Get May-2026 updated F5CAB1 Certification Exam Sample Questions
F5CAB1 Study Guide Cover to Cover as Literally
F5 F5CAB1 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NEW QUESTION # 26
How can the BIG-IP Administrator tell when anunlicensed modulehas been provisioned?
- A. A BIG-IP does not allow unlicensed modules to be provisioned.
- B. When provisioning an unlicensed module, a warning will appear.
- C. AProvisioning Warningwill be displayed in the GUI in the upper left corner.
Answer: C
Explanation:
The BIG-IP system has built-in licensing enforcement.
If an administrator provisions a module that the device isnot licensedto run, the system will still allow the provisioning action to occurinitially, but the system detects the mismatch and displays an alert.
What actually happens:
* The GUI places awarning bannerin theupper-left cornerlabeled something similar to:"Provisioning Warning"
* This appears immediately after provisioning a module that is not included in the active license.
* The system remains in an "inconsistent state" until the module is disabled again or the license is updated.
This is the visual cue BIG-IP uses to indicate that a module was provisioned without valid licensing.
Why the other options are incorrect:
A). "A BIG-IP does not allow unlicensed modules to be provisioned."
* Not true. BIG-IPdoesallow provisioning, but warns afterward.
B). "A warning will appear when provisioning an unlicensed module."
* The warning doesnotappear during the provisioning step itself.
* It appearsafter provisioning, in the main GUI, as a system banner.
NEW QUESTION # 27
Which two items demonstrate thecreation of a new volumefor software images?
(Choose two.)
- A. Using the GUI, go toSystem > Disk Management, selectNew Volume. In the pop-up window, type the name or number of the new volume and clickApply.
- B. Using the GUI, go toSystem > Software Management > Available Images > Install, and in the Install Software Image pop-up window, type the new volume name or number and clickInstall.
- C. tmsh install software image /shared/images/BIGIP-<version>.iso volume HD1.5 create-volume
- D. tmsh install /sys software image BIGIP-<version>.iso volume HD1.5 create-volume
- E. tmsh install sys software image /shared/images/BIGIP-<version>.iso volume HD1.5 create-volume
Answer: A,C
Explanation:
In BIG-IP, software images are installed onboot volumes(for example, HD1.1, HD1.2, HD1.3, etc.).
To install software on anew volume, the administrator must instruct the system to create a new boot location before installation.
There are two correct ways to create a new volume:
A). tmsh command (with correct syntax)
tmsh install software image /shared/images/BIGIP-<version>.iso volume HD1.5 create-volume This syntax correctly includes:
* install software image
* full path to ISO (/shared/images/...)
* volume name (HD1.5)
* create-volumekeyword
This instructs BIG-IP to create the new boot volume as part of the installation.
C). Using the GUI # System > Disk Management
From the Disk Management menu, the administrator can:
* Select "New Volume"
* Enter the volume identifier (e.g., HD1.5)
* Apply changes
This GUI method is officially supported and explicitly creates a new boot volume before installing the software.
Why the other options are incorrect:
B). Incorrect tmsh syntax
* Missing /shared/images/ path
* Incorrect command structure
D). Incorrect command structure
* Missing required keywords and correct command hierarchy
E). Software Management # Install does NOT create volumes
* This installs to anexistingvolume only
* The GUI install dialog does not create new boot volumes
Thus, onlyOption AandOption Cproperly create a new software volume.
NEW QUESTION # 28
For security reasons, a BIG-IP Administrator needs to specify allowable IP ranges for access to the Configuration Utility (WebUI).
The exhibit shows the User Administration section of the Configuration Utility.
The administrator could not find any setting that explicitly restricts access to the Configuration Utility.
Which one of the following is a reason for that?
- A. The administrator needs to switch to the "Advanced" view mode in order to display the relevant setting
- B. To avoid locking out the administrator, recent versions of BIG-IP no longer allow restricting administrator access to the Configuration Utility by source IP address
- C. Restricting access to the Configuration Utility can only be done from the Command Line Interface
- D. The administrator must restrict access by IP address for SSH, which will implicitly restrict access to the Configuration Utility
Answer: C
Explanation:
The screenshot shown is from theUser Administrationsection of the BIG-IP GUI.
