Pruebaaafrbaaa

A BIG-IP Administrator plans to upgrade a BIG-IP device to the latest TMOS version. Which two tools could the administrator leverage to verify known issues for the target versions? (Choose two.). A. F5 End User Diagnostics (EUD). B. F5 iHealth. C. F5 University. D. F5 Bug Tracker. E. F5 Downloads.

When using the tmsh shell of a BIG-IP system, which command will display the management-ip address?. A. run /util bash ifconfig mgmt. B. list /sys management-ip. C. show /sys management-ip.

The BIG-IP Administrator received a ticket that an authorized user is attempting to connect to the Configuration Utility from a jump host and is being denied. The HTTPD allow list is configured as: sys httpd { allow ( 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 ) ) The jump host IP is 172.28.32.22. What command should the BIG-IP Administrator use to allow HTTPD access for this jump host?. A. modify /sys httpd allow replace-all-with { 172.28.32.22 ). B. modify /sys httpd allow delete { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }. C. modify /sys httpd allow add ( 172.28.32.22}.

he Configuration Utility of a BIG-IP device is currently accessible via its management IP 10.53.1.245 from all VLANs. The BIG-IP Administrator needs to restrict access so only hosts from the 10.0.0.0/24 subnet can access the Configuration Utility. Which TMSH command accomplishes this?. A. (tmos)# create /net acl MGMT.HTTP rule add { (permit tcp 10.0.0.0 0.0.0.255 host 10.53.1.245 http) }. B. (tmos)# modify /Itm httpd allow replace-all-with {10.0.0.0/24}. C. (tmos)# create /net acl MGMT.HTTP rule add { (permit tcp 10.0.0.0/24 10.53.1.245 http) (deny ip any any http) }. D. (tmos)# modify /sys httpd allow replace-all-with {10.0.0.0/24}.

An organization is planning to upgrade a BIG-IP system from 16.1.x to 17.1.x. For a successful upgrade, the Service Check Date must be equal to or newer than the License Check Date required for 17.1.x. Which command will show the Service Check Date on the BIG-IP system being upgraded?. grep "Service check date" /config/bigip.license. grep "Service check date" /config/bigip.conf. grep "Service check date" /config/svc_chk_date.dat. grep "Service check date" /config/BigDB.dat.

An F5 VE has been deployed into a VMware environment via an OVF file. An administrator wants to configure the management IP address so the VE can be accessed for further setup. Which two are valid methods for configuring the management-ip address? (Choose two.). Log into the remote console and configure the management IP by running the config executable. Log into the remote console and configure the management IP through TMSH using: create sys management-ip <ip address>/<mask>. Log into the remote console and configure the management IP through TMSH using: create [tm management-ip <ip address>/<mask>. Log into the remote console and configure the management IP by running the setup command.

The BIG-IP Administrator needs to update access to the Configuration Utility to include the 172.28.31.0/24 and 172.28.65.0/24 networks. From the TMOS Shell (tmsh), which command should the BIG-IP Administrator use to complete this task?. modify /sys httpd allow add ( 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0. modify /sys httpd allow add { 172.28.31.0 172.28.65.0). modify /sys httpd permit add { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 ).

The BIG-IP Administrator needs to update access to the Configuration Utility to include the 172.28.31.0/24 and 172.28.65.0/24 networks. From the TMOS Shell (tmsh), which command should the BIG-IP Administrator use to complete this task?. modify /sys httpd allow add ( 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 ). modify /sys httpd allow add { 172.28.31.0 172.28.65.0 ). modify /sys httpd permit add { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 ).

A BIG-IP Administrator is responsible for deploying a new software image on an F5 BIG-IP HA pair and has scheduled a one-hour maintenance window. With a focus on minimizing service disruption, which of the following strategies is the most appropriate?. Update the active node first, reboot to the newly updated boot location and verify functionality, then push the update from the active to the standby node and reboot the standby node. Reset the Device Trust, apply the update to each node separately, reboot both nodes, then reestablish the Device Trust. Update the standby node first and reboot it to the newly updated boot location, failover tothe newly updated node and verify functionality. Repeat the upgrade procedures on the next node, which is now in standby mode. Update both nodes in the HA pair, then reboot both nodes simultaneously to ensure they run the same software version.

What are the two options for securing a BIG-IP's management interface? (Choose two.). Limiting network access through the management interface to a trusted/secured network VLAN. Block all management-interface administrative HTTPS and SSH service ports to prevent access. Use the BIG-IP’s Self-IP addresses for administrative access rather than the management interface. Restrict administrative HTTPS and SSH access to specific IP addresses or IP ranges.

Which port is an exception to the Port Lockdown function of Self-IPs if a device-group synchronization cluster is configured?. TCP 443. TCP 4353. UDP 53.

