303 Practice Exam Questions with Answers BIG-IP ASM Specialist Certification

Some users who connect to a busy Virtual Server have connections reset by the BIG-IP system. Pool member resources are NOT a factor in this behavior. What is a possible cause for this behavior?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

Which URL on which server is causing the highest latency for users?

To increase available bandwidth of an existing Trunk, the BIG-IP Administrator is adding additional

interfaces.

Which command should the BIG-IP Administrator run from within bosh shell?

A high-availability (HA) pair configuration uses only the hardwire serial cable connection to determine device state. A power outage occurs to the PDU powering the active unit. The standby unit takes over the active role as expected.

How is the peer unit able to determine the active unit is unavailable?

AnLTM specialist needs to create a new account with the admin role called "newadmin' and access to all partitions.

Which tmsh command should be executed?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist has uploaded a qkview to F5 iHealth.

Within the GUI, what is the correct procedure to comply with the recommendation shown in the exhibit?

A BIG-IP Administrator uses a device group to share the workload and needs to perform service on a BIG-IP device currently active for a traffic group. The administrator needs to enable the traffic group to run on another BIG-IP device in the device group. What should the administrator do to meet the requirement?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

Users are able to access the application when connecting to the virtual server but are unsuccessful when connecting directly to the application servers. The LTM Specialist wants to allow direct access to the application servers.

Why are users unable to connect directly to the application servers?

TWO BIG-IP appliances need to be configured to load balance multiple firewall in a firewall sandwich,

Which health monitor setting should be used to verify that the firewalls are able to forward traffic?

A set of servers is used for an FTP application as well as an HTTP website via separate BIG-IP Pools. The

server support team reports that some servers are receiving a lot more traffic than others.

Which Load Balancing Method should the BIG-IP Administrator apply to even out the connection count?

AN LTM Specialist is using an external monitor evaluate the hard drive usage of a node. The monitor has marked the node down because it exceeded the specific threshold. The disk usage on the server has been corrected below the threshold, however, the node remains offline.

Which feature is causing this problem?

Traffic to a pool of SFTP servers that share storage must be balanced by an LTM device.

What are therequired profile and persistence settings for a standard virtual server?

A custom TCP application using a single server is being migrated to the LTM device. A server is being added to the pool. The application is known to violate the TCP protocol RFC. Theapplication currently works without error from a user perspective.

Which virtual server type is appropriate in this situation?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A company uses a complex piece of client software that connects to one or more virtual servers (VS) hosted on an LTM device. The client software is experiencing issues. An LTM Specialist is tasked with finding the cause of the problem.

The LTM Specialist has the tcpdump extract and knows the client software has at least one connection to a VS on port 1990. However, when a tcpdump runs on the internal VLAN, there is no record of port 1990 in the tcpdump.

Why is there no record of port 1990 in the tcpdump?

An LTM device receives a response string containing "error"

Which monitor type and parameter will mark the HTTP server as down?

An LTM Specialist upgrades the switchinginfrastructure and the backend servers on the LAN segments.

The LTM Specialist notices a 20% memory usage increase on the BIG-IP device while handling the same number of concurrent connections.

A comparison of statistics pre-upgrade and post-upgrade showsa significant reduction on the following:

-RTT between the BIG-IP device and the backend servers

-Packet drops in the switch

Time to First Byte (TTFB)

The LTM Specialist is concerned with the scalability of the number of concurrent connections with the newmemory usage.

Which setting should be changed to reduce the memory usage on the BIG-IP device?

A node is a member of various pools and hosts different web applications. If a web application is unavailable, the BIG-IP appliance needs to mark the pool member down for that application pool. What should a BIG-IP Administrator deploy at the pool level to accomplish this?

An LTM Specialist has been asked to configure a virtual server to distribute connections between a pool of two application servers with addresses 172.16.20.1 and 172.16.20.2. The application servers are listening on TCP ports 80 and 443. The application administrators have asked that clients be directed to the same node for both HTTP and HTTPS requests within the same session.

Virtual servers vs_http and vs_https have been created, listening on 1.2.3.100:80 and 1.2.3.100:443, respectively.

Which configuration option will result in the desired behavior?

An LTM Specialistis configuring a new virtual server on an LTM device and assigning a SNAT pool that is already is use another virtual server. Both virtual servers use the same pool members to load balance traffic. A maximum of 35,000 users needs to be able to access each virtual server ta any time. The network architecture does NOT allow the backend servers to use the LTM device as a default gateway.

What is the minimum number of SNAT addresses required in the SNAT pool to meet the needs of the virtual servers?

A BIG-IP Administrator must determine if a Virtual Address is configured to fail over to the standby member of a device group in which area of the Configuration Utility can this be confirmed?

