● F5 BIG-IP DNS Specialist (302) Exam Materials
Question #1
Question #2
A BIG-IP DNS Specialist receives an alert that the BIG-IP DNS marked down an HA pair of BIG-IP LTM devices at midnight. The following messages is displayed.
err big3d[8703]: 013330013: SSLConnect SSL error: 14077410: SSL routines: SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure
err big3d[8703]: 013330013: SSLConnect SSL error: 14077410: SSL routines: SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure
err big3d[8703]: 013330013: SSLConnect SSL error: 14077410: SSL routines: SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure
err big3d[8703]: 013330013: SSLConnect SSL error: 14077410: SSL routines: SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure
What is the most likely cause of the issue?
(Choose one answer)
- A. The BIG-IP LTM devices failed over at midnight and the SSLv3 cipher used by the newly active LTM is unsupported
- B. The BIG-IP LTM devices failed over at midnight and the root CA on the newly active LTM is NOT trusted.
- C. The BIG-IP LTM devices failed over at midnight so the BIG-IP DNS does NOT recognize the SSL certificate of the now active unit.
- D. The BIG-IP LTM devices failed over at midnight and the device certificate on the LTM expired.
Question #3
Refer to the exhibit.
Which technology is being used?
(Choose one answer)
- A. DNS Express
- B. screening mode
- C. DNS Delegation
- D. caching
Question #4
A BIG-IP DNS is unable to establish connectivity to an LTM device. The following message is continuously repeated in the log files.
2345 19:53:56 gtm-dc1 notice gtmd[8765] 090876 Connection in progress to 10.10.9.34
2345 19:57:56 gtm-dc1 notice gtmd[8765] 090876 Connection in progress to 10.10.9.34
2345 20:00:16 gtm-dc1 notice gtmd[8765] 090876 Connection in progress to 10.10.9.34
2345 20:03:26 gtm-dc1 notice gtmd[8765] 090876 Connection in progress to 10.10.9.34
2345 20:06:36 gtm-dc1 notice gtmd[8765] 090876 Connection in progress to 10.10.9.34
2345 20:09:46 gtm-dc1 notice gtmd[8765] 090876 Connection in progress to 10.10.9.34
(Choose one answer)
- A. The SSL Certificate is expired
- B. iQuery is NOT supported by the device
- C. Firewall is blocking iQuery
- D. The SSL certificate is NOT trusted
Question #5
A BIG-IP DNS Specialist needs to load balance an application globally. Listed bellow are two characteristics of the application:
Client sessions are similar in duration
The pools contain Virtual Servers with different performance parameters
Which primary load balance mode should the BIG-IP DNS Specialist use?
(Choose one answer)
- A. Global Availability
- B. Round Trip Time
- C. Ratio
- D. Least Connections
Question #6
A BIG-IP DNS Specialist needs to see a detailed output of the configuration of a WIP named www.brave-dumps.com.
Which command should the BIG-IP DNS Specialist use?
(Choose one answer)
- A. tmsh list gtm wideip a www.brave-dumps.com verbose
- B. tmsh list gtm wideip a www.brave-dumps.com all-properties
- C. tmsh list gtm wideip a www.brave-dumps.com details
- D. tmsh list gtm wideip a www.brave-dumps.com all
Question #7
A BIG-IP DNS device is slow responding to external DNS requests
Which command will help the BIG-IP DNS Specialist to analyze the response time the BIG-IP DNS?
(Choose one answer)
- A. dnsxdump
- B. ssldump
- C. tcpdump
- D. iqdump
Question #8
Which two fundamental steps are necessary to include an LTM device properly into an iQuery mesh? (Choose two answers)
- A. run gtm add <BIG-IP DNS self IP> on the new LTM device
- B. run bigip_add <new LTM self IP> on any BIG-IP DNS device in the synchronization group
- C. run bigip add <BIG-IP DNS self IP> on the new LTM device
- D. add the new LTM device to the Server list on any BIG-IP DNS device in the synchronization group
- add the new LTM device to the Server list on all BIG-IP DNS devices in the synchronization group. add the new LTM device to the Server list on all BIG-IP DNS devices in the synchronization group
Question #9
A BIG-IP DNS Specialist is configuring a BIG-IP DNS device in Screening Mode and notices that the DNS servers in the remote DNS server pool are resource-constrained during peak hours.
Which two BIG-IP DNS features will reduce the load on the servers?
(Choose two answers)
- A. DNS Express
- B. DNS64
- C. Transparent DNS Cache
- D. DNSSEC
- E. Process Recursion Desired
Question #10
An organization is implementing BIG-IP DNS in their data centers. The BIG-IP DNS Specialist needs to determine which Source IP addresses should be permitted to connect outbound to Generic Hosts in a remote data center.
Which Source IP addresses should be permitted connect outbound to Generic Hosts for monitoring purposes?
(Choose one answer)
- A. Management IP from all BIG-IP devices
- B. Non-Floating Self-IP from all Self-IP BIG-IP devices
- C. Non-Floating Self-IP from BIG-IP DNS devices
- D. Floating Self-ip from all BIG-IP devices
Virtual-Server-discovery enabled
=== Configuration from bigip-dns-3 brave-dumps.com ===
vlan vlan 10
root@(bigip-dns-3)(cfg-sync Standalone)(/Common)(tmos)#list net self
net self vlan30-10.1.30.11{
address 10.1.30.11/24
allow-service{
default
}
traffic-group traffic-group-local-only
vlan vlan30
}
root@(bigip-dns-3)(cfg-sync Standalone)(Active)(/Common)(tmos)#list net route
net route default{
gw 10.1.30.254
network default
}
root@(bigip-dns-3)(cfg-sync Standalone)(Active)(/Common)(tmos)#list net self-allow
net self-allow{
defaults{
tcp ssh
}
}
=== Troubleshooting Command ===
[root@bigip-dns-1 Active Standalone]config# iqdump 10.1.30.11
Connection to ffff 10.1.30.11 4353 failed Connection-refused
[root@bigip-dns-1 Active Standalone]config#
What is the likely cause of the health monitor failure? (Choose one answer)