TEST BORRADO, QUIZÁS LE INTERESE: f5 101
COMENTARIOS |
ESTADÍSTICAS |
RÉCORDS
|
|---|
REALIZAR TEST
|
Título del Test:
f5 101 Descripción: test101 Autor: f5 101 OTROS TESTS DEL AUTOR Fecha de Creación: 14/01/2023 Categoría: Informática Número Preguntas: 228 |
COMPARTE EL TEST
Comentar
No hay ningún comentario sobre este test.
Temario:
|
A BIO IP Administrator is troubleshooting a slow web application. A packet capture shows that some of the packets coming from a window size of zero A packet capture shows that som a window size of zero
What does this mean? The client is trying to close the TCP connection The server is trying to close the TCP connection The server is temporary unable to receive any more data The client is temporarily unable to receive any more data. Which device type in the topology will forward network packets without an OSI layer 3 address assigned to a data plane interface? Router Firewall Application Server Switch. An organization needs to cryptographically sign its domains. Which F5 product provides this functionality? GTM LTM ASM APM. A BIG-IP administrator is interested in using some of the vCMP What should impact the administrator's decision? vCMP is available on all F5 hardware platforms. vCMP is only available on the virtual edition vCMP is hardware independent vCMP is only available on certain F5 platforms. Which three security controls are used in an SSL transaction? (Choose three.) symmetric encryption network admission controls asymmetric encryption digital certificates database encryption. An administrator needs to rapidly deter e newly discovered security threat to a remote desktop application. Which F5 feature provides this functionality? iRules SSL profiles Proxy SSL SPDY. In a fully proxy architecture, what is considered the client in the server-side communications the ADC the switch the server the client workstation. A BIG IP administrator is testing a web server behind ADC. The connection to a Virtual Server is successful but the page is still not loading Where should the administrator test to determine if the server is available? from server-side interface in ADC. from client side interface in ADC from Workstation client from switch connected to ADC and Server. in which scenario is a full proxy TCP connection required? when SIP UP P load balancing is defined when DNS load balancing is configured when compression is enabled when layer 3 load balancing is configured. Which method should an administrator of the BIG-IP use to sync the configuration to only certain other BIG-IPs? synchronize only certain folders exclude devices from certain Traffic Groups exclude devices from certain Sync Groups exclude devices from certain Device Groups. What is an advantage of a packet forwarding architecture? allows for manipulation of HTTP headers allows for SSL offload reduces latency handles larger packet sizes. Pool A has three members. Why is the pool up? Heaton monitoring is enabled on only one member One member has a successful health monitor Member status is determined by volume of traffic There is no health monitoring. Which type of certificate is pre-installed in a web browser’s trusted store? Root Certificate Server Certificate Client Certificate intermediate Certificate. A BIG IP Administrator need to perform a packet capture and identify the source IP that is connecting to the Virtual Server. Which utility should the administrator use on the BIG IP device? leinel traceroute ping tcpdump. The administrator wants client request to be directed to the same pool member through the session based on the client IP address. Which persistence method should the administrator choose? SSL persistence destination address affinity persistence cookie persistence Source address affinity persistence. Which Transport Layer Security (TLS) extension can be used to enable a single virtual server to serve multiple HTTPS websites in different can be used to enable a single virtual server to server domains? Session Tickets OCSP Staping Server Name indication Certificate Status Request. What advantage does an active-standby configuration have over an active-active configurations? Active-standby configuration allows for the backup of the peer configuration Active-standby utilizes the hardware more efficiently Active standby Uses significantly less power consumption than active-active Active-standby is less complex to troubleshoot. In which scenario does the client act as a server? During an active FTP session When an SMTP connection During an SMTP connection When browsing websites. A server is capable of handling more connections than other servers in the same pool. Which load distribution method should the administrator choose? Least Connections Fastest Ratio Round Robin. Host A sends 10 TCP packets to Host B. All packets arrive at Host B quickly, but some arrive out of order. What will Host B do? ACK only packets that are in order drop all packets and wait for arrival in order drop any packets that arrive out of order ACK all packets and place them in order. Layer 2 mapping information is announced by an interface without receiving a request for the mapping first. Which term describes this event? ICMP STP gratuitous ARP ARP. An administrator deploys a site in which the load balancer only sees the ingress traffic from the client. All egress traffic from the server bypasses the load balancer. Which type of solution is this? packet forwarding architecture delayed binding switching Full proxy architecture. A client needs to learn if a web server supports POST Which HTTP method is used? OPTIONS TRACE LIST GET. In an active/standby high-availability mode, what causes a standby unit to assume the active role? Hashed unit iD management MAC address resource utilization heartbeat detection. In which scenario is a full proxy TCP connection required? TCP routing IPv4 lo IPv6 gateway UDP routing UDP to ICMP gateway. An Administrator enables HTTP keep alive. How does this affect the network? HTTP connections will remain open longer Fewer TCP connections will need to be opened HTTP connections will close when the keep-alive times out More TCP connections will need to be opened. A BIG-P Administrator needs to upload a qkview view to evaluate software upgrade options. Which service should be used? AskF5 iHealth DevCentral F5WedSubOon. An administrator needs to selectively compress HTTP traffic based on geographical location Which F5 Feature should the administrator use? One Connect iRules SPDY profile iSessions. A company needs to use a custom value when making persistence decisions. Which F5 product provides this functionality? iControI iRules iApps iHealth. HTTP pool attached to a Virtual Server has three members Pool member A default HTTP monitor in red Pool member B custom HTTP monitor in green Pool member C does not monitor Which pool members participate in the load balancing? Pool members A and C Pool members A B and C Pool members B and C Pool members A and B. HTTPs traffic is not working properly. What is the likely reason for the issue? 