A BIG-IP Administrator defines a device Self IP . The Self IP is NOT reachable from the network. What should the BIG-IP Administrator verify first?

An ITM Specialist has the configuration shown:

The LTM Specialist needs to create a new virtual server in part B.

Which virtual address(es) should be used for the new virtual server?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM device is used to load balance web content over a secure channel.

The developers of the web content have done a trace using an HTTP profiler application. They believe that allowing the LTM device to compress traffic to the client will improve performance. The client can utilize GZIP or deflate compression algorithms.

An LTM Specialist must implement the compression.

The LTM Specialist has completed the following actions:

1. Create the relevant profile.

2. Apply the relevant profile to the virtual server (VS).

After applying the relevant profile, the LTM device is failing to compress the traffic. Instead, the traffic is being served with an error.

What is the problem?

A BIG-IP Administrator needs to determine which pool members in a pool have been manually forced offline and are NOT accepting any new traffic. Which status icon indicates this?

A)

B)

C)

D)

An LTM Specialist troubleshooting an issue looks at the following /var/log/ltm entries:

Oct 2 04:52:42 slot1/tmm7 crit tmm7[21734]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)

Oct 2 05:37:16 slot1/tmm7 crit tmm7[21734]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)

Oct 2 05:57:32 slot1/tmm2 crit tmm2[21729]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)

Oct 2 06:30:03 slot1/tmm7 crit tmm7[21734]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)

Oct 2 06:37:44 slot1/tmm2 crit tmm2[21729]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)

Oct 2 06:47:05 slot1/tmm5 crit tmm5[21732]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)

Which configuration item should the LTM Specialist review to fix the issue?

To improve application security, an LTM Specialist must configure a BIG application access. The BIG IPsystem to authenticate the client certificate before permitting application access. The BIG-IP system must also support the ability to red to redirect users to a certificate enrolment system without generating a browser error.

Within the Client SSL profile, which value should the LTM Specialist select for the Client Certificate option?

A BIG-IP Administrator needs to restore an encrypted UCS archive from the command line using the

TMSH utility.

Which TMSH command should the BIG-IP Administrator use to accomplish this?

Refer to the exhibit.

A pool member fails the monitor checks for about 30 minutes and then starts passing the monitor

checks. New traffic is Not being sent to the pool member.

What is the likely reason for this problem?

Which method is recommended for creating a new user from the CLI?

Which command should the LTM Specialist use to determine the current system time?

Windows PC clients are connecting to a virtual server over a high-speed, low-latency network with no packet loss.

Which built-in client-side TCP profile provides the highest throughput for HTTP downloads?

A BIG-IP Operator has made a grave error and deleted a few virtual servers on the active LTM device fronting the web browsing proxies. The BIG-IP Operator has NOT yet performed a configuration sync.

Which command should the LTM Specialist execute on the active LTM device to force a failover to the standby node and restore web browsing?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist configures a virtual server that balances HTTP connections to a pool of three application servers. Approximately one out of every three connections to the virtual server fails.

Which two actions will resolve the problem? (Choose two.)

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Based on the output of the tmsh interface show command, what is the issue?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

An LTM device has been configured for load balancing a number of different application servers. Configuration changes need to be made to the LTM device to allow administrative management of the servers in 172.16.10/24, 172.16.20/24, and 172.16.30/24 networks. The servers require outbound access to numerous destinations for operations.

Which solution has the simplest configuration changes while maintaining functionality and basic security?

An LTM Specialist discovers an issue with the custom http monitor that returns in a false positive status.

The end users cannot get the right website, but thehttp monitor marks the pool member UP.

What is causing the false positive result?

An application is being load balanced through the LTM device using the configuration displayed below.

The network has been re-engineered to NAT all client connection. As a result, allclient connections are hitting the same pool member.

Which changes should the LTM Specialist make in order to restore load balancing functionality wile maintaining session persistence?

A local user account (Users) on the BIG-IP device is assigned the User Manager role. Userl attempts to

modify the properties of another account (User2), but the action fails. The BIG-IP Administrator can

successfully modify the User2 account.

Assuming the principle of least privilege, what is the correct way to allow User 1 to modify User2

properties?

An LTM Specialist is customizing local traffic logging.

Which traffic management OS alert level provides the most detail?

An LTM Specialist needs to upgrade all guests on a Viprion eight CMP guests.

What is the maximum number of guests that the LTM Specialist should upgrade at once?

Refer to the exhibit

The network team creates a new VLAN on the switches. The BIG-IP Administrator needs to create a

configuration on the BIG-IP device. The BIG-IP Administrator creates a new VLAN and Self IP, but the

servers on the new VLAN are NOT reachable from the BIG-IP device.

Which action should the BIG-IP Administrators to resolve this issue?

