(D). VLANS
(E). Application Instances
Answer: B,E
NO.245 A LTM device needs to load balance active and passive FTP traffic while using only a single
virtual server.
Which virtual server type should an LTM Specialist configure on the LTM device?
(A). Forwarding (Layer 2)
(B). Standard
(C). Stateless
(D). DHCP relay
(E). Forwarding (IP)
106
Answer: E
NO.246 A BIG-IP Administrator reviews the Plane CPU Usage performance chart and discovers a high
percentage of Control Plane utilization.
Which type of traffic does this indicate a higher usage of?
(A). Administrative
(B). Tunnel
(C). Accelerated ,
(D). Application
Answer: A
NO.247 A user is having issues with connectivity to an HTTPS virtual server. The virtual server is on
the LTM device's external vlan, and the pools associated with the virtual server are on the internal
vlan. An LTM Specialist does a tcpdump on the external interface and notices that the host header is
incomplete.
In which location should the LTM Specialist put a traffic analyzer to gather the most pertinent data?
(A). server
(B). external VLAN
(C). internal VLAN
(D). client machine
Answer: D
NO.248 -- Exhibit -
107
-- Exhibit --
Users receive an error when attempting to connect to the website https://website.com. The website
has a DNS record of 195.56.67.90. The upstream ISP has confirmed that there is nothing wrong with
the routing between the user and the LTM device.
The following tcpdump outputs have been captured:
External Vlan, filtered on IP 168.210.232.5
00:25:07.598519 IP 168.210.232.5.33159 > 195.56.67.90.https: S 1920647964:1920647964(0) win
8192 <mss
1450,nop,nop,sackOK>
00:25:07.598537 IP 195.56.67.90.https > 168.210.232.5.33159: S 2690691360:2690691360(0) ack
1920647965 win 4350 <mss 1460,sackOK,eol>
00:25:07.598851 IP 168.210.232.5.33160 > 195.56.67.90.https: S 2763858764:2763858764(0) win
8192 <mss
1450,nop,nop,sackOK>
00:25:07.598858 IP 195.56.67.90.https > 168.210.232.5.33160: S 1905576176:1905576176(0) ack
2763858765 win 4350 <mss 1460,sackOK,eol>
Internal Vlan, filtered on IP 168.210.232.5
108
00:31:46.171124 IP 168.210.232.5.33202 > 192.168.100.20.http: S 2389057240:2389057240(0) win

4380
<mss 1460,nop,wscale 0,sackOK,eol>
(A). The filters on the tcpdumps are incorrect.
(B). The DNS entry for website.com is incorrect.
(C). The virtual server 'WEBSERVICES1' is listening on the incorrect port.
(D). The firewall is dropping the connection coming from the pool members returned to the client.
(E). The subnet masks of the pool members of pool WebServices1 and the f5 'Internal' Vlan are
incorrect.
Answer: D
109
The network team creates a new VLAN on the switches. The BIG-IP Administrator needs to create a
configuration on the BIG-IP device. The BIG-IP Administrator creates a new VLAN and Self IP, but the
servers on the new VLAN are NOT reachable from the BIG-IP device.
Which action should the BIG-IP Administrators to resolve this issue?
(A). Set Port Lockdown of Set IP to Allow All
(B). Change Auto Last Hop to enabled
(C). Assign a physical interface to the new VLAN
(D). Create a Floating Set IP Address
Answer: C
NO.250 Consider the monitor configuration displayed below.
110
What is the status of a pool member that responds with ''200 OK''?
(A). available
(B). down
(C). disabled
(D). unknown
Answer: B
NO.251 An application is configured so that the same pool member must be used for an entire
session, as well as for HTTP and FTP traffic.
A user reports that a session has terminated, and the user must restart the session. The BIG-IP
Administrator determines that the active BIG-IP device failed over to the standby BIG-IP device.
Which configuration settings should the BIG-IP Administrator verify to ensure proper behaviour when
BIG-IP failover occurs?
(A). cookie persistence and session timeout
(B). Stateful failover and Network Failover detection
(C). Persistence mirroring and Match Across Services
(D). syn-cookie insertion threshold and connection low-water mark
Answer: C
NO.252 -- Exhibit -
111
-- Exhibit --
How should the LTM Specialist minimize the configuration?
(A). Remove the pool member level monitors.
(B). The configuration is as minimized as possible.
(C). Create a single monitor and apply it to each pool member.
(D). Create a single monitor, apply it to the pool, and remove the pool member level monitors.
112
Answer: D
NO.253 An LTM Specialist has set up a custom SNMP alert.

Which command line tool should the LTM Specialist use to test the alert?
(A). logger
(B). logtest
(C). testlog
(D). snmptest
Answer: A
NO.254 An LTM device provides load balancing to a web application? The LTM device has two dual-
core processors and a licensed SSL Transactions Per Second (TPS) limit of 500 CMP is enabled.
TLS connections are used between client systems and virtual servers on the LTM device, as well as
from the LTM device to servers used as part of LTM pool.
TLS enabled virtual servers utilize certificates based on 2048-bit keys During a peak period. 2560 new
TLStransactions per second are attempted to the web application via the LTM device.
What will happen in this scenario?
(A). 560 new TLS transactions will be silently discarded due to the SSL TPS license limit
(B). Nothing: TLS transactions per second are NOT affected by an SSL TPS license limit
(C). 2060 new TLS transactions will be silently discarded due to the SSL TPS license limit
(D). Nothing: 2560 TLS transactions per second is within the SSI TPS license limit.
Answer: A
An LTM device has a virtual server mapped to www.f5.com. Users report that when they connect to
/resources/201.1.2h.l_l.com they are unable to receive content.
What is the likely cause of the issue?
(A). The pool associated with the virtual server does not have priority group activation enabled.
113
(B). The virtual address does not have ARP enabled.

(C). The virtual address does not have route advertising enabled.
(D). The pool associated with the virtual server is falling its health check.
Answer: B
NO.256 An LTM Specialist is tasked with ensuring that the syslogs for the LTM device are sent to a
remote syslog server.
The following is an extract from the config file detailing the node and monitor that the LTM device is
using for the remote syslog server:
monitor
Syslog_15002 {
defaults from udp
dest *:15002
}
node 91.223.45.231 {
monitor Syslog_15002
screen RemoteSYSLOG
}
There seem to be problems communicating with the remote syslog server. However, the pool
monitor shows that the remote server is up.
The network department has confirmed that there are no firewall rules or networking issues
preventing the LTM device from communicating with the syslog server. The department responsible
for the remote syslog server indicates that there may be problems with the syslog server. The LTM
Specialist checks the BIG-IP LTM logs for errors relating to the remote syslog server. None are found.
The LTM Specialist does a tcpdump:
tcpdump -nn port 15002, with the following results:
21:28:36.395543 IP 192.168.100.100.44772 > 91.223.45.231.15002: UDP, length 19
21:28:36.429073 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169
21:28:36.430714 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181
21:28:36.840524 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169
21:28:36.846547 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181
21:28:39.886343 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 144 NotE.
192.168.100.100 is the self IP of the LTM device.
Why are there no errors for the remote syslog server in the log files?
(A). The -log option for tcpdump needs to be used.
(B). The monitor type used is inappropriate.
(C). The "verbose" logging option needs to be enabled for the pool.
(D). When the remote syslog sever fails, it returns to service before the timeout for the monitor has
expired.
Answer: B
NO.257 A BIG-IP device has only LTM and ASM modules provisioned. Both have nominal
provisioning level. The BI6-IP Administrator wants to dedicate more resources to the LTM module.
The ASM module must remain enabled. Which tmsh command should the BIG-IP Administrator
execute to obtain the desired result?
(A). modify/sys provision asm level minimum
114
(B). modify /sys provision Itm level dedicated

(C). modify /sys provision asm level none
(D). modify /sys provision Itm level minimum
Answer: A
NO.258 An LTM Specialist is configuring a client profile to offload processing a new application
Company policy requires that clients can resume session for up to 30 minutes, but must renegotiate a
new session after that.
Which setting should the LTM Specialist change to satisfy this requirement?
(A). Renegotiate Max Record Delay
(B). Renegotiation period
(C). Cachesize
(D). Cache timeout
Answer: D
Explanation
Question stem requires that you can resume SSL session within 30 minutes, then you need to define
the ssl cache time in 30 minutes
NO.259 An LTM Specialistconfigures a new HTTPS virtual server that contains a valid example.com
ssl certificate.
The LTM Special receives an error in the browser when connecting.
What must be added to the SSL Client profile to fix this issue?
(A). A sell-sign certificate
(B). A new example com certificate
(C). An intermediate certificate
(D). A public root certificate
Answer: C
NO.260 An application is being load balanced through the LTM device using the configuration
displayed below.
The network has been re-engineered to NAT all client connection. As a result, allclient connections
are hitting the same pool member.
115
Which changes should the LTM Specialist make in order to restore load balancing functionality wile
maintaining session persistence?
(A). Change the virtual server type to Standard, add an httpprofile, and change the persistence profile
to Destination Address
(B). Leave the virtual server type set Performance (Layer 4) and change the persistence type to hash
(C). Change the virtual serer type to Forwarding (Layer 4) and leave the persistence type tohash
source Address
(D). Change the virtual server to Standard add an http profile, and change the persistence profile to
Cookie persistence
Answer: D
NO.261 OneLTM device in an HA pair of LTM devices is unable to reach its default gateway. An HA
Failover event needs to happen.
Which configuration item enables this behavior?
(A). iRule
(B). Gateway Fail Safe
(C). Gateway pool monitor
(D). Gateway pool
116
Answer: B
NO.262 An TLM Specialist needs to configure a virtual server to terminate SSL connection on the
LTM device.
Cryptographic information must be re-authorized for SSL sessions that remain open for longer than
30 seconds.
Which settings should the LTM Specialist configure in the client SSL profile?
(A). set the Handshake Timeout to 30 seconds
(B). enable Require Peer SN1 Support
(C). set the Renegotiate Period to 30 seconds
(D). set the Renegotiate Max Record Delay to 30
Answer: C
NO.263 -- Exhibit -
-- Exhibit --
An LTM Specialist is troubleshooting a new HTTP monitor on a pool. The pool member is functioning
correctly when accessed directly through a browser, although the monitor is marking the member as
down. As part of the troubleshooting, the LTM Specialist has captured the monitor traffic via
tcpdump.
117

(A). Add the 'http' monitor to the pool.
(B). Add the 'icmp' monitor to the node.
(C). Modify the receive string to valid content.
(D). Correct the firewall rules on the pool member.
Answer: C
NO.264 A BIG-IP Administrator is unable to connect to the management interface via HTTPS. What is
a possible reason for this issue?
(A). The port lockdown setting is configured to Allow None.
(B). An incorrect management route is specified.
(C). The IP address of the device used to access the management interface is NOT included in the "P
Allow" list in the Configuration Utility.
(D). The IP address of the device used to access the management interface is NOT included in the
"httpd Allow" list in the CLI.
Answer: D
NO.265 How should a BIG-IP Administrator persistent sessions from being sent to a pool member so
that the server administrator can perform maintenance?
(A). force the pool member offline
(B). disable the pool member
(C). add an additional monitor to the poor
(D). disable the virtual server
Answer: A
NO.266 -- Exhibit -
118
119
-- Exhibit --
An LTM device has been configured for load balancing a number of different application servers.
Configuration changes need to be made to the LTM device to allow administrative management of
the servers in 172.16.10/24, 172.16.20/24, and 172.16.30/24 networks. The servers require
outbound access to numerous destinations for operations.
Which solution has the simplest configuration changes while maintaining functionality and basic
security?
(A). Remove 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24, and keep 0.0.0.0:0/0.0.0.0
enabled on all VLANs.
(B). Replace 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24, with 172.16.0.0:0/16, and
keep
0.0.0.0:0/0.0.0.0.
(C). Enable 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24 on ingress VLAN(s), and enable
0.0.0.0:0/0.0.0.0 on egress VLAN(s).
(D). Enable 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24 on egress VLAN(s), and enable
0.0.0.0:0/0.0.0.0 on ingress VLAN(s).
Answer: C
According to the shown Configuration Utility stings What is the setting of the User Directory
configuration under the Authentication submenu?
(A). Local
(B). Managed
(C). Remote-TACACS+
(D). Default system configuration
Answer: C
NO.268 A set of servers is used for an FTP application as well as an HTTP website via separate BIG-IP
Pools. The server support team reports that some servers are receiving a lot more traffic than others.
Which Load Balancing Method should the BIG-IP Administrator apply to even out the connection
count?
(A). Ratio (Member)
(B). Least Connections (Member)
(C). Least Connections (Node)
120
(D). Ratio (Node)

Answer: C
Explanation
The connection is required to be balanced, and the unit is the server and the application port is the
unit, so it is node.
NO.269 How should a BIG-IP Administrator control the amount of traffic that a newly enabled pool
member receives.
(A). set the Slow Ramp Time
(B). set a Connection Limit
(C). set the Priority Group Activation
(D). set a Health Monitor
Answer: A
Explanation
Slow Ramp Time
Specifies the duration during which the system sends less traffic to a newly-enabled pool member.
The amount of traffic is based on the ratio of how long the pool member has been available
compared to the slow ramp time, in seconds. Once the pool member has been online for a time
greater than the slow ramp time, the pool member receives a full proportion of the incoming traffic.
Slow ramp time is particularly useful for the least connections load balancing mode.
Setting this to a nonzero value can cause unexpected Priority Group behavior, such as load balancing
to a low-priority member even with enough high-priority servers.
NO.270 An LI M device is experiencing a high volume of traffic. The virtual server is struggling under
the load. The problem appears to be on the server side connections. The virtual server isaccepting
connections . The virtual server is accepting connections on https and is configured with an SSL
profile and http pool.
What should be added to increase the performance of the device?
(A). an HTTP Compression profile
(B). a One Connect profile
(C). smaller key to the SSL profile
(D). a SPDY profile
Answer: B
A connection is being established to IP 1.1.1.1 on port 8080.

Which virtual server will handle the connection?
(A). fwd_8080_vs
(B). host_vs
(C). host_ 8080_VS
121
(D). fwdvs
Answer: B
NO.272 An LTM HTTP pool has an associated monitor that sends a string equal to 'GET /test.html'.
Which two configurations could an LTM Specialist implement to allow server administrators to
disable their pool member servers without logging into the LTM device? (Choose two.)
(A). Set monitor to transparent and ask the server team to set string 'TRANSPARENT' in test.html.
(B). Set 'receive string' equal to 'SERVER UP and ask the server team to set string 'SERVER DOWN' in
test.html.
(C). Set 'alias' equal to 'SERVER DOWN' and ask the server team to set string 'SERVER DOWN' in
test.html.
(D). Set 'receive disable string' equal to 'SERVER DOWN' and ask the server team to set string 'SERVER
DOWN' in test.html.
(E). Set 'disable pool member' equal to 'SERVER UP' and ask the server team to set string 'SERVER
DOWN' in test.html.
Answer: B,D
NO.273 A BIG-IP Administrator wants to add a new Self IP to the BIG-IP device. Which item should
be assigned to the new Self IP being configured?
(A). Interface
(B). Route
(C). VLAN
(D). Trunk
Answer: C
NO.274 A BIG-IP Administrator upgrades the BIG-IP LTM to a newer software version. After the
administrator reboots into the new volume, the Configuration fails to load. Why is the Configuration
failing to load?
(A). The license needs to be reactivated before the upgrade.
(B). The upgrade was performed on the standby unit.
(C). A minimum of at least two reboots is required.
(D). Connectivity to the DNS server failed to be established.
Answer: A
NO.275 A BIG-IP Administrator contacts F5 Support, which identifies a suspected hardware failure.
Which information should the BIG-IP Administrator provide to F5 Support?
(A). Qkview, EUD output
(B). Qkview, UCS archive, core files
(C). Qkview, part numbers for failed components
(D). Qkview, packet capture, UCS archive
Answer: A
NO.276 An application is making heavy use of a large, high-quality JPEG image file. An LTM Specialist
needs to enhance page load times without increasing server load.
Which profile should be applied to the virtual server to perform this task?
(A). Response Adapt
122
(B). OneConnect
(C). FastHTTP
(D). Web Acceleration
Answer: D
NO.277 -- Exhibit -
-- Exhibit --
An LTM Specialist is working on an LTM 11.0.0 installation and has identified a security vulnerability
as shown in the exhibit. The LTM Specialist is tasked with applying the latest available hotfix to
resolve the problem.
Which procedure resolves the problem?
(A). Browse to System > Software Management > Hotfix List.
Import TMOS 11.2.0 to the available hotfix images.
Select the imported hotfix image and installation location and click Install.
(B). Browse to System > Software Management > Hotfix List.
Import 11.1.0.HF3 to the available hotfix images.
(C). Browse to System > Software Management > Image List.
Import TMOS 11.2.0 to the available hotfix images.
(D). Browse to System > Software Management > Image List.
Import 11.1.0.HF3 to the available hotfix images.
Answer: B
NO.278 set payload {CACHE :: payload}

}
Which two profiles should be used on the virtual server? (Choose two.)
(A). http-transparent
(B). http compression
(C). http
(D). webacceleration
(E). stream
Answer: C,D
NO.279 An LTM device is load balancing telnet and ssh applications in a client/server environment
123
experiencing significant packet delay.

