301B Online Practice Questions and Answers

An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1

Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)

Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only server traffic specifically for this application?

A. tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap

B. tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

C. tcpdump -ni vlan302 -s 0 'port 8080 and (host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

D. tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

An LTM Specialist is tasked with ensuring that the syslogs for the LTM device are sent to a remote syslog server. The following is an extract from the config file detailing the node and monitor that the LTM device is using for the remote syslog server:

monitor Syslog_15002 { defaults from udp dest *:15002

}

node 91.223.45.231 { monitor Syslog_15002 screen RemoteSYSLOG

}

There seem to be problems communicating with the remote syslog server. However, the pool monitor shows that the remote server is up. The network department has confirmed that there are no firewall rules or networking issues preventing the LTM device from communicating with the syslog server. The department responsible for the remote syslog server indicates that there may be problems with the syslog server. The LTM Specialist checks the BIG-IP LTM logs for errors relating to the remote syslog server. None are found. The LTM Specialist does a tcpdump:

tcpdump -nn port 15002, with the following results: 21:28:36.395543 IP 192.168.100.100.44772 > 91.223.45.231.15002: UDP, length 19 21:28:36.429073 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169 21:28:36.430714 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181 21:28:36.840524 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 169 21:28:36.846547 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 181 21:28:39.886343 IP 192.168.100.100.39499 > 91.223.45.231.15002: UDP, length 144

NotE. 192.168.100.100 is the self IP of the LTM device.

Why are there no errors for the remote syslog server in the log files?

A. The -log option for tcpdump needs to be used.

B. The monitor type used is inappropriate.

C. The "verbose" logging option needs to be enabled for the pool.

D. When the remote syslog sever fails, it returns to service before the timeout for the monitor has expired.

An LTM Specialist configures a new HTTP virtual server on an LTM device external VLAN. The web servers are connected to the LTM device internal VLAN. Clients trying to connect to the virtual server are unable to establish a connection. A packet capture shows an HTTP response from a web server to the client and then a reset from the client to the web server.

From which two locations could the packet capture have been collected? (Choose two.)

A. network interface of web server

B. network interface of client machine

C. internal VLAN interface of the LTM device

D. external VLAN interface of the LTM device

E. management VLAN interface of the LTM device

An LTM Specialist with the Administrator role and terminal access of "tmsh" logs in via ssh and is in the Traffic Manager Shell. The LTM Specialist wants to enter the bash shell to review log files. Which command does the LTM Specialist need to run to access the bash shell?

A. exit

B. quit

C. run /cli bash

D. run /util bash

An F5 LTM Specialist needs to perform an LTM device configuration backup prior to RMA swap. Which command should be executed on the command line interface to create a backup?

A. bigpipe config save /var/tmp/backup.ucs

B. tmsh save /sys ucs /var/tmp/backup.ucs

C. tmsh save /sys config /var/tmp/backup.ucs

D. tmsh save /sys config ucs /var/tmp/backup.ucs

-- Exhibit -- Exhibit -

Refer to the exhibit.

An LTM Specialist has uploaded a qkview to F5 iHealth.

Within the GUI, what is the correct procedure to comply with the recommendation shown in the exhibit?

A. Obtain product version image from release.f5.com. Overwrite existing image with new product version image. Select product version image and click Install. Select the available disk and volume set name.

B. Obtain product version image from images.f5.com. Overwrite existing image with new product version image. Select product version image and click Install. Select the available disk and volume set name.

C. Obtain product version image from downloads.f5.com. Import product version image. Install image onto BIG-IP platform. Select product version image and click Install. Select the available disk and volume set name.

D. Log a call requesting the product version image via websupport.f5.com Import product version image. Install image onto BIG-IP platform. Select product version image and click Install. Select the available disk and volume set name.

-- Exhibit

-- Exhibit -Refer to the exhibit.

An LTM Specialist configures a virtual server that balances HTTP connections to a pool of three application servers. Approximately one out of every three connections to the virtual server fails.

Which two actions will resolve the problem? (Choose two.)

A. Assign a custom HTTP monitor to the pool.

B. Enable SNAT automap on the virtual server.

C. Verify that port lockdown is set to allow port 80.

D. Verify the default gateway on the application servers.

E. Increase the TCP timeout value in the default TCP profile.

-- Exhibit

-- Exhibit -

Refer to the exhibit.

An LTM Specialist has created a virtual server to load balance traffic to a pool of HTTPS servers. The servers use client certificates for user authentication. The virtual server has clientssl, serverssl, and http profiles enabled. Clients are unable

to connect to the application through the virtual server. Clients are able to connect to the application servers directly.

What is the root cause of the problem?

A. The application server does NOT support 2048-bit keys.

B. The clientssl profile is NOT set to require a client certificate.

C. The LTM device does NOT trust the issuing CA of the client certificate.

D. The application server does NOT see the client certificate due to SSL offload.

-- Exhibit

-- Exhibit -Refer to the exhibits.

Every monitor has the same Send String, Recv String, and an Alias of *:*. The LTM Specialist simplifies the configuration to minimize the number of monitors.

How many unique monitors remain?

A. 1

B. 2

C. 3

D. 4

E. 5

-- Exhibit

-- Exhibit -Refer to the exhibits.

An LTM Specialist configures a virtual server for an internal application to perform client-side encryption while allowing the server-side traffic to be unencrypted. Application users report that images are NOT loading through the virtual server;

however, images load when going directly to the server.

What should the LTM Specialist configure to allow the images to load through the virtual server?

A. HTTP profile with "SSL Offload" enabled

B. HTTP profile with "SSL Offload" disabled

C. Stream profile with source "http:" and target "https:"

D. Stream profile with target "http:" and source "https:"