This section controls:
* Root and Admin passwords
* SSH Access
* SSH IP Allow settings
However,it does not contain any controls for restricting access to the WebUI (TMUI).
BIG-IP does not provide TMUI access restrictions from this part of the GUI.
Access to the web-based Configuration Utility is controlled by thehttpd allow list, configured through TMSH:
tmsh modify /sys httpd allow { <IP/subnet> }
This setting is not displayed in the User Administration panel, and in many BIG-IP versions, the httpd allow list isonly configurable from the CLI, not the GUI.
Therefore, the administrator cannot find the setting in the screen shown because:
* TMUI access restriction isnotlocated in this GUI section
* It must be configured usingtmshunder/sys httpd allow
This is whyOption Ais correct.
NEW QUESTION # 29
The Port Lockdown feature prevents unwanted connection attempts to a Self IP.
Which three types of connection attempts areunaffectedby Port Lockdown settings?
- A. Defined virtual server traffic, Internet Control Message Protocol (ICMP), Centralized Management Infrastructure (CMI)
- B. Centralized Management Infrastructure (CMI), Secure Shell (SSH), Internet Control Message Protocol (ICMP)
- C. Defined virtual server traffic, Secure Shell (SSH), Centralized Management Infrastructure (CMI)
Answer: A
Explanation:
Port Lockdown controls which ports and protocols aSelf IPwill respond to.
However, certain traffic types bypass Port Lockdown for BIG-IP functionality and routing integrity.
The three types that areNOT affectedby Port Lockdown are:
1. Defined Virtual Server Traffic
Traffic destined to a Self IP that matches aconfigured virtual serveris always accepted by the BIG-IP, regardless of Port Lockdown settings.
This ensures that traffic processing does not break when administrators restrict Self-IP ports.
2. ICMP (Internet Control Message Protocol)
ICMP (such as ping, traceroute responses, etc.) always passes through a Self IP even when Port Lockdown is set to:
* Allow Default
* Allow None
* Allow Custom
F5 allows ICMP for reachability and diagnostic purposes independent of Port Lockdown rules.
3. Centralized Management Infrastructure (CMI)
CMI includes the internal HA services used for:
* Device Trust
* ConfigSync
* Failover
* Mirroring
These essential HA communications bypass Port Lockdown to prevent accidental cluster failure.
The well-known port for this traffic isTCP 4353, which is always permitted.
Why the other options are incorrect:
Option A:SSHisrestricted by Port Lockdown unless explicitly allowed.
Option B:Same issue - SSH does not bypass Port Lockdown.
OnlyDefined VS Traffic,ICMP, andCMIbypass Port Lockdown.
NEW QUESTION # 30
The device is currently onv15.1.2.1.
The BIG-IP Administrator needs to boot the device back tov13.1.0.6to gather data for troubleshooting.
The system shows:
Sys::Software Status
Volume Product Version Build Active Status Allowed
HD1.1 BIG-IP 15.1.2.1 0.0.10 yes complete yes
HD1.2 BIG-IP 13.1.0.6 0.0.3 no complete yes
Which is the correct command-line sequence to boot the device to version13.1.0.6?
- A. switchboot -b HD1.2, then reboot
- B. switchboot -I HD1.2, then reboot
- C. Use tmsh to select a new boot volume, tmsh reboot HD1.2
- D. Use tmsh to select a new boot volume, tmsh switchboot HD1.2
Answer: A
Explanation:
To change the boot volume on a BIG-IP system from one installed TMOS version to another, the correct CLI tool is:
switchboot
The correct syntax uses the-bflag:
switchboot -b <volume>
This command marks the specified boot location as the one to be used on the next reboot.
Thus, to boot intoHD1.2which contains13.1.0.6, the sequence is:
* Mark HD1.2 as the next boot location:
* switchboot -b HD1.2
* Reboot the system:
* reboot
This is the standard and officially supported method for selecting a different installed volume.
Why the other options are incorrect:
A). "tmsh reboot HD1.2"
* There is no such tmsh syntax.
