● BIG-IP Administration Install, Initial Configuration, and Upgrade (F5CAB1)
Question #1
Question #2
What are the two options for securing a BIG-IP’s management interface? (Choose two answers)
- A. Limiting network access through the management interface to a trusted-secured network VLAN
- B. Use the BIG-IP's Self-IP addresses for administrative access rather than the management interface
- C. Restrict administrative HTTPS and SSH access to specific IP addresses or IP ranges
- D. Block all management interface administrative HTTPS and SSH service ports to prevent access
Question #3
A BIG-IP device is licensed for LTM, ASM, APM, and AFM. Currently, it will only be used for load balancing and web application firewalling.
To ensure optimal performance and efficient resource utilization, which of the following module provisioning combinations is the best choice?
(Choose one answer)
- A. LTM: Dedicated ASM: Dedicated APM: Minimal AFM: Minimal
- B. LTM: Nominal ASM: Nominal APM: None AFM: None
- C. LTM: Dedicated ASM: Dedicated APM: None AFM: None
- D. LTM: Nominal ASM: Nominal APM: Minimal AFM: Minimal
Question #4
When logged into the bash shell of a BIG-IP system, which of the following commands will display the management-ip address? (Choose two answers)
- A. show mgmt ip
- B. tmsh list /sys management-ip
- C. ifconfig mgmt
- D. list /sys management-ip
Question #5
The Configuration Utility (WebUI) of a BIG-IP device is currently accessible via its management range (10.53.1.245) from all VLANs within the company.
The BIG-IP Administrator needs to restrict access to the Configuration Utility to source IP addresses only within the 10.0.0.0/24 subnet to connect.
Which of the following TMSH commands will accomplish this?
(Choose one answer)
- A. (tmsh)# modify /sys httpd allow replace-all-with { 10.0.0.0/24 }
- B. (tmsh)# create /net acl MGMT_HTTP rule add { { permit tcp 10.0.0.0 0.0.0.255 host 10.53.1.245 http } }
- C. (tmsh)# modify /ltm httpd allow replace-all-with { 10.0.0.0/24 }
- D. (tmsh)# create /net acl MGMT_HTTP rule add { { permit tcp 10.0.0.0/24 to 10.53.1.245 http } { deny ip any any http } }
Question #6
For an upgrade of a standalone BIG-IP, a maintenance window is available in which brief interruptions are allowed. Actions with no impact can be done outside the maintenance window.
When should a license reactivation be performed?
(Choose one answer)
- A. During the maintenance window.
- B. Before the maintenance window.
- C. After the maintenance window.
- D. No Option
Question #7
Which configuration file can a BIG-IP administrator use to verify the provisioned modules? (Choose one answer)
- A. /config/bigip.license
- B. /config/bigip.conf
- C. /config/bigip_base.conf
- D. /var/local/ucs/config.ucs
Question #8
A secondary administrator has been granted access to a BIG-IP device managed through its Management Interface, but is unable to access the Configuration Utility (WebUI).
What command can be run from the CLI to capture the network traffic on the management interface and troubleshoot the issue?
(Choose two answers)
- A. tcpdump -i management -n port 443
- B. tcpdump -i mgmt -n port 443
- C. tcpdump -i eth0 -n port 443
- D. tcpdump -i tun0 -n port 443
- E. tcpdump -i 0.0 -n port 443
Question #9
Which command will display the current active volume on a BIG-IP system? (Choose one answer)
- A. tmsh list sys software update
- B. tmsh show sys version
- C. tmsh show sys software status
- D. No Option
Question #10
How should the BIG-IP Administrator block connections to a Self IP on port 443 while allowing connections to other ports? (Choose one answer)
- A. In the configuration utility, go to Network >> Self-IPs. Select the Self-IP in question, then select "Port Lockdown" and Allow Custom. Enter in only the allowed ports to that IP address.
- B. In the configuration utility, go to Network >> Self-IPs. Select the Self-IP in question, then select "Port Lockdown" and "Allow None".
- C. In the configuration utility, select System >> Platform >> SSH Allow. Enter the IP addresses of the clients allowed to connect to the Self-IP.
- D. In the configuration utility, select Network >> Self-IPs. Select the Self-IP in question, then select "Disable".
Which one of the following is a port and protocol combination allowed by the Allow Default setting for port lockdown? (Choose one answer)