New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > F5 > BIG-IP ASM > 303

303 BIG-IP ASM Specialist Question and Answers

Note: This exam is available on Demand only. You can Pre-Order this Exam and we will arrange this for you.

Pre-Order Your "303 - BIG-IP ASM Specialist" Exam

You can pre-order your "BIG-IP ASM Specialist" exam to us if you are in need this urgent. Dumpsmate.com Team will prepare your Exam Questions & Answers From Real Exam within next 2 to 3 Weeks Time only.

How to Make Pre-Order You Exams:

  1. 1. Click to "Add to Cart" Button.
  2. 2. Our Expert will arrange real Exam Questions within 2 to 3 weeks especially for you.
  3. 3. You will be notified within 2 to 3 Weeks' time once your Exam is ready with all Real Questions and Possible Answers with PDF + Testing Engine format.

Why to Choose DumpsMate?

  • We are Only can give you this service online in this portal. Whether or not your required exam is available with us or not, Our Team will get it ready for you for the nominal price!
  • Over 1000+ customers worldwide are using pre-ordering service.
  • Average 99.8% pass rate among our customers - at their first attempt!
  • 90 days of free updates included!

In the unlikely event if we can't make this exam available to you then you will issue a full refund! So there is no risk.

READY TO MAKE YOUR "303" PRE-ORDER?

$450

 Add To Cart
Question # 4

Refer to the exhibit.

A BIG-IP Administrator creates a new Virtual Server to load balance SSH traffic. Users are unable to log on to the servers.

What should the BIG-IP Administrator do to resolve the issue?

A.

Set Protocol to UDP

B.

Set HTTP Profile to None

C.

Set Source Address to 10.1.1.2

D.

Set Destination Addresses/Mask to 0.0.0.0/0

Full Access
Question # 5

The LTM Specialist is writing a custom HTTP monitor for a web application and has viewed the content by accessing the site directly via their browser. The monitor continually fails. The monitor configuration is:

ltm monitor http /Common/exampleComMonitor {

defaults-from /Common/http

destination *:*

interval 5

recv "Recent Searches"

send "GET /app/feed/current\?uid=20145 HTTP/1.1\\r\\nHost: www.example.com\\r\\nAccept-EncodinG. gzip, deflate\\r\\nConnection: close\\r\\n\\r\\n"

time-until-up 0

timeout 16

}

A trace shows the following request and response:

Request:

GET /app/feed/current?uid=20145 HTTP/1.1

Host www.example.com

Accept-Encoding gzip, deflate

Connection: close

Response:

HTTP/1.1 302 Moved Temporarily

Date Wed, 17 Oct 2012 18:45:52 GMT

Server Apache

Location https://example.com/login.jsp

Content-Encoding gzip

Content-Type text/html;charset=UTF-8

Set-CookiE. JSESSIONID=261EFFBDA8EC3036FBCC22D991AC6835; Path=/app/feed/current?uid=20145

What is the problem?

A.

The request does NOT include a User-Agent header.

B.

The HTTP monitor does NOT support monitoring jsp pages.

C.

The request does NOT include any cookies and the application is expecting a session cookie.

D.

The request includes an Accept-Encoding so the server is responding with a gzipped result and LTM monitors CANNOT handle gzipped responses.

Full Access
Question # 6

An LTM device receives a response string containing "error"

Which monitor type and parameter will mark the HTTP server as down?

A.

HTTP monitor, Receive String "error", and set the Reverse option to Yes

B.

HTTP monitor and Receive String "error'' ... flag is up

C.

HTTP monitor. Receive String "down", and set the Reverse option to Yes .... flag is

D.

HTTP monitor and Receive DisableString "error'' .... flag is disable

Full Access
Question # 7

An LTM Specialist is receiving reports from customers about multiple applications failing to work properly. The LTM Specialist looks at the services running and notices that the bigd process has NOT started.

How are monitored LTM device objects marked when the bigd process is stopped?

A.

red or offline

B.

blue or unchecked

C.

green or available

D.

unchanged until bigd is restarted

Full Access
Question # 8

A Virtual Server uses an iRule to send traffic to pool members depending on the URI. The BIG-IP

Administrator needs to modify the pool member in the iRule.

Which event declaration does the BIG-IP Administrator need to change to accomplish this?

A.

CLIENT_ACCEPTED

B.

HTTP_RESPONSE

C.

HTTP_REQUEST

D.

SERVER_CONNECTED

Full Access
Question # 9

A BIG-IP Administrator needs to have a BIG-IP linked to two upstream switches for resilience of the external network. The network engineer who is going to configure the switch instructs the BIG-IP Administrator to configure interface binding with LACP. Which configuration should the administrator use?

A.