Which setting in the TCP profile should reduce the amount of packet delay?
(A). disable Bandwidth Delay
(B). disable Nagle's Algorithm
(C). enable Proxy Maximum Segment
(D). increase Maximum Segment Retransmissions
Answer: B
NO.280 A BIG-IP Administrator needs to install a HotFix on a standalone BIG-IP device, which has
HD1.1 as the Active Boot Location. The BIG-IP Administrator has already re-activated the license and
created an UCS archive of the configuration. In which sequence should the BIG-IP Administrator
perform the remaining steps?
(A). Install HotFix in HD 1.1, Reboot the BIG-IP device. Install UCS Archive
(B). Install HotFix in HO 1.2, Install base Image in HD 1.2, Activate HD1.2
(C). Install base Image in HD1.2, Install HotFix in HD1.2, Activate HD 1.2
(D). Activate HD 1.2, Install base image in HD 1.2. Install HotFix in HD 1.2
Answer: C
NO.281 An LTM Specialist connects to an LTM device via the serial console cable and receives
unreadable output.
The LTM Specialist is using the appropriate cable and connecting it to the correct serial port.
Which command should the LTM Specialist run through ssh to verify that the baud rate settings for
the serial port are correct on the LTM device?
(A). tmsh list /sys console
(B). tmsh edit /sys console
(C). tmsh show /sys console
(D). tmsh show /ltm console
Answer: C
NO.282 A BIG-IP Administrator configures remote authentication and needs to make sure that users
can still login even when the remote authentication server is unavailable.
Which action should the BIG-IP Administrators in the remote authentication configuration to meet
this requirement?
(A). Set partition access to "All"
(B). Enable the Fallback to Local option
(C). Configure a remote role grove
(D). Configure a second remote user directory
Answer: B
NO.283 -- Exhibit -
124
-- Exhibit --
A client attempts to connect from a Google Chrome browser to a virtual server on a BIG-IP LTM. The
virtual server is SSL Offloaded. When the client connects, the client receives an SSL error. The client
receives the same errors when trying Mozilla Firefox and Internet Explorer browsers.
The LTM Specialist does an ssldump on the virtual server and receives the results as per the exhibit.
How should this be resolved?
(A). Set the virtual server to listen on port 443 (HTTPS).
(B). Upgrade the client to support the appropriate SSL cipher suite.
(C). Select the appropriate "SSL Profile (Client)" in the virtual server settings.
(D). Adjust the SSL key length in the SSL profile to match the minimum required by the client.
Answer: C
NO.284 To increase available bandwidth of an existing Trunk, the BIG-IP Administrator is adding
additional interfaces.
Which command should the BIG-IP Administrator run from within bosh shell?
(A). tmsh create /net trunk trunk_A interfaces add {1.3.1.4}
(B). tmsh create/sys trunk trunk_A interfaces add {1.3.1.4}
125
(C). tmsh modify/sys trunk trunk^A interfaces add {1.3.1.4}

(D). tmsh modify /net trunk trunk_A interfaces add {1.3.1.4}
Answer: D
NO.285 in which Application Visibility and Reporting (AYR) profile must the SMTP profile be defined
to configure notifications via email?
(A). App analytics profile
(B). virtual server profile
(C). customanalytics profile
(D). default analytics profile
Answer: C
NO.286 An LTM is configure an application that isseparated into several subdomains across multiple
virtual servers.
Many of these subdomains require encryption and could be accessed by anyone on the internet. The
configuration must NOT result in SSL warnings to end users.
How should the LTM Specialist configure the SSL profiles for these virtual servers?
(A). Obtain an SSL certificate for each subdomain, make a ServerSSL profile for each subdomain, and
apply to the related SSL Virtual Server.
(B). Obtain a wildcard certificate, create one ClientSSL profile and apply to all SSL Virtual Servers
(C). Create a self-singed SSL certificate for each subdomain make a ClientSSL profile for each
subdomain, and apply to the related SSL Virtual server
(D). Create a self-singed SSL certificate for each subdomain make a Clientprofile for each SSL Virtual
Server
Answer: B
Explanation
The topic is that there are multiple domain names in the business, and HTTPS services are provided
to the internet, and users cannot be allowed to generate SSL alarms. The require client ssl and use CA
certificate instead of self-singed certificate. And multiple domain names, you can use wildcard
certificates.
NO.287 An LTM Specialistis configuring a new virtual server on an LTM device and assigning a SNAT
pool that is already is use another virtual server. Both virtual servers use the same pool members to
load balance traffic. A maximum of 35,000 users needs to be able to access each virtual server ta any
time. The network architecture does NOT allow the backend servers to use the LTM device as a
default gateway.
What is the minimum number of SNAT addresses required in the SNAT pool to meet the needs of the
virtual servers?
(A). 2
(B). 3
(C). 4
(D). 1
Answer: A
Explanation
Both vs share the same snat pool, and both use the same pool member. Then the concurrent number
of snatpool will be added. For each VS, there is a maximum of 35,000 users, and those two VSs have a
126
maximum of 70,000 users. The stem did not mention how many connections each user would have
concurrently.
Calculated with a minimum of 1 connection, then 70,000 connections would be concurrent. One IP
can support 65,535 connection. Therefore, at least 2 or more snaptips are required
NO.288 A 8IG-IP Administrator configures a node with a standard icmp Health Monitor. The Node
shows as DOWN although the Backend Server is configured to answer ICMP requests. Which step
should the administrator take next to find the root cause of this issue?
(A). Run a curl Run a qkview
(B). Run a qkview
(C). Runatcpdump
(D). Runanssldump
Answer: C
NO.289 The LTM Specialist is in the process of creating a USB boot drive for the purpose of restoring
the BIG-IP software to an LTM device. A separate LTM device has been selected for the purpose of
creating the USB boot drive. The BIG-IP software ISO has already been uploaded and mounted on the
separate LTM device.
Which command should the LTM Specialist use to trigger the LTM device to install the BIG-IP
software to the USB boot drive?
(A). tmsh
(B). install
(C). mkdisk
(D). bigip_software_create
Answer: C
NO.290 During a high-demand traffic event, the BIG-IP Administrator needs to limit the number of
new connections per second allowed to a Virtual Server.
What should the administrator apply to accomplish this task?
(A). An HTTP Compression profile to the Virtual Server
(B). A connection rate limit to the Virtual Server
(C). A connection limit to the Virtual Server
(D). A OneConnect profile to the Virtual Server
Answer: B
NO.291 An LTM Specialist has just manually failed the active LTM device over to the standby LTM
device. The LTM Specialist notices the newly active LTM device is NOT currently receiving traffic. The
LTM Specialist verifies the newly active device is responding to ARP but still no traffic is hitting the
virtual servers. The LTM Specialist also notices that the virtual servers eventually start responding.
What should be added to the configuration to resolve the problem?
(A). vlan failsafe
(B). floating self IP
(C). network failover
(D). MAC masquerading
(E). connection mirroring
Answer: D
127
NO.292 Exhibit.
- The ITM devices LTM 1 and LTM2 are configured in Device Group X (Sync-Failover)
- LTM3 and LTM4 are configured in Device Group Y (Sync-Only)
- An LTM specialist configures Device Group Z (Sync-Only) to keep several profiles in (sync-Only) to
keep several profiles in sync across all devices.
- Device GROUP X has four Traffic Groups A.B.C and D configured.
- Device Group Y has four Traffic Groups E, F, G, and H configured
- Auto Fallback IS NOT Enabled.
- Each Device group is healthy and able to pass traffic for any traffic groupassigned to that Device
Group.
The data center that contains LTM2 and LTM4 loses power. After 10 minutes; power is restored and
all devices are up and healthy.
What is the state of each Traffic Group on each ITM device after power is restored?
A)
B)
C)
128
D)
(A). Option A
(B). Option B
(C). Option C
(D). Option D
Answer: A
NO.293 An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)
SNAT IP: 10.0.0.1
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302) Which packet capture
should the LTM Specialist perform on the LTM device command line interface to capture only client
traffic specifically for this virtual server?
(A). tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap
(B). tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap
(C). tcpdump -ni vlan301 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w
/var/tmp/trace.cap
(D). tcpdump -ni vlan302 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w
/var/tmp/trace.cap
(E). tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host
10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap
Answer: B
NO.294 An LTM Specialist loads a UCS file generated on a different LTM device and receives the
following error message:
"mcpd[2395]: 01070608:0: License is not operational (expired or digital signature does not match
contents)" Which command should the LTM Specialist use to prevent the error?
(A). tmsh show /sys license
(B). tmsh show /sys hardware
(C). bigpipe config save /config.ucs
(D). tmsh load /sys /ucs rma <path/to/UCS>
(E). tmsh load /sys ucs <path/to/UCS> no-license
Answer: E
NO.295 An HTTP monitor is created and assigned to a pool with the following non-default
configuration:
129
Interval: 7 seconds
Timeout: 22 seconds
Reverse: Yes
Send String: GET/status.htmlHTTP/1.1/r/nHost:test.example.com/r/nConnector:Close Receive String:
Up The HTTP server sends the following response:
What is the resulting pool status?

(A). Unavailable (Enabled)
Available (Enabled)
(C). Unknown (Disabled)
Answer: A
NO.296 All pool members are online. All other virtual server settings are at default What might after
the load balancing behavior?
(A). enabing SNAT automap
(B). enabing a falback host in the http profile
(C). adding a oneconnect profile
(D). adding a persistence profile
Answer: D
NO.297 An LTM device is monitoring pool members on port 80. The LTM device is using an HTTP
monitor with a send string of GET / and a blank receive string.
What would cause the pool members to be marked down?
(A). A pool member responds with an HTTP 200 series response code.
(B). A pool member responds with an HTTP 300 series response code.
(C). A pool member responds with an HTTP 400 series response code.
(D). A pool member responds with an HTTP 500 series response code.
(E). A pool member does NOT acknowledge the connection SYN on port 80.
Answer: E
NO.298 -- Exhibit -
130
-- Exhibit --
131
An LTM Specialist creates a virtual server to load balance traffic to a pool of HTTPS servers. The
servers use client certificates for user authentication. The virtual server has clientssl, serverssl, and
http profiles enabled.
Clients are unable to connect to the application through the virtual server, but they are able to
connect to the application servers directly.
Which change to the LTM device configuration will resolve the problem?
(A). Install the server certificate/key and enable Proxy SSL.
(B). Use the serverssl-insecure-compatible serverssl profile.
(C). Configure the clientssl profile to require a client certificate.
(D). Install the client's issuing Certificate Authority certificate on the LTM device.
Answer: A
NO.299 A BIG-IP Administrator is setting up a new BIG-IP device. The network administrator reports
that the interface has an incompatible media speed. The BIG-IP Administrator needs to change this
setting manually.
From which location should the BIG-IP Administrator perform this task?
(A). On the Front Console
(B). In the TMOS Shell Command line
(C). In the Configuration Utility, Network > Interface
(D). In the Configuration Utility, System > Configuration
Answer: C
NO.300 A web application is meant to log the URI of the resource that responded to the client's
initial Request-URI.
(A). Via
(B). Server
(C). Trailer
(D). Referer
Answer: D
NO.301 The BIG-IP Administrator creates a custom iRule that fails to work as expected. Which F5
online resource should the administrator use to help resolve this issue?
(A). DevCentral
(B). Bug Tracker
(C). University
(D). Health
Answer: A
NO.302 An LTM device supports two power supplies. The value of the BigDB key
"platform.powersupplymonitor" is equal to enable.
Where would the error message be visible if one of the power supplies fails or is NOT plugged in?
(A). visible only via the console
(B). in the /var/log/ltm log file
(C). in the /var/log/kern.log file
(D). in the /var/log/tmm log file
132
Answer: B
NO.303 An LTM Specialist needs to upgrade all guests on a Viprion eight CMP guests.
What is the maximum number of guests that the LTM Specialist should upgrade at once?
(A). Eight
(B). One
(C). TWO
(D). Four
Answer: B
Explanation
Each guest is independent, just like hardware upgrades. Can only upgrade one by one, there is no
way to upgrade at the same time.
NO.304 A BIG-IP Administrator wants to add the ASM Module to an HA pair of BIG-IP devices. The
BIG-IP Administrator has already installed a new Add-On License on both devices in the HA pair. What
should the BIG-IP Administrator do next to use the module?
(A). Provision the new module on both BIG-IP device's
(B). Synchronize both BIG-IP devices
(C). Reboot both BIG-IP devices
(D). Reactivate the Licenses on both BIG IP devices
Answer: A
NO.305 A virtual server is configured to handle https traffic. The clientssl profile is configured to use
a2048-bit RSA key. Due to security requirements, is the LTM Specialist needs to use a 4096-bit RSA
key in the future.
What two effects will this change have on the BIG-IP device? (Choose two)
(A). Increase of CPU usage on the BIG-IP device
(B). Decrease to 20% oflicensed TPS
(C). Decrease to 90% of licensed TPS
(D). Increased of concurrent connection on client-side
(E). Increase of TLS Renegotiation
Answer: A,B
NO.306 An LTM Specialist is experiencing issues in a failover event. Certain long-lasting FTP event.
Certain long-lasting FTP connections using a single node pool are forced to reconnect. The bigip.conf
extract isshown:
133
What does the LTM Specialist need to change in the configuration to avoid this issue?
(A). snatpool
(B). persistence mirroring
(C). connection mirroring
(D). ftp profile
Answer: C
Explanation
The stem mentions that it is a single server node, sothere is no need to consider the factors of session
maintenance. The actual requirement is to maintain the original connection status during failover.
You need to configure connection mirroring to synchronize the connection status between the
devices in the cluster in real time.
NO.307 An LTM Specialist uploaded new releases .iso and .md5 files titled "BIGIP-FILENAME" via the
GUI.
Which commands are run via the command line from the root directory to verify the integrity of the
new .iso file?
(A). cd /var/shared/images
md5sum --check BIGIP-FILENAME.iso
(B). cd /shared/images
md5sum --check BIGIP-FILENAME.iso
(C). cd /var/shared/images
md5sum --check BIGIP-FILENAME.iso.md5
(D). cd /shared/images
md5sum --check BIGIP-FILENAME.iso.md5
Answer: D
NO.308 An LTM device is serving an FTP virtual server that has three pool members. The FTP pool
members are monitored via TCP port 21. Customers are reporting that they are able to log in, but are
sometimes unable to upload files to the server.
Which monitor should the LTM Specialist configure to verify that the servers can handle file uploads?
(A). FTP
134
(B). Inband
(C). External
(D). Scripted
(E). Real Server
Answer: C
NO.309 -- Exhibit -
-- Exhibit --
Which two items can be consolidated to simplify the LTM configuration? (Choose two.)
(A). /Common/vs1-https-redirect
(B). /Common/vs2-https-redirect
(C). /Common/vs3-https-redirect
(D). /Common/vs4-https-redirect
(E). /Common/vs5-https-redirect
Answer: A,D
135
NO.310 An LTM deviceneeds to be configured a virtual server. The application requires SSL
encryption from the client to the server and an X-Forwarded-For added by the LTM device.
Which virtual server type should the LTM Specialist use?
(A). Forwarding (IP)
(C). Standard
(D). Stateless
(E). Performance
Answer: C
NO.311 A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing
power outages.
Which log file should the BIG-IP Administrator check to verify the suspicion?
(A). /war /log/daemon.log
(B). /var/log/kern.log
(C). /var/log/ltm
(D). /var/log/audit
Answer: C
NO.312 An FTP monitor is NOT working correctly.

Which three pieces of information does the LTM Specialist need to provide to ensure a properly
working FTP monitor? (Choose three.)
(A). alias
(B). File path
(C). username
(D). password
(E). FTP server port
(F). FTP server IP address
Answer: B,C,D
NO.313 Refer of the exhibit.
136
The 816-IP Administrator runs the command shown and observes a device trust issue between BIG-IP
devices in a device group. The issue prevents config sync on device bigip3.local.
What is preventing the config sync?
(A). Next Active Load factor is 0 on bigip1.local
(B). Both devices are standby
(C). Next Active Load factor is 1 on bigip1.local
(D). Time Delta to local system is 12
Answer: A
Explanation
Option A should be bioip3.local?. if choose bigip3.local, you should choose A.
NO.314 An LTM Specialist needs to use a set of addresses to access an Internet website in an
outbound configuration.
Whichfeature should the LTM Specialist configure?
(A). NAT pool
(B). NAT address
(C). SNAT pool
(D). SNAT address
Answer: C
NO.315 On the VCMP system, a BIG-IP host administrator imports a new ISO image into the host's
/shared/images folder. The new ISO images that reside on the vCMP host are available for installation
on the guest. How should the BIG-IP Administrator install one image from within the guest?
137
(A). Install the new software on the host and wait for it to automatically be installed on all guests.
(B). Run the following command on guest
tmsh install sys software block-device-image image_name volume < volume_name>
(C). Run the following command on guest
tmsh install sys software image image_name volume < volume_name>
(D). Run the following command on host
tmsh install sys software block-device-image image_name volume < volume_name>
Answer: D
NO.316 A client (10.10.1.30) connecting to an HTTPS virtual server (10.10.1.100) with a clientssl
profile is getting an SSL error.
Which options will trace this issue?
(A). tcpdump -i external -X -e -nn -vvv -w /shared/ssl_problem.cap port 443 and host 10.10.1.30
ssldump -r /shared/ssl_problem.cap -n -x
(B). tcpdump -i external -s 0 -w /shared/ssl_problem.cap port 443 and host 10.10.10.30 and host
10.10.1.100 ssldump -r /shared/ssl_problem.cap -n -x
(C). tcpdump -i external -X -s 0 -vvv src host 10.10.10.30 and dst host 10.10.1.100 and port 443 >
/shared/ssl_problem.cap
ssldump -r /shared/ssl_problem.cap -n -x
(D). tcpdump -i external -X -e -nn -vv port 443 and host 10.10.1.100 and host 10.10.1.30 >
/shared/ssl_problem.cap
ssldump -n -x < /shared/ssl_problem.cap
Answer: B
NO.317 -- Exhibit -
138
-- Exhibit --
A layer 2 nPath routing configuration has been deployed. A packet capture contains a client
connection packet with the following properties:
Source IP: <Virtual Server>
Destination IP: <Client A>
At which two locations could the packet capture have been taken? (Choose two.)
(A). the network interface of web server
(B). the DMZ interface of the Internet firewall
139
(C). the internal interface of the Internet firewall

(D). the external VLAN interface of the LTM device
Answer: A,C
A BIG-IP Administrator configures a Virtual Server to handle HTTPS traffic. Users report that the
application is NOT working.
Which actional configuration is regard to resolve this issue?
(A). Configure SSL Profile (Client)
(B). Configure Protocol Profile (Server)
(C). Configure Service Profile HTTP
(D). Configure SSL Profile (Server)
Answer: A
NO.319 The network team introduces a new subnet 10.10.22.0/24 to the network. The route needs
to be configured on the F5 device to access this network via the 30.30.30.158 gateway.
How should the LTM Specialist configure thisroute?
(A). Tmsh modify net route 10.10.22/24 gw 30.30.30.158
(B). Tmsh create net route 10.10.22/24 gw 30.30.30.158
(C). Tmsh changey net route 10.10.22/24 gw 30.30.30.158
(D). Tmsh add net route 10.10.22/24 gw 30.30.30.158
Answer: B
NO.320 A BIG-IP Administrator has configured a BIG-IP cluster with remote user authentication
against dcOl f5trn.com. Only local users can successfully log into the system. Configsync is also failing.
Which two tools should the 8IG-IP Administrator use to further investigate these issues? (Choose
two)
(A). ntpq
(B). pam_timestamp_check
(C). passwd
(D). pwck
(E). dig
Answer: A,C
NO.321 What should the BIG-IP Administrator do to apply and activate a hotfix to a BIG-IP device
that is currently running version 11.0.0 on active partition HD1.1?
140
(A). 1. confirm that 11.0.0 is installed on inactive partition HD1.2

2. apply a hotfix to partition HD 1.2
3. activate partition HD1.2
(B). 1. reactivate the license on partition HD1.1
2. apply a hotfix to partition HD1.1
(C). 1. activate partition HD1.2
2 confirm version 11.0.0 on partition HD1.2
3. install a hotfix on partition HD1.2
(D). 1. set partition HD1.2 active
2. apply a hotfix to partition HD1.2
Answer: A
NO.322 An application requires load balancing functionality. The application must beencrypted to
the client.
Certain content must be manipulated by the following IRule:
Which set of profiles must be applied to the virtual server?