An HTTP monitor is created and assigned to a pool with the following non-default configuration:

Interval: 7 seconds

Timeout: 22 seconds

Reverse: Yes

Send String: GET/status.htmlHTTP/1.1/r/nHost:test.example.com/r/nConnector:Close Receive String: Up

The HTTP server sends the following response:

What is the resulting pool status?

An LTM Specialist needs to add a pool that will load balanceMYSOL services. It has four members, each with differing hardware platforms. All pool members are already assigned to another pool for load balancing FTP traffic.

Which load balancing method is most effective when the LTM Specialist sets up the pool?

A BIG-IP Administrator needs to view the CPU utilization of a particular Virtual Server. Which section of the Configuration Utility should the administrator use for this purpose?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist creates a virtual server to load balance traffic to a pool of HTTPS servers. The servers use client certificates for user authentication. The virtual server has clientssl, serverssl, and http profiles enabled. Clients are unable to connect to the application through the virtual server, but they are able to connect to the application servers directly.

Which change to the LTM device configuration will resolve the problem?

An LTM Specialist needs to deploy a virtual server that will load balance traffic targeting https://register.example.com to a set of three web servers. Persistence needs to be ensured. No persistence mirroring is allowed SSL offloading is required.

A fourth web server with fewer resources will be used to handle requests from engine bots to https://register.example.comvrobots.txt by an iRule. The (Rule will use the HTTP_REQUEST event. .

What are the required profile and persistence settings to implement this

An LTM Specialist needs to configure a virtual server with the requirements displayed below.

Application is currently an internal HTTPapplication

Encrypted external user access

Links are hard for siteA example.com and need to rewritten to siteB.Example.com

Which profiles must the LTM Specialist use to provide the proper functionality?

An LTM Specialist has just manually failed the active LTM device over to the standby LTM device. The LTM Specialist notices the newly active LTM device is NOT currently receiving traffic. The LTM Specialist verifies the newly active device is responding to ARP but still no traffic is hitting the virtual servers. The LTM Specialist also notices that the virtual servers eventually start responding.

What should be added to the configuration to resolve the problem?

A BIG-IP Administrator opens a case with F5 Support. The support engineer requests the BIG-IP

appliance chassis serial number.

Which TMSH command will provide this information?

The BIG-IP Administrator configures an HTTP monitor with a specific receive string. The status is marked

'down'.

Which tool should the administrator use to identify the problem?

Refer to the exhibit.

A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL offload and

re-encrypt the traffic to pool members.

During testing, users are unable to connect to the application.

What must the BIG-IP Administrator do to resolve the issue?

Refer to the exhibit.

Why is the virtual server responsive to incoming connections?

Refer to the exhibit.

How many nodes are represented on the network map shown?

A web application requires knowledge of the client's true IP address for logging and analysis purposes. Instances of the application that can decode X-Forwarded-For HTTP headers reside in pool_a, while pool_b instances assume the source IP is the true address of the client.

Which iRule provides the proper functionality?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Which profile could be removed or changed on this virtual server to reduce CPU load on the LTM device without increasing server side bandwidth usage?

-- Exhibit --

-- Exhibit --

Refer to the exhibit.

A company uses a complex piece of client software that connects to one or more virtual servers (VS) hosted on an LTM device. The client software is experiencing issues. An LTM Specialist must determine the cause of the problem.

The LTM Specialist is seeing a client source IP of 168.210.232.5 in the tcpdump. However, the client source IP is actually 10.123.17.12.

Why does the IP address of 10.123.17.12 fail to appear in the tcpdump?

Refer to the exhibit.

The pool shown isconfigured with four pool members in a variety of states. The application is receiving a large number of request. The LTM Specialist needs to make changes to make sure that all members receive the same levels of traffic.

Which changes need to be made?

What is the status of a pool member when manual resume is enabled and a health check first fails and then passes?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Users report that a web application works incorrectly. Sometimes contextual data displayed on the web pages is accurate; other times it is inaccurate.

The LTM administrator looks at the connection table with a filter on one of the client IP addresses currently connected using the command "tmsh show sys connection cs-client-addr 10.0.20.1"

with the following results:

10.0.20.1:60048 10.0.20.88:80 10.0.20.1:60048 172.16.20.1:80 tcp 3 (tmm: 0)

10.0.20.1:60050 10.0.20.88:80 10.0.20.1:60050 172.16.20.3:80 tcp 3 (tmm: 0)

10.0.20.1:60047 10.0.20.88:80 10.0.20.1:60047 172.16.20.2:80 tcp 3 (tmm: 0)

10.0.20.1:60049 10.0.20.88:80 10.0.20.1:60049 172.16.20.1:80 tcp 3 (tmm: 0)

What is the solution to the problem?