A virtual server with an LACP profile and the switches' management IPs as pool members.

B.

A virtual server with an LACP profile and the interfaces connected to the switches as pool members.

C.

A Trunk listing the allowed VLAN IDs and MAC addresses configured on the switches.

D.

A Trunk containing an interface connected to each switch.

Full Access
Question # 10

A pool of four servers has been partially upgraded for two new servers with more memory and CPU capacity. The BIG-IP Administrator must change the load balance method to consider more connections for the two new servers. Which load balancing method considers pool member CPU and memory load?

A.

Round Robin

B.

Dynamic Ratio

C.

Ratio

D.

Least Connection

Full Access
Question # 11

A user is having issues with connectivity to an HTTPS virtual server. The virtual server is on the LTM device's external vlan, and the pools associated with the virtual server are on the internal vlan. An LTM Specialist does a tcpdump on the external interface and notices that the host header is incomplete.

In which location should the LTM Specialist put a traffic analyzer to gather the most pertinent data?

A.

server

B.

external VLAN

C.

internal VLAN

D.

client machine

Full Access
Question # 12

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

Users are able to access the application when connecting to the virtual server but are unsuccessful when connecting directly to the application servers. The LTM Specialist wants to allow direct access to the application servers.

Why are users unable to connect directly to the application servers?

A.

The router does NOT have a route to the server subnet.

B.

The web server does NOT have a correct default gateway.

C.

The LTM device does NOT have a SNAT on the External VLAN.

D.

The LTM device does NOT have an IP Forwarding virtual server on the Internal VLAN.

E.

The LTM device does NOT have an IP Forwarding virtual server on the External VLAN.

Full Access
Question # 13

Refer to the exhibit.

How many nodes are represented on the network map shown?

A.

Four

B.

Three

C.

One

D.

Two

Full Access
Question # 14

Refer to the exhibit.

A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL offload and

re-encrypt the traffic to pool members.

During testing, users are unable to connect to the application.

What must the BIG-IP Administrator do to resolve the issue?

A.

Remove the configured SSL Profile (Client)

B.

Configure Protocol Profile (Server) as splitsession-default-tcp

C.

Enable Forward Proxy in the SSL Profile (Client)

D.

Configure an SSL Profile (Server)

Full Access
Question # 15

An IT support engineer needs to access and modify Virtual Servers in three partitions (Common /Banking and Dev) daily on a BIG-IP device. The company operates a Least Privilege access policy. What level of access does the IT support engineer need to ensure completion of daily roles?

A.

Manager in /common/Banking, and /Dev partitions

B.

Application Editor in /Common, /Banking, and /Dev partitions

C.

Manager in all partitions

D.

Application Editor in all partitions

Full Access
Question # 16

What should the LT'M Specialist add to the virtual server?

A.

one Stream profile and an iRule with the command of STREAM expression (@http:// @https:// @@internalapp@publicapp@)

B.

two Stream profiles and an iRule with the command of STREAM expression (@http:// @https:// @@internalapp@publicapp@)

C.

one Stream profile with the expression of @http:// @https:// @

D.

Two Stream profiles, one profile for each rewrite requirement

Full Access
Question # 17

A BIG-IP Administrator finds the following log entry after a report of user issues connecting to a virtual server:

01010201: 2: Inet port exhaustion on 10.70.110.112 to 192.28.123.250:80 (proto 6)

How should the BIG-IP Administrator modify the SNAT pool that is associated with the virtual server?

A.

Remove the SNAT pool and apply SNAT Automap.

B.

Remove an IP address from the SNAT pool.

C.

Add an address to the SNAT pool.

D.

Increase the timeout of the SNAT addresses.

Full Access
Question # 18

Refer to the exhibit.

The pool shown isconfigured with four pool members in a variety of states. The application is receiving a large number of request. The LTM Specialist needs to make changes to make sure that all members receive the same levels of traffic.

Which changes need to be made?

A.

Enable 10.80.1.40 disable priority group activation, enable ratio

B.

Enable 10.80.1.40 and 10.80.1.1.20 disable group activation, enable Round Robin

C.

Enable 10.80.1.20 disable priority group activation, enable Round Robin

D.

Enable 10.80.1.40 and 10.80.1.20 disable priority group activation, enable ratio.

Full Access
Question # 19

An LTM Specialist needs to modify the logging level for tcpdump execution events. Checking the BigDB Key, the following is currently configured:

sys db log.tcpdump.level {

value "Notice"

}

Which command should the LTM Specialist execute on the LTM device to change the logging level to informational?