(A). TCP, HTTP server SSL Stream
(B). TCP, HTTP, Client SSL, Stream
(C). TCP, HTTP, OnceConnect, Stream
(D). Fast L4, HTTP server SSL Stream
Answer: B
Explanation
Client encryption is required , clientssl, irule contains HTTP events and stream execution, http profile
stream profile.
141
NO.323 A Standard Virtual Server configured for an application reports poor network performance.
This application is accessed mainly from computers on the Internet.
What should the BIG-IP Administrator configure on the Virtual Server to achieve better network
performance?
(A). Protocol Profile (Client) with f5-tcp-wan and Protocol Profile (Server) with f5-tcp-lan
(B). Protocol Profile (Client) with f5-tcp-lan
(C). Protocol Profile (Client) with fS-tcp-lan and Protocol Profile (Server) with f5-tcp-wan
(D). Protocol Profile (Client) with f5-tcp-optimized
Answer: A
The BIG-IP Administrator has modified an iRule on one device of an HA pair. The BIG-IP Administrator
notices there is NO traffic on the BIG-IP device in which they are logged into.
What should the BIG-IP Administrator do to verify if the iRule works correctly?
(A). Push configuration from this device to the group and start to monitor traffic on this device
(B). Pull configuration to this device to the cluster and start to monitor traffic on this device
(C). Log in to the other device in the cluster, push configuration from it, and start to monitor traffic on
that device
(D). Log in to the other device in the cluster, pull configuration to it, and start to monitor traffic on
that device
Answer: D
Explanation
The device in the picture is a standby machine, of course there is no traffic, you need to log in to the
host, and then pull the configuration to the host.
NO.325 There is a fault with an LTM device load balanced trading application that resides on directly
connected VLAN vlan-301. The application virtual server is 10.0.0.1:80 with trading application
backend servers on subnet 192.168.0.0/25. The LTM Specialist wants to save a packet capture with
complete payload for external analysis.
Which command should the LTM Specialist execute on the LTM device command line interface?
(A). tcpdump -vvv -w /var/tmp/trace.cap 'net 192.168.0.0/25'
(B). tcpdump -vvv -s 0 -w /var/tmp/trace.cap 'net 192.168.0.0/25'
(C). tcpdump -vvv -nni vlan-301 -w /var/tmp/trace.cap 'net 192.168.0.0/25'
(D). tcpdump -vvv -s 0 -nni vlan-301 -w /var/tmp/trace.cap 'net 192.168.0.0/25'
Answer: D
NO.326 An LTM Specialist has recently taken over administration or an LTM devicethat has
142
experienced resource availability issues. The LTM device will need to be solely used for load balancing
and SSL offload.
Previously, the LTM device was also used to provide statistical analysis of application traffic.
However, that functionality has been moved to a third party solution.
Based on the output below, which configuration change should be made to ensure the LTM module
receives the most amount of resources?
(A). Provision AVR to Minimum. Provision LTM at Maximum

(B). Provision AVR to none.Provision LTM to Dedicated
(C). Provision AVR to Minimum, Provision LTM to Dedicated
(D). Provision LTM to Dedicated, Provision AVR to Dedicated
Answer: B
NO.327 A 8IG-IP Administrator is making adjustments to an iRule and needs to identify which of the
235 virtual server configured on the BIG-IP device will be affected.
How should the administrator obtain this information in an effective way?
(A). Local Traffic > Virtual Server
(B). Local traffio Pools
(C). LOCAL Traffic > Network Map
(D). Local traffic > Rules
Answer: C
NO.328 -- Exhibit -
143
-- Exhibit --
A virtual server has been configured for SSL offload on a single-arm network. On average, the virtual
server will be handling 100,000 connections, with a peak of 130,000 connections. Between the virtual
server and the web servers there is a single reverse proxy to provide site caching. The proxy is
configured to perform source IP persistence before contacting the web servers. The site is logging
users out immediately after logging them in.
What should the LTM Specialist do to resolve this issue?
(A). Add a source address persistence profile to the virtual server.
(B). Create an iRule to add client IP persistence to a SNAT pool member.
(C). Change the virtual server server-side TCP profile to tcp-lan-optimized.
(D). Configure the virtual server HTTP profile to insert an X-Forwarded-For header.
Answer: B
NO.329 -- Exhibit -
144
-- Exhibit --
A server administrator notices that one server is intermittently NOT being sent any HTTP requests.
The server logs display no issues. The LTM Specialist notices log entries stating the node (172.16.20.1)
status cycling between down and up. The pool associated with the virtual server (10.10.1.100) has a
custom HTTP monitor applied.
Which tcpdump filter will help trace the monitor?
(A). tcpdump -i internal port 80 and host 172.16.1.31
(B). tcpdump -i external port 80 and host 10.10.1.100
(C). tcpdump -i internal port 80 and host 172.16.1.33
(D). tcpdump -i external port 80 and host 172.16.20.1
Answer: A
NO.330 -- Exhibit -
145
-- Exhibit --
An LTM Specialist is troubleshooting an issue with one of the virtual servers on an LTM device, and all
requests are receiving errors. Testing directly against the server generates no errors. The LTM
Specialist has captured the request and response on both client and server sides of the LTM device.
What should the LTM Specialist do to fix this issue?
(A). Remove "header-erase Host" in http profile.
(B). Configure SNAT Automap on the virtual server.
(C). Assign OneConnect profile to the virtual server.
(D). Set "redirect-rewrite" to "selective" in http profile.
Answer: A
146
A BIG-IP Administrator needs to fall over the active device. The administrator logs into the
Configuration Unity and navigates to Device Management > Traffic Group. However, Force to Standby
is greyed out What is causing this issue?
(A). The BIG-IP Administrator is NOT logged into command line to tail over
(B). The BIG-IP Administrator is on the Standby Device
(C). The BIG-IP Administrator is logged in as root
(D). The BIG-IP Administrator is logged in as administrator
Answer: B
NO.332 -- Exhibit -
-- Exhibit --
The decoded TCPDump capture is a trace of a failing health monitor. The health monitor is sending
the string shown in the capture; however, the server response is NOT as expected. The receive string
is set to 'SERVER IS UP'.
What is the solution?
(A). The GET request Host header field requires a host name.
(B). Incorrect syntax in send string. 'HTTP/1.1' should be 'HTTP1.1'.
(C). The /test_page.html does NOT exist on the web server and should be added.
(D). Incorrect syntax in send string. 'Connection: Close' should be 'Connection: Open'.
Answer: C
NO.333 -- Exhibit -
147
-- Exhibit --
148
A virtual server is set up on an LTM device as follows:

Virtual server address 78.24.213.79
Default Persistence ProfilE. source_addr, 600s.
Pool NamE. Pool1
Pool Members: 10.72.250.52:80 and 10.72.250.60:80 (both on Internal Vlan) There are several
current connections to the virtual server, and pool member 10.72.250.52:80 has been set to a
"Disabled" state.
A tcpdump on the Internal Vlan shows traffic going to 10.72.250.52:80.
How soon after the persistence table query was run can existing connections be refreshed/renewed
to ensure that no requests are sent to 10.72.250.52?
(A). 196 seconds
(B). 460 seconds
(C). 539 seconds
(D). 590 seconds
(E). 591 seconds
Answer: C
NO.334 The active LTM device in a high-availability (HA) pair performs a failover at the same time
the network team reports an outage of a switch on the network.
Which two items could have caused the failover event? (Choose two.)
(A). a VLAN fail-safe setting
(B). a monitor on a pool in an HA group
(C). the standby LTM that was rebooted
(D). an Auditor role that has access to the GUI
(E). the standby LTM that lost connectivity on the failover VLAN
Answer: A,B
NO.335 -- Exhibit -
149
150
-- Exhibit --
An LTM Specialist is troubleshooting an application configured on an LTM device on a one-armed
configuration. The application is NOT working through the LTM device but does work when accessed
directly via the application servers. The virtual server 192.168.1.211:443 is configured to SNAT using
the address
192.168.1.144 and references a pool with the member 192.168.10.80:443. No Client or Server SSL
profiles are associated. The LTM Specialist has collected two traffic captures to help determine the
issue.
What is the problem with the configuration on the LTM device?
(A). Pool member is configured to use wrong port.
(B). Pool member is configured for SSL off-loading.
(C). Virtual server is configured to use wrong port.
(D). Virtual server is configured without SSL Profiles.
Answer: A
through the virtual server, clients receive the message "Unable to connect" in the browser, although
connections directly to the pool member show the application is functioning correctly. The LTM
device configuration is:
ltm virtual /Common/vs_https {
destination /Common/10.10.1.110:443
ip-protocol udp
mask 255.255.255.255
pool /Common/pool_https
profiles {
/Common/udp { }
}
translate-address enabled
151
translate-port enabled
vlans-disabled
}
ltm pool /Common/pool_https {
members {
/Common/172.16.20.1:443 {
address 172.16.20.1
}
}
}
What issue is the LTM Specialist experiencing?
(A). The virtual server is disabled on all VLANs.
(B). The pool member is marked down by a monitor.
(C). The pool member is marked down administratively.
(D). The virtual server is configured for the incorrect protocol.
Answer: D
NO.337 An TLM Specialist has an Exchange that must use the LTM device to route traffic to the
internet.
Which SNAT/NAT configure allows the Exchange server's traffic access the internet through the LTM
device?
(A). NAT
(B). SNAT Pool
(C). SNAT List
(D). SNAT Automap
Answer: C
NO.338 -- Exhibit -
-- Exhibit --
Users are able to access the application when connecting directly to the web server but are
152
unsuccessful when connecting to the virtual server.

What is the cause of the application access problem?
(A). The virtual server has SNAT disabled.
(B). The client has no route to the web server.
(C). The virtual server has address translation disabled.
(D). The web server is NOT responding on the correct port.
(E). The virtual server is NOT configured to listen on port 80.
Answer: C
A BIG-IP Administrator needs to configure health monitors for a newly configured server pool named
Pool_B.
Which health monitor settings will ensure that all pool members will be accurately marked as
available or unavailable?
(A). HTTPS, HTTP, FTP, and ICMP, with the Availability Requirement of all health monitors
(B). HTTPS, HTTP, FTP, and SSH, with the Availability Requirement of at least one monitor
(C). HTTPS and HTTP with the Availability Requirement of at least one health monitor
(D). HTTPS, HTTP, FTP, and SSH with the Availability Requirement of all health monitors
Answer: B
Explanation
From the port, the four members are HTTP, FTP, HTTPS, and SSH applications. If you want to monitor
at the same time, you must configure at least one.
NO.340 An LTM Specialist receives a request to monitor the network path through a member, but
NOT the member itself.
Which monitor option should the LTM Specialist enable or configure?
(A). Reverse
(B). Up interval
(C). Transparent
(D). Alias address
(E). Time until up
Answer: C
153
NO.341 A BIG-IP Administrator needs to make sure that the automatic update check feature works
properly.
What must the administrator configure on the BIG-IP system?
(A). Update Check Schedule
(B). NTP servers
(C). DNS name servers
(D). SMTP servers
Answer: A
NO.342 An LTM device has a virtual server configured as a Performance Layer 4 virtual listening on
0.0.0.0:0 to perform routing of packets to an upstream router. The client machine at IP address
192.168.0.4 is attempting to contact a host upstream of the LTM device on IP address 10.0.0.99.
The network flow is asymmetrical, and the following TCP capture displays:
# tcpdump -nnni 0.0 'host 192.168.0.4 and host 10.0.0.99'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type
EN10MB (Ethernet), capture size 96 bytes
05:07:55.499954 IP 192.168.0.4.35345 > 10.0.0.99.443: S 3205656213:3205656213(0) ack
3267995082 win
1480
05:07:55.499983 IP 10.0.0.99.443 > 192.168.0.4.35345: R 1:1(0) ack 1 win 0
05:07:56.499960 IP 192.168.0.4.35345 > 10.0.0.99.443: S 3205656213:3205656213(0) ack
3267995082 win
1480
05:07:56.499990 IP 10.0.0.99.443 > 192.168.0.4.35345: R 1:1(0) ack 1 win 0
4 packets captured
Which option within the fastL4 profile needs to be enabled by the LTM Specialist to prevent the LTM
device from rejecting the flow?
(A). Loose Close
(B). Loose Initiation
(C). Reset on Timeout
(D). Generate Initial Sequence Number
Answer: B
NO.343 -- Exhibit -
154
-- Exhibit --
A pair of LTM devices are deployed in a high-availability (HA) pair as the diagram shows. After
inserting a new rule on the firewalls, the LTM devices become Standby. The rule drops all outbound
sessions to the Internet. Only inbound connections are allowed from the Internet. There are no other
changes to the environment.
What triggered the LTM device failover?
(A). HA Group
(B). Auto Failback
(C). VLAN Failsafe
(D). Gateway Failsafe
Answer: D
155
NO.344 A BIG-IP Administrator uses a device group to share the workload and needs to perform
service on a BIG-IP device currently active for a traffic group. The administrator needs to enable the
traffic group to run on another BIG-IP device in the device group. What should the administrator do
to meet the requirement?
(A). Create a new Traffic Group and then fail to Standby Unit
(B). Select Traffic Group and then select Failover
(C). Select Traffic Group and then select Force to Standby
(D). Select Traffic Group on Primary Unit and then select Demote
Answer: C
NO.345 What is the status of a pool member when manual resume is enabled and a health check
first fails and then passes?
(A). Offline (Disabled)
(C). Available (Disabled)
(D). Available (Enabled)
Answer: A
NO.346 A custom HTTP monitor is failing to a pool member 10.10.3.75:8080 that serves up
www.example.com.
A ping works to the pool member address.
The SEND string that the monitor is using is:
GET/HTTP/l.l/r/n/Host.www.example.com/r/n/Connection Close/r/n/r/n Which CLI tool syntax will
show that the web server returns the correct HTTP response?
(A). curlhttp://10.10.10.3.75:8080/www.example.com/index.html
(B). curl-header
'Host:www.example.com' http://10.10.3.75:8080/
(C). tracepath
'http://www.example.com:80
(D). tracepath 10.10.3.75:8080 GET /index
Answer: B
NO.347 Which command line interface command will check if the BIG-IP platform contains a packet
velocity ASIC (PVA)?
(A). bigpipe platform show | grep -i pva
(B). tmsh show /sys hardware pva status
(C). tmsh show /sys hardware | grep -i pva
(D). tmsh show /ltm hardware | grep -i pva
Answer: C
NO.348 The BIG-IP Administrator generates QKView using tmsh command "qkview -SO". In which
directory does the BIG-IP appliance save the QKView?
(A). /etc/tmp
(B). /var/tmp
(C). /shared/qkview
(D). /var /tmp/qkview
156
Answer: B
Which TMSH command generated this output?