An LTM Specialist reports that an application si no longer reachable after it has beenupgraded.

Nothing has been changed in the configuration on the LTM device.

The logs indicates that health monitors to all servers have failed as shown:

What should the LTM Specialist verify next?

-- Exhibit –

-- Exhibit --

Refer to the exhibits.

An LTM Specialist is troubleshooting an issue with one of the virtual servers on an LTM device, and all requests are receiving errors. Testing directly against the server generates no errors. The LTM Specialist has captured the request and response on both client and server sides of the LTM device.

What should the LTM Specialist do to fix this issue?

An LTM Specialist needs to create a virtual server to pass TCP traffic to three pool members.

Which two virtual server types should be used to meet the requirements? (Choose two)

The active LTM device in a high-availability (HA) pair performs a failover at the same time the network team reports an outage of a switch on the network.

Which two items could have caused the failover event? (Choose two.)

Users are unable to reach an application. The BIG-IP Administrator checks the Configuration Utility and observes that the Virtual Server has a red diamond in front of the status. What is causing this issue?

A BIG-IP Administrator runs the initial configuration wizard and learns that the NTP servers were invalid. In which area of the Configuration Utility should the BIG-IP Administrator update the list of configured NTP servers?

An LTM Specialist needs to modify the logging level for tcpdump execution events. Checking the BigDB Key, the following is currently configured:

sys db log.tcpdump.level {

value "Notice"

}

Which command should the LTM Specialist execute on the LTM device to change the logging level to informational?

An LI M device is experiencing a high volume of traffic. The virtual server is struggling under the load. The problem appears to be on the server side connections. The virtual server isaccepting connections . The virtual server is accepting connections on https and is configured with an SSL profile and http pool.

What should be added to increase the performance of the device?

An application is sensitive to packet loss and unexpected session termination. A pair of LTM devices is configured in an Active/Standby high availability configuration. SNATS are NOT used and the virtual server contains a Universal Persistence profile.

which two actions must an LTM Specialist take to ensure the sessions are maintained between the client and server during an LTM device failover event while maintaining maximum uptime? (Choose two.)

The pool members are serving up simple static web content.

The current virtual server configuration is given as follows:

tmsh list ltm virtual simple

ltm virtual simple {

destination 10.10.10.10:80

ip-protocol tcp

mask 255.255.255.255

profiles {

http { }

httpcompression { }

oneconnect { }

tcp { }

}

snat automap

vlans-disabled

}

tmsh list ltm pool simple_pool

ltm pool simple_pool {

members {

10.10.10.11:80 {

address 10.10.10.11 }

10.10.10.12:80 {

address 10.10.10.12 }

10.10.10.12:80 {

address 10.10.10.13 }

}

}

Which three objects in the virtual server configuration can be removed without disrupting functionality of the virtual server? (Choose three.)

An LTM Specialist is troubleshooting an issue with a new virtual server. When connecting through the virtual server, clients receive the message "Unable to connect" in the browser, although connections directly to the pool member show the application is functioning correctly. The LTM configuration is:

ltm virtual /Common/vs_https {

destination /Common/10.10.1.110:443

ip-protocol udp

mask 255.255.255.255

pool /Common/pool_https

profiles {

/Common/udp { }

}

translate-address enabled

translate-port enabled

vlans-disabled

}

ltm pool /Common/pool_https {

members {

/Common/172.16.20.1:443 {

address 172.16.20.1

}

}

}

How should the LTM Specialist resolve this issue?

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Users receive an error when attempting to connect to the website https://website.com. The website has a DNS record of 195.56.67.90. The upstream ISP has confirmed that there is nothing wrong with the routing between the user and the LTM device.

The following tcpdump outputs have been captured:

External Vlan, filtered on IP 168.210.232.5

00:25:07.598519 IP 168.210.232.5.33159 > 195.56.67.90.https: S 1920647964:1920647964(0) win 8192

00:25:07.598537 IP 195.56.67.90.https > 168.210.232.5.33159: S 2690691360:2690691360(0) ack 1920647965 win 4350

00:25:07.598851 IP 168.210.232.5.33160 > 195.56.67.90.https: S 2763858764:2763858764(0) win 8192

00:25:07.598858 IP 195.56.67.90.https > 168.210.232.5.33160: S 1905576176:1905576176(0) ack 2763858765 win 4350

Internal Vlan, filtered on IP 168.210.232.5

00:31:46.171124 IP 168.210.232.5.33202 > 192.168.100.20.http: S 2389057240:2389057240(0) win 4380

What is the problem?

Refer to the exhibit.

The BIG-IP Administrator is investigating disk utilization on the BIG-IP device.

What should the BIG-IP Administrator check next?

Which iRule will reject any connection originating from a 10.0.0.0/8 network?