A.

tmsh set /sys db log.tcpdump.level value informational

B.

tmsh set /sys db log.tcpdump.level status informational

C.

tmsh modify /sys db log.tcpdump.level value informational

D.

tmsh modify /sys db log.tcpdump.level status informational

Full Access
Question # 20

A new web application is being deployed Mutual SSL authentication must be used to authenticate clients.

Which of the following two tasks must be completed to meet therequirements? (Choose two)

A.

configure the server SSL profile with "Client Certificate" Set to require

B.

configure the client SSL profile with "Client Certificate" set to require

C.

instruct the desktop team to update the web browser to the most recent release

D.

generate a CSR to register a certificate with the CA

E.

configure the client SSL profile with the Trusted .Certificate Authorities

Full Access
Question # 21

An LTM Specialist is troubleshooting an issue with a new virtual server. When connecting through the virtual server, clients receive the message "Unable to connect" in the browser, although connections directly to the pool member show the application is functioning correctly. The LTM device configuration is:

ltm virtual /Common/vs_https {

destination /Common/10.10.1.110:443

ip-protocol udp

mask 255.255.255.255

pool /Common/pool_https

profiles {

/Common/udp { }

}

translate-address enabled

translate-port enabled

vlans-disabled

}

ltm pool /Common/pool_https {

members {

/Common/172.16.20.1:443 {

address 172.16.20.1

}

}

}

What issue is the LTM Specialist experiencing?

A.

The virtual server is disabled on all VLANs.

B.

The pool member is marked down by a monitor.

C.

The pool member is marked down administratively.

D.

The virtual server is configured for the incorrect protocol.

Full Access
Question # 22

An LTM device is load balancing SIP traffic. An LTM Specialist notices that sometimes the SIP request is being load balanced to the same server as the initial connection.

Which setting in the UDP profile will make the LTM device more evenly distribute the SIP traffic?

A.

Enable Datagram LB

B.

Disable Datagram LB

C.

Set Timeout to Indefinite

D.

Set Timeout to Immediate

Full Access
Question # 23

A BIG-IP Administrator needs to view the CPU utilization of a particular Virtual Server. Which section of the Configuration Utility should the administrator use for this purpose?

A.

Statistics > Module Statistics > Local Traffic > Virtual Addresses

B.

Statistics > Module Statistics > Traffic Summary

C.

Statistics > Analytics > Process CPU Utilization

D.

Statistics > Module Statistics > Local Traffic > Virtual Servers

Full Access
Question # 24

Refer to the exhibit.

A BIG-IP Administrator creates a new Virtual Server. The end user is unable to access the page. During

troubleshooting, the administrator learns that the connection between the BIG-IP system and server is

NOT set up correctly.

What should the administrator do to solve this issue?

A.

Disable Address Translation

B.

Set Address Translation to Auto Map, configure a SNAT pool, and have pool members in the same subnet of the servers

C.

Set Address Translation to SNAT and configure a specific translation address

D.

Set Address Translation to SNAT and have self-IP configured in the same subnet of servers

Full Access
Question # 25

Refer to the exhibit.

An LTMSpecialist configures the two syslog destination Syslog destination #1 can receive messages but the syslog destination #2 can NOT receive messages.

Which command sill correct the issue?

A.

{/Common)(tmos) # modify /syssyslog remote-servers modify (syslog_dest2 {local-ip

B.

{/Common)(tmos) # modify Ays syslog remote servers modify {syslog_dest2 {local- ip 10.208.102 254)}

C.

{/Common) (tmos) # modify /sys syslog remote-servers modify {syslog_dest2 {host 10 208.102.254 }}

D.

{Common(tmos) # modify/syslog remote-servers modify {syslog_dest2 {lost.10.10.10.28 }}

Full Access
Question # 26

Interface 1.2 on a BIG-IP VE has a status of UNINITIALIZED. What is the reason for this status?

A.

Interface 1.2 has been added to a trunk.

B.

Interface 1.2 has NOT been assigned to a VLAN.

C.

Interface 1.2 has been disabled.

D.

No default route has been created.

Full Access
Question # 27

An LTM Specialist has installed a hotfix that updated the SCCP firmware package.

Which command will ensure that the host subsystem and SCCP reboot?

A.

reboot

B.

full_box_reboot

C.

shutdown -r now

D.

The reboot should be initiated via the HTTPS administration GUI.

Full Access
Question # 28

An LTM device is monitoring pool members on port 80. The LTM device is using an HTTP monitor with a send string of GET / and a blank receive string.

What would cause the pool members to be marked down?

A.

A pool member responds with an HTTP 200 series response code.

B.

A pool member responds with an HTTP 300 series response code.

C.

A pool member responds with an HTTP 400 series response code.

D.

A pool member responds with an HTTP 500 series response code.

E.

A pool member does NOT acknowledge the connection SYN on port 80.