0. 0 0.0 0 is an invalid address in netstat 0. 0. 0. 0.0 80 should be in an active stale The server is not listening on TCP 443 The server is not listening on UDP 80. A BIG IP Administrator reviews the Virtual Server configuration and sees the object status represented by a blue square tor an unknown status. How should the administrator change the unknown status? restart the BIG-IP device assign a monitor to the pool restart the backend webserver run a packet capture on the BIG-IP device. Which HTTP response code is returned when a web server requires authentication to access a resource? 500 401 302 100. An administrator needs to load balance connections to the application server with the lowest number of connections Which load balancing method meets these requirements? Least Sessions Ratio Least Connections (member) Least Connections (member) Least Connections (node). If there are multiple applications authenticated against a single identity store, which technology solution will simplify access to all applications? RADIUS single sign on multifactor authentication LDAP. What is the correct procedure to comply with the recommendation? Download the product version image from ihealthf5.com Download the product version image from supportf5. com Download the product version image from dovcentral f5.com Download the product version image from downloads f5.com. An administrator needs to protect a web application from cross-site scripting (CSS) exploits. Which F5 protocol provide this functionality ASM APM AFM GTM. The use of attack signature within an intrusion Detection System (IDS) is an application of which security model? Positive Context-based Negative Role-based. in which scenario is a full proxy TCP connection required? when compression is actuated When Source NAT configured when a virtual server is configured When Source IP persistence is required. A Network Administrator needs a new networking device can perform NAT to connect several devices on a computer network. What is the most appropriate device for this requirement? Switch Router Bridges Hub. Which protocol data unit (PDU) is associated with the OSI model’s Transport layer? Segment Datagram Packet Bit. What is used to establish trust relationships between BIG-IP devices? trust ID device group identification certificate-based authentication unit IDs. An administrator needs a data a format that is support authentication against an external security domain. The data format must format support SSO. Which data format should the administrator choose? AAA Kerberos SAML EAP. What should a BIGIP Administrator configure to provide remote access and ensure data privacy? Security policy Packet filter VPN GRE. An administrator needs to allow secure access to application within the corporate data center for remote office, branch office and mobile employees. Which F5 product provides this functionally? APM ASM GTM AFM. What should a BIG-IP Administrator configure to minimize impact during a failure? MAC masquerading Clone pool External monitors One Connect profile. What describes the third ‘’A’’ in the common authentication acronym AAA? provides redundancy measures usage against an identity provides user filtered access ensures the correct identity. Which security mode functions by defining what traffic is allowed and rejecting all other traffic? context-based access control model role-based access control model negative security model positive security model. In 200 db8 IPv6 address block is allocated to a load balancer for use as virtual server addresses. The address block balancer set ip address using a static route. What is the representation for the last address in the address block that a virtual server can use? 2001 db8 :: ffff, ffff, ffff, ffff 2001 db8:: 2001 db8 :: 255 2001 db8 ffff, ffff, ffff, ffff. Which of the following would happen? The PC sends a DNS query for 172.17.10.1 The PC sends an ARP looking for the MAC address of 172.17.10.4 The PC sends an ARP looking for the MAC address of 172.17.10.4 The PC sends a DNS query for 172.17.10.4. A device needs to decrypt traffic and send unencrypted traffic to the web server. Which method should the BIG-IP Administrator use? SSL Optimization SSL Caching SSL Termination SSL Bridging. company deploys F5 load balancers to manage number of secure applications. The company needs to centrally manage certificates. Which F5 product provides this functionality? BIG IQ GTW iHeath LTM. Which service should be configured to allow BIG-IP devices to be externally monitored? SSHD TMSH SMTP SNMP. In which FTP mode is the server, responsible for initiating the data correction back to the client? Protected FTP Active FTP Secure FTP Passive FTP. What should the BIG-IP Administrator configure to perform SSL offloading when the certificate is already imported on the BIG-IP device? HTTP profile using client SSL profile Virtual server using client SSL profile configured to use the certificate Virtual server using server SSL profile configured to use the certificate HTTP profile using server SSL profile. In which scenario is a packet forwarding architecture required? when HTTP header must be modified when cookie persistency is demanded when the server responds directly to the client when the number of TCP connections on the server should be reduced. What is used to resolve IP address to MAC address mappings? DHCP ARP DNS ICMP. Which high availability feature allows two different BIG-IP devices to use the MAC address for the same server IP? HSRP virtual MAC address Device group Sync- failover MAC masquerade. A BIG-IP Administrator is trying to send traffic to a server on the same subnet and sees an incomplete in the BIG-IP devices ARP table. What could cause the incomplete status? BIG-IP device connection is half-duplex Router does not have a default gateway Firewall is blocking ICMP Server's switch connection is in the wrong VLAN. An administrator is currently designing the IP addressing scheme for a small company. They have been asked to use the 192. 168. 100 x block of addresses with a /27 network prefix. How many networks and hosts per network will be available when using the 27-bit network prefix. 255 networks each with 224 hosts 30 networks each with 8 hosts 8 networks each with 30 hosts 27 networks each with 30 hosts. End users report widespread issues accessing multiple network resources What tool should the BIG IP Administrator use to view the status of all virtual servers and associated resources in one place? Pool statistics Network Map System performance Virtual server statistics. In a load balanced scenario which service would require persistence to function correctly? Simple Mail Transport Protocol DNS Web-based email HTTP. ICMP is used by which command line tool? curt tcpdump traceroute nslookup. A load balancing decision needs to be made based on custom. What is the most appropriate F5 feature for this purpose? iApps Scale iControl iRules. What does HTTP status code 500 mean? Service unavailable Internal server error Gateway timeout Had gateway. In the context of load balancing, what does the term "persistence" refer to? Ensuring requests from a single source always end up being handled by the same server the ability to associate different HTTP requests to a single user so that activity can be tracked. Keeping TLS session key information in memory so sessions can be quickly resumed the ability to keep idle connections open as long as possible by sending dummy traffic periodically. Which HTTP response code indicates an OK status? 