Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Ace the F5 301b Exam: Ultimate Preparation Guide

Questions 41

-- Exhibit –

301b Question 41

301b Question 41

-- Exhibit --

Refer to the exhibits.

A virtual server has been configured for SSL offload on a single-arm network. On average, the virtual server will be handling 100,000 connections, with a peak of 130,000 connections. Between the virtual server and the web servers there is a single reverse proxy to provide site caching. The proxy is configured to perform source IP persistence before contacting the web servers. The site is logging users out immediately after logging them in.

What should the LTM Specialist do to resolve this issue?

Options:
A.

Add a source address persistence profile to the virtual server.

B.

Create an iRule to add client IP persistence to a SNAT pool member.

C.

Change the virtual server server-side TCP profile to tcp-lan-optimized.

D.

Configure the virtual server HTTP profile to insert an X-Forwarded-For header.

F5 301b Premium Access
Questions 42

An LTM Specialist with the Administrator role and terminal access of "tmsh" logs in via ssh and is in the Traffic Manager Shell. The LTM Specialist wants to enter the bash shell to review log files.

Which command does the LTM Specialist need to run to access the bash shell?

Options:
A.

exit

B.

quit

C.

run /cli bash

D.

run /util bash

Questions 43

Which iRule will reject any connection originating from a 10.0.0.0/8 network?

Options:
A.

when CLIENT_ACCEPTED {

set remote_ip [IP::addr [IP::remote_addr] mask 8]

switch $remote_ip {

"10.0.0.0" { reject }

"11.0.0.0" { pool pool_http1}

default { pool http_pool }

}

}

B.

when CLIENT_ACCEPTED {

set remote_ip [IP::addr [IP::local_addr] mask 8]

switch $remote_ip {

"10.0.0.0" { reject }

"11.0.0.0" { pool pool_http1}

default { pool http_pool }

}

}

C.

when CLIENT_ACCEPTED {

set remote_ip [IP::addr [IP::client_addr] mask 255.0.0.0]

switch $remote_ip {

"10.0.0.0" { reject }

"11.0.0.0" { pool pool_http1}

default { pool http_pool }

}

}

D.

when CLIENT_ACCEPTED {

set remote_ip [IP::addr [IP::local_addr] mask 255.0.0.0]

switch $remote_ip {

"10.0.0.0" { reject }

"11.0.0.0" { pool pool_http1}

default { pool http_pool }

}

}

Questions 44

An application is configured on an LTM device:

Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1

Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)

Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only server traffic specifically for this application?

Options:
A.

tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap

B.

tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

C.

tcpdump -ni vlan302 -s 0 'port 8080 and (host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

D.

tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

Questions 45

-- Exhibit –

301b Question 45

301b Question 45

-- Exhibit --

Refer to the exhibits.

An LTM device has been configured for load balancing a number of different application servers. Configuration changes need to be made to the LTM device to allow administrative management of the servers in 172.16.10/24, 172.16.20/24, and 172.16.30/24 networks. The servers require outbound access to numerous destinations for operations.

Which solution has the simplest configuration changes while maintaining functionality and basic security?

Options:
A.

Remove 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24, and keep 0.0.0.0:0/0.0.0.0 enabled on all VLANs.

B.

Replace 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24, with 172.16.0.0:0/16, and keep 0.0.0.0:0/0.0.0.0.

C.

Enable 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24 on ingress VLAN(s), and enable 0.0.0.0:0/0.0.0.0 on egress VLAN(s).

D.

Enable 172.16.10.0:0/24, 172.16.20.0:0/24, and 172.16.30.0:0/24 on egress VLAN(s), and enable 0.0.0.0:0/0.0.0.0 on ingress VLAN(s).

Questions 46

-- Exhibit –

301b Question 46

-- Exhibit --

Refer to the exhibit.

A pair of LTM devices is configured for HA.