Full Access
Question # 29

A node is assigned two monitors as seen in this configuration.

What is the status of a member that runs on that node and listens on port 443?

A.

UNKNOWN

B.

UNAVAILABLE

C.

DOWN

D.

UP

Full Access
Question # 30

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist creates a virtual server to load balance traffic to a pool of HTTPS servers. The servers use client certificates for user authentication. The virtual server has clientssl, serverssl, and http profiles enabled. Clients are unable to connect to the application through the virtual server, but they are able to connect to the application servers directly.

Which change to the LTM device configuration will resolve the problem?

A.

Install the server certificate/key and enable Proxy SSL.

B.

Use the serverssl-insecure-compatible serverssl profile.

C.

Configure the clientssl profile to require a client certificate.

D.

Install the client's issuing Certificate Authority certificate on the LTM device.

Full Access
Question # 31

Refer to the exhibit. The BIG-IP Administrator needs to avoid overloading any of the Pool Members with

connections, when they become active.

What should the BIG-IP Administrator configure to meet this requirement?

A.

Different Ratio for each member

B.

Same Priority Group to each member

C.

Action On Service Down to Reselect

D.

Slow Ramp Time to the Pool

Full Access
Question # 32

A BIG-IP Administrator needs to check the memory utilization on a BIG-IP system. Which two methods can the UIG IP Administrator use? (Choose two.)

A.

Run the tmsh show/sys memory command

B.

Run the tmsh show/sys traffic command

C.

Go to Statistics > Module Statistics > Traffic Summary in the configuration utility

D.

Go to Statistics > Module Statistics > Memory in the configuration utility

E.

Go to System > Disk Management in the configuration utility

Full Access
Question # 33

Refer to the exhibit.

A user attempts to connect to 10.10.10.1.80 using FTP over SSL with an FTPS client. Which virtual server will match and attempt to process the request?

A.

vsjutps

B.

vs_ftp

C.

vs_http

D.

nvfs

Full Access
Question # 34

What should the 816-IP Administrator provide when opening a new ticket with F5 Support?

A.

bigip.license file

B.

QKViewfile

C.

Device root password

D.

SSL private keys

Full Access
Question # 35

A BIG-IP Administrator needs to collect HTTP status code and HTTP method for traffic flowing through a

virtual server.

Which default profile provides this information?

A.

HTTP

B.

Analytics

C.

Request Adapt

D.

Statistics

Full Access
Question # 36

A web developer needs a virtual server configured for an application.

The application details are asfollows:

Application is accessed on port 443.

The application traffic is encrypted by the server.

HTTP is not being used. No data manipulation is necessary.

Throughput is critical.

NO connections are terminated on the LTM.

Which configuration provides thebest performance?

A)

B)

C)

D)

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 37

One of the two members of a device group has been decommissioned. The BIG-IP Administrator tries to

delete the device group, but is unsuccessful.

Prior to removing the device group, which action should be performed?

A.

Disable the device group

B.

Remove all members from the device group

C.

Remove the decommissioned device from the device group

D.

Make sure all members of the device group are in sync

Full Access
Question # 38

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Based on the output of the tmsh interface show command, what is the issue?

A.

There is a duplex mismatch on the management interface.

B.

Interfaces 2.1 and 2.2 are defective and need replacement.

C.

Flow Control is NOT configured on the management interface.

D.

There are too many drops on inbound traffic on interface 1.1.

Full Access
Question # 39

An LTM Specialist has recently taken over administration or an LTM devicethat has experienced resource availability issues. The LTM device will need to be solely used for load balancing and SSL offload. Previously, the LTM device was also used to provide statistical analysis of application traffic. However, that functionality has been moved to a third party solution.

Based on the output below, which configuration change should be made to ensure the LTM module receives the most amount of resources?

A.

Provision AVR to Minimum. Provision LTM at Maximum

B.

Provision AVR to none.Provision LTM to Dedicated

C.

Provision AVR to Minimum, Provision LTM to Dedicated

D.

Provision LTM to Dedicated, Provision AVR to Dedicated

Full Access
Question # 40

Refer to the exhibit.

The LTM devices LTM3 and LTM2 have four Traffic Groups defined with approximately the sar of failover objects defined in each group.

- Traffic Groups A and C have Default Device set to LTM1

- Traffic Groups Band D have Default Device set to LTM2.

- Traffic Groups B and C do NOT have Auto Failback enabled. TrafficGroups A and D have Auto Failback enabled with a timeout value of 60 seconds.

- Traffic Groups A and D have Auto Fallback enabled with a timeout value of 60 seconds.

Both LTM devices are healthy and able to pass traffic for any Traffic Group.