302 404 200 100. After all expected HTTP data has been sent from a server to a client, the client does not close connection. The server reaps the connection, but after that the client sends a ‘’Keep alive ‘’packet to the server. Which type of packet will the server respond with? FIN RST ACK SYN. When using LDAP for authentication, what is the purpose of the base DN? the search context starting point the directory's simple name the base attribute in an LDAP directory the fundamental naming convention. A website is using source address persistence with a 30 second timeout. A client is idle for 35 seconds. What happens to their connection? The client receives a "404 Page Not Found'" error The client connection is dropped The client remains on the same server The Client request is load balanced. Which FTP mode should be used by a client behind a firewall that has no special configurator? Passive FTP Secure FTP Active FTP Protected FTP. Client A from the 192.168.0.0/24 network wants to send a Ping to Client B on 10.10.10.0/24. The Default Gateway from Client A is 192.168.0.1 The MAC Address of Client A is 00.11.11.11.11.11 The MAC Address of client B is 00.22.22.22.22.22 The MAC Address of Default Gateway is 00.33.33.33.33.33 What is the destination MAC Address of the ping packet when it leaves client A interface card? 00.11.11.11.11.11 f1.f1.f1.f1.f1.f1 00.33.33.33.33.33 00.22.22.22.22.22. What does the HTTP status code 404 mean? Not Acceptable Forbidden Request Timeout Not found. An administrator needs a remote VPN solution for corporate users. The existing network infrastructure has web-based services. The administrator needs to select the VPN that is the least complicated to deploy. Which VPN solution should the administrator choose? IPSec L2TP SSL PPTP. in which scenario is a full proxy TCP connection required? when IP Anycastmg is enabled when routing is enabled when the number of TCP connections to the server must be optimized when the client TCP connections options must be sent to the server. A BIG IP administrator recently reset statistics for interfaces 1.1 and 1.2. The administrator notices that traffic appears on a data plane interface without receiving any client requests. All nodes and pools have monitoring enabled and all routes are locally defined on the device. All management traffic is sent over the mgmt interface. What is the nature of this traffic? SNMP polling and traps Health checks for nodes and pool members Dynamic routing protocols TCP Keepalives for nodes and pool me. A BIG IP Administrator wants to add a new VLAN (VLAN 40) to an LACP trunk (named LACP01) connected to the BIG-IP device. Multi VLANS exist on LACPO1. Which TMSH command should the BIG IP Administrator issue to add the new VLAN to the existing LACP trunk? create net vlan VLAN40 (interfaces add (LACP01 {lagged)) tag 40} create net vlan VLAN40 {interfaces replace-all-with {LACP01{tagged}} tag 40} create net vlan VLAN40 interfaces replace all with {LACP01 {untagged)} tag 40} create net vlan VLAN40 {interfaces add {LACP01 {untagged}} tag 40}. Which protocol could be used to provide AAA Accounting? Kerberos SAML DIAMETER LDAM. What is an advantage of packet forwarding architecture? allows for SSL offload reduces latency allows for manipulation of HTTP headers handles larger packet sizes. ARP provides translation between which two address types? IP addresses and hardware addresses Hardware addresses and VLAN VLAN and IP addresses Hostnames and IP addresses. What are three functions commonly performed by HTTP cookies? (Choose three) Track users' browsing activities hold User preferences maintain session state execute client side scripts execute server side scripts. A new web server VLAN has been created and the IP address 10.1.1.1/24 has been assigned to the BIG IP device. The BIG IP Administrator needs to create the new Self IP and prevent administrator access to the BIG-IP device from the newly created network. Which TMSH command should be used? create /net self internal address 10 1.1.1/24 vlan VLAN 10 allow service none. add /net self internal address 10.1.1.1/24 vlan VLAN 10 allow-service none create /net self internal address 10.1.1.1/24 vlan VLAN 10 allow service default add /net self internal address 10.1.1.1 mask 255. 255. 2550 vlan VLAN 10 allow. Which protocol data unit (PDU) is associated with the OSI model Network layer? Frame Segment Packet Bit. VLAN test-vlan is configured on interface 1.1 instead of interface 1.2. Which TMSH command should be used to correct this issue? modify /net test vlan interfaces {1.2} modify /net test-vlan interfaces replace all with {1.2} modify /net vlan test-vlan interfaces replace all with {1.2} modify /net sian test-vlan interfaces {1.2}. A BIG IP virtual Server with an IP address of 10.100.43.108 must be available to public internet users. Which technology should be used to achieve this task? NDP DNS NAT ARP. What is used to provide mutual authentication for TLS/SSL? X 509 Certificate Access List Shared Secret key Mutually Trusted issuer. An administrator configures secure remote access to a server's shell Given the netstal output, what did the administrator configure? telnet allowing connections only from IP address 10.1.10.46 ssh listening on IP address 10.1.10.46 ssh allowing connections only from IP address 10.1.10.46 telnet listening on IP address 10.1.10.46. An administrator needs to restore the BIG-IP configuration from a UCS file. In which section in the BIG IP Configuration utility is this task performed? System > Archives System > Services > Backup System > Backup System > File Management. An administrator needs to lower the amount of new TCP connections to help with network congest? How should the administrator accomplish this? Use HTTP keep-alive set a larger receive window Enable delayed ACKs use an indefinite timeout. Which two OSI layers map do IP subnetting and TCP window sizing functions? (Choose two) Application Data Link Transport Network Session. User A and User B's workload are on the same VLAN, but connected through a transparent layer 2 bridge in use B's ARP table. Which MAC address is reported for user A's workstation? The physical port MAC address on the bridge for user A’s workstation The MAC address of the l2 bridge The MAC address of User A's workstation The physical port MAC address on the bridge for user B's workstation. Ping and Traceroute outputs are provided for a connectivity issue. What is the cause of these results? routing loop packets that are routed with a