(A). tmsh list /cm sync-status
(B). tmsh show /sys sync-status
(C). tmsh list /sys sync-status
(D). tmsh show /cm sync status
Answer: D
NO.350 An LTM Specialist has configured a virtual server for www.example.com, load balancing
connections to a pool of application servers that provide a shopping cart application. Cookie
persistence is enabled on the virtual server. Users are able to connect to the application, but the
user's shopping cart fails to update. A traffic capture shows the following:
Request:
GET /cart/updatecart.php HTTP/1.1
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.4 (KHTML, like Gecko)
Chrome/22.0.1229.94 Safari/537.4 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-EncodinG. gzip,deflate,sdch
Accept-LanguagE. en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 CookiE.
BIGipServerwebstore_pool=353636524.20480.0000 Response:
HTTP/1.1 200 OK
DatE. Wed, 24 Oct 2012 18:00:13 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.1
Set-CookiE. cartID=647A5EA6657828C69DB8188981CB5; path=/; domain=wb01.example.com Keep-
AlivE. timeout=5, max=100 Connection: Keep-Alive Content-TypE. text/html No changes can be made
to the application.
What should the LTM Specialist do to resolve the problem?
(A). Use an iRule to rewrite the cartID cookie domain.
(B). Create a universal persistence profile on the cartID cookie.
(C). Enable source address persistence as a fallback persistence method.
(D). Create a cookie persistence profile with "match across services" enabled.
Answer: A
157
NO.351 -- Exhibit -
-- Exhibit --
An administrator created a monitor to a pool member web server, which resulted in a pool member
that is marked red. The administrator knows the web server is working when it is accessed from
another computer.
What should the administrator do to correct the problem?
(A). Change the default gateway on the server.
(B). Create a SNAT in the LTM device configuration.
(C). Change the route to the client in the LTM configuration.
(D). Change the username and/or password on the monitor.
Answer: D
NO.352 A BIG-IP Administrator finds the following log entry:

tnm tmm[7141]: 011e0002:4: sweeperjjpdate: aggressive mode activated.
Which action should the BIG-IP Administrator to mitigate this memory issue?
(A). Configure the redundant par to be active-active
(B). Decrease the TCP profile ide Timeout value
(C). increase the TCP profile ide Timeout value
(D). Configure the serve to use Connection Mirroring
Answer: D
NO.353 -- Exhibit -
158
-- Exhibit --
An LTM Specialist sets up AVR alerts and notifications for a specific virtual server if the server latency
exceeds 50ms. The LTM Specialist simulates a fault so that the server latency is consistently
exceeding the
50ms threshold; however, no alerts are being received.
Which configuration should the LTM Specialist modify to achieve the expected results?
(A). The rule should be adjusted to trigger when server latency is above 50ms.
(B). SNMP alerting should be enabled to allow e-mail to be sent to the support team.
(C). User Agents needs to be enabled to ensure the correct information is collected to trigger the
159
alert.
(D). The metric "Page Load Time" needs to be enabled to ensure that the correct information is
collected.
Answer: A
NO.354 An LTM Specialist is creating a custom EAV monitor.

In which directory should the LTM Specialist upload the script?
(A). /usr/monitor
(B). /usr/monitors
(C). /config/monitors
(D). /usr/bin/monitors
(E). /config/templates
Answer: C
NO.355 A client is attempting to log in to a web application that requires authentication. The
following HTTP headers are sent by the client:
GET /owa/ HTTP/1.1
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
User-Agent: curl/7.26.0
Host: 10.0.0.14
Accept: */*
Accept-EncodinG. gzip,deflate
The web server is responding with the following HTTP headers:
HTTP/1.1 401 Unauthorized
Content-TypE. text/html
Server: Microsoft-IIS/7.5
WWW-AuthenticatE. NTLM
DatE. Wed, 16 Aug 1977 19:12:31 GMT
Content-LengtH. 1293
The client has checked the login credentials and believes the correct details are being entered.
What is the reason the destination web server is sending an HTTP 401 response?
(A). The username and password are incorrect.
(B). The server has an incorrect date configured.
(C). The client is using the wrong type of browser.
(D). The wrong authentication mechanism is being used.
Answer: D
NO.356 An LTM Specialist realizes that a datacenter engineer has changed the console baud rate.
Which command determines the current baud rate via the command line interface?
(A). tmsh show /ltm console
(B). tmsh show /sys console
(C). tmsh list /sys baud-rate
(D). tmsh list /net baud-rate
Answer: B
NO.357 -- Exhibit -
160
-- Exhibit --
A pair of LTM devices is configured for HA.
What happens if the pool member server with IP address 10.0.0.4 becomes totally unresponsive to
the active LTM device, but is still responsive to the standby LTM device?
(A). The HA-group will disable the trunk my_trunk.
161
(B). The HTTP application will be unavailable via the LTM device.
(C). The HA-group will initiate a fail-over because the threshold is set to 2.
(D). The HA-group will initiate a fail-over because the HA-Group score will be zero.
Answer: C
NO.358 AnLTM specialist needs to create a new account with the admin role called "newadmin' and
access to all partitions.
Which tmsh command should be executed?
(A). create /auth user newadmin partition-access add {all-partitions {role admin }} prompt for-
password.
(B). create /users newadmin partition-access add {all-partitions {role admin JJ prompt for-password.
(C). create /user newadmin partition-access add (all-partitions {role admin }} prompt- for-password.
(D). create / sys user newadmin partition-access add (all-partitions {role admin )} prompt-for-
password.
Answer: A
Explanation
Examining the use of commands, the creation of user is subordinate to auth
NO.359 A virtual server is experiencing intermittent port exhaustion. What should be done to fix this
issue?
(A). add moreSNAT addresses
(B). add more pool members
(C). enable advanced routing
(D). enable SNAT automap
Answer: A
NO.360 An LTM Specialist configured a virtual server to load balance a custom application. The
application works when it is tested from within the firewall but it fails when tested externally. The
pool member address is
192.168.200.10:80. A capture from an external client shows:
GET /index.jsp HTTP/1.1
Host: 207.206.201.100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Connection: keep-alive HTTP/1.1
302 Found DatE. Wed, 17 Oct 2012 23:09:55 GMT Server: Apache/2.2.15 (CentOS) Location:
http://192.168.200.10/user/home.jsp
Content-LengtH. 304
Connection: close
What is the solution to this issue?
(A). Assign a SNAT pool to the virtual server.
(B). Add a Web Acceleration Profile to the virtual server.
(C). Configure redirect rewrite option in the HTTP profile.
(D). Configure a content filter on the backend web server.
Answer: C
NO.361 A VLAN has the following objects configured:
162
Self-IP 10.10.10.100 with port lockdown set to Allow default

Virtual server 10.10.10.100:443 with UDP profile enabled
Virtual server 10.10.10.0/24 port forwarding virtual server
Global destination NAT forwarding 10.10.10.100 to internal server 172.168.10.100 Which object will
process this request when https://10.10.10.100 is entered into a browser?
(A). self-IP 10.10.10.100 with port lockdown set to Allow default
(B). virtual server 10.10.100/24 port o forwarding virtual server
(C). global destination NAT forwarding 10.10.10.100 to internal server 172.168.10.100
(D). virtual server 10.10.10.100.443 with UDP profile enabled
Answer: A
NO.362 The 8IG-IP Administrator generates a qkview using "qkview -SO" and needs to transfer the
output file via SCP.
Which directory contains the output file?
(A). /var/log
(B). /var/tmp
(C). /var/local
(D). /var/config
Answer: B
NO.363 An LTM Specialist sees these entries in /var/log/ltm:

Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server
(see RFC5746) aborteD. 172.16.20.1:443 Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4:
Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443 Oct 25 03:34:32
tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746)
aborteD. 172.16.20.1:443 Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection
attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443 Oct 25 03:34:32 tmm
warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD.
172.16.20.1:443 Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to
insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443 Assume 172.16.20.0/24 is attached to
the VLAN "internal." What should the LTM Specialist use to troubleshoot this issue?
(A). curl -d - -k https://172.16.20.1
(B). ssldump -i internal host 172.16.20.1
(C). tcpdump -i internal host 172.16.20.1 > /shared/ssl.pcap
ssldump < /shared/ssl.pcap
(D). tcpdump -s 64 -i internal -w /shared/ssl.pcap host 172.16.20.1
ssldump -r /shared/ssl.pcap
Answer: B
NO.364 A BIG-IP Administrator is working with a BIG-IP device and discovers that one of the
Interfaces on a Trunk is DOWN.
What is the reason for this Interface status?
(A). The switch is NOT connected to the Interface
(B). There is NO transceiver installed on the Interface
(C). There is NO default route configured for this trunk
(D). The media speed of the interface has NOT been set
163
Answer: A
NO.365 A OneConnect profile is applied to a virtual server. The LTM Specialist would like the client
source IP addresses within the 10.10.10.0/25 range to reuse an existing server side connection.
Which OneConnect profile source mask should the LTM Specialist use?
(A). 0.0.0.0
(B). 255.255.255.0
(C). 255.255.255.128
(D). 255.255.255.224
(E). 255.255.255.255
Answer: C
During a planned upgrade lo a BIG-IP HA pair running Active/Standby, an outage to application traffic
is reported shortly after the Active unit is forced to Standby Reverting the flower resolves the outage.
What should the BIG-IP Administrator modify to avoid an outage during the next for over event?
(A). The Tag voice on the Standby device
(B). The interface on the Active device to 1.1
(C). The Tag value on the Active device
(D). The Interface on the Standby device to 1.1
Answer: A
NO.367 A device on the network is configured with the same IP address as the management address
of the active LTM device, causing the management GUI to be inaccessible.
Which two methods should the LTM Specialist use to access the LTM device in order to change the
management IP address? (Choose two.)
(A). Connect via ssh to the AOM IP address.
164
(B). Connect via ssh to the management address.

(C). Connect to the LTM device via serial connection.
(D). Connect a monitor and keyboard to the LTM device.
(E). Connect via ssh to the standby unit and connect via ssh across the serial link between the devices
.
Answer: A,C
NO.368 An LTM device is monitoring three pool members. One pool member is being marked down.
What should the LTM Specialist enable to prevent the server from being flooded with connections
once its monitor determines it is up?
(A). manual resume
(B). packet shaping
(C). hold down timer
(D). slow ramp timer
(E). fastest load balance algorithm
Answer: D
NO.369 An LTM Specialist regularly provides analytics reports that show that traffic generated by
different subnets within the organization. The LTM Specialist needs show the associate department
names next the IP addresses in the reports.
Which step should the LTM Specialist take to meet this requirement?
(A). use an iRule to change the output of the report
(B). export the report and add the department names manually
(C). create VLANs for each subnet and set the name accordingly
(D). define active subnetsand assign a name to certain subnets
Answer: C
NO.370 -- Exhibit -
-- Exhibit --
165
An LTM Specialist has a virtual server set up on the LTM device as per the exhibit. The LTM Specialist
receives reports of intermittent issues. Some clients are connecting fine while others are failing to
connect.
The LTM Specialist does a tcpdump on the relevant interfaces, with the following results extracted:
What is causing the intermittent issues?
(A). The firewall is dropping the packets from WS1.
(B). The default gateway is inaccessible from WS1.
(C). The load balancing (LB) method is inappropriate.
(D). The pool members have been set up as an active/standby pair, with WS1 as the standby.
Answer: B
NO.371 A BIG-IP Administrator uses a device group to share the workload and needs to perform
service on a BIG-IP device currently active for a traffic group. The administrator needs to enable the
traffic group to run on another BIG-IP device in the device group. What should the administrator do
to meet the requirement?
(A). Select Traffic Group and then select Failover
(B). Select Traffic Group on Primary Unit and then select Demote
(C). Select Traffic Group and then select Force to Standby
(D). Create a new Traffic Group and then fail to Standby Unit
Answer: C
NO.372 Which three HTTP headers allow an application server to determine the client's language
compatibility, browser, operating system type, and compression compatibility? (Choose three.)
(A). Accept
(B). Accept-Encoding
(C). Accept-Language
(D). Host
(E). User-Agent
Answer: B,C,E
NO.373 A BIG-IP Administrator runs the initial configuration wizard and learns that the NTP servers
were invalid. In which area of the Configuration Utility should the BIG-IP Administrator update the list
of configured NTP servers?
(A). System > Configuration
(B). System > Services
(C). System > Preferences
(D). System > Platform
Answer: A
NO.374 Given this as the first packet displayed of an ssldump:

2 2 1296947622.6313 (0.0001) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
19 21 d7 55 c1 14 65 63 54 23 62 b7 c4 30 a2 f0
b8 c4 20 06 86 ed 9c 1f 9e 46 0f 42 79 45 8a 29
166
session_id[32]=
c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad
4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
In reviewing the rest of the ssldump, the application data is NOT being decrypted.
Why is ssldump failing to decrypt the application data?
(A). The application data is encrypted with SSLv3.
(B). The application data is encrypted with TLSv1.
(C). The data is contained within a resumed TLS session.
(D). The BigDB Key Log.Tcpdump.Level needs to be adjusted.
Answer: C
NO.375 An LTM Specialist needs to modify the logging level for tcpdump execution events. Checking
the BigDB Key, the following is currently configured:
sys db log.tcpdump.level {
value "Notice"
}
Which command should the LTM Specialist execute on the LTM device to change the logging level to
informational?
(A). tmsh set /sys db log.tcpdump.level value informational
(B). tmsh set /sys db log.tcpdump.level status informational
(C). tmsh modify /sys db log.tcpdump.level value informational
(D). tmsh modify /sys db log.tcpdump.level status informational
Answer: C
NO.376 A BIG-IP Administrator needs to find which modules have been licensed for use on the BIG-
IP system. In which section of the Configuration Utility can the BIG-IP Administrator find this
information?
(A). System > Services
(B). System > Resource Provisioning
(C). System > Platform
(D). System > Support
Answer: B
NO.377 An LTM Specialist has detected that a brute force login attack is occurring against the SSH
service via a BIG-IP management interface. Login attempts are occurring from many IPs within the
internal company network. BIG-IP SSH access restrictions are in place as follows:
The LTM Specialist has determined that SSH access should only occur from the 192.168.1.0/24 and
172.16.254.0/23 networks.
Whichtmsh command should the LTM Specialist use to permit access from the desired networks
only?
167
(A). modify.sys sshd allow add {''192.168. 10/24 , '' ''172. 16 2540/23'')
(B). modify /sys sshd login disable (''10.0.00/8'', ''172 16.0 0/12'', ''192. 168.0.0/16'')
(C). modify/sys allow replace-all-with {''192.168.1.00/24'', ''192.16.254.0/23''}
(D). modify/sys sshd login enable {''192.166.10/24'''' ''172.16 254 0/23
Answer: C
Explanation
Select C to overwrite the existing network's allow configuration over the specified network segment.
NO.378 -- Exhibit -
-- Exhibit --
Users report that a web application works incorrectly. Sometimes contextual data displayed on the
web pages is accurate; other times it is inaccurate.
The LTM administrator looks at the connection table with a filter on one of the client IP addresses
currently connected using the command "tmsh show sys connection cs-client-addr 10.0.20.1" with
the following results:
10.0.20.1:60048 10.0.20.88:80 10.0.20.1:60048 172.16.20.1:80 tcp 3 (tmm: 0)
10.0.20.1:60050 10.0.20.88:80 10.0.20.1:60050 172.16.20.3:80 tcp 3 (tmm: 0)
10.0.20.1:60047 10.0.20.88:80 10.0.20.1:60047 172.16.20.2:80 tcp 3 (tmm: 0)
10.0.20.1:60049 10.0.20.88:80 10.0.20.1:60049 172.16.20.1:80 tcp 3 (tmm: 0) What is the solution to
the problem?
(A). Synchronize the clock of the LTM device with NTP.
(B). Modify the load balancing method attached to the pool.
168
(C). Set up an HTTP cookie insert profile in the virtual server.

(D). Modify the setup of the monitor bound to the pool used by the application.
Answer: C
NO.379 An LTM Specialist is troubleshooting an HTTP monitor. The pool member is accessible
directly through a browser, but the HTTP monitor is marking the pool member as down.
GET / HTTP/1.1
DatE. Tue, 23 Oct 2012 21:39:07 GTM
Server: Apache/2.2.22 (FreeBSD) PHP/5.4.4
mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2
Content-LengtH. 226
Connection: close
Which issue is the pool member having?
(A). The pool member has too many concurrent connections.
(B). The pool member is rejecting the request because it is invalid.
(C). The pool member lacks the object requested by the monitor.
(D). The pool member is NOT accepting requests from the LTM device IP address.
Answer: B
NO.380 An LTM Specialist has trouble with SNMP traps in the management network The ITM
Specialist takes the network capture shown to troubleshoot:
Whatshould the UM Specialist change to capture packets related to this workflow?