* Boot volume cannot be selected by adding a parameter to reboot.
C). switchboot -I HD1.2
* The -I flag is invalid. Only -b is used.
D). "tmsh switchboot HD1.2"
* switchboot isnota tmsh command; it is a system-level shell utility.
Therefore,Option Bis the correct and valid command sequence.
NEW QUESTION # 31
A BIG-IP Administrator discovers malicious brute-force attempts to access the BIG-IP device on the management interfacevia SSH.
The administrator needs to restrict SSH access to the management interface.
Where should this be accomplished?
- A. System > Configuration
- B. Network > Interfaces
- C. System > Platform
- D. Network > Self IPs
Answer: A
Explanation:
The BIG-IPmanagement interface (MGMT port)is controlled throughSystem settings, not through the Network menu.
SSH access on the management interface is configured here:
System # Configuration # Device # General # SSH Access / SSH IP Allow
This section allows the administrator to:
* Enable or disable SSH service
* Restrict SSH access to specific IP addresses or subnets
* Apply security policies to the management interface
Why the other options are incorrect:
A). Network > Interfaces
* Used for data-plane physical interface settings, not management plane SSH restrictions.
B). Network > Self IPs
* Controls in-band management or data-plane access, not the dedicated management port.
D). System > Platform
* Used for hostname, time zone, LCD contrast, hardware settings - not SSH security on the management port.
Therefore, restricting SSH access to themanagement interfacemust be done under:
#System # Configuration # Device # General
Which corresponds toOption C.
NEW QUESTION # 32
An organization is planning to upgrade a BIG-IP system from16.1.xto17.1.x.
For a successful upgrade, theService Check Datemust be equal to or newer than the License Check Date required for 17.1.x.
Which command will show the Service Check Date on the BIG-IP system being upgraded?
- A. grep "Service check date" /config/BigDB.dat
- B. grep "Service check date" /config/bigip.license
- C. grep "Service check date" /config/bigip.conf
- D. grep "Service check date" /config/svc_chk_date.dat
Answer: B
Explanation:
BIG-IP licensing information, including theService Check Date, is stored in the file:
/config/bigip.license
This file contains all license attributes downloaded from the F5 licensing server, including:
* License key
* Licensed modules
* Useful life date
* Service check date
TheService Check Datedetermines whether the system is eligible for upgrades to specific TMOS versions.
When reviewing upgrade readiness, administrators extract this value directly from the license file with:
grep "Service check date" /config/bigip.license
Why the other options are incorrect:
* /config/bigip.confstores BIG-IP configuration objects, not license metadata.
* /config/svc_chk_date.datisnota valid file in the licensing system; it does not contain license parameters.
* /config/BigDB.datstores internal database values, not licensing attributes.
Thus, only thebigip.licensefile contains the correct licensing information required for verifying upgrade eligibility.
NEW QUESTION # 33
In order to configure allowed IP addresses forSSH accessto a BIG-IP device, the BIG-IP Administrator has issued the commands shown in the exhibit.
Which IP addresses will have SSH access after issuing the shown commands?
(Choose two.)
- A. 100.0.0.10
- B. 100.0.1.10
- C. 10.0.0.256
- D. 10.0.0.254
- E. 10.0.0.100
Answer: D,E
Explanation:
From the exhibit, the administrator performs the following actions:
* Displays the current SSH allow configuration:
tmsh list sys sshd allow
allow { ALL }
* Replaces the existing SSH allow list with a specific subnet:
tmsh modify sys sshd allow replace-all-with { 10.0.0.0/24 }
* Confirms the updated configuration:
tmsh list sys sshd allow
allow { 10.0.0.0/24 }
This configuration restricts SSH access to only hosts that fall within the10.0.0.0/24network.
Evaluation of the options
A). 10.0.0.100
This address is within the 10.0.0.0/24 subnet and is a valid host address, so SSH access is permitted.
B). 10.0.0.254
This address is also within the 10.0.0.0/24 subnet and is a valid host address, so SSH access is permitted.
C). 10.0.0.256
This is not a valid IP address because an IPv4 octet cannot exceed 255.