high metric multiple paths toward the destination. Ethernet frame FCS errors occur when which calculation fails? FSCM CRC CSR HSTS. A company deploys F5 load balancers to manage a large number of secure applications. The company manage certificates. Which F5 provides this functionality? iHealthy BIG-IQ GMT LTM. What does the 5XX group of HTTP status codes indicate? Redirection Successful Client Error Server Error. What are the two primary functions of the OSI 7 layer model (Choose two) to guide interoperability between products made by different vendors to define protocol behavior to group communications into logical layers to define specifications of host-to-host communications to standardize HTTP communications between different vendors. HTTPS traffic is being passed from behind a NAT router, through a load balancer, to servers without being decrypted. What is the F5-recommended persistence method in this situation? SSL session ID persistence source address persistence SIP persistence destination address persistence. Which command should a BIG-IP Administrator use to resolve the domain www. F5.com? grep ping dig find. An administrator is given the IP Address of 192.168.100.1/24 and needs 64 subnets. How many hosts per network are allowed? 4 8 6 2. A company recently opened a new branch site. The site needs to access the internet through a link to HQ. The router at the branch Branch1 the router at HQ is Called core1. The computers at the branch site reside on the network 192.168.1.0/24 directly connected to Branch1 Users at HQ can already access the Internet. What routing must be configured to achieve the required internet connectivity for the branch site? route for 0.0.0.0/0 on Branch1 to Core1, and a route for 192.168.1.0/24 from Core 1 to Branch1 a route for 0.0.0.0/0 on Core 1 to Branch1 and a route for 192.168.1.0/24 from Branch 1 to Core. only a route for 192.168.1.0/24 from Corel to Branch1 only a route for 0.0.0.0/0 on Branch1 to Core1. What are two examples of network layer protocols? (Choose two) ARP TCP IPv4 BGP ICM. Which two destination pods should be used in a default active FTP Session? (Choose two) UDP 20 TCP 20 TCP 22 TCP 21 UDP 21. A new VLAN segment has been added to the network. Only the existing connected interface may be used. What should the BIG-IP Administrator do to allow traffic to both the existing and the new VLAN? configure VLAN with Link Aggregation Control Protocols (LACP) configure a tagged VLAN configure an untagged VLAN configure VLAN to use interface with Multiple Spanning Tree Protocol (MSTP). A server is operating on the network 10.100/24. The BIG-IP device is operating on the 192.168.0.0/24 net. What is required to enable the several and BIG-IP device to communicate properly? Firewall Switch Router Hub. An administrator is updating private keys used for SSL encryption from 1024 to 2048 bits. Which possible effect should the administrator consider when performing this activity? The larger Key size will increase processing requirements Some hardware will NOT support the 2048 key Some certificate authorities will NOT support the 2048 key The larger key sire will increase private key installation complexity. What does response code HTTP 302 represent? The server encountered an unexpected condition that prevented it from Milling the request. The server has not found anything matching the Request URI The request has succeeded. The requested resource resides temporary under a different URI. The BIG-IP device has the following configured routes: Which gateway will be chosen to send the packet to the destination 10 238 10 11? 192.168.10.20 192.168.10.30 192.168.10.40 192.168.10.10. An administrator needs to do the following: -install a load balancer in front of an existing application -test application performance -avoid reconfiguration of the application server -avoid interruption of users accessing the application modify the test client's local host file modify the DNS Server A-record for the application configure IP Anycasting configure Port Address Translation. Without decrypting, what portion of an HTTPS session is visible with a packet capture? Source IP Address HTTP Request Headers Cookies HTTP Response Headers. What is a benefit of configuring BIG-IP devices in active-active high availability mode? avoid Overload on the BIG-P system in the event of a failover allows full utilization of hardware purchased reduces troubleshooting complexity provides ability to upgrade a member of the pair without disruption. A BIG IP Administrator is trying to reach the internal web server from a workstation -The workstation has a MAC address of 00:00:00:00:00:01 and an IP address or 192.168.0.1 - An internal web server has a MAC address of 00:00:00:00:00:02 and an IP address of 10.10.1.1 -The workstations default gateway has a MAC address of 00:00:00:00:00:03 and IP address of 192.168.0.254 What is the destination hardware address of the outbound packet when it leaves the workstation? 00:00:00:00:00:01 00:00:00:00:00:00 00:00:00:00:00:03 00:00:00:00:00:02. Which protocol does an internet host use to request the hardware address of an IP address? Reverse Address Resolution Protocol (RARP) Address Resolution Protocol (ARP) BOOTP Dynamic Host Configuration Protocol (DHCP). TLS SSL provides which functionary when a web browser connects to web site using the HTTPS protocol? delivers secure communication over a network connection prevents the web server from being compromised protects network packets from interception by intermedianes stop the web browser from automatically downloading malware. Which support service is required to synchrony the time stamps in system logs from these devices? SNMP Syslog SMTP DNS. A user wishes to retries a file from an FTP server minimum of how many TCP connections are required to perform this action? 3 1 4 2. which version of SNMP can AuthPriv be used? 2 3 2c 3c. A company would like to create a web service for multiple data centers (US EU, ASia) where each data center uses the same IP address Requests will be routed to the closest data center. Which address type is the appropriate solution? Broadcast Unicast Anycast Micest. A BIG IP Administrator configures three Network Time Protocol servers to keep the time of the devices in sync. Which tool should the administrator use to show the synchronization status with the Network Time Protocol servers? time ntpdate date ntpq. During a TCP three-way handshake, which packet indicates the serves maximum segment (MSS)? the initial SYN packet the ACK that completes the three way handshake the SYN/ACK packet the first packet after the three-way handshake. Which of the following is a valid IP address and prefix length? 