(A). the interface
(B). the tcpdump filter expression
(C). the verbose level
(D). the port
Answer: A
NO.381 The BIG-IP appliance fails to boot. The BIG-IP Administrator needs to run the End User
Diagnostics (EUD) utility to collect data to send to F5 Support.
Where can the BIG-IP Administrator access this utility?
(A). Console Port
(B). Internal VLAN interface
(C). External VLAN interface
(D). Management Port
Answer: A
NO.382 Four members in a server pool have similar hardware platforms. An LTM Specialist needs
the load balancing method that canselect the server with the fewest entries in the persistence table.
Which load balancing method should the LTM Specialist use?
(A). Observed
169
(B). Dynamic Ratio

(C). Least Sessions
(D). Leas Connections
Answer: C
Explanation
Pay attention to theexamination questions, the stem is to ask the session to keep the minimum
entries in the table.
NO.383 A BIG-IP Administrator must determine if a Virtual Address is configured to fail over to the
standby member of a device group in which area of the Configuration Utility can this be confirmed?
(A). Device Management > Traffic Groups
(B). Device Management > Devices
(C). Local Traffic > Virtual Servers
(D). Device Management > Overview
Answer: C
NO.384 A pool of four servers has been partially upgraded for two new servers with more memory
and CPU capacity.
The BIG-IP Administrator must change the load balance method to consider more connections for the
two new servers. Which load balancing method considers pool member CPU and memory load?
(A). Round Robin
(B). Dynamic Ratio
(C). Ratio
(D). Least Connection
Answer: C
NO.385 A VCMP guest has the following characteristics:

* Resources allocated for CPU memory, network interfaces, and disk space
* Virtual disk created
* The guest is NOT running
The guest isNOT running in which state is the VCMP guest
(A). Offline
(B). Deployed
(C). Provisioned
(D). Configured
Answer: C
NO.386 AN LTM Specialist receives reports that an external company application is having reliability
issues. The F5 Administrator finds the following in /vat/log/ltm file.
The LTM Specialist determines that the F5 LTMdevice is entering into Aggressive Mode Adaptive
Reaping, which is causing the site reliability issues.
What is the most likely reason that the LTM device has entered into Aggressive Mode Adaptive
170
Reaping?
(A). The LTM device exceeds licensed traffic limits.
(B). The site has too many licensed modules.
(C). The LTM device has not provisioned AVR.
(D). The site is under DDOS attack
Answer: D
NO.387 -- Exhibit -
-- Exhibit --
Which profile could be removed or changed on this virtual server to reduce CPU load on the LTM
device without increasing server side bandwidth usage?
(A). tcp
(B). http
(C). httpcompression
(D). optimized-caching
Answer: C
NO.388 A Virtual Server uses an iRule to send traffic to pool members depending on the URI. The
BIG-IP Administrator needs to modify the pool member in the iRule.
Which event declaration does the BIG-IP Administrator need to change to accomplish this?
(A). CLIENT_ACCEPTED
(B). HTTP_RESPONSE
(C). HTTP_REQUEST
(D). SERVER_CONNECTED
Answer: C
Explanation
According to the UR! distribution is the category of HTTP requests, need to trigger HTTP_REQUEST
event.
NO.389 -- Exhibit -
171
-- Exhibit --
A user is unable to access an HTTP application via a virtual server.
What is the cause of the failure?
(A). The host header requires a host name.
(B). The virtual server is in the disabled state.
(C). The Connection: Keep-Alive header is set.
(D). There is no pool member available to service the request.
Answer: D
NO.390 An LTM Specialist needs to enable TCP connection re-use for a non-HTTP application. The
application uses a simple request response protocol where each request and response iscontained
within a single packet.
Which configuration option should the LTM Specialist adjust?
(A). increase the connection limit for pool members
(B). increase the idle Timeout in a custom TCP profile
(C). use a Performance (Layer 4) Virtual Server
(D). assign aOneConnect profile
Answer: D
NO.391 A web application requires knowledge of the client's true IP address for logging and analysis
purposes.
172
Instances of the application that can decode X-Forwarded-For HTTP headers reside in pool_a, while
pool_b instances assume the source IP is the true address of the client.
Which iRule provides the proper functionality?
(A). when HTTP_DATA {
if {[HTTP::header exists X-Forwarded-For]}{
pool pool_a
} else {
pool pool_b
}
}
(B). when HTTP_RESPONSE {
pool pool_a
} else {
pool pool_b
}
}
(C). when HTTP_REQUEST {
pool pool_a
} else {
pool pool_b
}
}
(D). when HTTP_OPEN {
pool pool_a
} else {
pool pool_b
}
}
Answer: C
NO.392 A BIG-IP Administrator needs to check the memory utilization on a BIG-IP system. Which
two methods can the UIG IP Administrator use? (Choose two.)
(A). Run the tmsh show/sys memory command
(B). Run the tmsh show/sys traffic command
(C). Go to Statistics > Module Statistics > Traffic Summary in the configuration utility
(D). Go to Statistics > Module Statistics > Memory in the configuration utility
(E). Go to System > Disk Management in the configuration utility
Answer: A,D
NO.393 Which procedure should an LTM Specialist follow to move a configuration from a 1500 to a
1600 hardware platform during an upgrade?
(A). tmsh save sys config file filename.scf
copy the file from the /var/local/scf directory from one device to the other tmsh load sys config file
173
filename.scf
(B). tmsh save sys backup file filename.scf
copy the file from the /var/local/scf directory from one device to the other tmsh load sys backup file
filename.scf
(C). tmsh save sys backup file filename.scf
copy the file from the /var/local/ucs directory from one device to the other tmsh load sys backup file
filename.scf
(D). tmsh save sys config file filename.scf
copy the file from the /var/local/ucs directory from one device to the other tmsh load sys config file
filename.scf
Answer: A
NO.394 ABIG IP system load balances connections to a web application. A TCP-based Denial of
Service attack against the web application is occurring, which has caused very high memory
utilization on the LTM device due to stale TCP connections.
Which TCPprofile option should be used to reduce memory utilization?
(A). Idle timeout
(B). Reset on timeout
(C). Slow Start
(D). Multipath TCP
Answer: A
NO.395 -- Exhibit -
-- Exhibit --
An LTM Specialist is investigating reports that users are unable to perform some commands through
an FTP virtual server. The LTM Specialist performs a capture on the server side of the LTM device.
What is the issue with the application?
(A). data connection failing
(B). LIST command disallowed
(C). PORT command disallowed
(D). command connection failing
Answer: A
NO.396 An LTM device has a virtual server mapped to www.f5.com with a pool assigned. Users
report that when browsing, they are periodically required to re-login to
/resources/201.1.7.b.2_l.com. The objects are defined as follows:
Virtual server. Destination 192.168.245.100:443 netmask 255.255.255.0
Persistence: SSL session persistence
Profiles: HTTP/TCP
Which persistence method should the BIG-IP Administrator apply to resolve this issue?
174
(A). Source address affinity

(B). hexadecimal
(C). SIP
(D). Destination address affinity
Answer: A
NO.397 DNS queries from two internal DNS servers are being load balanced to external DNS Servers
via a Virtual Server on a BIG-P device. The DNS queries originate from 192.168.101.100 and
192.168.101.200 and target 192.168.21.50 All DNS queries destined for the external DNS Servers fail
Which property change should the BIG-IP Administrator make in the Virtual Server to resolve this
issue?
(A). Protocol Profile (Client) to DNS-OPTIMZED
(B). Type to Performance (HTTP)
(C). Protocol to UDP
(D). Source Address to 192.168.101.0/24
Answer: C
Which two pool members are eligible to receive new connections? (Choose two)
(A). 10.21.0.102.80
(B). 10.21.0.104.80
(C). 10.21.0.105.80
(D). 10.21.0.101.80
(E). 10.21.0.103.80
Answer: B,D
NO.399 Given a tcpdump on an LTM device from both sides of a connection on the External and
Internal VLANs, how should an LTM Specialist determine if SNAT is enabled for a particular pool?
(A). by checking to see if the Source IP is carried through from the External Vlan to the Internal Vlan
(B). by checking to see if the Destination port is carried through from the External Vlan to the Internal
Vlan
175
(C). by checking to see if the Source port is carried through from the External Vlan to the Internal Vlan
(D). by checking to see if the Destination IP is carried through from the External Vlan to the Internal
Vlan
Answer: A
NO.400 An HA pair of LTM devices configured in Active-Standby mode stops responding to traffic
and causes an outage. The Active device becomes Standby, but the partner device stays in Standby
mode instead of taking over as Active. A reboot and restart of the services brings the LTM device to
Active mode for a short time, but then it goes into Standby mode again.
Which two configuration components caused this condition? (Choose two.)
(A). VLAN Fail-safe
(B). System Fail-safe
(C). Gateway Fail-safe
(D). Switch Board Failure
(E). Link down on Failover
Answer: A,C
NO.401 -- Exhibit -
-- Exhibit --
An LTM Specialist configures a virtual server that balances HTTP connections to a pool of three
application servers. Approximately one out of every three connections to the virtual server fails.
Which two actions will resolve the problem? (Choose two.)
(A). Assign a custom HTTP monitor to the pool.
(B). Enable SNAT automap on the virtual server.
(C). Verify that port lockdown is set to allow port 80.
(D). Verify the default gateway on the application servers.
(E). Increase the TCP timeout value in the default TCP profile.
Answer: B,D
NO.402 An LTM Specialist decides to offload SSL traffic on the LTM device instead of just passing it
through. The LTM Specialist needs to change the configure from a Performance (Layer 40 virtual
server to a Standard virtual server with SSL offload.
Which two element the LTM Specialist consider when performance this task? (Choose two.)
(A). CPU load
(B). Sensitive connections
(C). Port exhaustion
(D). Memory load
(E). Connection mirroring
Answer: A,D
NO.403 A configuration change is made on the standby member of a device group.
176
What is displayed as "Recommended Action" on the Device Management Overview screen?

(A). Force active member of device group to standby
(B). Activate device with the most recent configuration
(C). Synchronize the active member configuration to the group.
(D). Synchronize the standby member configuration to the group
Answer: D
NO.404 An LTM Specialist must reconfigure a BIG-IP system that load balances traffic to a web
application. The security department has informed the LTM Specialist that the following cipher string
must be used for TLS connections from BIG-IP to the web application.
NATIVE:IMDS:EXPORT:IDHE:EDH@SPEED
In which virtual server profile should the cipher string be configured?
(A). Server SSL
CB. Client SSL
(B). SPDY profile
(C). Rewrite profile
Answer: A
Explanation
Require SSL and flow F5 to server, server ssl
NO.405 -- Exhibit -
-- Exhibit --
A pair of LTM devices are configured for HA. The LTM Specialist observes from a capture that there is
a successful connection from a client directly to a web server and an unsuccessful connection from a
client via the LTM device to the same web server.
Which two solutions will solve the configuration problem? (Choose two.)
(A). Configure SNAT on the pool.
(B). Configure SNAT on the virtual server.
(C). Change server default gateway to point at LTM internal self IP.
(D). Change server default gateway to point at LTM internal floating IP.
Answer: B,D
NO.406 -- Exhibit -
177
-- Exhibit --
An LTM Specialist is troubleshooting a new HTTP monitor on a pool. The pool member is functioning
correctly when accessed directly through a browser. However, the monitor is marking the member as
down.
The LTM Specialist captures the monitor traffic via tcpdump.
What is the issue?
(A). The server is marking the connection as closed.
(B). The pool member is rejecting the monitor request.
(C). The monitor request is NOT returning the page body.
(D). The 'time-until-up' setting on the monitor is incorrect.
Answer: C
NO.407 Given the iRule:

when HTTP_REQUEST {
if {([HTTP::username] ne "") and ([HTTP::password] ne "") } {
log local0. "client ip [IP::remote_addr] credentials provided [HTTP::username] [HTTP::password]"}
else { pool old_application_pool
}
}
178
The associated virtual server has a default pool named new_application_pool.

Which functionality does the iRule provide?
(A). Allows clients with credentials to access the old_application_pool and logs the access of clients
without credentials to the new_application_pool.
(B). Allows clients without credentials to access the old_application_pool and logs the access of
clients with credentials to the new_application_pool.
(C). Allows clients with credentials to access the old_application_pool and logs the attempted access
of clients with credentials to the new_application_pool.
(D). Allows clients without credentials to access the old_application_pool and logs the attempted
access of clients without credentials to the new_application_pool.
Answer: B
NO.408 What is the recommended procedure for upgrading a major TMOS release on a BIG-IP
platform?
(A). 1. Renew the device license.
2.Take a configuration backup.
3.Reboot the device to the non-active volume.
4.Upload the device code.
5.Install device code to the current volume.
(B). 1. Take a configuration backup.
3.Install device code to the non-active volume.
5.Renew the device license.
(C). 1. Renew the device license.
2.Take a configuration backup.
4.Install device code to the non-active volume.
(D). 1. Take a configuration backup.
3.Renew the device license.
5. Install device code to the current volume.
Answer: C
NO.409 A new VLAN vlan301 has been configured on a highly available LTM device in partition
ApplicationA. A new directly connected backend server has been placed on vlan301. However, there
are connectivity issues pinging the default gateway. The VLAN self IPs configured on the LTM devices
are 192.168.0.251 and
192.168.0.252 with floating IP 192.168.0.253. The LTM Specialist needs to perform a packet capture
to assist with troubleshooting the connectivity.
Which command should the LTM Specialist execute on the LTM device command line interface to
capture the attempted pings to the LTM device default gateway on VLAN vlan301?
(A). tcpdump -ni /ApplicationA/vlan301 'host 192.168.0.253'
(B). tcpdump -ni vlan301 'host 192.168.0.253'
179
(C). tcpdump -ni /ApplicationA/vlan301 'host 192.168.0.251 or host 192.168.0.252'

(D). tcpdump -ni vlan301 'host 192.168.0.251 or host 192.168.0.252'
Answer: A
NO.410 A BIG-IP Administrator needs to modify a virtual server that web offload web traffic
compression tasks from the target server.
Which two profiles must the BIG-IP Administrator apply to a virtual server to enable compression?
(Choose two)
(A). Server SSL profile
(B). Stream profile
(C). Persistence profile
(D). HITP profile
(E). Compression profile
Answer: D,E
NO.411 An application owner claims an LTM device is delaying delivery of an HTTP application. The
LTM device has two VLANs, an internal and an external. The application servers reside on the internal
VLAN. The virtual server and clients reside on the external VLAN.
With appropriate filters applied, which solution is most efficient for obtaining packet captures in
order to investigate the claim of delayed delivery?
(A). one capture on interface 0.0
(B). one capture on the internal interface
(C). one capture on the external interface
(D). one capture on the management interface
Answer: A
NO.412 A design requires the LTM device to become HA standby when the one of the two physical
interface on the External trunk is down the Externaltrunk is an interface on the External VLAN Which
TMOS command enables this behavior?
(A). tmsh modify net van External failsafe enabled
(B). tmsh create sys ha-group External trunks add Externally
(C). tmsh create sys ha-group External trunks add External threshold 2 weight 101)
(D). tmsh create sys ha-group External trunks add ( External( attribute percent up-members 100))
Answer: C
NO.413 An organization's development team creates an application to put behind the F5LTM device.
The application can be quite load intensive at first, and then evens out over time. The team's load
balancing method needs to select a pool after taking into account the pool member's response over
the time to avoid landing on a busy pool member.
Which of the following load balancing methods meets this requirement?
(A). Fastest (application)
(B). Predictive (member)
(C). Dynamic (node)
(D). Observed (member)
Answer: B
180
NO.414 An LTM Specialist toconfigure a backend server to be disabled it takes longer than 30
seconds to respond to a request.
Which values should the LTM Specialist enter for interval and timeout?
(A). Interval 10, timeout 30
(B). Interval 10, timeout 31
(C). Interval 30, timeout 30
(D). Interval 30, timeout 91
Answer: B
Explanation
The official recommendation is that timeout 3 times the interval value +1.
A pool member fails the monitor checks for about 30 minutes and then starts passing the monitor
checks. New traffic is Not being sent to the pool member.
What is the likely reason for this problem?
(A). The pool member is disabled
(B). Monitor Type is TCP Half Open
(C). Manual resume is enabled
(D). Time Until Up is zero
181
Answer: C
A BIG-IP Administrator configures a now VLAN on an HA pair of devices that does NOT yet have any
traffic. This action causes the assigned traffic group to fail over to the standby device.
Which VLAN setting should be changed to prevent this issue?
(A). Auto Last Hop
(B). Fail-safe
(C). Customer Tag
(D). Source Check
Answer: B
NO.417 An LTM Specialist needs to create a virtual server to pass TCP traffic to three pool members.
Which two virtual server types should be used to meet the requirements? (Choose two)
(A). Performance (Layer A)
(B). Standard
(C). Forwarding (IP)
(D). Stateless
(E). Forwarding (Layer 2)
182
Answer: A,B
NO.418 -- Exhibit -
-- Exhibit --
Which URL should be reported to the server/application team as getting user-visible errors?
(A). /env.cgi
(B). /page14.cgi
(C). /reflector.php
(D). /browserspecific.html
Answer: B
NO.419 -- Exhibit -
183
-- Exhibit --
An LTM Specialist configures a virtual server to perform client-side encryption while allowing the
server-side traffic to be unencrypted. Application owners report that images are failing to load
through the virtual server; however, images load when going directly to the server.
What is the problem with the images loading through the virtual server?
(A). Image references are for HTTP objects, not HTTPS.
(B). Image references are for HTTPS objects, not HTTP.
(C). The virtual server does not have "SSL Offloading" enabled.
(D). The virtual server does not have an HTTP profile associated.
Answer: A
NO.420 Refer to the exhibit. The BIG-IP Administrator needs to avoid overloading any of the Pool
Members with connections, when they become active.
What should the BIG-IP Administrator configure to meet this requirement?
184
(A). Different Ratio for each member

(B). Same Priority Group to each member
(C). Action On Service Down to Reselect
(D). Slow Ramp Time to the Pool
Answer: D
An organization is reporting slow performance accessing their Intranet website, hosted in a public
cloud. All employees use a single Proxy Server with the public IP of 104.219.110.168 to connect to the
Internet. What should the BIG-IP Administrator of the Intranet website do to fix this issue?
(A). Change Source Address to 104.219.110.168/32
(B). Change Load Balancing Method to Least Connection
(C). Change Fallback Persistence Profile to source_addr
(D). Change Default Persistence Profile to cookie
Answer: D
NO.422 What should an LTM Specialist configure on an LTM device to send AVR notification emails?
(A). Email notification to be sent via iControl from the LTM device
185
(B). Syslog on the LTM device to send to an SMTP server

(C). Custom SNMP traps on the LTM device for AVR notifications
(D). Email notification to be sent via SMTP from the LTM device
Answer: D
NO.423 One of the two members of a device group has been decommissioned. The BIG-IP
Administrator tries to delete the device group, but is unsuccessful.
Prior to removing the device group, which action should be performed?
(A). Disable the device group
(B). Remove all members from the device group
(C). Remove the decommissioned device from the device group
(D). Make sure all members of the device group are in sync
Answer: B
NO.424 Which two subsystems could the LTM Specialist utilize to access an LTM device with lost
management interface connectivity? (Choose two.)
(A). AOM
(B). ILO
(C). SCCP
(D). ALOM
Answer: A,C
NO.425 A development team needs to apply a software fix and troubleshoot one of its servers. The
BIG-IP Administrator needs to immediately remove all connections from the BIG-IP system to the
back end server.
The BIG-IP Administrator checks the Virtual Server configuration and finds that a persistence profile is
assigned to it. What should the 8IG-IP Administrator do to meet this requirement?
(A). Set the pool member to a Forced Offline state and manually delete easting connections through
the command line.
(B). Set the pool member to a Forced Offline state.
(C). Set the pool member to a Disabled state.
(D). Set the pool member to a Disabled state and manually delete existing connections through the
command line.
Answer: A
NO.426 An LTM Specialist needs to create a pool with a set of monitor that checks both the pool
members and corresponding application service ports. The pool members have services on port 80.
The application service is on port 8009.
The LTM device should load balance traffic to the pool member when the pool member and
corresponding application service pass monitor.
Which monitor and parameter set meets this requirement?
(A). TCP monitor for port*
Plus a custom TCPmonitor with alias port 8009,
And the pool's availability requirements set to the ALL
(B). TCP monitor for port
Plus a ustom TCP monitor with alias port 8009,
186
And the pool's availability requirement set to All

(C). TCP monitor for port*
Plus a custom TCP monitor with alias port 8009
And the pool 's availability requirement set to 1.
(D). TCP monitor for port
Plus a custom TCP monitor with alias port 80
And the pool's availability requirement set to ALL
Answer: A
NO.427 An LTM Specialist defines a receive string in the HTTP monitor and then assigns it to the
HTTP pool. The monitor has an interval of 5 seconds and a timeout of 16 seconds.
If the receive string is NOT seen in the the HTTP payload after 20 seconds, how does the LTM device
mark the monitor status?
(A). offline
(B). unknown
(C). available
(D). unavailable
(E). forced offline
Answer: A
NO.428 Exhibit.
The three VLANS shown provide connectivity to backend servers. The backend servers are being
moved to unmanaged switches and require separate interfaces.
How should the F5 device interfaces be configured?
187
(A). Create a Trunk interface and combined interface 1.1.1.2 and 1.3.
(B). Create a Trunk interface and select VLAN_A, VLAN_B. and VLAN_C.
(C). Create VLAN named VLAN_A enter 100 under Tag and moveinterface 1.1 to tagged Create
VLAN_B enter 200 and move interface 1.2 to tagged Create VLAN_C Center 300 and move interface
1.3 to tagged.
(D). Create VLAN_A move interface 1.1 to untagged. Create VLAN_B move interface 1.2 to untagged.
Create VLAN_C move interface 1.3 to untagged.
Answer: D
NO.429 A webserver is being overloaded with HTTPS traffic. To decrease the load on the server, the
LTM Specialist and the Server. Administrator decide to perform SSL offloading on the LTM device. The
configuration of the virtual server is as follows:
Which change must be made to the configuration to perform SSL offloading?