LTM1 loses connectivity on interface 1.4. The LTM Specialists notified 60 seconds after the interface goes down.

What is the state of the Traffic Groups on each LTM device?

A.

LTM1: Traffic Group C

LTM2: Traffic Groups A, B, and 0

B.

LTM1: No Traffic Groups

LTM2: Traffic Groups A, B. C, and D

C.

LTM1: Traffic Groups A, B, C, and D

LTM2: No Traffic Groups

D.

LTM1: Traffic Groups B and C

LTM2: Traffic Groups A and 0

Full Access
Question # 41

An LTM Specialist is tasked with ensuring that the syslogs for the LTM device are sent to a remote syslog server.

The following is an extract from the config file detailing the node and monitor that the LTM device is using for the

remote syslog server:

monitor

Syslog_15002 {

defaults from udp

dest *:15002

}

node 91.223.45.231 {

monitor Syslog_15002

screen RemoteSYSLOG

}

There seem to be problems communicating with the remote syslog server. However, the pool monitor shows that the remote server is up.

The network department has confirmed that there are no firewall rules or networking issues preventing the LTM device from

communicating with the syslog server. The department responsible for the remote syslog server indicates that there may

be problems with the syslog server. The LTM Specialist checks the BIG-IP LTM logs for errors relating to the remote syslog

server. None are found. The LTM Specialist does a tcpdump:

tcpdump -nn port 15002, with the following results:

21:28:36.395543 IP 192.168.100.100.44772 > 91.223.45.231.15002: UDP, length 19

21:28:36.429073 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169

21:28:36.430714 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181

21:28:36.840524 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169

21:28:36.846547 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181

21:28:39.886343 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 144

NotE. 192.168.100.100 is the self IP of the LTM device.

Why are there no errors for the remote syslog server in the log files?

A.

The -log option for tcpdump needs to be used.

B.

The monitor type used is inappropriate.

C.

The "verbose" logging option needs to be enabled for the pool.

D.

When the remote syslog sever fails, it returns to service before the timeout for the monitor has expired.

Full Access
Question # 42

The BIG-IP Administrator needs to ensure the correct health monitor is being used lor a new HTTP pool

named P_example.

Where should the BIG-IP Administrator validate these settings in the Configuration Utility?

A.

Local Traffic > Nodes > Default Monitor

B.

Local Traffic > Profiles > Services > HTTP > http

C.

Local Traffic > Monitors > http

D.

Local Traffic > Pools > P_ example

Full Access
Question # 43

A OneConnect profile is applied to a virtual server. The LTM Specialist would like the client source IP addresses within the 10.10.10.0/25 range to reuse an existing server side connection.

Which OneConnect profile source mask should the LTM Specialist use?

A.

0.0.0.0

B.

255.255.255.0

C.

255.255.255.128

D.

255.255.255.224

E.

255.255.255.255

Full Access
Question # 44

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Which profile could be removed or changed on this virtual server to reduce CPU load on the LTM device without increasing server side bandwidth usage?

A.

tcp

B.

http

C.

httpcompression

D.

optimized-caching

Full Access
Question # 45

An LTM Specialist configured a virtual server to load balance a custom application. The application works when it is tested from within the firewall but it fails when tested externally. The pool member address is 192.168.200.10:80. A capture from an external client shows:

GET /index.jsp HTTP/1.1

Host: 207.206.201.100

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Connection: keep-alive

HTTP/1.1 302 Found

DatE. Wed, 17 Oct 2012 23:09:55 GMT

Server: Apache/2.2.15 (CentOS)

Location: http://192.168.200.10/user/home.jsp

Content-LengtH. 304

Connection: close

What is the solution to this issue?

A.

Assign a SNAT pool to the virtual server.

B.

Add a Web Acceleration Profile to the virtual server.

C.

Configure redirect rewrite option in the HTTP profile.

D.

Configure a content filter on the backend web server.

Full Access
Question # 46

A new web application is hosted at www.example.net, but some clients are still pointing to the legacy web application at www.example.com.

Which iRule will allow clients referencing www.example.com to access the new application?

A.

when HTTP_REQUEST {

if {[HTTP::host] equals "www.example.*" }{

HTTP::redirect "http://www.example.net" }

}

B.

when HTTP_REQUEST {

if {[HTTP::host] equals "www.example.com" }{

HTTP::redirect "http://www.example.net" }

}

C.

when HTTP_DATA {

if {[HTTP::host] equals "www.example.*" }{

HTTP::redirect "http://www.example.net" }

}

D.

when HTTP_RESPONSE {

if {[HTTP::host] equals "www.example.com" }{

HTTP::redirect "http://www.example.net" }

}

Full Access
Question # 47

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

Users are able to access the application when connecting to the virtual server but are unsuccessful when connecting directly to the application servers. The LTM Specialist wants to allow direct access to the application servers.

