Crack4sure Logo
3 Months Free Update
3 Months Free Update
3 Months Free Update
An LTM device has a virtual server configured as a Performance Layer 4 virtual listening on 0.0.0.0:0 to perform routing of packets to an upstream router. The client machine at IP address 192.168.0.4 is attempting to contact a host upstream of the LTM device on IP address 10.0.0.99.
The network flow is asymmetrical, and the following TCP capture displays:
# tcpdump -nnni 0.0 'host 192.168.0.4 and host 10.0.0.99'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes
05:07:55.499954 IP 192.168.0.4.35345 > 10.0.0.99.443: S 3205656213:3205656213(0) ack 3267995082 win 1480
05:07:55.499983 IP 10.0.0.99.443 > 192.168.0.4.35345: R 1:1(0) ack 1 win 0
05:07:56.499960 IP 192.168.0.4.35345 > 10.0.0.99.443: S 3205656213:3205656213(0) ack 3267995082 win 1480
05:07:56.499990 IP 10.0.0.99.443 > 192.168.0.4.35345: R 1:1(0) ack 1 win 0
4 packets captured
Which option within the fastL4 profile needs to be enabled by the LTM Specialist to prevent the LTM device from rejecting the flow?
-- Exhibit –
-- Exhibit --
Refer to the exhibits.
An LTM Specialist is troubleshooting an issue with one of the virtual servers on an LTM device, and all requests are receiving errors. Testing directly against the server generates no errors. The LTM Specialist has captured the request and response on both client and server sides of the LTM device.
What should the LTM Specialist do to fix this issue?
The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect.
The virtual server is configured with the default OneConnect profile.
The ACL is defined on the web server as:
Permit: 192.168.136.0/24
Deny: 192.168.116.0/24
The packet capture is taken of two individual client flows to a virtual server with IP address 192.168.136.100.
Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:
Clientside:
09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192
09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack 869998902 win 4380
09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425
09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678
Serverside:
09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380
09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack 685865803 win 5840
09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380
09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380
09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108
Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100:
Clientside:
09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192
09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack 3320618939 win 4380
09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425
09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678
Serverside:
09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904
09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142
Why was the second client flow permitted by the web server?
Given the log entry:
011f0005:3: HTTP header (32800) exceeded maximum allowed size of 32768 (Client sidE. vip=/Common/VS_web profile=http pool=/Common/POOL_web client_ip=10.0.0.1)
Which HTTP profile setting can be modified temporarily to resolve the issue?
An LTM Specialist realizes that a datacenter engineer has changed the console baud rate.
Which command determines the current baud rate via the command line interface?
While investigating the cause of a device failover, an LTM Specialist discovers the following events in /var/log/ltm:
01010029:5: Clock advanced by 518 ticks
01010029:5: Clock advanced by 505 ticks
01010029:5: Clock advanced by 590 ticks
01010029:5: Clock advanced by 568 ticks
01010029:5: Clock advanced by 1681 ticks
01010029:5: Clock advanced by 6584 ticks
01140029:5: HA daemon_heartbeat tmm fails action is failover and restart.
010c0026:5: Failover condition, active attempting to go standby.
Which issue caused the failover?
An LTM Specialist wants to allow access to the Always On Management (AOM) from the network.
Which two methods should the LTM Specialist use to configure the AOM interface? (Choose two.)
A web application is meant to log the URI of the resource that responded to the client's initial Request-URI.
Which HTTP header will supply this information?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
An HTTP monitor always marks the nodes in the pool as down. The monitor's definition and the HTTP headers from the monitor request and response are provided.
What is the issue?
The LTM device is configured for RADIUS authentication. Remote logins are failing and the LTM Specialist must verify the RADIUS configuration.
How should the LTM Specialist check the RADIUS server and shared secret configured on the LTM device?
In preparation for a maintenance task, an LTM Specialist performs a "Force to Standby" on LTM device Unit 1. LTM device Unit 2 becomes active as expected. The maintenance task requires the reboot of Unit 1. Shortly after the reboot is complete, the LTM Specialist discovers that Unit 1 has become active and Unit 2 has returned to standby.
What would cause this behavior?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
An LTM Specialist creates a virtual server to load balance traffic to a pool of HTTPS servers. The servers use client certificates for user authentication. The virtual server has clientssl, serverssl, and http profiles enabled. Clients are unable to connect to the application through the virtual server, but they are able to connect to the application servers directly.
Which change to the LTM device configuration will resolve the problem?
An active/standby pair of LTM devices deployed with network failover are working as desired. After external personnel perform maintenance on the network, the LTM devices are active/active rather than active/standby. No changes were made on the LTM devices during the network maintenance.