(A). Remove the clientssl and http profiles
(B). Remove the clients profile
(C). Remove the clientssl and serverssl profiles
(D). Remove the severssl profile
Answer: D
NO.430 -- Exhibit -
188
-- Exhibit --
Users are able to access the application when connecting directly to the web server but are
unsuccessful when connecting to the virtual server. Return traffic bypasses the LTM device using
Layer 2 nPath routing.
Which configuration change resolves this problem?
(A). Enable a SNAT pool on the LTM device.
(B). Disable address translation on the LTM device.
(C). Configure a route on the web server to the client subnet.
(D). Configure the virtual server to listen on port 80 on the LTM device.
(E). Configure the VIP address on the loopback interface of the web server.
Answer: E
NO.431 While working with a web developer, it is determined that additional logic is required to
assess the pool member availability.
Which twomonitor types should be used in this scenario? (Choose two)
(A). TCP
(B). Scripted
(C). Gateway ICMP
(D). TCP Echo
(E). External
Answer: B,E
NO.432 Users are unable to reach an application. The BIG-IP Administrator checks the Configuration
Utility and observes that the Virtual Server has a red diamond in front of the status. What is causing
this issue?
189
(A). All pool members are down.

(B). The Virtual Server is receiving HTTPS traffic over HTTP virtual.
(C). The Virtual Server is disabled.
(D). All pool members have been disabled.
Answer: A
NO.433 An LTM Specialist is receiving reports from customers about multiple applications failing to
work properly.
The LTM Specialist looks at the services running and notices that the bigd process has NOT started.
How are monitored LTM device objects marked when the bigd process is stopped?
(A). red or offline
(B). blue or unchecked
(C). green or available
(D). unchanged until bigd is restarted
Answer: D
NO.434 The output of a tmsh command is: ------------------------------------------------------------

Net::Interface Name Status Bits Bits Errs Errs Drops Drops Colli In Out In Out In Out sions
------------------------------------------------------------ 1.1 down 0 0 0 0 0 0 0 1.2 up 191.4K 0 0 0 374 0 0 1.3
down 0 0 0 0 0 0 0 1.4 up 22.5K 0 0 0 44 0 0 2.1 miss 0 0 0 0 0 0 0 2.2 miss 0 0 0 0 0 0 0 mgmt up
43.2G
160.0G 0 0 0 0 0
Which command was executed on the LTM device to show the output?
(A). tmsh show /net interface
(B). tmsh /net show interface status
(C). tmsh /net show interface
(D). tmsh show /net interface status
Answer: A
A pool is contoured with four members. A user has a currentconnection established with 10.18.1.40.
The virtual server has a persistence Profile configured.
(A). 10.18.1.10
190
(B). 10.18.1.20
(C). 10.18.1.40
(D). 10.18.1.30
Answer: C
NO.436 What should the LT'M Specialist add to the virtual server?
(A). one
Stream profile and an iRule with the command of STREAM expression (@http:// @https://
@@internalapp@publicapp@)
(B). two
Stream profiles and an iRule with the command of STREAM expression (@http:// @https://
@@internalapp@publicapp@)
(C). one
Stream profile with the expression of @http:// @https:// @
(D). Two Stream profiles, one profile for each rewrite requirement
Answer: A
NO.437 Internet clients connecting to a virtual server to download a file are experiencing about 150
ms of latency and no packet loss.
Which built-in client-side TCP profile provides the highest throughput?
(A). tcp
(B). tcp-legacy
(C). tcp-lan-optimized
(D). tcp-wan-optimized
Answer: D
NO.438 A user wants to use the iHealth Upgrade Advisor to determine any issues with upgrading
TMOS from 13.0 to
13.1.
Where can the user generate the QKView to upload to iHealth?
(A). System > Software Management
(B). System > Archives
(C). System > Configuration
(D). System > Support
Answer: D
NO.439 In an iApp, which configuration protects against accidental changes to an application

Services configuration?
(A). Components
(B). Strict Updates
(C). Name
(D). Template
Answer: B
191
NO.440 A virtual server for a set of web services is constructed on an LTM device. The LTM Specialist
has created an iRule and applied this iRule to the virtual server:
when HTTP_REQUEST {
switch [HTTP::uri] {
"/ws1/ws.jsp" {
log local0. "[HTTP::uri]-Redirected to JSP Pool"
pool JSP
}
default { log local0. "[HTTP::uri]-Redirected to Non-JSP Pool"
pool NonJSP
}
}
}
However, the iRule is NOT behaving as expected. Below is a snapshot of the log:
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/WS.jsp-Redirected to Non-JSP Pool
/ws1/WS.jsp-Redirected to Non-JSP Pool
/ws1/ws.jsp-Redirected to Non-JSP Pool
What should the LTM Specialist do to resolve this?
(A). Use the followinG. switch -lc [HTTP::uri]
(B). Use the followinG. switch [string tolower [HTTP::uri]]
(C). Set the "Case Sensitivity" option of each member to "None".
(D). Select the "Process Case-Insensitivity" option for the virtual server.
Answer: B
NO.441 Users are experiencing low throughput when downloading large files over a high-speed
WAN connection.
Extensive packet loss was found to be an issue but CANNOT be eliminated.
Which two TCP profile settings should be modified to compensate for the packet loss in the network?
(Choose two.)
(A). slow start
(B). proxy options
(C). proxy buffer low
(D). proxy buffer high
(E). Nagle's algorithm
Answer: C,D
NO.442 -- Exhibit -
192
-- Exhibit --
An HTTP monitor always marks the nodes in the pool as down. The monitor's definition and the HTTP
headers from the monitor request and response are provided.
What is the issue?
(A). The response is compressed.
(B). The send string is incorrect.
(C). The monitor timeout is too short.
(D). The monitor is NOT configured to follow the redirect.
Answer: B
NO.443 An LTM Specialist must perform a packet capture on a virtual server with an applied
standard FastL4 profile.
The virtual server 10.0.0.1:443 resides on vlan301.
Which steps should the LTM Specialist take to capture the data payload successfully while ensuring
no other virtual servers are affected?
(A). The standard FastL4 profile should have PVA acceleration disabled. Then the packet capture
tcpdump
-ni vlan301 should be executed on the command line interface.
(B). The packet capture tcpdump -ni vlan301 should be executed on the command line interface.
There is no need to change profiles or PVA acceleration.
(C). A new FastL4 profile should be created and applied to the virtual server with PVA acceleration
disabled.
Then the packet capture tcpdump -ni vlan301 should be executed on the command line interface.
(D). The LTM device is under light load. The traffic should be mirrored to a dedicated sniffing device.
On the sniffing device, the packet capture tcpdump -ni vlan301 should be executed.
Answer: C
NO.444 A BIG-IP Administrator opens a case with F5 Support. The support engineer requests the
BIG-IP appliance chassis serial number.
193
Which TMSH command will provide this information?

(A). . list /sys software
(B). show /sys version
(C). list/sys diags
(D). show /sys hardware
Answer: D
NO.445 -- Exhibit -
-- Exhibit --
An LTM Specialist is troubleshooting a virtual server. Both the virtual server and the pool are showing
blue squares for their statuses, and new clients report receiving "The connection was reset" through
their browsers.
Connections directly to the pool member are successful.
What is the issue?
(A). The pool member is disabled.
(B). The node is marked as disabled.
(C). The HTTP profile has incorrect settings.
(D). The virtual server is disabled on all VLANs.
Answer: B
194
A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL offload
and re-encrypt the traffic to pool members.
During testing, users are unable to connect to the application.
What must the BIG-IP Administrator do to resolve the issue?
(A). Remove the configured SSL Profile (Client)
(B). Configure Protocol Profile (Server) as splitsession-default-tcp
(C). Enable Forward Proxy in the SSL Profile (Client)
(D). Configure an SSL Profile (Server)
Answer: D
Explanation
According to the requirements of the subject, the client and server must be configured with ssl
profile.
NO.447 The interface 1.1 of the BIG-IP device has been connected to a link dedicated to traffic on
VLAN 120. What should the BIG-IP Administrator do to receive traffic from the VLAN?
(A). Create a new VLAN object and set Customer Tag to 120
(B). Create a new VLAN object and assign the interface 1.1 untagged
(C). Create a new trunk object with interface 1.1 assigned
(D). Create a new trunk object and assign it to the VLAN
195
Answer: B
NO.448 A BIG-IP Operator has made a grave error and deleted a few virtual servers on the active
LTM device fronting the web browsing proxies. The BIG-IP Operator has NOT yet performed a
configuration sync.
Which command should the LTM Specialist execute on the active LTM device to force a failover to the
standby node and restore web browsing?
(A). tmsh /sys failover standby
(B). tmsh run /sys failover standby
(C). tmsh /sys failover status standby
(D). tmsh run /sys failover status standby
Answer: B
NO.449 Given LTM device ltm log:

Sep 26 20:51:08 local/lb-d-1 notice promptstatusd[3695]: 01460006:5: semaphore mcpd.running(1)
held Sep 26 20:51:08 local/lb-d-1 notice promptstatusd[3695]: 01460006:5:
Sep 26 20:51:08 local/lb-d-1 warning promptstatusd[3695]: 01460005:4: mcpd.running(1) held, wait
for mcpd Sep 26 20:51:08 local/lb-d-1 info sod[3925]: 010c0009:6: Lost connection to mcpd -
reestablishing.
Sep 26 20:51:08 local/lb-d-1 err bcm56xxd[3847]: 012c0004:3: Lost connection with MCP: 16908291
...
Exiting bsx_connect.cpp(174)
Sep 26 20:51:08 local/lb-d-1 info bcm56xxd[3847]: 012c0012:6: MCP Exit Status Sep 26 20:51:08
local/lb-d-1 info bcm56xxd[3847]: 012c0012:6: Info: LACP stats (time now:1348717868) :
no traffic
Sep 26 20:51:08 local/lb-d-1 info bcm56xxd[3847]: 012c0014:6: Exiting...
Sep 26 20:51:08 local/lb-d-1 err lind[3842]: 013c0004:3: IO error on recv from mcpd - connection lost
Sep 26 20:51:08 local/lb-d-1 notice bigd[3837]: 01060110:5: Lost connection to mcpd with error
16908291, will reinit connection.
Sep 26 20:51:08 local/lb-d-1 err statsd[3857]: 011b0004:3: Initial subscription for system
configuration failed with error '' Sep 26 20:51:08 local/lb-d-1 err statsd[3857]: 011b0001:3:
Connection to mcpd failed with error '011b0004:3:
Initial subscription for system configuration failed with error '''
Sep 26 20:51:08 local/lb-d-1 err csyncd[3851]: 013b0004:3: IO error on recv from mcpd - connection
lost
.............skipping more logs.....
Sep 26 20:51:30 local/lb-d-1 notice sod[3925]: 01140030:5: HA proc_running bcm56xxd is now
responding.
Sep 26 20:51:34 local/lb-d-1 notice sod[3925]: 01140030:5: HA proc_running mcpd is now
responding.
Sep 26 20:51:34 local/lb-d-1 notice sod[3925]: 010c0018:5: Standby
Which daemon failed?
(A). promptstatusd
(B). mcpd
(C). sod
(D). bcm56xxd
196
(E). lind
Answer: B
NO.450 An LTM device receives a response string containing "error"

Which monitor type and parameter will mark the HTTP server as down?
(A). HTTP monitor, Receive String "error", and set the Reverse option to Yes
(B). HTTP monitor and Receive String "error'' ... flag is up
(C). HTTP monitor. Receive String "down", and set the Reverse option to Yes .... flag is
(D). HTTP monitor and Receive DisableString "error'' .... flag is disable
Answer: A
NO.451 A BIG-IP Administrator creates an HTTP Virtual Server using an iApp template. After the
Virtual Server is created, the user requests to change the destination IP addresses. The BIG-IP
Administrator tries to change the destination IP address from 10.1.1.1 to 10.2.1.1 in Virtual Server
settings, but receives the following error:
The application service must be updated using an application management interface What is causing
this error?
(A). The Application Service was NOT deleted before making the IP address change.
(B). The IP addresses are already in use.
(C). The Application Services have Strict Updates enabled.
(D). The IP addresses used are NOT from the same subnet as the Self IP.
Answer: C
Explanation
Strict Updates : Indicates whether the application service is tied to the template, so when the
template is updated, the application service changes to reflect the updates.
NO.452 Which log file should the BIG-IP Administrator check to determine if a specific user tried to
log in to the
8IG-IP Configuration by utility?
(A). /var/log/pam/tally/log
(B). /ver/log/secure
(C). /var/log/trn
(D). /var/log/http.d
Answer: B
NO.453 An LTM Specialist configures an HTTP monitor as follows:

ltm monitor http stats_http_monitor {
defaults-from http
destination *:*
interval 5
recv "Health check: OK"
send "GET /stats/stats.html HTTP/1.1\\r\\nHost: www.example.com\\r\\nAccept-EncodinG. gzip,
deflate\\r\\nConnection: close\\r\\n\\r\\n" time-until-up 0 timeout 16
}
The monitor is marking all nodes as down. A trace of the HTTP conversation shows the following:
GET /stats/stats.html HTTP/1.1
197
Accept-EncodinG. gzip, deflate
Connection: close
HTTP/1.1 401 Authorization Required
DatE. Tue, 23 Oct 2012 19:38:56 GMT
Server: Apache/2.2.15 (Unix)
WWW-AuthenticatE. Basic realm="Please enter your credentials"
Content-LengtH. 480
Connection: close
Which action will resolve the problem?
(A). Add an NTLM profile to the virtual server.
(B). Add a valid username and password to the monitor.
(C). Use an HTTPS monitor with a valid certificate instead.
(D). Add a backslash before the colon in the receive string.
Answer: B
NO.454 A Client makes the request displayed below to the application server.
Which virtual server type should an LTM Specialist use to load balance based on the URI?
(A). Forwarding (Layer 2)
(B). Stateless
(C). Standard
Answer: C
NO.455 Which iRule will reject any connection originating from a 10.0.0.0/8 network?
(A). when CLIENT_ACCEPTED {
set remote_ip [IP::addr [IP::remote_addr] mask 8]
switch $remote_ip {
"10.0.0.0" { reject }
"11.0.0.0" { pool pool_http1}
default { pool http_pool }
}
}
(B). when CLIENT_ACCEPTED {
set remote_ip [IP::addr [IP::local_addr] mask 8]
switch $remote_ip {
"10.0.0.0" { reject }
}
}
(C). when CLIENT_ACCEPTED {
set remote_ip [IP::addr [IP::client_addr] mask 255.0.0.0]
switch $remote_ip {
"10.0.0.0" { reject }
198

}
}
(D). when CLIENT_ACCEPTED {
set remote_ip [IP::addr [IP::local_addr] mask 255.0.0.0]
switch $remote_ip {
"10.0.0.0" { reject }
}
}
Answer: C
NO.456 A BIG-IP Administrator is informed that traffic on Interface 1.1 is expected to increase over
the maximum bandwidth capacity on the link. There is a single VLAN on the Interface. What should
the 8IG-IP Administrator do to increase the total available bandwidth?
(A). Assign two Interfaces to the VLAN
(B). Set the media speed of Interface 1.1 manually
(C). Create a trunk object with two Interfaces
(D). Increase the MTU on the VLAN using Interface 1.1
Answer: C
NO.457 A BIG-IP Administrator finds the following log entry after a report of user issues connecting
to a virtual server:
01010201: 2: Inet port exhaustion on 10.70.110.112 to 192.28.123.250:80 (proto 6) How should the
BIG-IP Administrator modify the SNAT pool that is associated with the virtual server?
(A). Remove the SNAT pool and apply SNAT Automap.
(B). Remove an IP address from the SNAT pool.
(C). Add an address to the SNAT pool.
(D). Increase the timeout of the SNAT addresses.
Answer: C
NO.458 A web application sends information about message integrity and content life time to the
client.
Which two HTTP headers should be used in sending the client information? (Choose two.)
(A). ETag
(B). Expect
(C). Expires
(D). Content-MD5
(E). Content-Range
(F). Content-Length
Answer: C,D
NO.459 An SSL application is being migrated to the LTM device. Both encrypted and unencrypted
traffic are accepted by the server. The virtual server configuration is as follows:
199
Which LTM device profile should be used on the LTM device to reduce the CPU load on the current.
(A). Protocol
(B). serverssl
(C). clientsssl
(D). stream
Answer: C
200
During maintenance, the BIG-IP Administrator manually disables a pool member as shown.
What is the result?
(A). All pool members continue to process persistent connections
(B). All pool members stop accepting new connections.
(C). The disabled pool member stops processing persistent connections.
(D). The disabled pool member stops processing existing connections
Answer: A
NO.461 An LTM Specialist is customizing local traffic logging.