Which configuration change resolves this problem?

A.

Enable port 443 on the virtual server.

B.

Configure a SNAT pool on the LTM device.

C.

Disable address translation on the virtual server.

D.

Configure an IP Forwarding virtual server on the LTM device.

E.

Configure a route to the web server subnet on the network router.

Full Access
Question # 48

An F5 LTM Specialist needs to perform an LTM device configuration backup prior to RMA swap.

Which command should be executed on the command line interface to create a backup?

A.

bigpipe config save /var/tmp/backup.ucs

B.

tmsh save /sys ucs /var/tmp/backup.ucs

C.

tmsh save /sys config /var/tmp/backup.ucs

D.

tmsh save /sys config ucs /var/tmp/backup.ucs

Full Access
Question # 49

An LTM Specialist needs to configures virtual server that uses PVA or OPVA Which virtual server type should be used?

A.

Stateless

B.

Performance (HTTP)

C.

Standard

D.

Performance (Layer 4)

Full Access
Question # 50

A pool with a default connection limit is configured to use Round Robin as the load balancing method. An LTM Specialist needs to ensure that the LTM device selects a serverwith the fewest number of connections when new clients connect. Another pool is using the same set of backend servers.

Which load balancing-method should the pool be changed to?

A.

Weighted Least Connections (node]

B.

Weighted Least Connections (member)

C.

Least Connections

D.

Least Connections

Full Access
Question # 51

An HA pair of LTM devices that load balance multiple HTTPS applications utilizes highly customized RAM Cache and compression profiles on each virtual server. The LTM Specialist who is administering the HA pair regularly observes entines in the log similar to the following:

tmm tmm I708S1 011e0002.4. sweeper_update: aggressive mode activated (117504/138240 pages)

No DoS attacks arc occurring. No user problems have been reported. Which step should the LTM Specialist take to help mitigate the issue?

A.

change the Adaptive Reaping High watermark

B.

change the Adaptive Reaping Low watermark

C.

allocate less memory to the RAM cache feature

D.

use a OneConnect profile

Full Access
Question # 52

Which process can be eliminated by terminating SSL communication on the LTM device rather than the backend pool members?

A.

generating CSRS

B.

obtaining SSL certificatesfrom a certificate authority

C.

administering SSL on the web servers

D.

applying security patches on the backend pool members

Full Access
Question # 53

An application owner claims an LTM device is delaying delivery of an HTTP application. The LTM device has two VLANs, an internal and an external. The application servers reside on the internal VLAN. The virtual server and clients reside on the external VLAN.

With appropriate filters applied, which solution is most efficient for obtaining packet captures in order to investigate the claim of delayed delivery?

A.

one capture on interface 0.0

B.

one capture on the internal interface

C.

one capture on the external interface

D.

one capture on the management interface

Full Access
Question # 54

A design requires the LTM device to become HA standby when the one of the two physical interface on the External trunk is down the Externaltrunk is an interface on the External VLAN

Which TMOS command enables this behavior?

A.

tmsh modify net van External failsafe enabled

B.

tmsh create sys ha-group External trunks add Externally

C.

tmsh create sys ha-group External trunks add External threshold 2 weight 101)

D.

tmsh create sys ha-group External trunks add ( External( attribute percent up-members 100))

Full Access
Question # 55

Refer to the exhibit.

Which two pool members should be chosen for a new connection? (Choose two.)

A.

172.16.15.9.80

B.

172.16.15.4.80

C.

172.10.15.2.80

D.

172.16.15.1.80

E.

172.16.15.7.80

Full Access
Question # 56

An LTM Specialist is troubleshooting a problem on an eCommerce website. The user browses the online store using port 80, adding items to the shopping cart. The user then clicks the "Checkout" button on the site, which redirects the user to port 443 for the checkout process. Suddenly, the user's shopping cart is shown as empty. The shopping cart data is stored in memory on the server, and the default source address persistence profile is used on both virtual servers.

What is the issue?

A.

The port 80 pool member is deleting the user's session cookie.

B.

The port 443 pool member is deleting the user's session cookie.

C.

The port 80 and port 443 connections are balanced to the same node.

D.

The port 80 and port 443 connections are balanced to different nodes.

Full Access
Question # 57

Traffic to a pool of SFTP servers that share storage must be balanced by an LTM device.

What are therequired profile and persistence settings for a standard virtual server?

A.

tcp, ctientsst, ftp serverssl persistence

B.

tcp, clientssl, serverssl persistence

C.

tcp, ftp - Source address persistence

D.

tcp - no persistence profile will be used

Full Access
Question # 58

A BIG-IP Administrator wants to add a new Self IP to the BIG-IP device. Which item should be assigned to the new Self IP being configured?