What happens if the pool member server with IP address 10.0.0.4 becomes totally unresponsive to the active LTM device, but is still responsive to the standby LTM device?

Options:
A.

The HA-group will disable the trunk my_trunk.

B.

The HTTP application will be unavailable via the LTM device.

C.

The HA-group will initiate a fail-over because the threshold is set to 2.

D.

The HA-group will initiate a fail-over because the HA-Group score will be zero.

Questions 47

The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect.

The virtual server is configured with the default OneConnect profile.

The ACL is defined on the web server as:

Permit: 192.168.136.0/24

Deny: 192.168.116.0/24

The packet capture is taken of two individual client flows to a virtual server with IP address 192.168.136.100.

Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:

Clientside:

09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192

09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack 869998902 win 4380

09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425

09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425

09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678

Serverside:

09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380

09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack 685865803 win 5840

09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380

09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380

09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108

Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100:

Clientside:

09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192

09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack 3320618939 win 4380

09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425

09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425

09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678

Serverside:

09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904

09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142

Why was the second client flow permitted by the web server?

Options:
A.

A global SNAT is defined.

B.

SNAT automap was enabled on the virtual server.

C.

The idle TCP session from the first client was re-used.

D.

A source address persistence profile is assigned to the virtual server.

Questions 48

Which file should be modified to create custom SNMP alerts?

Options:
A.

/config/alert.conf

B.

/etc/alertd/alert.conf

C.

/config/user_alert.conf

D.

/etc/alertd/user_alert.conf

Questions 49

A failover event is recorded in the log messages:

Jan 01 00:00:50 BIG-IP notice sod[5855]: 01140029:5: HA proc_running tmm fails action is go offline and down links.

Jan 01 00:00:50 BIG-IP notice sod[5855]: 010c0050:5: Sod requests links down.

Jan 01 00:00:50 BIG-IP notice sod[5855]: 010c0054:5: Offline for traffic group /Common/traffic-group-1.

Jan 01 00:00:50 BIG-IP notice sod[5855]: 010c003e:5: Offline

Jan 01 00:00:50 BIG-IP notice logger: /usr/bin/tmipsecd --tmmcount 4 ==> /usr/bin/bigstart stop racoon

Jan 01 00:00:50 BIG-IP info lacpd[5502]: 01160016:6: Failover event detected. (Switchboard failsafe disabled while offline)

Jan 01 00:00:51 BIG-IP err bcm56xxd[5296]: 012c0010:3: Failover event detected. Marking external interfaces down. bsx.c(3633)

Jan 01 00:00:51 BIG-IP info bcm56xxd[5296]: 012c0015:6: Link: 1.1 is DOWN

Jan 01 00:00:56 BIG-IP notice mcpd[5318]: 0107143c:5: Connection to CMI peer 10.0.0.3 has been removed

Jan 01 00:00:56 BIG-IP notice mcpd[5318]: 0107143a:5: CMI reconnect timer: enabled

Jan 01 00:00:56 BIG-IP notice mcpd[5318]: 01071431:5: Attempting to connect to CMI peer 10.0.0.3 port 6699

What is the cause of the failover?

Options:
A.

TMM failed, and VLAN fail-safe initiated the failover.

B.

TMM failed, and system fail-safe initiated the failover.

C.

Loss of connection to CMI peer 10.0.0.3 initiated the failover.

D.

A switchboard failure caused system fail-safe to initiate the failover.

Questions 50

An LTM device is monitoring three pool members. One pool member is being marked down.

What should the LTM Specialist enable to prevent the server from being flooded with connections once its monitor determines it is up?

Options:
A.

manual resume

B.

packet shaping

C.

hold down timer

D.

slow ramp timer

E.

fastest load balance algorithm

Exam Code: 301b
Certification Provider: F5
Exam Name: LTM Specialist: Maintain & Troubleshoot
Last Update: Jan 24, 2025
Questions: 209