Which traffic management OS alert level provides the most detail?
(A). Alert
(B). Notice
(C). Critical
(D). Emergency
(E). Informational
Answer: E
NO.462 In the BIG-IP Configuration Utility, a user requests a single screen view to determine the
status of all Virtual Servers and associated pool members, as well as any iRules in use. Where should
the BIG-IP Administrator instruct the user to find this view?
(A). Local Traffic > Monitors
(B). Local Traffic > Virtual Servers
(C). Local Traffic > Network Map
(D). Statistics
Answer: C
Explanation
Network Map can display vs and its associated pool, pool member, and irule, can be retrieved, and
can be quickly linked.
NO.463 What does the following iRule do?

when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals WebClient1-Whitelist1] }{
201
#log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"

#Pool WebClient1
} else {
log local0. "Invalid client IP: [IP::client_addr] - discarding"
discard
}
}
(A). The iRule compares a client IP to a list. If the client IP is on the list, discard and log the discard.
(B). The iRule compares a client IP to a list. If the client IP is NOT on the list, discard and log the
discard.
(C). The iRule compares a client IP to a list. If the client IP is on the list, the client is sent to Pool
WebClient1. Otherwise, discard and log the discard.
(D). The iRule compares a client IP to a list. If the client IP is NOT on the list, the client is sent to Pool
WebClient1. Otherwise, discard and log the discard.
Answer: B
NO.464 -- Exhibit -
-- Exhibit --
Which pool can be removed without affecting client traffic?
(A). ftp_pool
(B). http_pool
(C). server1_80
(D). server_pool
202
Answer: D
-- Exhibit --
determine the cause of the problem.
The LTM Specialist is seeing a client source IP of 168.210.232.5 in the tcpdump. However, the client
source IP is actually 10.123.17.12.
Why does the IP address of 10.123.17.12 fail to appear in the tcpdump?
(A). The LTM device performed NAT on the individual's IP address.
(B). The Secure Network Address Translation (SNAT) pool on the virtual server is activated.
(C). Network Address Translation (NAT) has occurred in the path between the client and the LTM
device.
(D). The individual's data stream is being routed to the LTM device by a means other than the default
route.
Answer: C
203
NO.466 Two LTM devices must be manually configured to restrict in the same Device Group.
What is the correct order of steps to meet this requirement?
(A). Configure VLAN, Configure-Sync IP, Configure Failover type, Establish Device Trust, Sync Device
Trust, Create type, Establish Device Sync Device Trust, Create Device Group.
(B). Configure VLAN, Configure Self-IPs, Configure Config-Sync IP.Configure Failover type, Establish
Device Trust, Sync Device Trust, Create Device Group.
(C). Configure Self-IPs, Configure VLAN, Configure Config-Sync IP. Configure Failover type, Establish
Device Trust, Sync Device Trust, Create Device Group
(D). Configure VLAN, Configure Config-Sync IP. Configure Self-IPs. Configure Failover type. Establish
Device Trust, Create Device Group
Answer: B
NO.467 A web application is configured as follows:
What should be modified to set a maximum request limit?

(A). Virtual server settings
(B). HTTP profile
(C). Pool settings
(D). ICP Profile
Answer: B
NO.468 -- Exhibit -
204
-- Exhibit --
The virtual server is listening on port 443.
What is the solution to the problem?
(A). Add an SSL Client profile to the existing virtual server.
(B). Modify the virtual server HTTP Profile to 'Redirect RewritE. All'.
(C). Modify the virtual server TCP profile to disable Nagle's Algorithm.
(D). Modify the virtual server HTTP Profile to 'Redirect RewritE. Matching'.
Answer: B
NO.469 During a maintenance window, an EUD test was executed and the output displayed on the
screen. The BIG-IP Administrator did NOT save the screen output. The BIG-IP device is currently
handling business critical traffic. The BIG-IP Administrator needs to minimize impact. What should the
BIG-IP Administrator do to provide the EUD results to F5 Support?
(A). Boot the device into EUD then collect output from console
(B). Execute EUD from tmsh and collect output from console
(C). Collect file /var/log/messages
(D). Collect file /shared/log/eud.log
Answer: D
NO.470 A BIG-IP Administrator plans to upgrade a BIG-IP device to the latest TMOS version.
Which two tools could the administrator leverage to verify known issues for the target versions?
(Choose two.)
(A). F5 University
(B). F5 Downloads
(C). F5 End User Diagnostics (EUD)
(D). FSiHealth
(E). F5 Bug Tracker
Answer: D,E
Explanation
F5 University -- F5 learning materials
F5 Downloads - iso download page
F5 End User Diagnostics (EUD) -- Hardware detection
NO.471 An LTM Specialist is configuring a virtual server with an IP address.

Which configuration is unsupported?
(A). Performance 14 virtual server with an HTTP profile
(B). Standard virtual server with an HTTP profile
(C). Performance 14 virtual server with a FastHTTP profile
(D). Standard virtual server with a TCP profile
Answer: A
205
NO.472 An LTM Specialist has noticed in the audit log that there are numerous attempts to loginto
the Admin account.
Theses attempts are sourced from a suspicious IP address range to the Configuration Utility of the
LTM device.
How should the LTM Specialist block these attempts?
(A). add the permitted source IP addresses to the httpd allow list viatmsh
(B). add the suspicious source IP addresses to the httpd deny list via tmsh
(C). add the suspicious source IP addresses to the httpd deny list via Configuration Utility
(D). add the permitted source IP addresses to the allow list viaConfiguration Utility
Answer: A
NO.473 The owner of a web application asks the 8IG-IP Administrator to change the port that the
BIG-IP device sends traffic to. This change must be made for each member in the server pool named
app_pool for their Virtual Server named app_vs. In which area of the BIG-IP Configuration Utility
should the BIG-P Administrator make this change?
(A). Local Traffic > Pools
(B). Local Traffic > Nodes
(C). Network > Interfaces
(D). Local Traffic > Virtual Servers
Answer: A
Which Pool Members are receiving traffic?

(A). Serv1, serv2,serv3, serv4
(B). serv1, serv3
(C). serv1, serv3, serv4
(D). serv1
Answer: C
NO.475 A BIG-IP Administrator needs to restore a UCS file to an F5 device using the Configuration
Utility. Which section of the Configuration Utility should the BIG-IP Administrator access to perform
this task?
(A). Local Traffic > Virtual Servers
206
(B). Local Traffic > Policies

(C). System > Archives
(D). System > Configuration
Answer: C
NO.476 A BIG-IP Administrator needs to apply a health monitor for a pool of database servers
named DB_Pool that uses TCP port 1521.
Where should the BIG-IP Administrator apply this monitor?
(A). Local Traffic > Profiles > Protocol > TCP
(B). Local Traffic > Nodes > Default Monitor
(C). Local Traffic > Pools > De Pool > Members
(D). Local Traffic > Pools > DB Pool > Properties
Answer: D
NO.477 Which Virtual Server type should be used to load balance HTTP traffic to a pool of servers?
(A). Standard
(B). Stateless
(C). Forwarding (IP)
(D). Forwarding (Layer 2)
Answer: A
NO.478 A BIG-IP Administrator needs to purchase new licenses for a BIG-IP appliance.
The administrator needs to know if a module is licensed and the memory requirement for that
module.
Where should the administrator view this information in the System menu?
(A). Resource Provisioning
(B). Configuration > Device
(C). Software Management
(D). Configuration >OVSDB
Answer: A
NO.479 Which type of Virtual Server requires the use of a FastL4 profile?
(A). Performance (Layer 4)
(B). Stateless
(C). Performance (HTTP)
(D). Standard
Answer: A
NO.480 Exhibit.
207
Webserver_pool consists of 6 members. phpAuction_80_pool consists of 2 members LTM1 is the

current Activemember.
LTM1 loses connectivity to 3 of the 6 members in the webserver_pool LTM2 still has connectivity to
all servers.
What is the expected failover behavior?
(A). LTM1 Standby / LTM2 Standby
(B). LTM1 Active /LTM2 Active
(C). LTM1 Active / LTM2 Standby
(D). LTM1Standby / LTM2 Active
Answer: C
NO.481 The picture belongs to static content, you can configure static content cache in FS to meet
this demand An LTM Specialist must configure session persistence for a highly available, highly
utilized web-based application.
* The following requirements are provided:
* http proxy setup for security
persistence information available to the HA peer in case of failover
The LTM Specialist needs to minimize additional burden on the LTM device to the greatest extent
possible.
Which persistence profile should be used?
(A). Cookie insert
(B). Universal
(C). Source Address Affinity
(D). Destination Address Affinity
Answer: A
208
A user attempts to connect to 10.10.10.1.80 using FTP over SSL with an FTPS client. Which virtual
server will match and attempt to process the request?
(A). vsjutps
(B). vs_ftp
(C). vs_http
(D). nvfs
Answer: B
NO.483 A user needs to determine known security vulnerabilities on an existing BIG-IP appliance
and how to remediate these vulnerabilities.
Which action should the BIG-IP Administrator recommend?
(A). Verify the TMOS version and review the release notes
(B). Create a UCS archive and upload to Health
(C). Create a UCS archive and open an F5 Support request
(D). Generate a view and upload to Heath
Answer: D
NO.484 -- Exhibit -
209
210
-- Exhibit --
211
When observing the AVR statistics for the HTTPS_VS, an LTM Specialist realizes that HTTP status
codes are NOT being recorded.
How should the LTM Specialist modify the configuration to record the HTTP status codes?
(A). assign a streaming profile to the virtual server
(B). assign client SSL and server SSL profiles to the virtual server
(C). enable Statistics Logging Type, External on the analytics profile
(D). enable Collected Entities, Response Codes on the analytics profile
Answer: D
NO.485 An LTM Specialist needs to create two virtual servers.

The application has links for both HTTP and HTTPS version of application. The client must be
persistence to a pool member, no matter which virtual server isaccessed.
What must be selected in the Source Address Affinity persistence profile?
(A). Match across Virtual Servers
(B). Match across Pool Members
(C). Match across Services
(D). Match across Polls
Answer: A
NO.486 -- Exhibit -
212
-- Exhibit --
213
An LTM Specialist has created a virtual server to load balance traffic to a pool of HTTPS servers. The
servers use client certificates for user authentication. The virtual server has clientssl, serverssl, and
http profiles enabled. Clients are unable to connect to the application through the virtual server.
Clients are able to connect to the application servers directly.
(A). The application server does NOT support 2048-bit keys.
(B). The clientssl profile is NOT set to require a client certificate.
(C). The LTM device does NOT trust the issuing CA of the client certificate.
(D). The application server does NOT see the client certificate due to SSL offload.
Answer: D
NO.487 -- Exhibit -
214
-- Exhibit --
Which URL on which server is causing the highest latency for users?
(A). /slow1.php on 172.16.20.3
(B). /slow2.php on 172.16.20.1
(C). /reflector.php on 172.16.20.2
(D). /Compress.HTML on 172.16.20.1
Answer: A
NO.488 -- Exhibit -
215
216
-- Exhibit --
Users are able to access the application when connecting to the virtual server but are unsuccessful
when connecting directly to the application servers. The LTM Specialist wants to allow direct access
to the application servers.
Why are users unable to connect directly to the application servers?
(A). The router does NOT have a route to the server subnet.
(B). The web server does NOT have a correct default gateway.
(C). The LTM device does NOT have a SNAT on the External VLAN.
(D). The LTM device does NOT have an IP Forwarding virtual server on the Internal VLAN.
217
(E). The LTM device does NOT have an IP Forwarding virtual server on the External VLAN.
Answer: B
NO.489 -- Exhibit -
218
-- Exhibit --
219
A user is unable to access a secure application via a virtual server.

What is the cause of the issue?
(A). The client authentication failed.
(B). The virtual server does NOT have a pool configured.
(C). The client and server CANNOT agree on a common cipher.
(D). The virtual server does NOT have a client SSL profile configured.
Answer: A
NO.490 An LTM Specialist is investigating reports from users that SSH connections are being
terminated unexpectedly. SSH connections are load balanced through a virtual server. The users
experiencing this problem are running SQL queries that take upwards of 15 minutes to return with no
screen output. The virtual server is standard with a pool associated and no other customizations.
What is causing the SSH connections to terminate?
(A). UDP IP ToS
(B). TCP idle timeout
(C). The virtual server has no persistence.
(D). The pool has Reselect Retries set to 0.
Answer: B
NO.491 -- Exhibit -
220
-- Exhibit --
An LTM Specialist uses the information in the logs to determine the cause of a failover event in a
high-availability (HA) pair.
What caused the failover?
(A). The overdog process crashed.
(B). The system was administratively rebooted.
(C). The process bcm56xxd received SIGTERM from the watchdog process.
(D). The configuration reload request caused the config to reload and the device to failover.
Answer: B
221
NO.492 A BIGJP Administrator needs to load a UCS file but must exclude the license file. How should
the administrator perform this task?
(A). From the CLI with command U tmsh load /$ys ucs <ucs filename> no-license
(B). From the GUI, select the UCS file, unchcck the license box, and click restore
(C). From the CLI with command(tmos) tmsh load /sys ucs <ucs filename> no-license
(D). From the GUI, select the UCS file and click restore
Answer: A
NO.493 Some users who connect to a busy Virtual Server have connections reset by the BIG-IP
system. Pool member resources are NOT a factor in this behavior. What is a possible cause for this
behavior?
(A). The Connection Rate Limit is set too high
(B). The server SSL Profile has NOT been reconfigured.
(C). The Connection Limit is set too low.
(D). The Rewrite Profile has NOT been configured.
Answer: C
Explanation
The topic explains that the connection reset behavior is caused by the vs configuration rather than
the server resource problem. The answers B C are all configuration at the service forwarding level. If
there is a problem with the configuration, it is all a problem rather than some users. Answer C's
Connection Limit will cause a reset behavior when the connection reaches the threshold.
NO.494 An LTM Specialist configures two LTM devices in a high-availability pair with trusts
established and device groups configured properly using network failover. After several months, the
LTM Specialist notices that changes made to one LTM device do NOT cause the synchronization
status to update to "changes pending," and this device does NOT synchronize with the device group.
Which two steps should the LTM Specialist take to identify the issue? (Choose two.)
(A). Verify that NTP is synchronized.
(B). Verify the network connectivity between the devices.
(C). Verify that the devices are not using self-signed certificates.
(D). Verify that ConfigSync is using the management IP address.
(E). Verify that port lockdown on the ConfigSync interface is set to allow port 1026.
Answer: A,B
NO.495 -- Exhibit -
222
-- Exhibit --
A failover has just occured on BIG-IP1. BIG-IP2 is now active and manages traffic as expected. Both
Bigip's are set with a gateway failsafe to check the reachability of the main border router. Switches
have performed as expected.
Where should the LTM Specialist check for potential issues?
(A). Network Interface 2.1 of BIG-IP 2
(B). Network Interface 2.1 of BIG-IP 1
(C). Network Interface 2.2 of BIG-IP 2
(D). Network Interface 2.2 of BIG-IP 1
(E). Network Interface 1.1 of BIG-IP 1
(F). Network Interface 1.1 of BIG-IP 2
Answer: B
NO.496 A web developer has created a custom HTTP call to a backend application. The HTTP
headers being sent by the HTTP call are:
GET / HTTP/1.1
223
User-Agent: MyCustomApp (v1.0)