A BIG-IP device is licensed for LTM, ASM, APM, and AFM. Currently, it will only be used for load balancing and web application firewalling. To ensure optimal performance and efficient resource utilization, which of the following module provisioning combinations is the best choice?. LTM: Dedicated ASM: Dedicated APM: Minimal AFM: Minimal. LTM: Dedicated ASM: Dedicated APM: None AFM: None. LTM: Nominal ASM: Nominal APM: None AFM: None. LTM: Nominal ASM: Nominal APM: Minimal AFM: Minimal.

A BIG-IP device will be dedicated to functioning as a WAF, requiring only the ASM module to be provisioned. What provisioning level will ensure that the system allocates all CPU, memory, and disk resources to this module exclusively?. Dedicated. Comprehensive. Maximal. Nominal.

The BIG-IP Administrator wants to manage the newly built F5 system through an in-band Self-IP. The administrator has configured a VLAN and Self-IP and can ping the IP from their workstation, but cannot access the system via SSH or HTTPS. What port lockdown settings should the BIG-IP Administrator use to allow management access on the Self-1P? (Choose two.). The Self-IP port lockdown behavior could be adjusted to Allow Default. The Self-IP port lockdown behavior could be adjusted to Allow All. The Self-IP port lockdown behavior could be adjusted to Allow Mgmt. The Self-IP port lockdown behavior could be adjusted to Allow Management.

Which two items demonstrate the creation of a new volume for software images? (Choose two.). tmsh install software image /shared/images/BIGIP-<version>.iso volume HD1.5 create-volume. tmsh install /sys software image BIGIP-<version>.iso volume HD1.5 create-volume. Using the GUI, go to System > Disk Management, select New Volume. In the pop-up window, type the name or number of the new volume and click Apply. tmsh install sys software image /shared/images/BIGIP-<version>.iso volume HD1.5 create-volume. Using the GUI, go to System > Software Management > Available Images > Install, and in the Install Software Image pop-up window, type the new volume name or number and click Install.

For an upgrade of a standalone BIG-IP, a maintenance window is available in which brief interruptions are allowed. Actions with no impact can be done outside the maintenance window. When should a license reactivation be performed?. During the maintenance window. Before the maintenance window. After the maintenance window.

Which configuration file can a BIG-IP administrator use to verify the provisioned modules?. /config/bigip.license. /config/bigip_base.conf. /config/bigip.conf. /var/local/ucs/config.ucs.

A BIG-IP Administrator needs to verify the state of equipment in the data center. A BIG-IP appliance has a solid yellow indicator on the status LED. How should the administrator interpret this LED indicator?. Appliance is halted or in End-User Diagnostic (EUD) mode. Appliance is a standby member in a device group. A warning-level alarm condition is present. A power supply is NOT operating properly.

A BIG-IP Administrator needs to install a HotFix on a standalone BIG-IP device. The device currently has HD1.1 as the Active Boot Location. The administrator has already reactivated the license and created a UCS archive. In which sequence should the administrator perform the remaining steps?. Install HotFix in HD1.2, Install base Image in HD1.2, Activate HD1.2. Install HotFix in HD1.1, Reboot the BIG-IP device, Install UCS Archive. Install base Image in HD1.2, Install HotFix in HD1.2, Activate HD1.2. Activate HD1.2, Install base Image in HD1.2, Install HotFix in HD1.2.

An F5 BIG-IP Administrator is asked to report which modules are provisioned on the BIG-IP. In which two ways can this be done? (Choose two.). Via the GUI at System > Resource Provisioning - Module Allocation. Via TMSH with show /sys provision. Via the GUI at Statistics > Module Statistics > System. Via TMSH with list /sys provision.

A BIG-IP Administrator is using Secure Copy Protocol (SCP) to transfer a TMOS image to the BIG-IP system in preparation for an upgrade. To what directory should the file be transferred?. /shared/images/. /local/images/. /var/images/.

The device is currently on v15.1.2.1. The BIG-IP Administrator needs to boot the device back to v13.1.0.t6o gather data for troubleshooting. The system shows: Sys::Software Status Volume Product Version Build Active Status Allowed HD1.1BIG-IP 15.1.2.1 0.0.10 yes complete yes HD1.2 BIG-IP 13.1.0.6 0.0.3 no complete yes Which is the correct command-line sequence to boot the device to version 13.1.0.6?. Use tmsh to select a new boot volume, tmsh reboot HD1.2. switchboot -b HD1.2, then reboot. switchboot -| HD1.2, then reboot. Use tmsh to select a new boot volume, tmsh switchboot HD1.2.