A.

Interface

B.

Route

C.

VLAN

D.

Trunk

Full Access
Question # 59

Refer to the exhibit.

During a planned upgrade lo a BIG-IP HA pair running Active/Standby, an outage to application traffic is reported shortly after the Active unit is forced to Standby Reverting the flower resolves the outage. What should the BIG-IP Administrator modify to avoid an outage during the next for over event?

A.

The Tag voice on the Standby device

B.

The interface on the Active device to 1.1

C.

The Tag value on the Active device

D.

The Interface on the Standby device to 1.1

Full Access
Question # 60

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is reviewing the 'test' partition.

Which objects, in order, can be removed from the partition?

A.

delete pool test1_pool, delete node 10.1.1.2

B.

delete node 10.1.1.2, delete pool test2_pool

C.

delete pool test1_pool, delete node 10.1.1.2, delete node 10.1.1.1

D.

delete virtual test1_vs, delete pool test2_pool, delete node 10.1.1.1

E.

delete pool test1_pool, delete pool test2_pool, delete node 10.1.1.3

Full Access
Question # 61

AN LTM Specialist needs to determine the delay between anLTM device and the internal web server for a specific client.

Which two AVR reporting options should the LTM Specialist enable to measure the delay? (Choose two.)

A.

User agents

B.

Methods

C.

Response codes

D.

Server latency

E.

Client IP

Full Access
Question # 62

In an iApp, which configuration protects against accidental changes to an application Services configuration?

A.

Components

B.

Strict Updates

C.

Name

D.

Template

Full Access
Question # 63

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

A customer requests to offload SSL for an internal website. The front page of the website loads correctly; however, selecting links on the page fails.

How should the LTM Specialist fix the issue?

A.

Create a new SNAT pool.

Add internal network IPs to the SNAT pool.

Add the SNAT pool to the VS.

B.

Create a new HTTP profile.

Enable Insert X-Forwarded-For.

Add the new HTTP profile to the VS.

C.

Create a new HTTP profile.

Enable redirect rewrite.

Add the new HTTP profile to the VS.

D.

Create a new Server SSL profile.

Enable Proxy SSL.

Add the Server SSL profile to the VS.

Full Access
Question # 64

An LTM Specialist configures a new virtual server with a single pool member. The LTM Specialist has NOT defined a health monitor for the pool, pool member or node.

What is the status of the virtual server?

A.

Available (Enabled)

B.

Offline (Disabled)

C.

Unavailable (Enabled)

D.

Unknown (Enabled)

Full Access
Question # 65

A BIG-IP Administrator notices that one of the servers that runs an application is NOT receiving any traffic. The BIG-IP Administrator examines the configuration status of the application and observes the displayed monitor configuration and affected Pool Member status. What is the possible cause of this issue?

A.

The Node Health Monitor is NOT responding.

B.

The application is NOT responding with the expected Receive String.

C.

HTTP 1.1 is NOT appropriate for monitoring purposes.

D.

The BIG-IP device is NOT able to reach the Pool.

Full Access
Question # 66

What is a benefit provided by F5 Enterprise Manager?

A.

Enterprise Manager allows administrators to analyze traffic flow and create custom application IPS signatures.

B.

Enterprise Manager allows administrators to establish baseline application usage and generate an alert if an administratively set threshold for the application is exceeded.

C.

Enterprise Manager allows administrators to identify application vulnerabilities. Virtual patches are then automatically generated and applied to remediate the detected application vulnerability.

D.

Enterprise Manager allows administrators to monitor all application traffic. Configuration optimization suggestions based on the observed traffic patterns are then generated for the administrator to review and apply.

Full Access
Question # 67

An LTM Specialist sees these entries in /var/log/ltm:

Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Assume 172.16.20.0/24 is attached to the VLAN "internal."

What should the LTM Specialist use to troubleshoot this issue?

A.

curl -d - -k https://172.16.20.1

B.

ssldump -i internal host 172.16.20.1

C.

tcpdump -i internal host 172.16.20.1 > /shared/ssl.pcap

ssldump < /shared/ssl.pcap

D.

tcpdump -s 64 -i internal -w /shared/ssl.pcap host 172.16.20.1

ssldump -r /shared/ssl.pcap

Full Access
Question # 68

An application is configured so that the same pool member must be used for an entire session, as well as for HTTP and FTP traffic.

A user reports that a session has terminated, and the user must restart the session. The BIG-IP Administrator determines that the active BIG-IP device failed over to the standby BIG-IP device. Which configuration settings should the BIG-IP Administrator verify to ensure proper behaviour when BIG-IP failover occurs?