D). 100.0.1.10
This address is outside the configured 10.0.0.0/24 subnet and will not be allowed.
E). 100.0.0.10
This address is also outside the configured subnet and will not be allowed.
NEW QUESTION # 34
A BIG-IP Administrator needs to purchase new licenses for a BIG-IP appliance.
The administrator needs to know:
* Whether a module is licensed
* The memory requirement for that module
Where should the administrator view this information in theSystem menu?
- A. Configuration Device
- B. Resource Provisioning
- C. Software Management
- D. Configuration OVSDB
Answer: B
Explanation:
To understand:
* Which modules arelicensed
* Which modules areprovisioned
* Theresource requirements(CPU / RAM) of each module
The administrator uses:
System Resource Provisioning
This page displays:
* All modules present in the license
* Whether they are enabled or disabled
* Required memory to activate each module
* CPU and disk allocation information
* Provisioning level options (None / Minimal / Nominal / Dedicated)
This is the exact location where BIG-IP administrators evaluate module capacity before enabling or purchasing licensing upgrades.
Why the other options are incorrect:
A). Configuration OVSDB
* Used for network virtualization integrations, not licenses or modules.
B). Software Management
* Used for software image installation, not licensing.
C). Configuration Device
* Displays hostname, failover settings, device properties - not module resource requirements.
Thus, module licensing and memory requirement data are found underResource Provisioning.
NEW QUESTION # 35
A new logging solution is being implemented on the network. Policy requires keeping management traffic sent from the BIG-IPout of the management interface. After configuring the BIG-IP to forward messages to the new Syslog server, the BIG-IP Administrator notices that packets are being sentfrom a numbered data- plane Self IP.
What should the BIG-IP Administrator change to send the traffic out of thecorrect interface?
- A. Create a Management Route for the specific address/subnet of the syslog service via TMSH.
- B. Create a new Self IP in the same subnet as the management IP address using a route domain.
- C. Modify the port lockdown settings on the Self IP address to allow UDP port 514 traffic.
- D. Set the Management IP as the source address when configuring a Remote Syslog destination.
Answer: A
Explanation:
By default,management-plane trafficuses themanagement routing table, whiledata-plane trafficuses the TMM routing table.
Remote Syslog traffic ismanagement-planetrafficunlessa management route exists.
If noManagement Routematches the Syslog server's destination IP, the BIG-IP will instead:
* UseTMM routes, and
* Source the packets from aSelf IP
This is exactly what the administrator is observing.
To force Syslog traffic out the management port:
You must create aManagement Route, which is configured using:
tmsh create /sys management-route <name> gateway <ip> network <syslog subnet> This sends syslog traffic:
* Out of themanagement interface
* Using theManagement IPas the source
Thus,Option Bis correct.
Why the other options are incorrect:
A). Set the Management IP as the source address
* Source address selection is overridden by routing.
* Without a management route, traffic still goes out the data plane.
C). Create a new Self IP using a route domain
* Unnecessary and not related to management-plane routing.
* Syslog traffic should not rely on data-plane Self IPs.
D). Modify port lockdown on Self IP to allow UDP/514
* This would allow Syslog trafficintothe BIG-IP over a Self IP, not forceoutboundtraffic via management.
NEW QUESTION # 36
Which configuration file can a BIG-IP administrator use to verify theprovisioned modules?
- A. /config/bigip.license
- B. /config/bigip_base.conf
- C. /config/bigip.conf
- D. /var/local/ucs/config.ucs
Answer: C
Explanation:
Provisioning settings define which modules are enabled and how system resources are allocated to them.
These provisioning declarations are stored in:
/config/bigip.conf
This file contains:
* Full module provisioning statements
* TMSH-equivalent provisioning configurations such as:
* sys provision ltm { level nominal }
* sys provision asm { level nominal }
It is theprimary system configuration filethat stores all active provisioning details.
Why the other answers are incorrect
A). /config/bigip.license
* Showslicensedmodules, not provisioned modules.
B). /config/bigip_base.conf
* Stores base networking (VLANs, Self-IPs, routes), not provisioning.