What will setting a Self IP to “Allow None” for Port Lockdown do?. Block HA communications, causing the systems to report their peer as offline and go active-active. Block HA communications, causing the systems to report their peer as online ready. Default allow port 1026 access between peer devices and traffic processing across the network failover.

When is the License Service Check Date enforced on a BIG-IP system?. After editing a virtual server. During a software install. During system startup.

How should a BIG-IP Administrator check the provisioned CPU percent for a module? (Choose two.). By running the top command and reviewing the output for the provisioned module. By running tmsh show /sys cpu and reviewing the specific module provisioned output. By going to System » Resource Provisioning and hovering over the CPU section colors. By running tmsh show /sys provision and reviewing the specific module in the output. By checking the Dashboard output in the Statistics tab in the GUI.

The BIG-IP Administrator uses Secure Copy Protocol (SCP) to upload a TMOS image to the /shared/images/ directory in preparation for an upgrade. After the upload is complete, what will the system do before the image appears in the GUI under: System » Software Management » Image List?. The system performs a reboot into the new partition. The system verifies the internal checksum. The system copies the image to /var/local/images/.

A BIG-IP Administrator needs to purchase new licenses for a BIG-IP appliance. The administrator needs to know: Whether a module is licensed The memory requirement for that module Where should the administravtioewr this information in the System menu?. Configuration » OVSDB. B. Software Management. Configuration » Device. Resource Provisioning.

For security reasons, a BIG-IP Administrator needs to specify allowable IP ranges for access to the Configuration Utility (WebUI). The exhibit shows the User Administration section of the Configuration Utility. Restricting access to the Configuration Utility can only be done from the Command Line Interface. The administrator must restrict access by IP address for SSH, which will implicitly restrict access to the Configuration Utility. To avoid locking out the administrator, recent versions of BIG-IP no longer allow restricting administrator access to the Configuration Utility by source IP address. The administrator needs to switch to the “Advanced” view mode in ordetro display the relevant setting.

What traffic will be permitted to reach the BIG-1P?. FTP. SSH. TELNET.

An administrator is in the process of reactivating the license using the interface displayed in the exhibit. What is the address of the license servetro which the BIG-IP device must be able to establish an outbound connection in order to use the Automatic Activation Method?. license.f5.com. callhome.f5.com. ask.f5.com. activate.f5.com.

The monitoring team reports that the SNMP server is unable to poll data from a BIG-IP device. What information will help the BIG-IP Administrator determine whether the issue originates from the BIG-IP system?. The “Port Lockdown” setting is preventing the SNMP server from polling data from the BIG-IP. The “Traffic Group” setting must use a floating Traffic Group. The “VLAN / Tunnel” setting must allow All Vlans. The configuration on the exhibit is correct and other options should be explored.

A BIG-IP Administrator upgrades the BIG-IP LTM to a newer software version. After the administrator reboots into the new volume, the configuration fails to load. Why is the configuration failing to load?. The upgrade was performed on the standby unit. The license needed to be reactivated before the upgrade. A minimum of at least two reboots is required. Connectivity to the DNS server failed to be established.

An organization has purchased a BIG-IP license that includes all available modules but has chosen to provision only the modules they require. The exhibit displays the current resource allocation from the System > Resource Provisioning page. Based on the information provided, which F5 modules have been provisioned?. LTM, APM. DNS, APM. LTM, DNS, APM. TMM, DNS, APS.

A BIG-IP Administrator discovers malicious brute-force attempts to access the BIG-IP device on the management interface via SSH. The administrator needs to restrict SSH access to the management interface. Where should this be accomplished?. Network> Interfaces. Network > Self IPs. System > Configuration. System > Platform.

A BIG-IP Administrator needs to install a HotFix on a standalone BIG-IP device, which has HD1.1 as the Active Boot Location. The administrator has already re-activated the license and created a UCS archive. In which sequence should the administrator perform the remaining steps?. Install HotFix in HD1.2, Install base Image in HD1.2, Activate HD1.2. Install HotFix in HD1.1, Reboot the BIG-IP device, Install UCS Archive. Install base Image in HD1.2, Install HotFix in HD1.2, Activate HD1.2. Activate HD1.2, Install base Image in HD1.2, Install HotFix in HD1.2.

A new logging solution is being implemented on the network. Policy requires keeping management traffic sent from the BIG-IP out of the management interface. After configuring the BIG-IP to forward messages to the new Syslog server, the BIG-IP Administrator notices that packets are being sent from a numbered data-plane Self IP. What should the BIG-IP Administrator change to send the traffic out of the correct interface?. Set the Management IP as the source address when configuring a Remote Syslog destination. Create a Management Route for the specific address/subnet of the syslog service via TMSH. Create a new Self IP in the same subnet as the management IP address using a route domain. Modify the port lockdown settings on the Self IP address to allow UDP port 514 traffic.