Which two actions would help determine the cause of the malfunction? (Choose two.)
A web developer has created a custom HTTP call to a backend application. The HTTP headers being sent by the HTTP call are:
GET / HTTP/1.1
User-Agent: MyCustomApp (v1.0)
Accept: text/html
Cache-Control: no-cache
Connection: keep-alive
CookiE. somecookie=1
The backend server is responding with the following:
HTTP/1.1 400 Bad Request
DatE. Wed, 20 Jul 2012 17:22:41 GMT
Connection: close
Why is the HTTP web server responding with a HTTP 400 Bad Request?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
Which profile could be removed or changed on this virtual server to reduce CPU load on the LTM device without increasing server side bandwidth usage?
An F5 LTM Specialist needs to perform an LTM device configuration backup prior to RMA swap.
Which command should be executed on the command line interface to create a backup?
A web application sends information about message integrity and content life time to the client.
Which two HTTP headers should be used in sending the client information? (Choose two.)
An LTM Specialist is receiving reports from customers about multiple applications failing to work properly. The LTM Specialist looks at the services running and notices that the bigd process has NOT started.
How are monitored LTM device objects marked when the bigd process is stopped?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
Which step should an LTM Specialist take to utilize AVR?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
An LTM Specialist is troubleshooting an issue with SSL and is receiving the error shown when connecting to the virtual server. When connecting directly to the pool member, clients do NOT receive this message, and the application functions correctly. The LTM Specialist exports the appropriate certificate and key from the pool member and imports them into the LTM device. The LTM Specialist then creates the Client SSL profile and associates it with the virtual server.
What is the issue?
An LTM Specialist is tasked with ensuring that the syslogs for the LTM device are sent to a remote syslog server.
The following is an extract from the config file detailing the node and monitor that the LTM device is using for the
remote syslog server:
monitor
Syslog_15002 {
defaults from udp
dest *:15002
}
node 91.223.45.231 {
monitor Syslog_15002
screen RemoteSYSLOG
}
There seem to be problems communicating with the remote syslog server. However, the pool monitor shows that the remote server is up.
The network department has confirmed that there are no firewall rules or networking issues preventing the LTM device from
communicating with the syslog server. The department responsible for the remote syslog server indicates that there may
be problems with the syslog server. The LTM Specialist checks the BIG-IP LTM logs for errors relating to the remote syslog
server. None are found. The LTM Specialist does a tcpdump:
tcpdump -nn port 15002, with the following results:
21:28:36.395543 IP 192.168.100.100.44772 > 91.223.45.231.15002: UDP, length 19
21:28:36.429073 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169
21:28:36.430714 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181
21:28:36.840524 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169
21:28:36.846547 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181
21:28:39.886343 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 144
NotE. 192.168.100.100 is the self IP of the LTM device.
Why are there no errors for the remote syslog server in the log files?
What is the recommended procedure for upgrading a major TMOS release on a BIG-IP platform?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
Based on the output of the tmsh interface show command, what is the issue?
-- Exhibit --
-- Exhibit --
Refer to the exhibit.
A company uses a complex piece of client software that connects to one or more virtual servers (VS) hosted on an LTM device. The client software is experiencing issues. An LTM Specialist must determine the cause of the problem. The LTM Specialist has the tcpdump extract. The client loses connection with the LTM device.
Where is the reset originating?
An LTM Specialist has just manually failed the active LTM device over to the standby LTM device. The LTM Specialist notices the newly active LTM device is NOT currently receiving traffic. The LTM Specialist verifies the newly active device is responding to ARP but still no traffic is hitting the virtual servers. The LTM Specialist also notices that the virtual servers eventually start responding.
What should be added to the configuration to resolve the problem?
Internet clients connecting to a virtual server to download a file are experiencing about 150 ms of latency and no packet loss.
Which built-in client-side TCP profile provides the highest throughput?
An LTM Specialist is troubleshooting an HTTP monitor. The pool member is accessible directly through a browser, but the HTTP monitor is marking the pool member as down.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
DatE. Tue, 23 Oct 2012 21:39:07 GTM
Server: Apache/2.2.22 (FreeBSD) PHP/5.4.4
mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2
Content-LengtH. 226
Connection: close
Content-TypE. text/html; charset=iso-8859-1
How should the LTM Specialist resolve this issue?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
An LTM Specialist is troubleshooting a new HTTP monitor on a pool. The pool member is functioning correctly when accessed directly through a browser, although the monitor is marking the member as down. As part of the troubleshooting, the LTM Specialist has captured the monitor traffic via tcpdump.
How should the LTM Specialist resolve this issue?
-- Exhibit --
-- Exhibit --
Refer to the exhibit.
