● F5 BIG-IP APM Specialist (304) Exam Materials
Question #1
Question #2
The user logging into APM is a member of the following:
CN=IT Admin, CN=Users, DC=f5, DC=com
Which resource or ending should be assigned?
(Choose one answer)
- A. SSL VPN Network Access
- B. Outlook Web App
- C. Deny
- D. Oracle Financial Systems
Question #3
3. A user connects to an APM system on a virtual-server with the following Access policy. The properties for the advanced resource assign are shows with the configuration for the access control lists ( ACLS )
The user is a member of CN=Supervisor, CN=Users, DC=f5, DC=com and CN=Developer, CN=Users, DC=f5, DC=com.
What network(s) can the user access?
(Choose one answer)
- A. 192.168.1.0/24 and 192.168.2.0/24
- B. 192.168.2.0/24
- C. 192.168.1.0/24
- D. 192.168.11.0/24
Question #4
An APM Specialist receives a request to secure access to a web application where Multi-Factor Authentication must be implemented. The APM Policy must use AD and RSA SecurID as methods of authentication. Only users who are members of the "Secure Access" AD Group should be allowed access. In which order should the APM Specialist configure the VPE to meet the specified requirements? (Choose one answer)
- A. Start, Logon Page, Variable Assign, RSA SecurID, AD Auth, AD Query, Allow
- B. Start, Logon Page, RSA SecurID, Variable Assign, AD Auth, Allow
- C. Start, Logon Page, Variable Assign, RSA SecurID, AD Auth, Allow
- D. Start, Logon Page, RSA SecurID, Variable Assign, AD Auth, AD Query, Allow
Question #5
5. AN apm specialist is required to authenticate remote users based on their certificate and then use kerberos SSO to access the internal Microsoft in APN-LTM mode. The following access policy has been designed by the APM specialist to achieve this objective.
OCSP authentication is observed to be successful, but the kerberos SSO is failing. after shoot, the apm specialist see that the session.sso.token.last.username variable is black
What should the APM specialist do to make the configuration work?
(Choose one answer)
- A. Remove SSO Credential Mapping agent from the VRE.
- B. Reorder session variables in the Variable Assign agent.
- C. Remove OCSP Auth agent from the VPE
- D. Move the Variable Assign agent before OCSP Auth agent
Question #6
An APM Specialist must provide management with information on user Jdoe's suspicious logon activity. Which two CLI commands can the APM Specialist use to find jdoe's current session IDs? (Choose two answers)
- A. tmsh show sys connection | grep jdoe
- B. sessiondump-sid jdoe
- C. tmsh show apm access-info logon-user jdoe all-properties
- D. sessiondump-allkeys | grep jdoe
- E. tmsh list apm session jdae
Question #7
7. users report that a web application logon page, which is protected by an Acess Policy is unresponsive users sporadically receive the following error message when trying to log into the web application.
Which APM action should the APM Specialist take to resolve this issue?
(Choose one answer)
- A. Enable Client Type check
- B. Enable Virtual Keyboard
- C. Enable Geolocation block
- D. Enable Max Logon Attempts Allowed
Question #8
An apm specialist is testing the results of failover on an SSL VPM implementation. The device have the following configuration.
After failing over to the peer device, all users must re-authenticate.
What is the reason for this?
(Choose one answer)
- A. The bigipa.apm.emea device is not configured with a mirroring IP address
- B. The statemirror.mirrorsessions DB variable is enabled
- C. This is expected behavior after a failover.
- D. The mirror disable setting on the virtual server.
Question #9
9. An APM Specialist is configuring a dynamic Access Control List (ACL) for an Access Policy. The data for the dynamic ACL is loaded into Active attribute called extension Attribute2. A default deny static ACL is also created and assigned below the Dynamic ACL. A user reports that access is denied when the user tries to log in.
During a shoot session . message box agents are added to the fallback branche of the Access policy allowing the use of the session.
What is causing the issue?
(Choose one answer)
- A. This user is not found in the AD server.
- B. The AD query does not successfully receive the attributes
- C. The static ACL takes precedence over a dynamic ACL
- D. The AD attribute for this user is incorrect.
Question #10
An APM Specialist configures the iRule shown in the exhibit:
The APM Specialist uses https://MYSITE.COM/OWA/AUTH/logon.aspx?url=https://mysite.com/owa/&reason=0 to test the functionality of the SSO Profiles. The test results show that SSO Events are NOT being fired
What is causing the issue?
(Choose one answer)
- A. The Reason Parameter used has Value 0
- B. WEBSSO select may only be used on ACCESS Events.
- C. The visual policy editor (VPE) is missing a valid iRule Action configured
- D. The URI is uppercase.
An APM Specialist must filter web sites accessed by corporate employees. The APM Specialist must block access to malicious websites and protect against inbound and outbound malware. What should be used to accomplish this task? (Choose one answer)