BIG-IP Administration Install, Initial Configuration, and Upgrade v1.0
Question 1
An F5 VE is deployed into a VMware environment via the OVF file. An administrator wishes to connect to the F5 via an assigned management IP address to continue configuration.
What are two valid methods for configuring the management-ip address? (Choose two.)
- A. Log into the remote console and configure the management ip by running the ‘config’ executable.
-
B.
Log into the remote console and configure the management ip through the traffic management shell, TMSH, through the command ‘create sys management-ip
/ ’ -
C.
Log into the remote console and configure the management ip though the traffic management shell, TMSH, through the command ‘create ltm management-ip
/ ’ - D. Log into the remote console and configure the management ip by running the ‘setup’ command.
Answer : AD
Question 2
For security reasons, a BIG-IP Administrator needs to specify the allowable IP ranges for access to the Configuration Utility (WebUI). The exhibit shows the configuration part from the Configuration Utility. The administrator could not find any setting which explicitly and only restricts access to the Configuration Utility.
Which one of the following is a reason for that?
- A. Restricting access to the Configuration Utility can only be done from the Command Line Interface
- B. The administrator must restrict access by IP address for SSH, which will implicitly restrict access to the Configuration Utility
- C. To avoid locking out the administrator, the recent versions of BIG-IP no longer allow restricting administrator access to the Configuration Utility by source IP address
- D. The administrator needs to switch to the “Advanced” view mode in order to display the relevant setting.
Answer : C
Question 3
The BIG-IP Administrator needs to update access to the Configuration Utility to include 172.28.31.0/24 and 172.28.65.0/24 networks.
From the TMOS Shell (tmsh), which command should the BIG-IP Administrator use to complete this task?
- A. modify/ sys httpd allow add { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }
- B. modify/ sys httpd allow add { 172.28.31.0 172.28.65.0}
- C. modify / sys httpd permit add { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }
Answer : A
Question 4
The BIG-IP Administrator is responsible for deploying a new software image on an F5 BIG-IP HA pair and has scheduled a one-hour maintenance window.
With a focus on minimizing service disruption, which of the following strategies is the most appropriate?
- A. Update the active node first, reboot to the newly updated boot location and verify functionality, then push the update from the active to the standby node and reboot the standby node.
- B. Reset the Device Trust, apply the update to each node separately, reboot both nodes, then re-establish the Device Trust.
- C. Update the standby node first and reboot it to the newly updated boot location, failover to the newly updated node and verify functionality. Repeat the upgrade procedures on the next node, which is not in standby mode.
- D. Update both nodes in the HA pair, then reboot both nodes simultaneously to ensure they run the same software version.
Answer : C
Question 5
The monitoring team reports that the SNMP server is unable to poll data from a BIG-IP device.
What information will help the BIG-IP Administrator determine whether the issue originates from the BIG-IP system?
- A. The “Port Lockdown” setting is preventing the SNMP server from polling data from the BIG-IP.
- B. The “Traffic Group” setting must use a floating Traffic Group.
- C. The “VLAN / Tunnel” setting must allow All Vlans.
- D. The configuration on the exhibit is correct and other options should be explored.
Answer : A
Question 6
What are the two options for securing a BIG-IP’s management interface? (Choose two.)
- A. Limiting network access through the management interface to a trusted/secured network VLAN.
- B. Block all management interface administrative HTTPS and SSH service ports to prevent access.
- C. Use the BIG-IP’s Self-IP addresses for administrative access rather than the management interface.
- D. Restrict administrative HTTPS and SSH access to specific IP addresses or IP ranges.
Answer : AD
Question 7
Which port is an exception to the Port Lockdown function of Self-IPs if a synchronization group is configured?
- A. TCP 443
- B. TCP 4353
- C. UDP 53
Answer : B
Question 8
A BIG-IP device will be dedicated to functioning as a WAF, requiring only the ASM module to be provisioned.
What provisioning level will ensure that the system allocates all CPU, memory, and disk resources to this module exclusively?
- A. Dedicated
- B. Comprehensive
- C. Maximal
- D. Nominal
Answer : A
Question 9
The BIG-IP Administrator wants to manage the newly built F5 system through an in-band self IP. The administrator configures a VLAN and self-IP and is able to ping the IP from their workstation but is unable to administer the system through SSH or HTTPS.
What port lockdown settings should the BIG-IP Administrator use to allow management access on the self-ip? (Choose two.)
- A. The self-ip port lockdown behavior could be adjusted to Allow Default
- B. The self-ip lockdown behavior could be adjusted to Allow All
- C. The self-ip port lockdown behavior could be adjusted to Allow Mgmt
- D. The self-ip port lockdown behavior could be adjusted to Allow Management
Answer : BD
Question 10
Which configuration file can a BIG-IP administrator use to verify the provisioned modules?
- A. /config/bigip.license
- B. /config/bigip_base.conf
- C. /config/bigip.conf
- D. /var/local/ucs/config.ucs
Answer : B
Question 11
The device is currently on v15.1.2.1. BIG-IP Administrator needs to boot the device back to v13.1.0.6 to collect some data for troubleshooting. Output may appear similar to the following example:
Which is the correct command line to boot the device to version v13.1.0.6?
- A. Use tmsh to select a new boot volume, tmsh reboot HD1.2
- B. switchboot -b HD1.2, then reboot
- C. switchboot -I HD1.2, then reboot
- D. Use tmsh to select a new boot volume, tmsh switchboot HD1.2
Answer : B
Question 12
What will setting a Self IP to “Allow None” for Port Lockdown do?
- A. Block HA communications, causing the systems to report their peer as offline and go active-active.
- B. Block HA communications, causing the systems to report their peer as online-ready.
- C. Default allow port 1026 access between peer devices and traffic processing across the network failover.
Answer : C
Question 13
How should a BIG-IP Administrator check the provisioned CPU percent for a module? (Choose two.)
- A. By running the top command and reviewing the output for the provisioned module.
- B. By running tmsh show/ sys cpu and reviewing the specific module provisioned output.
- C. By going to System » Resource Provisioning and hovering over the CPU section colors.
- D. By running tmsh show/sys provision and reviewing the specific module in the output.
- E. By checking the Dashboard output in the Statistics tab in the GUI.
Answer : CD
Question 14
A BIG-IP Administrator needs to purchase new licenses for a BIG-IP appliance.
The administrator needs to know if a module is licensed and the memory requirement for that module.
Where should the administrator view this information in the System menu?
- A. Configuration > OVSDB
- B. Software Management
- C. Configuration > Device
- D. Resource Provisioning
Answer : D
Question 15
When using the tmsh shell of a BIG-IP system, which of the following commands will display the management-ip address?
- A. run / util bash ifconfig mgmt
- B. list / sys management-ip
- C. show / sys management-ip
Answer : C