192.168.0.177/25 192.168.0.129/25 192.168.0.128/25 192.168.0.255/25. A client receives all of the expected data from a server and sends a FIN packet signaling the end of communication. What will the server do when it receives the FIN Packet from the client? send a SYN packet send an RST packet Send both FIN and RST packets send an ACK Packet. A BIG-IP Administrator needs a solution to tunnel traffic and transmit encrypted connections over the Internet using only a standard browser and common ports and protocols. Which solution should the administrator select? GRE Tunnel iPsec VPN SSH Tunnel SSL VPN. At which layer of the OSJ model does the DNS resolution process occur? Layer 7 Layer 4 Layer 2 Layer 3. An administrator needs to provide access to corporate resources for remote users. The administrator also needs to verify that the remote use has anti-virus software installed. Which F5 product provides this functionality? ASM APM AFM TGM. Which protocol data unit (PDU) is associated with the OSI model’s Physical layer? Frame Datagram Segment Bit. Where is the MAC masquerade address configured? Virtual Server Virtual Address Device Groups Traffic Groups. An administrator needs to prepare change control documents for operations staff to reduce possible errors the administrator killed number of default configuration options is choose from. Which F5 feature is intended to help with this task? iControl iCatl iApp iRules. What is a primary reason to choose hardware over virtual devices? failure isolation HA capabilities management capabilities SSL performance. Which techology can be used on a BIG-IP device to accelerate the delivery of the same content to multiple user? persistence SSL offloading Compression caching. Which Datalink sublayer has the primary function of proving node lo node flow and error control? LLC ARP MAC UDP. Which function does a caching profile provide on the BIG IP server? caches client IP addresses to improve response times caches HTTP headers lo improve server load times. caches selected pool members to improve load balancing times. caches data for reuse to cut down on transfer time for future requests. How does file caching affect the web application? It reduces the load on the web application It speeds up traffic to the web application It slows traffic to the web application It increases the load on the web application. A BIG-IP Administrator needs to configure a network to separate traffic into three different VLANs using a single port on the BIG-IP device. What means should be used to allow this? LACP link aggregation Multiple MAC registration Protocol VLAN tagging Port Spanning. What is a common use of an iRule? to modify application traffic between the client and server to create a reuseable application delivery template to integrate a BIG IP into an enterprise orchestration tool to create an accelerated session between two BIG-IP devices. Which protocol is used for control and session establishment for streaming media? RTP DTLS SMB RTSP. An administrator needs to connect a new device to a switched network. The interconnect must be both redundant and combined bandwidth than a single link. Which low-level protocol will help facilitate this? Link Aggregation Control Protocol (LACP) Link Allocation & Configuration Protocol (LACP) Link Local Distribution Protocol (LLDP) Link Layer Discovery Protocol (LDP). An application uses a proprietary protocol running over TCP Which FS BIG-IP feature should the administrator use to modify the protocol? SPDY rewrite profile TCP profile iRules. BIG-IP Administrator runs the command ITconfig from the BIG-IP command the line end sees a high number of collisions. What is the likely cause? There is a duplicate IP address on the network A crossover cable has been used The interface is set to hall duplex Spanning Tree Protocols biochang the con. in which scenario is a full proxy TCP connection required? when DNS load balancing is performed When source NAT is demanded when the client source IP address is sent to the server when the client and server connection are decoupled. An administrator needs to create a structured application delivery configuration that will prevent individual objects from being modified directly. Which F5 technology should the administrator use? iRules iApps iSessions iControl. A BIG-IP Administrator needs to configure a MAC masquerade address for traffic-group 1. Where on the GUI should this configuration be performed? System > Configuration Device General > lraffic-group-1 Local Traffic > Traffic Class > traffic -group-1 Device Management > Traffic Groups > traffic-group-1 Network > ARP Static List > traffic-group-1. Which OSI layer provides reliable transmission of frames between adjacent nodes and is built on top of the provides reliable transmission of frames adjacent nodes and is built on top of the Physical layer? Data link Transport Network Application. What is a primary benefit of employing a load balancer to manage traffic for an application? It reduces the number of client connections It provides a more uniform client experience It allows easy scaling up of the application It Reduces dropped connections. An administrator wants to insert per-session data in a users browser so that user requests are directed to the same session. Which session persistence method should the administrator use SSL persistence Source address persistence destination address persistence cookie persistence. BIG-IP Administrator performs the capture as shown in the image! On which protocol is the application responding? RDP HTTPS DNS HTTP. The HTTP 1.1 standard is being used as part of communication to a server. The client fails to maintain the session within the maximum timeout defined by the server. Which device is responsible for ending the HTTP session? the load balancer the server the default gateway of the load balancer the client. in which scenario is a full proxy required? When a separation between client and server connection is needed When administration directly access the servers for administration when the server sends the response through the load balancer when all TCP client parameters must be seen by the server. A client is transmitting a large amount of data to a server. During this process, the server sets the window size to zero What is the likely cause of this issue? The server is unable to accept more data The server resets the connection The client runs out of network buffers The server reaches its maximum segment size. An administrator is performing a capture from a lagged port on an Ethernet SWITCH. Which OSI layer should be inspected to determine with which VLAN a datagram is associated? Network layer Data-link layer Application layer Transport layer. An administrator configures a default gateway for the host. What is the purpose of a default gateway? to replace the destination IP address with the default gateway to pass all traffic to the default gateway to forward packets to remote networks to populate the ARP table. A user is trying to access a website using the URL https://1.1.1.1/ The website fails to load. The user can access other websites. Given the packet capture above, what is the most likely issue? The remote server is not responding because it is down The client machine is not 'connected to the internet The client machine's DNS is configured incorrectly