BIG-IP Local Traffic Manager (LTM) Specialist: Maintain & Troubleshoot v1.0

Page:    1 / 14   
Exam contains 210 questions

A web application requires knowledge of the client's true IP address for logging and analysis purposes. Instances of the application that can decode X-
Forwarded-For HTTP headers reside in pool_a, while pool_b instances assume the source IP is the true address of the client.
Which iRule provides the proper functionality?

  • A. when HTTP_DATA { if {[HTTP::header exists X-Forwarded-For]}{ pool pool_a } else { pool pool_b } }
  • B. when HTTP_RESPONSE { if {[HTTP::header exists X-Forwarded-For]}{ pool pool_a } else { pool pool_b } }
  • C. when HTTP_REQUEST { if {[HTTP::header exists X-Forwarded-For]}{ pool pool_a } else { pool pool_b } }
  • D. when HTTP_OPEN { if {[HTTP::header exists X-Forwarded-For]}{ pool pool_a } else { pool pool_b } }


Answer : C

Which iRule will reject any connection originating from a 10.0.0.0/8 network?

  • A. when CLIENT_ACCEPTED { set remote_ip [IP::addr [IP::remote_addr] mask 8] switch $remote_ip { "10.0.0.0" { reject } "11.0.0.0" { pool pool_http1} default { pool http_pool } } }
  • B. when CLIENT_ACCEPTED { set remote_ip [IP::addr [IP::local_addr] mask 8] switch $remote_ip { "10.0.0.0" { reject } "11.0.0.0" { pool pool_http1} default { pool http_pool } } }
  • C. when CLIENT_ACCEPTED { set remote_ip [IP::addr [IP::client_addr] mask 255.0.0.0] switch $remote_ip { "10.0.0.0" { reject } "11.0.0.0" { pool pool_http1} default { pool http_pool } } }
  • D. when CLIENT_ACCEPTED { set remote_ip [IP::addr [IP::local_addr] mask 255.0.0.0] switch $remote_ip { "10.0.0.0" { reject } "11.0.0.0" { pool pool_http1} default { pool http_pool } } }


Answer : C

There is a fault with an LTM device load balanced trading application that resides on directly connected VLAN vlan-301. The application virtual server is
10.0.0.1:80 with trading application backend servers on subnet 192.168.0.0/25. The LTM Specialist wants to save a packet capture with complete payload for external analysis.
Which command should the LTM Specialist execute on the LTM device command line interface?

  • A. tcpdump -vvv -w /var/tmp/trace.cap 'net 192.168.0.0/25'
  • B. tcpdump -vvv -s 0 -w /var/tmp/trace.cap 'net 192.168.0.0/25'
  • C. tcpdump -vvv -nni vlan-301 -w /var/tmp/trace.cap 'net 192.168.0.0/25'
  • D. tcpdump -vvv -s 0 -nni vlan-301 -w /var/tmp/trace.cap 'net 192.168.0.0/25'


Answer : D

An LTM Specialist has just captured trace /var/tmp/trace.cap for site www.example.com while listening on virtual address 10.0.0.1:443 configured on partition
ApplicationA. The data payload being captured is SSL encrypted.
Which command should the LTM Specialist execute to decrypt the data payload?

  • A. ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/Common_d/certificate_d/:Common:www.example.com.crt_1
  • B. ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1
  • C. ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/ApplicationA_d/certificate_d/:ApplicationA:www.example.com.crt_1
  • D. ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/ApplicationA_d/certificate_key_d/:ApplicationA:www.example.com.key_1


Answer : B

An LTM Specialist must perform a packet capture on a virtual server with an applied standard FastL4 profile. The virtual server 10.0.0.1:443 resides on vlan301.
Which steps should the LTM Specialist take to capture the data payload successfully while ensuring no other virtual servers are affected?

  • A. The standard FastL4 profile should have PVA acceleration disabled. Then the packet capture tcpdump -ni vlan301 should be executed on the command line interface.
  • B. The packet capture tcpdump -ni vlan301 should be executed on the command line interface. There is no need to change profiles or PVA acceleration.
  • C. A new FastL4 profile should be created and applied to the virtual server with PVA acceleration disabled. Then the packet capture tcpdump -ni vlan301 should be executed on the command line interface.
  • D. The LTM device is under light load. The traffic should be mirrored to a dedicated sniffing device. On the sniffing device, the packet capture tcpdump -ni vlan301 should be executed.


Answer : C

A new VLAN vlan301 has been configured on a highly available LTM device in partition ApplicationA. A new directly connected backend server has been placed on vlan301. However, there are connectivity issues pinging the default gateway. The VLAN self IPs configured on the LTM devices are 192.168.0.251 and
192.168.0.252 with floating IP 192.168.0.253. The LTM Specialist needs to perform a packet capture to assist with troubleshooting the connectivity.
Which command should the LTM Specialist execute on the LTM device command line interface to capture the attempted pings to the LTM device default gateway on VLAN vlan301?