Accept: text/html
Cache-Control: no-cache
Connection: keep-alive
CookiE. somecookie=1
The backend server is responding with the following:
DatE. Wed, 20 Jul 2012 17:22:41 GMT
Connection: close
Why is the HTTP web server responding with a HTTP 400 Bad Request?
(A). The client request does NOT include a Host header.
(B). The User-Agent header contains an invalid character.
(C). The web server is NOT expecting a keep-alive connection.
(D). The web server is configured to accept HTTP 1.0 requests only.
Answer: A
NO.497 An LTM Specialist is setting up a monitor for an HTTP 1.1 server. The response to a GET / is:
HTTP/1.1 302 Moved Temporarily
Location:
http://www.example.com/new/location.html
Which send string settings should the LTM Specialist use to force a proper response?
(A). GET / HTTP/1.0\r\nHost: host.domain.com\r\nConnection: Close\r\n\r\n
(B). GET /new/location.html HTTP/1.1\r\nHost: www.example.com\r\nConnection: Close\r\n\r\n
(C). GET / HTTP/1.1\r\nHost: www.example.com/new/location.html\r\nConnection: Close\r\n\r\n
(D). GET /new/location.html HTTP/1.1\r\nHost:
host.domain.com/new/locations.html\r\nConnection: Close\r\n\r\n
Answer: B
NO.498 A new iRule needs to be tested. The LTM Specialist needs to measure page load times and
monitor potential changes in memory usage A load test is scheduled.
Which two featuresshould the LTM Specialist use to monitor these requirements? (Choose two.)
(A). Tmsh show memory
(B). Analytics
(C). Tmsh show sys proc-info
(D). Tmsh show sys provision
Answer: B,C
Explanation
Need to detect memory changes in real time, use to Page load timeswith Analytics profile
NO.499 A BIG-IP Administrator receives an RMA replacement for a failed F5 device. The BIG-IP
Administrator tries to restore a UCS taken from the previous device, but the restore fails. The
following error appears inthe/var/log/itm.
mcpd [****J: ******>;0; License is not operational (expired or digital signature does not match
contents.) What should the BIG-IP Administrator do to avoid this error?
(A). Use the appropriate tmsh command with the no-license option
(B). Revoke the license prior to restoring
224
(C). Reactivate the license on the new device using the manual activation method
(D). Remove the license information from the UCS archive
Answer: A
NO.500 A customer wants to select the pool for an application based on information found in the
path ofthe URL.
For example:
http://www.example.com/app
1 should be sent to the app 1 pool
http.//www.exampie.com/app 2 should be sent to the app2 pool
Which two profiles need to be assigned to the virtual server? (Choose two.)
(A). Client SSL
(B). Persistence
(C). TTPCompression
(D). HTTP
(E). TCP
Answer: D,E
NO.501 A custom TCP application using a single server is being migrated to the LTM device. A server
is being added to the pool. The application is known to violate the TCP protocol RFC. Theapplication
currently works without error from a user perspective.
Which virtual server type is appropriate in this situation?
(A). Stateless TCP protocol is not applicable
(B). Performance (Layer 4)-pure layer A forwarding
(C). forwarding (Layer 2) pure routingforwarding, pool cannot be specified
(D). Standard-tcp profile exists, RFC verification will be performed
Answer: B
NO.502 -- Exhibit -
225
-- Exhibit --
Which step should an LTM Specialist take to utilize AVR?
(A). provision AVR
(B). reboot the device
(C). install the AVR add-on
(D). license the device for AVR
Answer: A
NO.503 -- Exhibit -
226
-- Exhibit --
An LTM Specialist is troubleshooting an issue with SSL and is receiving the error shown when
connecting to the virtual server. When connecting directly to the pool member, clients do NOT
receive this message, and the application functions correctly. The LTM Specialist exports the
appropriate certificate and key from the pool member and imports them into the LTM device. The
LTM Specialist then creates the Client SSL profile and associates it with the virtual server.
What is the issue?
(A). The SSL certificate and key have expired.
(B). The SSL certificate and key do NOT match.
(C). The client CANNOT verify the certification path.
(D). The common name on the SSL certificate does NOT match the hostname of the site.
Answer: C
227
The pool shown isconfigured with four pool members in a variety of states. The application is
receiving a large number of request. The LTM Specialist needs to make changes to make sure that all
members receive the same levels of traffic.
Which changes need to be made?
(A). Enable 10.80.1.40 disable priority group activation, enable ratio
(B). Enable 10.80.1.40 and 10.80.1.1.20 disable group activation, enable Round Robin
(C). Enable 10.80.1.20 disable priority group activation, enable Round Robin
(D). Enable 10.80.1.40 and 10.80.1.20 disable priority group activation, enable ratio.
Answer: B
NO.505 Users in a branch office are reporting a website is always slow. No other users are
experiencing the problem.
The LTM Specialist tests the website from the external VLAN along with testing the servers directly.
All tests indicate normal behavior. The environment is a single HTTP virtual server on the external
VLAN with a single pool containing three HTTP pool members on the internal VLAN.
Which two locations are most appropriate to collect additional protocol analyzer data? (Choose two.)
(A). a user's machine
(B). the switch local to the user
(C). the LTM device's internal VLAN
(D). the LTM device's external VLAN
(E). a user's Active Directory authentication
Answer: A,B
228

The BIG-IP Administrator is unable to access the management console via Self-IP 10.10 1.33 and port
443.
What is the reason for this problem?
(A). Packet Filter needs to be configured to allow a source
(B). Self IP is configured to allow TCP All
(C). Self IP is configured to allow UDP 443
(D). Packet Filter is configured to allow port 443
Answer: C
NO.507 An LTM Specialist upgrades the switchinginfrastructure and the backend servers on the LAN
segments.
The LTM Specialist notices a 20% memory usage increase on the BIG-IP device while handling the
same number of concurrent connections.
A comparison of statistics pre-upgrade and post-upgrade showsa significant reduction on the
following:
-RTT between the BIG-IP device and the backend servers
-Packet drops in the switch
Time to First Byte (TTFB)
The LTM Specialist is concerned with the scalability of the number of concurrent connections with
the newmemory usage.
Which setting should be changed to reduce the memory usage on the BIG-IP device?
(A). Reduce the proxy buffer high setting on the server-side TCP profile
(B). Increase the receive window of the client-side TCP profile
(C). Increase the proxy buffer high setting on the server-side TCP profile
(D). Reduce the idle of the client-side TCP profile
Answer: A
Explanation
After adjusting the architecture, the network quality becomes better. With the connection
unchanged the memory usage increase by 20%. Itmeans that the sending speed of the server is
higher than the receiving speed of the client. F5 caches more content on the memory and causes the
memory usage to....
NO.508 An LTM Specialist configures a new virtual server with a single pool member. The LTM
Specialist has NOT defined a health monitor for the pool, pool member or node.
What is the status of the virtual server?
(A). Available (Enabled)
(B). Offline (Disabled)
(C). Unavailable (Enabled)
(D). Unknown (Enabled)
Answer: D
NO.509 An LTM Specialist needs to assign a health monitor to a pool with two pool members
10.10.10 101 and
10.10.10.102 Both pool members are listening on port 8080 with TCP. The health of the application
depends on the health of an another server(10 10 10 100) that runs port 9080 with TCP.
229
Which two custom TCP monitors should be selected as the pool's health monitors' (Choose two)
(A). a custom TCP monitor that works on port 9080 with 10.10.10.100 as alias address
(B). a custom TCP monitor that workson port 9080,
(C). a custom TCP monitor that works on port 8080
(D). a custom TCP monitor that works on port 9080 with 10,10.10.101 as alias address
(E). a custom TCP monitor that works on port 8080 with 10.10.10.101 as alias address
(F). a custom TCP monitor thatworks on port 8080 with 10.10.10.102 is alias address
Answer: A,C
NO.510 A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing
power outages.
Which log file should the BIG-IP Administrator check to verify the suspicion?
(A). /war /log/daemon.log
(B). /var/log/kern.log
(C). /var/log/ltm
(D). /var/log/audit
Answer: C
NO.511 An LTM device needs an additional traffic group.

Which configuration item is required?
(A). Default device
(B). Group name
(C). MAC Masquerade Address
(D). Auto Fallback Timeout
Answer: B
NO.512 A virtual server for a set of web services is constructed on an LTM device. The LTM Specialist
has created an iRule and applied this iRule to the virtual server:
when HTTP_REQUEST {
switch [HTTP::uri] {
"/WS1/ws.jsp" {
log local0. "[HTTP::uri]-Redirected to JSP Pool"
pool JSP
}
default { log local0. "[HTTP::uri]-Redirected to Non-JSP Pool"
pool NonJSP
}
}
}
However, the iRule is NOT behaving as expected. Below is a snapshot of the log:
/WS1/WS.jsp-Redirected to Non-JSP Pool
/ws1/WS.jsp-Redirected to Non-JSP Pool
230
/ws1/ws.jsp-Redirected to Non-JSP Pool

(A). The condition in the iRule is case sensitive.
(B). The 'switch' command in the iRule has been used incorrectly.
(C). The pool members of both pools need to be set up as case-insensitive members.
(D). The "Process Case-Insensitivity" option for the virtual server needs to be selected.
Answer: A
NO.513 An LTM Specialist is removing some of the load off an existing cluster by adding a adding a
third BIG-IP device to the device group. The new device candeliver twice the performance of the
other two devices.
The LTM Specialist needs to make sure that the BIG-IP device with the highest available capacity is
always selected to take over a traffic group in the event of a failover.
Which failover method is most appropriate?
(A). Ordered List
(B). Load Aware
(C). HA Group
(D). HA Capacity
Answer: A
NO.514 A BIG-IP system has the following configuration:

* SNAT is set to Auto Map
* There are two VLANs internal and external
* Default route is pointed to the gateway on external VLAN
* Self P for internal VLAN is 1921.1.2
* Self IP for external VLAN is 192.1.2.2
* Floating IP addresses for internal VLAN is 192.1.1.1
* Floating IP addresses for external VLAN is 192.1.2.1
* The Virtual Server IP address is 192.1.1.100
Which IP address does the BIG-IP system use first when traffic reaches the servers on the internal
VLAN?
(A). 192.1.1.100
(B). 192.1.2.2
(C). 192.1.1.1
(D). 192.1.2.1
Answer: C
NO.515 An LTM Specialist must perform a hot fix installation from the command line.
What is the correct procedure to ensure that the installation is successful?
(A). import the hot fix to the /var/shared/images directory
check the integrity of the file with an md5 checksum
tmsh apply sys software hotfix volume <volume_name> <hotfix_name>.iso
(B). import the hot fix to the /var/shared/images directory
tmsh install sys software hotfix <hotfix_name>.iso volume <volume_name>
(C). import the hot fix to the /shared/images directory
231

tmsh apply sys software hotfix volume <volume_name> <hotfix_name>.iso
(D). import the hot fix to the /shared/images directory
tmsh install sys software hotfix <hotfix_name>.iso volume <volume_name>
Answer: D
NO.516 -- Exhibit -
-- Exhibit --
An LTM Specialist is upgrading the LTM devices.
Which device should be upgraded first?
(A). Device A
(B). Device B
(C). Device C
(D). Device D
Answer: C
NO.517 An LTM specialist needs to upgrade a VCMP quest in an HA Setup with minimum
interruption for all VCMP guestinstances.
In which should the LTM Specialist perform this upgrade?
(A). Relicense the host. Failover all guest's active traffic-groups to the other host, copy image to gest,
create guest UCS install and set boot location to new volume, reboot
(B). Failover this specific guest's active traffic-group to the other Host, Relicense the guest, copy
image to guest , create guest UCS, install and set boot location to new volume, reboot
(C). Failover all guests' active traffic-group to the other Host, Relicense the host, copy image to guest,
create guest UCS, install and set boot location to new volume , reboot
(D). Failover all guests' active traffic-group to the other host, copy image to guest, create guest UCS
install and set boot location to new volume, reboot, Relicense the host
Answer: C
Explanation
Switch guest, reactive, license first and then upgrade.

The network team creates a new VLAN on the switches. The BIG-IP Administrator needs to create a
configuration on the BIG-IP device. The BIG-IP Administrator creates a new VLAN and Self IP, but the
servers on the new VLAN are NOT reachable from the BIG-IP device.
Which action should the BIG-IP Administrators to resolve this issue?
232
(A). Set Port Lockdown of Set IP to Allow All

(B). Change Auto Last Hop to enabled
(C). Assign a physical interface to the new VLAN
(D). Create a Floating Set IP Address
Answer: C
NO.519 A 8IG-IP Administrator configures a Virtual Server to load balance traffic between 50
webservers for an ecommerce website Traffic is being load balanced using the Least Connections
(node) method.
The webserver administrators report that customers are losing the contents from their shopping
carts and are unable to complete their orders.
What should the BIG-IP Administrator do to resolve the issue?
(A). Change Default Persistence Profile setting to cookie
(B). Change Load Balancing method to Ratio (member)
(C). Change Default Persistence Profile setting to sipjnfo
(D). Change Load Balancing method to Ratio (node)
Answer: A
NO.520 What is the correct command to reset an LTM device to its default settings?
(A). tmsh reset-all default
(B). tmsh set /sys config defaults
(C). tmsh load /sys config default
(D). tmsh /util bigpipe reset-factory-defaults
Answer: C
NO.521 -- Exhibit -
233
234
-- Exhibit --
A customer requests to offload SSL for an internal website. The front page of the website loads
correctly; however, selecting links on the page fails.
How should the LTM Specialist fix the issue?
(A). Create a new SNAT pool.
Add internal network IPs to the SNAT pool.
Add the SNAT pool to the VS.
(B). Create a new HTTP profile.
Enable Insert X-Forwarded-For.
Add the new HTTP profile to the VS.
(C). Create a new HTTP profile.
Enable redirect rewrite.
Add the new HTTP profile to the VS.
(D). Create a new Server SSL profile.
Enable Proxy SSL.
Add the Server SSL profile to the VS.
Answer: C
235
NO.522 An HA pair of LTM devices that load balance multiple HTTPS applications utilizes highly
customized RAM Cache and compression profiles on each virtual server. The LTM Specialist who is
administering the HA pair regularly observes entines in the log similar to the following:
tmm tmm I708S1 011e0002.4. sweeper_update: aggressive mode activated (117504/138240 pages)
No DoS attacks arc occurring. No user problems have been reported. Which step should the LTM
Specialist take to help mitigate the issue?
(A). change the Adaptive Reaping High watermark
(B). change the Adaptive Reaping Low watermark
(C). allocate less memory to the RAM cache feature
(D). use a OneConnect profile
Answer: B
NO.523 Where does a LTM Specialist view all of the objects that are part of a deployed iApp?
(A). iAPP> Application Policy > Objects
(B). Local Traffic . Virtual Servers > Applications
(C). IAP > Application Service > Components
(D). Local Traffic > Network Map > View Map
Answer: C
NO.524 A new DNS virtual server has been configured. Testing reveals that DNS server has failed to
accept DNS over TCP. The configuration of the virtual server is as follows:
Which action should be taken to correct this issue?

(A). create a new virtual server with the service port of 53 and the protocol set to TC
(B). change the profile set on the virtual server To TCP/UDP
(C). change the profile set on the virtual server to TCP
(D). add a TCP prone to the existing virtual server.
Answer: A
NO.525 Remote users who access the LTM device are authenticated via Radius. The default remote
user role is Guest Some users need LTM device with the Administrator role. The F5 Radius attributes
are configure on the Radius server.
Which configuration item needs to be created?
(A). Remote User role
236
(B). Admin account

(C). User role
(D). Useraccount
Answer: A
237

303 V12.35

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

303 V12.35

Uploaded by

Copyright:

Available Formats

IT Certification Guaranteed, The Easy Way!

Title : BIG-IP ASM Specialist

(A). The end user should use another type of browser.

NO.6 Refer to the exhibit.

NO.8 Refer to the following iRule:

NO.9 Refer to the exhibit.

(D). Reconfigure the Pool Members

NO.11 An ITM Specialist has the configuration shown:

The LTM Specialist needs to create a new virtual server in part B.

(B). Allow SNAT

NO.23 What is a benefit provided by F5 Enterprise Manager?

NO.25 Refer to the exhibit.

How many nodes are represented on the network map shown?

NO.28 Refer to the exhibit.

How long will the persistence record remain in the table?

NO.31 Refer to the exhibit.

(A). SNAT Pool

NO.37 These log entries can have different root causes:

NO.40 Which file should be modified to create custom SNMP alerts?

(A). Least Sessions

across virtual servers" enabled Assign the persistence profile to vs_http

NO.55 A web developer needs a virtual server configured for an application.

The application details are asfollows:

NO.56 Refer to the exhibit.

The BIG-IP Administrator is investigating disk utilization on the BIG-IP device.

(E). The administrator has TCP connectivity to the device.

NO.65 A node is assigned two monitors as seen in this configuration.

NO.67 An LTM Specialist plans to enable connection mirroring for a virtualserver in an HA

NO.75 An LTM Specialist configures the following iRule on an LTM device:

(C). Statistics > Module Statistics > System

NO.83 Which iRule statement demotes a virtual server from CMP?

Which source IP should be expected inthe server-side connection?

(A). tmsh run /util get-dossier

NO.93 An application is expected to maintain more than 100,000concurrent TCP connections to a

(C). tmsh modify/sysdns name-servers add {192.168.1.2.192.168.100.100.192.168.200.200}

Which steps should the BIG-IP Administrator?

Based on the configuration, which action will address these issues?

(B). The LTM device is redirecting users to HTTPS.

NO.115 Refer to the exhibit.

What is the state of the Traffic Groups on each LTM device?

NO.119 Refer to the exhibit.

Due to a change in application requirements, a BIG-IP Administrator needs to modify the

(C). NTP is NOT configured on the devices in the group.

NO.122 A virtual server configuration for traffic destined to a server is as shown:

Specialist needs to block the attempts based on the IP address.

NO.125 An LTM device configuration is as shown:

NO.126 Refer to the exhibit.

(A). --START CERTIFICATE....

(D). Server latency

NO.141 Refer to the exhibit.

What should the BIG-IP Administrator configure?

are defined as follows:

(A). Remove HTTP monitor on the pool.

NO.158 Refer to the exhibit.

What is the resulting status of this poo! member?

NO.162 Refer to the exhibit

NO.163 Given the log entry:

(E). Increase Maximum Header size

NO.164 Refer to the exhibit.

NO.173 A BIG-IP Administrator is configuring an SSH Pool with five members.

(A). VS_HTTP snat auto map

NO.177 A failover event is recorded in the log messages:

NO.181 Refer to the exhibit.

How many nodes are represented on the network map shown?