The remote server is actively rejecting the connection. A BIG-IP Administrator needs to make sure that requests from a single user are directed to the server that was initially selected (unless that server is marked down). What should the administrator configure? caching profile TCP profile persistence profile security policy. What are the two primary functions of the OSI 7-layer model? (Choose two) to group communications into logical layers to define host-to-host communications to standardize HTTP communications between different vendors to go interoperability between products made by different vendors to define protocol behavior. Which two protocol are used for the retrieval of email? (Choose two) ICAP SMTP IMAP POP3 SNMP. If a workstation is configured with an address of 224.0.0.1 which functionality it will allow? loopback to itself broadcasting to the local subnet multicasting to the local subnet automatic private IP addressing. Web application http:/ at 10.10.1.1.110, is unresponsive. A recent change migrated DNS to a new platform telnet www.example.com:80 curl http://www.example.com dig www.example.com telnet 10.10.1.110:80. In which layer of the OSI model is the data transported in the form of a packet? Transport Session Network Presentation. In IPv4 the loopback IP is 127 0.0.1. or IPv6, what is the loopback address? FEBO::1 FF8Q:0.0::1 2001::127::1 ::1. An administrator encounter an error while working on eBiG.IP device and contacts F5 Support to open a case. While opening the case Support of the administrator that a BIQ-IP version update is required. Which F5 Support policy requires the administrator to upgrade the BIG-IP version. End of Software Support End of Support Contact Renewal End of Technical Support End of Return to Manufacturing. A client’s operating system needs to make sure that data received from a server is mapped to the application that requested it. How does it complete this mapping? using the TCP sequence number using the client source port using the TCP acknowledgement number using the server source port. Which function does the Presentation Layer provide? translation and encryption transmission over a medium internetworking capabilities access to available resources. A VoIP application requires that data payloads will NOT be fragmented. Which protocol controls network behavior in this situation? RTSP UDP TCP IP. An administrator is designing a remote host connection using an ICMP based network troubleshooting utility and receive an ICMP error diagram with the following error code TTL Times exceeded What does this mean? A faulty router on the network is unable to process the packet in a timely manner A switch on the network the frame due to an incorrect checksum The TTL field of the IP header was set to 255. and this was consequently dropped by a router The TTL field of the IP header was decremented to 0. and this was consequently dropped by a router. An administrator security policy defines allowed URLs, file types and parameter values Which security model is the administrator using? negative security model Closed security model positive Security model ACL Security model. Which security model provides protection from unknown attacks? ACL Security model closed security model Negative security model Positive security model. An administrator points the browser at h.tp://www mydomain com. The destination server listens on TCP port 8080 Which feature must be enabled on the virtual server for this configuration to work? HTTP persistence source NAT destination address affinity port translation. What should the administrator investigate first to address this traffic slownes The virtual server indicates 14 slow connections killed The pool member is unchecked Interface 1.2 shows 9.2K errors The pool shows no current connections. An administrator is having a connectivity issue with a server in the same network. Upon checking with the command arp -a on a Windows machine, the two outputs are taken on a 1 minute interval "hat is likely causing this issue? Interface down MAC address conflict No route available IP address conflict. What command sends an "Echo Request' message and expects an "Echo Reply" message? ping netstal tcpdum echo. Which IP subnet mask can be used to send traffic to all network nodes? 192.168.0.255/23 192.168.1.11/31 172.16.1.255/22 192.168.0.11/30. The BIG IP device is connected to the same network as a server. Which communication protocol will the BIG IP device use to discover the link layer address of the server? Ping ICMP RAPR ARP. Which protocol Authenticates network traffic between hosts end without encryption? PPTP GRE IPSec AH iPSec ESP. A certificate chain can be used for which purpose? Creating anonymous connections on the internet anchoring the geographic location of a client or server Ensuring multiple layers of decryption and encryption Determining a client or server should be trusted. The BIG-IP device has the status of interface 2.1 as DOWN The BlG-IP Administrator. What is the likely reason for the status of the interface to be DOWN? The interface 3/2/1 is UP on switch The interface 2.1 is disabled on the BIG-IP device The interface 3/2/1 is DOWN on switch The interface 2. 1 is unpopulated on the BIG-IP device. In an administrator's environment, the administrator wants to inspect a high volume of SSL traffic What should be used for this task? Big-IP Global Traffic Manager appliance Big-lP standard virtual edition Big-IP Local Traffic Manager appliance Big-IP virtual edition with FIPS. AD VLAN must be created with an 802.1q tag of 705 on interface 1.1. What is the proper TSH command to create this new VLAN on the BIG-IP? Create/net vlan internal interfaces add {1.1 (tagged )} tag 705 Create/net vlan internal trunk add (1.1 {tagged)} add /net vlan internal interfaces add (1.1) tag 705 add / net vlan internal tunk add {1.1 (tagged)) tag 705. A company is creating a new department for Security Engineering and needs to create a segregated network segment with only 24 IPS. What should be configured? configure a new VLAN and assign a netmask of /29 use an existing VLAN and assign a netmask of /28 use an existing VLAN and assign a netmask of /30 configure a new VLAN and assign a netmask of /27. When is the server also a client? during a passive FTP session during an active FTP session While receiving email While uploading files. BIG IP Administrator wants to add a new VLAN (VLAN 40) to an LACP trunk (named IACP01) connected to the BIG IP device Multiple other VLANs exist on LACP01. Which TMSH command should the BIG IP Administrator issue to add the new VLAN to the existing LAC? create net vlan VIAN40 (interfaces replace all with {LACP01 (untagged } } lag 40 ) create net vlan VLAN40 (interfaces add { LACP01 {tagged} tag 40 ) create net vlan VLAN40 {interfaces add ( LACP01 {untagged)) tag 40} create net vlan VLAN40 {interfaces replace all with {LACP01 {tagged ]} lag 40 }. An administrator lakes a capture of five Traffic using tcpdump. The administrator notices that different ephemeral