TMOS Administration v1.0
Question 1
What is the purpose of MAC masquerading?
- A. to prevent ARP cache errors
- B. to minimize ARP entries on routers
- C. to minimize connection loss due to ARP cache refresh delays
- D. to allow both BIGIP devices to simultaneously use the same MAC address
Answer : C
Question 2
The incoming client IP address is 195.64.45.52 and the last five connections have been sent to members A, C, E, D and B. Given the virtual server, pool, and persistence definitions and statistics shown in the above graphic, which member will be used for the next connection?
- A. 10.10.20.1:80
- B. 10.10.20.2:80
- C. 10.10.20.3:80
- D. 10.10.20.4:80
- E. 10.10.20.5:80
- F. It cannot be determined with the information given.
Answer : C
Question 3
Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the BIG-IP?
- A. No SSL certificates are required on the BIG-IP.
- B. The BIG-IP's SSL certificates must only exist.
- C. The BIG-IP's SSL certificates must be issued from a certificate authority.
- D. The BIG-IP's SSL certificates must be created within the company hosting the BIG-IPs.
Answer : A
Question 4
Assume a virtual server is configured with a ClientSSL profile. What would the result be if the virtual server's destination port were not 443?
- A. SSL termination could not be performed if the virtual server's port was not port 443.
- B. Virtual servers with a ClientSSL profile are always configured with a destination port of 443.
- C. As long as client traffic was directed to the alternate port, the virtual server would work as intended.
- D. Since the virtual server is associated with a ClientSSL profile, it will always process traffic sent to port 443.
Answer : C
Question 5
Which statement is true concerning SSL termination?
- A. A virtual server that has both ClientSSL and ServerSSL profiles can still support cookie persistence.
- B. Decrypting traffic at the BIG-IP allows the use of iRules for traffic management, but increases the load on the pool member.
- C. When any virtual server uses a ClientSSL profile, all SSL traffic sent to the BIG-IP is decrypted before it is forwarded to servers.
- D. If a virtual server has both a ClientSSL and ServerSSL profile, the pool members have less SSL processing than if the virtual server had only a ClientSSL profile.
Answer : A
Question 6
A site wishes to perform source address translation on packets from some clients but not others. The determination is not based on the client's IP address, but on the virtual servers their packets arrive on. What could best accomplish this goal?
- A. A SNAT for all addresses could be defined, and then disable the SNAT processing for select VLANs.
- B. Some virtual servers could be associated with SNAT pools and others not associated with SNAT pools.
- C. The decision to perform source address translation is always based on VLAN. Thus, the goal cannot be achieved.
- D. The decision to perform source address translation is always based on a client's address (or network). Thus, this goal cannot be achieved.
Answer : B
Question 7
Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server processing takes place. Also assume that the NAT definition specifies a NAT address and an origin address while all other settings are left at their defaults. If a client were to initiate traffic to the NAT address, what changes, if any, would take place when the BIG-IP processes such packets?
- A. The source address would not change, but the destination address would be translated to the origin address.
- B. The destination address would not change, but the source address would be translated to the origin address.
- C. The source address would not change, but the destination address would be translated to the NAT's address.
- D. The destination address would not change, but the source address would be translated to the NAT's address.
Answer : A
Question 8
A standard virtual server is defined with a pool and a SNAT using automap. All other settings for the virtual server are at defaults. When client traffic is processed by the BIG-IP, what will occur to the IP addresses?
- A. Traffic initiated by the pool members will have the source address translated to a self-IP address but the destination address will not be changed.
- B. Traffic initiated to the virtual server will have the destination address translated to a pool member address and the source address translated to a self-IP address.
- C. Traffic initiated by selected clients, based on their IP address, will have the source address translated to a self-IP address but the destination will only be translated if the traffic is destined to the virtual server.
- D. Traffic initiated to the virtual server will have the destination address translated to a pool member address and the source address translated to a self-IP address. Traffic arriving destined to other destinations will have the source translated to a self-IP address only.
Answer : B
Question 9
Which VLANs must be enabled for a SNAT to perform as desired (translating only desired packets)?
- A. The SNAT must be enabled for all VLANs.
- B. The SNAT must be enabled for the VLANs where desired packets leave the BIG-IP.
- C. The SNAT must be enabled for the VLANs where desired packets arrive on the BIG-IP.
- D. The SNAT must be enabled for the VLANs where desired packets arrive and leave the BIG-IP.
Answer : C
Question 10
A BIG-IP has a virtual server at 150.150.10.10:80 with SNAT automap configured. This BIG-IP also has a SNAT at 150.150.10.11 set for a source address range of 200.200.1.0 / 255.255.255.0. All other settings are at their default states. If a client with the IP address 200.200.1.1 sends a request to the virtual server, what is the source IP address when the associated packet is sent to the pool member?
- A. 200.200.1.1
- B. 150.150.10.11
- C. Floating self IP address on VLAN where the packet leaves the system
- D. Floating self IP address on VLAN where the packet arrives on the system
Answer : C
Question 11
Which IP address will the client address be changed to when SNAT automap is specified within a Virtual Server configuration?
- A. The floating self-IP address on the VLAN where the packet leaves the system.
- B. The floating self-IP address on the VLAN where the packet arrives on the system.
- C. It will alternate between the floating and non floating self-IP address on the VLAN where the packet leaves the system so that port exhaustion is avoided.
- D. It will alternate between the floating and non floating self-IP address on the VLAN where the packet arrives on the system so that port exhaustion is avoided.
Answer : A
Question 12
A virtual server at 10.10.1.100:80 has the rule listed below applied. when HTTP_REQUEST { if {[HTTP::uri] ends_with "htm" } { pool pool1 } else if {[HTTP::uri] ends_with "xt" } { pool pool2 }
If a user connects to http://10.10.1.100/foo.txt which pool will receive the request?
- A. pool1
- B. pool2
- C. None. The request will be dropped.
- D. Unknown. The pool cannot be determined from the information provided.
Answer : B
Question 13
Which statement is true concerning iRule events?
- A. All iRule events relate to HTTP processes.
- B. All client traffic has data that could be used to trigger iRule events.
- C. All iRule events are appropriate at any point in the clientserver communication.
- D. If an iRule references an event that doesn't occur during the client's communication, the client's connection will be terminated prematurely.
Answer : B
Question 14
Which three iRule events are likely to be seen in iRules designed to select a pool for load balancing? (Choose three.)
- A. CLIENT_DATA
- B. SERVER_DATA
- C. HTTP_REQUEST
- D. HTTP_RESPONSE
- E. CLIENT_ACCEPTED
- F. SERVER_SELECTED
- G. SERVER_CONNECTED
Answer : ACE
Question 15
Which event is always triggered when a client initially connects to a virtual server configured with an HTTP profile?
- A. HTTP_DATA
- B. CLIENT_DATA
- C. HTTP_REQUEST
- D. CLIENT_ACCEPTED
Answer : D