A.

cookie persistence and session timeout

B.

Stateful failover and Network Failover detection

C.

Persistence mirroring and Match Across Services

D.

syn-cookie insertion threshold and connection low-water mark

Full Access
Question # 69

A custom HTTP monitor is failing to a pool member 10.10.3.75:8080 that serves up www.example.com.

A ping works to the pool member address.

The SEND string that the monitor is using is: GET/HTTP/l.l/r/n/Host.www.example.com/r/n/Connection

Close/r/n/r/n

Which CLI tool syntax will show that the web server returns the correct HTTP response?

Full Access
Question # 70

Windows PC clients are connecting to a virtual server over a high-speed, low-latency network with no packet loss.

Which built-in client-side TCP profile provides the highest throughput for HTTP downloads?

A.

tcp

B.

tcp-legacy

C.

tcp-lan-optimized

D.

tcp-wan-optimized

Full Access
Question # 71

An LTM device is load balancing telnet and ssh applications in a client/server environment experiencing significant packet delay.

Which setting in the TCP profile should reduce the amount of packet delay?

A.

disable Bandwidth Delay

B.

disable Nagle's Algorithm

C.

enable Proxy Maximum Segment

D.

increase Maximum Segment Retransmissions

Full Access
Question # 72

A BIG-IP Administrator must determine if a Virtual Address is configured to fail over to the standby member of a device group in which area of the Configuration Utility can this be confirmed?

A.

Device Management > Traffic Groups

B.

Device Management > Devices

C.

Local Traffic > Virtual Servers

D.

Device Management > Overview

Full Access
Question # 73

A virtual serverconfiguration for traffic destined to a server is as shown:

HTTP traffic is destined to the 10 10.20.1 server from the source

Based on precedence, which virtual server accepts this traffic?

A.

MyvS1

B.

MyVS2

C.

MyVS3

D.

MyVS4

Full Access
Question # 74

An IT administrator wants to log which server is being load balanced to by a user with IP address 10.10.10.25.

Which iRule should the LTM Specialist use to fulfill the request?

A.

when SERVER_CONNECTED {

if { [IP::addr [IP::remote_addr]] equals 10.10.10.25]} {

log local0. "client 10.10.10.25 connected to pool member [IP::addr [LB::server addr]]" }

}

B.

when CLIENT_ACCEPTED {

if { [IP::addr [clientside [IP::remote_addr]] equals 10.10.10.25]} {

log local0. "client 10.10.10.25 connected to pool member [IP::addr [LB::server addr]]" }

}

C.

when SERVER_CONNECTED {

if { [IP::addr [clientside [IP::remote_addr]] equals 10.10.10.25]} {

log local0. "client 10.10.10.25 connected to pool member [IP::addr [LB::server addr]]" }

}

D.

when CLIENT_ACCEPTED {

if { [IP::addr [IP::remote_addr] equals 10.10.10.25]} {

log local0. "client 10.10.10.25 connected to pool member [IP::addr [LB::server addr]]" }

}

Full Access
Question # 75

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist has created a virtual server to balance connections to a pool of application servers and offload SSL decryption. Clients connect to the application at https://www.example.com/. The virtual server is configured with a clientssl profile but no serverssl profile. The application servers are listening on ports 80 and 443. Users are unable to connect to the application through the virtual server but are able to connect directly to the application server.

What is the root cause of the error?

A.

The LTM device is chunking responses.

B.

The LTM device is redirecting users to HTTPS.

C.

The pool members are configured with the wrong port.

D.

The application servers are redirecting users to HTTPS.

Full Access
Question # 76

An LTM device supports two power supplies. The value of the BigDB key "platform.powersupplymonitor" is equal to enable.

Where would the error message be visible if one of the power supplies fails or is NOT plugged in?

A.

visible only via the console

B.

in the /var/log/ltm log file

C.

in the /var/log/kern.log file

D.

in the /var/log/tmm log file

Full Access
Question # 77

All pool members are online. All other virtual server settings are at default What might after the load balancing behavior?

A.

enabing SNAT automap

B.

enabing a falback host in the http profile

C.

adding a oneconnect profile

D.

adding a persistence profile

Full Access
Question # 78

An LTM device configured with a management IP address and route and a series of self-IPs and TMM routes.Both management and TMM have a routing entry for 101 10/24 Application traffic is being load balanced and sent to pool member 10.1.1.123 with SNAT Automap and configured.

Which route will the LTM device use?

A.

TMM route regardless of the management port status

B.

both routes, which will duplicate traffic on both management and TMM interface

C.

equal cost multipath load balancing via both routes

D.

management route when TMM interface is down or TMM is offline

E.

management route regardless of the managementport status

Full Access