  • A. tcpdump -ni /ApplicationA/vlan301 'host 192.168.0.253'
  • B. tcpdump -ni vlan301 'host 192.168.0.253'
  • C. tcpdump -ni /ApplicationA/vlan301 'host 192.168.0.251 or host 192.168.0.252'
  • D. tcpdump -ni vlan301 'host 192.168.0.251 or host 192.168.0.252'


Answer : A

An LTM device pool has suddenly been marked down by a monitor. The pool consists of members 10.0.1.1:443 and 10.0.1.2:443 and are verified to be listening.
The affected virtual server is 10.0.0.1:80.
Which two tools should the LTM Specialist use to troubleshoot the associated HTTPS pool monitor via the command line interface? (Choose two.)

  • A. curl
  • B. telnet
  • C. ssldump
  • D. tcpdump


Answer : AC

An LTM Specialist needs to modify the logging level for tcpdump execution events. Checking the BigDB Key, the following is currently configured: sys db log.tcpdump.level { value "Notice"
}
Which command should the LTM Specialist execute on the LTM device to change the logging level to informational?

  • A. tmsh set /sys db log.tcpdump.level value informational
  • B. tmsh set /sys db log.tcpdump.level status informational
  • C. tmsh modify /sys db log.tcpdump.level value informational
  • D. tmsh modify /sys db log.tcpdump.level status informational


Answer : C

An application is configured on an LTM device:
Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1 -
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)
Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only client traffic specifically for this virtual server?

  • A. tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap
  • B. tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap
  • C. tcpdump -ni vlan301 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap
  • D. tcpdump -ni vlan302 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap
  • E. tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap


Answer : B

An LTM Specialist is running the following packet capture on an LTM device: ssldump -Aed -ni vlan301 'port 443'
Which two SSL record message details will the ssldump utility display by default? (Choose two.)

  • A. HTTP Version
  • B. User-Agent
  • C. ClientHello
  • D. ServerHello
  • E. Issuer


Answer : CD

Given this as the first packet displayed of an ssldump:
2 2 1296947622.6313 (0.0001) S>CV3.1(74) Handshake

ServerHello -

Version 3.1 -
random[32]=
19 21 d7 55 c1 14 65 63 54 23 62 b7 c4 30 a2 f0
b8 c4 20 06 86 ed 9c 1f 9e 46 0f 42 79 45 8a 29
session_id[32]=
c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad
4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
In reviewing the rest of the ssldump, the application data is NOT being decrypted.
Why is ssldump failing to decrypt the application data?

  • A. The application data is encrypted with SSLv3.
  • B. The application data is encrypted with TLSv1.
  • C. The data is contained within a resumed TLS session.
  • D. The BigDB Key Log.Tcpdump.Level needs to be adjusted.


Answer : C

An LTM Specialist is troubleshooting virtual server 10.0.0.1:443 residing on VLAN vlan301. The web application is accessed via www.example.com. The LTM
Specialist wants to save a packet capture with complete decrypted payload for external analysis.
Which command should the LTM Specialist execute on the LTM device command line interface?

  • A. tcpdump -vvv -s 0 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap
  • B. tcpdump -vvv -s 0 -ni vlan301 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap
  • C. ssldump -Aed -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap
  • D. ssldump -Aed -ni vlan301 -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap


Answer : D

An application is configured on an LTM device:
Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1 -
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)
Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only server traffic specifically for this application?

  • A. tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap
  • B. tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap
  • C. tcpdump -ni vlan302 -s 0 'port 8080 and (host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap
  • D. tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap


Answer : C

An LTM Specialist sees these entries in /var/log/ltm:
Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Assume 172.16.20.0/24 is attached to the VLAN "internal."
What should the LTM Specialist use to troubleshoot this issue?

  • A. curl -d - -k https://172.16.20.1
  • B. ssldump -i internal host 172.16.20.1
  • C. tcpdump -i internal host 172.16.20.1 > /shared/ssl.pcap ssldump < /shared/ssl.pcap
  • D. tcpdump -s 64 -i internal -w /shared/ssl.pcap host 172.16.20.1 ssldump -r /shared/ssl.pcap


Answer : B

A virtual server for a set of web services is constructed on an LTM device. The LTM Specialist has created an iRule and applied this iRule to the virtual server: when HTTP_REQUEST { switch [HTTP::uri] {
"/WS1/ws.jsp" {
log local0. "[HTTP::uri]-Redirected to JSP Pool"
pool JSP
}
default { log local0. "[HTTP::uri]-Redirected to Non-JSP Pool" pool NonJSP
}
}
}
However, the iRule is NOT behaving as expected. Below is a snapshot of the log:
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/WS1/WS.jsp-Redirected to Non-JSP Pool
/ws1/WS.jsp-Redirected to Non-JSP Pool
/WS1/ws.jsp-Redirected to JSP Pool
/ws1/ws.jsp-Redirected to Non-JSP Pool
What is the problem?

  • A. The condition in the iRule is case sensitive.
  • B. The 'switch' command in the iRule has been used incorrectly.
  • C. The pool members of both pools need to be set up as case-insensitive members.
  • D. The "Process Case-Insensitivity" option for the virtual server needs to be selected.


Answer : A

Page:    1 / 14   
Exam contains 210 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.