The Port Lockdown feature prevents unwanted connection attempts to a Self IP. Which three types of connection attempts are unaffected by Port Lockdown settings?. Defined virtual server traffic, Secure Shell (SSH), Centralized Management Infrastructure (CMI). Centralized Management Infrastructure (CMI), Secure Shell (SSH), Internet Control Message Protocol (ICMP). Defined virtual server traffic, Internet Control Message Protocol (ICMP), Centralized Management Infrastructure (CMI).

A secondary administrator has been granted access to a BIG-IP device through its Management Interface, but is unable to access the Configuration Utility (WebUI). What command can be run from the CLI to capture the network traffic on the management interface and troubleshoot the issue? (Choose two.). tcpdump -i eth0 -n port 443. tcpdump -i mgmt -n port 443. tcpdump -i 0.0 -n port 443. tcpdump -i tun0 -n port 443. tcpdump -i management -n port 443.

The BIG-IP Administrator uses Secure Copy Protocol (SCP) to upload a TMOS image to the /shared/images/ directory in preparation for a TMOS upgrade. After the upload is completed, what will the system do before the image is shown in the GUI under: System » Software Management » Image List?. The system performs a reboot into a new partition. The system verifies the internal checksum. The system copies the image to /var/local/images/.

Which one of the following is a port and protocol combination allowed by the Allow Default setting for Port Lockdown?. TCP 80. UDP 8443. TCP 443.

How can the BIG-IP Administrator tell when an unlicensed module has been provisioned?. A BIG-IP does not allow unlicensed modules to be provisioned. When provisioning an unlicensed module, a warning will appear. A Provisioning Warning will be displayed in the GUI in the upper left corner.

When logged into the bash shell of a BIG-IP system, which of the following commands will display the management-ip address? (Choose two.). tmsh list /sys management-ip. show mgmtip. ifconfig mgmt. list / sys management-ip.

Which command will display the current active volume on a BIG-IP system?. tmsh show sys version. tmsh show sys software status. tmsh list sys software update.

What command will allow the BIG-IP Administrator toview the configured management IP of a BIGIP system?. tmsh show sys management-ip. tmsh list sys management-ip. tmsh list sys management-route. tmsh list net self.

In order to configure allowed IP addresses for SSH access to a BIG-IP device, the BIG-IP Administrator has issued the commands shown in the exhibit. Which IP addresses will have SSH access after issuing the shown commands? (Choose two.). 10.0.0.100. 10.0.0.254. 10.0.0.256. 100.0.1.10. 100.0.0.10.

Which of the following are resource allocation (provisioning) settings for BIG-IP modules? (Choose two.). Maximum. Nominal. Dedicated. Limited.

Given that BIGIP-<version>.iso and Hotfix-BIGIP-<version>-ENG.iso have been uploaded to /shared/images on an F5 device, whatis the appropriate tmsh command to prepare and update the BIG-IP device with the hotfix of a software version on a new volume HD1.2? (Choose one.). tmsh install /sys software hotfix Hotfix-BIGIP-<version>-ENG.iso create-volume HD1.2. tmsh install /sys software BIGIP-<version>.iso hotfix Hotfix-BIGIP-<version>-ENG.iso createvolume HD1.2. tmsh create /sys software hotfix Hotfix-BIGIP-<version>-ENG.iso volume HD1.2. tmsh copy /sys software hotfix Hotfix-BIGIP-<version>-ENG.iso volume HD1.2.

How should the BIG-IP Administrator block connections to a Self IP on port 443 while allowing connections to other ports?. In the Configuration Utility, select System » Platform » SSH Allow. Enter the IP addresses of the clients allowed to connect to the Self IPs. In the Configuration Utility, select Network » Self IPs. Select the Self IP in question, then select "Disable'. In the Configuration Utility, go to Network » Self IPs. Select the Self IP in question, then select 'Port Lockdown' and 'Allow Custom'. Enter in only the allowed ports to that Self IP address. In the Configuration Utility, go to Network » Self IPs. Select the Self IP in question, then select 'Port Lockdown' and 'Allow None'.

The Service Check Date on the license matches the date that the BIG-IP was installed two years ago. Which of the following activities would require the BIG-IP Administrator to renew the license and update the Service Check Date for it to work?. Creating a QkView and uploading it to the F5 ¡Health site for support to review. Performing a system software upgrade to a new version of BIG-IP that was just released. Uploading and installing new ASM signatures and threat campaigns to the device.

Which of the following are resource allocation settings for modules? (Pick the 2 correct responses below). Maximum. Nominal. Limited. Dedicated.