D). config.ucs
* A backup archive, not a live configuration file.
Thus, the correct file to review active module provisioning is/config/bigip.conf.
NEW QUESTION # 37
The BIG-IP Administrator uses Secure Copy Protocol (SCP) to upload a TMOS image to the/shared/images/ directory in preparation for an upgrade.
After the upload is complete, what will the system dobeforethe image appears in the GUI under:
System Software Management Image List?
- A. The system verifies the internal checksum
- B. The system performs a reboot into the new partition
- C. The system copies the image to /var/local/images/
Answer: A
Explanation:
When a TMOS ISO file is transferred to/shared/images/, the BIG-IP automatically performs a validation step:
Checksum Verification
* Before the image becomes visible in the GUI, the systemverifies the internal checksumembedded inside the ISO.
* This ensures:
* The file was fully transferred
* The image is not corrupted
* It matches the official F5 release signature
* Only after passing this verification does the GUI display the ISO under "Available Images." Why the other options are incorrect:
A). Reboot into a new partition
* No reboot occurs simply from uploading an image.
C). Copying into /var/local/images/
* This directory isnotused for ISO storage.
* All valid images remain in/shared/images/.
Thus, the correct system action ischecksum verification.
NEW QUESTION # 38
A BIG-IP Administrator upgrades the BIG-IP LTM to a newer software version. After the administrator reboots into the new volume, the configuration fails to load.
Why is the configuration failing to load?
- A. A minimum of at least two reboots is required.
- B. The license needed to be reactivated before the upgrade.
- C. Connectivity to the DNS server failed to be established.
- D. The upgrade was performed on the standby unit.
Answer: B
Explanation:
When upgrading to a newer TMOS software version, BIG-IP validates whether the current license is permitted to run that version.
This is controlled by theService Check Datein the device's license file.
If the Service Check Date is older than the minimum required for the target version:
* The systemboots into the new volume,
* Butfails to load the configuration,
* And will instead present messages indicating that the configuration cannot be applied due to aninvalid or outdated license.
This is a well-known behavior:
An outdated license, not reactivated before upgrade, causes configuration load failure after reboot into the new software.
Why the other options are incorrect:
A). Performed on the standby unit
* Upgrading a standby unit does not cause configuration load failure.
* Standby-only upgrades are standard best practice.
C). Two reboots required
* BIG-IP does not require two reboots during an upgrade.
* One reboot into the new volume is sufficient.
D). DNS connectivity failure
* DNS connectivity does not affect configuration loading.
* DNS is only needed for automatic license activation, not for applying config at boot.
Thus, the configuration failed to load because thelicense was not reactivated before the upgrade, making Option Bcorrect.
NEW QUESTION # 39
For security reasons, a BIG-IP Administrator needs to specify allowable IP ranges for access to the Configuration Utility (WebUI).
The exhibit shows the User Administration section of the Configuration Utility.
The administrator could not find any setting that explicitly restricts access to the Configuration Utility.
Which one of the following is a reason for that?
- A. The administrator needs to switch to the "Advanced" view mode in order to display the relevant setting
- B. To avoid locking out the administrator, recent versions of BIG-IP no longer allow restricting administrator access to the Configuration Utility by source IP address
- C. Restricting access to the Configuration Utility can only be done from the Command Line Interface
- D. The administrator must restrict access by IP address for SSH, which will implicitly restrict access to the Configuration Utility
Answer: C
Explanation:
The screenshot shown is from theUser Administrationsection of the BIG-IP GUI.
This section controls:
* Root and Admin passwords
* SSH Access
* SSH IP Allow settings
However,it does not contain any controls for restricting access to the WebUI (TMUI).
BIG-IP does not provide TMUI access restrictions from this part of the GUI.
Access to the web-based Configuration Utility is controlled by thehttpd allow list, configured through TMSH:
tmsh modify /sys httpd allow { <IP/subnet> }
This setting is not displayed in the User Administration panel, and in many BIG-IP versions, the httpd allow list isonly configurable from the CLI, not the GUI.