A company uses a complex piece of client software that connects to one or more virtual servers (VS) hosted on an LTM device. The client software is experiencing issues. An LTM Specialist must determine the cause of the problem.
The LTM Specialist is seeing a client source IP of 168.210.232.5 in the tcpdump. However, the client source IP is actually 10.123.17.12.
Why does the IP address of 10.123.17.12 fail to appear in the tcpdump?
An LTM Specialist connects to an LTM device via the serial console cable and receives unreadable output. The LTM Specialist is using the appropriate cable and connecting it to the correct serial port.
Which command should the LTM Specialist run through ssh to verify that the baud rate settings for the serial port are correct on the LTM device?
Given a tcpdump on an LTM device from both sides of a connection on the External and Internal VLANs, how should an LTM Specialist determine if SNAT is enabled for a particular pool?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
A web application is configured to allow sessions to continue even after a user computer is shut down for the night. A new LTM device is configured to load balance the web application to several servers. The application owner reports that application users are logged out of the web application whenever their browser is restarted or computer is rebooted.
What is the problem?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
An LTM Specialist configures a virtual server that balances HTTP connections to a pool of three application servers. Approximately one out of every three connections to the virtual server fails.
Which two actions will resolve the problem? (Choose two.)
An HTTP 1.1 application utilizes chunking.
Which header should be used to notify the client's browser that there are additional HTTP headers at the end of the message?
-- Exhibit –
-- Exhibit --
Refer to the exhibits.
A virtual server has been configured for SSL offload on a single-arm network. On average, the virtual server will be handling 100,000 connections, with a peak of 130,000 connections. Between the virtual server and the web servers there is a single reverse proxy to provide site caching. The proxy is configured to perform source IP persistence before contacting the web servers. The site is logging users out immediately after logging them in.
What should the LTM Specialist do to resolve this issue?
An LTM Specialist receives a request to monitor the network path through a member, but NOT the member itself.
Which monitor option should the LTM Specialist enable or configure?
An LTM Specialist has installed a hotfix that updated the SCCP firmware package.
Which command will ensure that the host subsystem and SCCP reboot?
There are three servers in the pool: 172.16.20.1, 172.16.20.2, and 172.16.20.3, with the virtual IP address 10.0.20.88.
A user CANNOT connect to an HTTP application. To understand the problem and find a solution, the LTM Specialist runs two concurrent traces on the LTM device, with the following results:
Trace on client side:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes
22:22:07.423759 IP 172.16.20.100.53875 > 10.0.20.88.80: S 998346084:998346084(0) win 5840
22:22:07.424056 IP 10.0.20.88.80 > 172.16.20.100.53875: S 4671780:4671780(0) ack 998346085 win 4380
22:22:07.424776 IP 172.16.20.100.53875 > 10.0.20.88.80: . ack 1 win 365
22:22:07.424790 IP 172.16.20.100.53875 > 10.0.20.88.80: P 1:149(148) ack 1 win 365
22:22:07.424891 IP 10.0.20.88.80 > 172.16.20.100.53875: . ack 149 win 4528
22:22:12.024850 IP 10.0.20.88.80 > 172.16.20.100.53875: R 1:1(0) ack 149 win 4528
6 packets captured
6 packets received by filter
0 packets dropped by kernel
Trace on server side:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on internal, link-type EN10MB (Ethernet), capture size 96 bytes
22:22:07.424881 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380
22:22:08.424893 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380
22:22:09.625082 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380
22:22:10.825194 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380
4 packets captured
4 packets received by filter
0 packets dropped by kernel
What should the LTM Specialist do to solve the problem?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
A user is unable to access an HTTP application via a virtual server.
What is the cause of the failure?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
Users receive an error when attempting to connect to the website https://website.com. The website has a DNS record of 195.56.67.90. The upstream ISP has confirmed that there is nothing wrong with the routing between the user and the LTM device.
The following tcpdump outputs have been captured:
External Vlan, filtered on IP 168.210.232.5
00:25:07.598519 IP 168.210.232.5.33159 > 195.56.67.90.https: S 1920647964:1920647964(0) win 8192
00:25:07.598537 IP 195.56.67.90.https > 168.210.232.5.33159: S 2690691360:2690691360(0) ack 1920647965 win 4350
00:25:07.598851 IP 168.210.232.5.33160 > 195.56.67.90.https: S 2763858764:2763858764(0) win 8192
00:25:07.598858 IP 195.56.67.90.https > 168.210.232.5.33160: S 1905576176:1905576176(0) ack 2763858765 win 4350
Internal Vlan, filtered on IP 168.210.232.5
00:31:46.171124 IP 168.210.232.5.33202 > 192.168.100.20.http: S 2389057240:2389057240(0) win 4380
What is the problem?