port numbers are architecture does this indicate? packet-based architecture full proxy architecture hub and spoke architecture ring network architecture. BIG-IP ASM is requesting automatic signature updates from the F5 update service Who is considered the server in this communication? BIG-IP User A F5 update Service web application. What tool should the BIG-IP Administrator use to view the status of all virtual servers and associated resources in one place? System performance Network Map Pool statistics Virtual server statistics. An administrator notices the following log message generated by a BIG IP system " diskmonitor 011d005: Disk partition shared has less than 30% tree" Which command should the administrator use to troubleshoot the problem? parted-1 disk-1 isbik df-h. A BIG IP Administrator observes that the pool member status is a blue square What does this status indicate? The object is available The availability of the object is unknown. The object has reached its configured connection limit The object is unavailable. An organization needs to protect its data center from layer three-based and layer four-based exploits. Which F5 product provides this functionality AFM ASM GTM APM. in which scenario is a full proxy TCP connection required? when SSL offloading is used when Traffic is routed when administrators manage the servers directly when 3 server responds directly to the client. A load balancer receives a TCP SYN packet from a client and immediately sends the packet on to a server. This is an example of which type of solution? packet forwarding architecture Full proxy architecture TCP compression TCP optimization. An administrator needs to assess an LTM for potential configuration issues and required security updates. Which F5 website con automate this task? addf5f5.com ihealth5.com Devcentral f5.ccom www.f5.Com. What is a disadvantage of running a virtualized load balancer more expensive than a hardware load balancer slower than a hardware load balancer less reliable than a hardware load balancer does not support high availability. A BIG-IP Administrator wants to send packets from one subnet to another. What device is required to allow this to function? switch Router HUB Bridge. Which two functions of AAA does Security Assertion Markup Language (SAML) identity Provider (IdP) offer (Choose two)? measure usage provide authentication provide availability provide session auditing filter access. The 2001:db8: : IP6 address block is allocated to a load balancer for use as virtual server addresses. The address block is routed to a balancer self IP address using a static route. What is the correct representation for the last address in the address block that a virtual server can use? 2001:db8 2001:db8: : 255 2001:db8: : ffff:ffff:ffff:fffe 2001:db8: :ffff:ffff:ffff:ffff. A BIG-IP Administrator needs to upgrade an HA pair to a more recent TMOS version. The administrator is unsure if the BlG-IP is currently supported How should the administrator verity that the HA pair is under a valid support contract? confirm that License OK" is set to yes in the applied license confirm that the "Service Check Date" specified in the applied license has not passed Check the status of the license under the Platform menu of the F5 Configuration Unity review /var/log/license for messages that indicate an expired license. What are Iwo examples of failover capabilities of BIG-IP? (Choose two ) failing over based on an over temperature alarm failing over serial cable based on electric failure code failing over network connection based on heartbeat detection fading over network connection based on SNMP error failing over serial cable based on voltage detection. A BIG-IP Administrator is cleaning up unused Virtual Servers and pools via the Configuration Utility while trying to delete certain administrator receives an error message that indicates that the pool is in use. What is the likely cause of this error? The pool members are all disabled The pool is in use by a Virtual Server The pool members are marked up with a green circle The pool is in use by a monitor. An administrator is trying to debug why the 10.0.10.0/24 network is inaccessible from a certain server. The server is able to access the internet Successfully. The administrator inspects the routing table and ARP table on the affected server. Given the terminal output shown, what could be causing this issue The default gateway is not sending ARP responses The static route for 10.0.10.0/24 is misconfigured The local server is unable to receive ARP responses The default route (0.0.0.0/0) is misconfigured. in which scenario would an SSL VPN solution have an advantage over an IPSec VPN? when users are unable to install software on their PC when users require a secure connection to the corporate network when users work remotely when users require the ability to RDP to internal resources. Comment calculator DNS error SERVFAL. HTTP 404 and SMTP error 550 are all examples of which type of error? Service Application Network Session. Why is it important that devices in a high availability pair share the same configuration? so that a spanning tree loop can be avoided so that application traffic can do gracefully resumed after a failover so that configuration Updates can occur instantly between two devices so that the load can be shared equally between the devices. Cryptographic hash functions can be used to provide which service? data modification data encryption data validation data decryption. What does ICMP Time Exceeded'' mean? The ping command exceeded the time limit. The traceroute command exceeded the time limit Remote host did not respond TTL has reached zero. What is one way that a application delivery controller lowers the CPU-load on web servers? use SSL termination at the application delivery controller make the application delivery controller function as a Firewall make the application delivery controller a member of both external and internal VLANs use cookie persistence on the application delivery controller. Which device group type allows a BIG IP system to automatically become active in the event that the current active system fails? Sync-active sync-failover sync-standby sync-only. A messaging system digitally signs messages to ensure non-repudiation of the sender. Which component should the receiver use to validate the message? Public Key SSL extension A negotiated security algorithm private Key. The users in a company are unable to send and receive SMTP e-mails using the BIG-IP Virtual Server. The administrator logs into the BIG IP device to verify if the mail pool member with an IP address of 192.168.10.100 is serving SMTP traffic. Which command on the BIG-IP device should the administrator use to verify the traffic? tcpdump - 0:0 host 192.168.10.100 and port 143 curl - 1 smtp1/192.168.10.100 tcpdump - 0:0 host 192.168.10.100 and port 25 telnet 192.168.10.100 143. An administrator finds a new vulnerability in a web application and needs to rapidly mitigate the threat. Which