Therefore, the administrator cannot find the setting in the screen shown because:
* TMUI access restriction isnotlocated in this GUI section
* It must be configured usingtmshunder/sys httpd allow
This is whyOption Ais correct.
NEW QUESTION # 40
When logged into thebash shellof a BIG-IP system, which of the following commands will display the management-ip address?
(Choose two.)
- A. ifconfig mgmt
- B. tmsh list /sys management-ip
- C. list / sys management-ip
- D. show mgmt ip
Answer: A,B
Explanation:
When logged into thebash shellof a BIG-IP system, there are two valid ways to view themanagement-ip address:
A). tmsh list /sys management-ip
* Even from the bash shell, the administrator can enter a tmsh command by typing:
* tmsh list /sys management-ip
* This displays:
* Management IP address
* Netmask
* Any configured management routes
* This is theofficial tmsh methodfor viewing the management-ip configuration.
C). ifconfig mgmt
* In the underlying Linux OS, the management interface maps to themgmtinterface.
* Running:
* ifconfig mgmt
displays:
* Assigned management IP
* Netmask
* Link-level status
* This is a valid Linux-level method used frequently for troubleshooting.
Why the other options are incorrect:
B). show mgmt ip
* Not a valid bash or tmsh command on BIG-IP.
D). list / sys management-ip
* Missing thetmshprefix.
* In bash, this will generate a syntax error.
* The correct form requires:
tmsh list /sys management-ip
NEW QUESTION # 41
How should a BIG-IP Administrator check theprovisioned CPU percentfor a module?
(Choose two.)
- A. By running thetopcommand and reviewing the output for the provisioned module.
- B. By runningtmsh show /sys provisionand reviewing the specific module in the output.
- C. By runningtmsh show /sys cpuand reviewing the specific module provisioned output.
- D. By going toSystem / Resource Provisioningand hovering over the CPU section colors.
- E. By checking theDashboardoutput in the Statistics tab in the GUI.
Answer: B,D
Explanation:
BIG-IP allocates CPU and memory resources based on module provisioning levels.
To view how much CPU a module is assigned, administrators must check provisioning information from:
C). GUI - System Resource Provisioning
This page visually displays CPU allocation via color-coded bars.
Hovering over the CPU bar shows:
* CPU usage percent per module
* Which modules share CPU cycles
* The system's total resource allocation
This is the primary GUI method.
D). tmsh show /sys provision
This command displays detailed module provisioning information including:
* Provisioned modules
* Their provisioning level
* CPU and memory allocation data
It is the authoritative CLI method for resource provisioning status.
Why the other options are incorrect:
A). top
* Shows real-time process usage, notprovisionedCPU allocation.
B). tmsh show /sys cpu
* Displays CPU runtime utilization, not per-module provisioning.
E). Statistics Dashboard
* Only shows traffic / system runtime metrics, not provisioning resource allocations.
Therefore,C and Dare correct.
NEW QUESTION # 42
When using the tmsh shell of a BIG-IP system, which command will display the management-ip address?
- A. list /sys management-ip
- B. show /sys management-ip
- C. run /util bash ifconfig mgmt
Answer: A
Explanation:
Comprehensive and Detailed Explanation (Paraphrased from F5 BIG-IP Administration / Installation / Initial Configuration concepts) Within the BIG-IP Traffic Management Shell (tmsh), system configuration objects-including the management IP-are organized under the/syshierarchy. The management IP address is a configurable property stored in the system configuration and can be viewed using the tmshlistcommand, which displays configuration objects and their currently assigned values.
Why "list /sys management-ip" is correct
* The list command in tmsh is used todisplay configured system values, not runtime statistics.
* The object that holds the management IP settings on BIG-IP systems is located at:/sys management-ip
* Running the command:list /sys management-ipwill reveal the settings for the management IP interface, including the address, netmask, and any associated attributes.
* This is the standard method used during system setup and verification to confirm the management IP configuration.
This behavior aligns with BIG-IP administration procedures, where configuration information is retrieved usinglist, while operational data is retrieved usingshow.
Why the other options are incorrect
A). run /util bash ifconfig mgmt
* This command enters the Bash shell, then runs ifconfig to display the management interface.