Given:
Filesystem Size Used Avail Use% Mounted on
/dev/md11 248M 248M 0 100% /
/dev/md13 3.0G 76M 2.8G 3% /config
/dev/md12 1.7G 1.1G 476M 71% /usr
/dev/md14 3.0G 214M 2.6G 8% /var
/dev/md0 30G 2.2G 26G 8% /shared
/dev/md1 6.9G 288M 6.3G 5% /var/log
none 3.9G 452K 3.9G 1% /dev/shm
none 3.9G 19M 3.9G 1% /var/tmstat
none 3.9G 1.2M 3.9G 1% /var/run
prompt 4.0M 12K 4.0M 1% /var/prompt
/dev/md15 12G 8.3G 3.1G 74% /var/lib/mysql
Which command is used to produce this output?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
A user is unable to access a secure application via a virtual server.
What is the cause of the issue?
-- Exhibit –
-- Exhibit --
Refer to the exhibits.
Every monitor has the same Send String, Recv String, and an Alias of *:*. The LTM Specialist simplifies the configuration to minimize the number of monitors.
How many unique monitors remain?
-- Exhibit –
-- Exhibit --
Refer to the exhibits.
An LTM Specialist has configured a virtual server to distribute connections to a pool of application servers and to offload SSL processing. The application fails to work as expected when connecting to the virtual server. It does work when clients connect directly to the application. Two packet captures were taken at the application server.
What is the root cause of the problem?
An LTM Specialist sees these entries in /var/log/ltm:
Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Assume 172.16.20.0/24 is attached to the VLAN "internal."
What should the LTM Specialist use to troubleshoot this issue?
An LTM Specialist is running the following packet capture on an LTM device:
ssldump -Aed -ni vlan301 'port 443'
Which two SSL record message details will the ssldump utility display by default? (Choose two.)
An LTM Specialist must perform a packet capture on a virtual server with an applied standard FastL4 profile. The virtual server 10.0.0.1:443 resides on vlan301.
Which steps should the LTM Specialist take to capture the data payload successfully while ensuring no other virtual servers are affected?
-- Exhibit –
-- Exhibit --
Refer to the exhibit.
An LTM Specialist is reviewing the 'test' partition.
Which objects, in order, can be removed from the partition?
The LTM Specialist is in the process of creating a USB boot drive for the purpose of restoring the BIG-IP software to an LTM device. A separate LTM device has been selected for the purpose of creating the USB boot drive. The BIG-IP software ISO has already been uploaded and mounted on the separate LTM device.
Which command should the LTM Specialist use to trigger the LTM device to install the BIG-IP software to the USB boot drive?
A new web application is hosted at www.example.net, but some clients are still pointing to the legacy web application at www.example.com.
Which iRule will allow clients referencing www.example.com to access the new application?
An LTM device is load balancing SIP traffic. An LTM Specialist notices that sometimes the SIP request is being load balanced to the same server as the initial connection.
Which setting in the UDP profile will make the LTM device more evenly distribute the SIP traffic?
An application is configured on an LTM device:
Virtual server: 10.0.0.1:80 (VLAN vlan301)
SNAT IP: 10.0.0.1
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)
Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only server traffic specifically for this application?
An LTM Specialist has configured a virtual server for www.example.com, load balancing connections to a pool of application servers that provide a shopping cart application. Cookie persistence is enabled on the virtual server. Users are able to connect to the application, but the user's shopping cart fails to update. A traffic capture shows the following:
Request:
GET /cart/updatecart.php HTTP/1.1
Host: www.example.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-EncodinG. gzip,deflate,sdch
Accept-LanguagE. en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
CookiE. BIGipServerwebstore_pool=353636524.20480.0000
Response:
HTTP/1.1 200 OK
DatE. Wed, 24 Oct 2012 18:00:13 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.1
Set-CookiE. cartID=647A5EA6657828C69DB8188981CB5; path=/; domain=wb01.example.com
Keep-AlivE. timeout=5, max=100
Connection: Keep-Alive
Content-TypE. text/html
No changes can be made to the application.
What should the LTM Specialist do to resolve the problem?
Which two alerting capabilities can be enabled from within an application visibility reporting (AVR) analytics profile? (Choose two.)
What is the correct command to reset an LTM device to its default settings?
A device group is made up of four members: LTM-A, LTM-B, LTM-C, and LTM-D. An LTM Specialist makes a configuration change on LTM-B. Later, a different LTM Specialist notices a "changes pending" message on all devices. When logged into LTM-D, the LTM Specialist attempts to config-sync to the device group. The sync operation fails.
Why is the LTM Specialist on LTM-D unable to synchronize the configuration to the group?
TESTED 17 Jun 2025