F5 feature provides this functionality? iCall iRules iSession iControl. What is the primary function of a certificate authority? to expire outdated certificates to verify and validate certificates to store security certificates to sign certificate signing requests. ATP administrator recently added a new VLAN and needs to confirm that the BIG IP sees traffic on this VLAN. The VLAN is untagged on interface 1.1 and is named VLAN704 in the BIG IP Configuration Unity. Which tool should be used to generate a packet capture that shows all traffic on this VLAN? netstat map tcpdump ifconsfig. A BIG-IP Administrator contacts F5 Support and is asked to upload a Support Snapshot. Which command should be entered to the CLI to generate the requested file? tmsh generate snapshot tmsh tcpdump tmsh save sys ucs support tmsh qkview. A BIG-IP Administrator needs to create a route to send traffic destined to 10.1.1.1 to another router with an address of 192.168.1.1 Which TMSH command should the administrator use? create/net route 10.1.1.1/32 gw 192.168.1.1 create /net route 192.168.1.1/32 gw 10.1.1.1 add /net route 192.168.1.1/32 gw 10.1.1.1 add /net route 10.1.1.1/32 gw 192.168.1.1. Which protocol emphasizes reduced latency over reliability? TCP UDP GRE RSVP. A web administrator has added content to a web application, but users are unable to access the new content What could be preventing them from accessing the content? The webapp uses negative security, and the attack signature is using an invalid regular expression The webapp uses positive security. and the nourishes database has not been updated The webapp uses positive security, and the new content has not been defined as allowed behavior The webapp uses negative security. and the denial of service signatures have not been updated. A new virtual server is being tested to replace http://myapp.mydomain.com. The original virtual server is still on use. And the new virtual server is on a different ip address. What should be done to test this new virtual server using the fully quailed domain name for this application? add a DNS record for the fully qualified domain name add the fully qualified domain name to the browser cache make an entry in the client host file make an entry in the web server services file. Client traffic for a web application is managed by load balancers in a high availability configuration. After a failover event all clients ant forced to login again to the application. What is the most like reason this occurred? Clients were sending request to failed load balancer conection mirroring configuration was NOT configured on the load balancer The server was responding to the failed load balancer SSL offloading was NOT configured on the load balancer. What we two advantages of using SSL offloading? (Choose two) Offloads the client to SSL processing provides single point of management for private keys reduces server load significantly encrypts all communications and to end allows secure remote access to internal server resources. A BIG-IP Administrator needs to open a case with F5 Support for a specific issue with an existing HA pair of BIG-IP platform. What should be uploaded to iHealth prior to opening the case to expedite processing of the support case? UCS file SCF filo tcpdump file Qkview file. In the Network Map a red diamond appears next to the three member servers in the Virtual Server’s pool. The nodes in the pool each show a green circle. What is the most likely reason for this scenario? The pool members health monitor has been disable The pool members have been disabled The pool members have been powered off The pool member services have been shut down. An administrator needs to deploy a VPN solution that offers data integrity and origin authentication of IP packets. Which solution the administrator use? IPSecVPN PPTP GRE SSL VPN. An IPv4 client tries to access to http://www.myserver.com Which type of DNS request should the client send to its configured DNS server? type NS type A type AAAA type MX. For an IP of 192.168.10.10 with a subnet mask of 255.255.240.0 an administrator is asked to provide • The first network address • The broadcast address, and • The number of hosts available per subnet host What should be the administrator's response'? 192.168.0.1 is the network address. 192.168.10.255 is the broadcast address. There are 16382 addressable hosts 192.168.0.0 is the network address 192.168.15.255 is the broadcast address. There are 4094 addressable hosts 192.168.0.0 is the network address. 192.168.16.255 is the broadcast address. There are 1022 addressable hosts 192.168.16.0 is the network address, 192.168.31.255 is the broadcast address. There are 4094 addressable hosts. An application has a mix of both and short and long lived connections. Which algorithm would provide and event distribution of all connections across the pool? Priority group activate Least connections Static ration Round robin. An administrator suspects that a BIG IP appliance is experiencing performing issue due to spikes in CPU usage checks the performance issues does to spikes in CPU usage checks the performance report in the BIG-IP UI on CPU spikes are evident in the graphs. Which section in the BIG IP UI can the administrator check to troubleshoot the issue further? Statistics > Utilization System > Utilization Statics > Dashboard System > Services. A BIG-IP Administrator has a cluster of devices. What should the administrator do after creating a new Virtual Server on device 1? synchronize the settings of device 1 to the group create a new cluster on device 1 create the new virtual server on device 2 synchronize the settings of the group to device 1. the Web application Server made a query to the Database to present dynamic content for a user who would be the client? The User The Big-IP The Database The Web application server. A user fails to provide credentials when requesting a web resource that requires authentication. Which HTTP response code does the server send? HTTP 200 HTTP 302 HTTP 401 HTTP 502. An administrator configures a custom MAC masquerade address on a redundant BIG-IP system What will be the result? The administrator will be prompted during configuration to define which until will use the MAC masquerade address The MAC masquerade address will be concurrently used by both active and standby unit The MAC masquerade address will only be used by the active unit. The standby unit in use the system's actual interfaces (s) MAC address The MAC masquerade address will only be used by the unit with higher unit ID The other unit will use the system's actual interface(s) MACaddress. An IPV6 clients tries to connect to http://myserver.com Wh.cn type of DNS request should the client send to its configured server? type MX type AAAA type NS type A. An administrator connects two devices using an Ethernet cable. The link fails to come up on either device, which setting could prevent the link from being established? Proxy settings IP configuration Link speed DNS resolvers. |
Denunciar Test