* While this can show the management interface address, it isnot a tmsh-native command, and the question specifically asks for a tmsh command.
* Administrators use tmsh directly for configuration display rather than leaving the shell.
C). show /sys management-ip
* The show command displaysstatistics or operational data, not configuration values.
* The management-ip object does not maintain statistics; therefore show does not return the configuration details required.
* Only thelistcommand reveals stored configuration data such as IP address and netmask.
NEW QUESTION # 43
The monitoring team reports that the SNMP server is unable to poll data from a BIG-IP device.
What information will help the BIG-IP Administrator determine whether the issue originates from the BIG-IP system?
- A. The configuration on the exhibit is correct and other options should be explored.
- B. The "Port Lockdown" setting is preventing the SNMP server from polling data from the BIG-IP.
- C. The "VLAN / Tunnel" setting must allow All Vlans.
- D. The "Traffic Group" setting must use a floating Traffic Group.
Answer: B
Explanation:
The exhibit shows aSelf IPwith:
* VLAN:Data
* Port Lockdown:Allow None
Impact of "Allow None" on SNMP
When a Self IP is configured with:
Port Lockdown: Allow None
the BIG-IP blocksallservices and ports except a few hardcoded HA communication ports.
This means:
* UDP/161 (SNMP)is blocked
* UDP/162 (SNMP traps)is blocked
* The SNMP server cannot poll or receive data from the BIG-IP through this Self IP SNMP relies on access through the Self IP if out-of-band (mgmt interface) is not used.
Thus, the issue is directly caused byPort Lockdown = Allow None, which prevents SNMP communication.
Why the other options are incorrect:
B). Traffic Group must use a floating Traffic Group
* SNMP polling doesnotrequire floating Self IPs.
* Floating groups apply to HA failover IPs, not SNMP functionality.
C). VLAN/Tunnel must allow All VLANs
* Self IPs are always bound to a VLAN; SNMP doesnotrequire All VLANs.
* As long as the Self IP belongs to a reachable VLAN, SNMP can work.
D). Configuration is correct
* It is not correct:Allow Noneblocks SNMP and is the problem.
NEW QUESTION # 44
Refer to the exhibit.
An organization has purchased a BIG-IP license that includes all available modules but has chosen to provision only the modules they require.
The exhibit displays the current resource allocation from theSystem # Resource Provisioningpage.
Based on the information provided, which F5 modules have been provisioned?
- A. LTM, DNS, APM
- B. LTM, APM
- C. TMM, DNS, APS
- D. DNS, APM
Answer: A
Explanation:
The exhibit shows theCurrent Resource Allocationfor:
* CPU
* Disk
* Memory
In particular, theMemory Allocationbar displays the modules that are currently provisioned.
Memory is the most reliable indicator because BIG-IP allocates memoryonlyto modules that are actively provisioned.
From the exhibit:
* MGMT(Management) - always present
* TMM(Traffic Management Microkernel) - indicatesLTM is provisioned
* GTM- this label indicates that theDNS moduleis provisioned (GTM = Global Traffic Manager, now called DNS)
* APM- explicitly shown, indicatingAccess Policy Manageris provisioned
Therefore, the provisioned modules are:
* LTM(implied by TMM allocation)
* DNS/GTM
* APM
This matchesOption C: LTM, DNS, APM.
NEW QUESTION # 45
A BIG-IP Administrator needs to purchase new licenses for a BIG-IP appliance.
The administrator needs to know:
* Whether a module is licensed
* The memory requirement for that module
Where should the administrator view this information in theSystem menu?
- A. Configuration - Device
- B. Configuration - OVSDB
- C. Resource Provisioning
- D. Software Management
Answer: C
NEW QUESTION # 46
......
100% Real & Accurate F5CAB1 Questions and Answers with Free and Fast Updates: https://www.pass4suresvce.com/F5CAB1-pass4sure-vce-dumps.html
Get Unlimited Access to F5CAB1 Certification Exam Cert Guide: https://drive.google.com/open?id=15-8Ct3dvn060vXQw3m6WVGfOD59WFARn