F5 101

Application Delivery Fundamentals

Version: 5.1
 F5 101 Exam
QUESTION NO: 1

To make complex access policies easier to manage, an administrator can create a _______
containing several policy actions, and then add instances of it within the policy? (Fill in)

A.
Visual Policy Editor

B.
Policy Editor

C.
Visual Editor

D.
Policy creator

Answer: A
Explanation:

QUESTION NO: 2

To make complex access policies easier to manage, an administrator can create a policy
containing several policy actions, and then add instances of it within the policy using the
________. (Fill in)

A.
Deployment Wizard

B.
Setup Wizard

C.
Policy Wizard

D.
Visual Wizard

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 2

 F5 101 Exam

QUESTION NO: 3

The Policy Builder benefits include:

A.
Doesn't require in depth web application knowledge

B.
Only requires limited ASM knowledge

C.
All of the above

D.
Very low administrative impact

Answer: C
Explanation:

QUESTION NO: 4

APM administrators can configure access policies granting users which two types of access?

A.
CIFS access

B.
Client/server access

C.
Web application access

D.
Proxy access

E.
RDC access

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 3

 F5 101 Exam
Explanation:

QUESTION NO: 5

Which of the following is a benefit of using iRules?

A.
They provide a secure connection between a client and LTM

B.
They enable granular control of traffic

C.
They can be used as templates for creating new applications

D.
They can use Active Directory to authenticate and authorize users

E.
They provide an automated way to create LTM objects

Answer: B
Explanation:

QUESTION NO: 6

APM provides access control lists at which two OSI layers? (Choose two.)

A.
Layer 5

B.
Layer 4

C.
Layer 7

D.
Layer 6
"Pass Any Exam. Any Time." - www.actualtests.com 4
 F5 101 Exam
E.
Layer 2

Answer: B,C
Explanation:

QUESTION NO: 7

TMOS is an F5 software module that runs on the BIG-IP platform.

A.
True

B.
False

Answer: B
Explanation:

TMOS is multi-module OS on Big-IP platform

QUESTION NO: 8

Which four F5 products are on the TMOS platform? (Choose four.)

A.
ARX

B.
GTM

C.
WOM

D.
APM

"Pass Any Exam. Any Time." - www.actualtests.com 5

 F5 101 Exam
E.
ASM

F.
Firepass

Answer: B,C,D,E
Explanation:

QUESTION NO: 9

Which of the following is NOT a profile type on the BIG-IP?

A.
Protocol

B.
Application

C.
Persistence

D.
Authentication

E.
SSL

Answer: B
Explanation:

QUESTION NO: 10

The BIG-IP determines the lowest connection speed between the client and the server and then
uses that for both connections.

A.
True
"Pass Any Exam. Any Time." - www.actualtests.com 6
 F5 101 Exam
B.
False

Answer: B
Explanation:

QUESTION NO: 11

Another name for the F5 OneConnect feature is TCP multiplexing.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 12

LTM runs on______F5's proprietary product platform. (Fill in the correct answer)

A.
ARX

B.
Firepass

C.
Acopia

D.
TMOS

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 7

 F5 101 Exam
Explanation:

QUESTION NO: 13

Which programming language is the basis for F5 iRules?

A.
Lisp

B.
C++

C.
Java

D.
TCL

E.
AWK

Answer: D
Explanation:

QUESTION NO: 14

What are the two most common methods of placing a BIG-IP device into a network environment?
(Choose two.)

A.
Channeled configuration

B.
VLAN configuration

C.
NAT configuration

D.
"Pass Any Exam. Any Time." - www.actualtests.com 8
 F5 101 Exam
SNAT configuration

E.
Asymmetric configuration

F.
Routed configuration

Answer: D,F
Explanation:

QUESTION NO: 15

Which of the following is NOT a benefit of using SSL offload?

A.
It increases the bandwidth between the client and LTM.

B.
It enables LTM to decrypt traffic, examine the payload, and then re-encrypt before sending it to a
pool member.

C.
The organization requires far less SSL certificates.

D.
The CPU processing load on backend servers is reduced.

E.
It enables iRules to be used on traffic arriving to LTM that is encrypted.

Answer: A
Explanation:

SSL offload:

It enables LTM to decrypt traffic, examine the payload, and then re-encrypt before sending it to a
pool member.

The organization requires far less SSL certificates.

The CPU processing load on backend servers is reduced.

"Pass Any Exam. Any Time." - www.actualtests.com 9

 F5 101 Exam
It enables iRules to be used on traffic arriving to LTM that is encrypted.

QUESTION NO: 16

When using a routed configuration, the real server must point to the LTM as the ________.

A.
NTP Server

B.
DNS Server

C.
Virtual IP

D.
WINS server

E.
Default gateway

Answer: E
Explanation:

QUESTION NO: 17

TCP Express is licensed separately from LTM

A.
True

B.
False

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 10

 F5 101 Exam
TCP Express is licensed including in LTM

QUESTION NO: 18

LTM can only load balance outbound traffic by using iRules

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 19

Which two of these statements about OneConnect are true? (Choose two.)

A.
It decreases the CPU load on LTM

B.
It aggregates multiple client connections into a single server connection

C.
It decreases the amount of traffic between multiple clients and LTM

D.
It requires SNAT to be configured

E.
It decreases the CPU load on pool members

Answer: B,E
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 11

 F5 101 Exam

QUESTION NO: 20

GTM solves which three of these standard DNS limitations? (Choose three.)

A.
It can verify that a host is available before resolving a host name for a client.

B.
It can use HTTPS for the connection between itself and the client.

C.
It can ensure that clients remain at the same data center for stateful applications.

D.
It can verify that a client does not have any viruses before sending the IP address.

E.
It has more complex load balancing methods.

Answer: A,C,E
Explanation:

GTM solves three of these standard DNS limitations

It can verify that a host is available before resolving a hostname for a client

It can ensure that clients remain at the same data center for stateful applications

It has more complex load balancing methods

QUESTION NO: 21

Using IP Geolocation, an organization can always direct a client request from France to a
datacenter in Dublin.

A.
True

B.
False

"Pass Any Exam. Any Time." - www.actualtests.com 12

 F5 101 Exam
Answer: A
Explanation:

QUESTION NO: 22

Which three of these software modules can you layer on top of LTM on a BIG-IP device? (Choose
three.)

A.
Web Accelerator

B.
APM

C.
ARX

D.
GTM

E.
Firepass

F.
Enterprise Manager

Answer: A,B,D
Explanation:

These software modules can you layer on top of LTM on a BIG-IP device are AAM, APM and
GTM.

QUESTION NO: 23

Customers can purchase LTM as a stand-alone product, or layer it with additional software
modules to increase the functionality of the BIG-IP device.

A.
"Pass Any Exam. Any Time." - www.actualtests.com 13
 F5 101 Exam
True

B.
False

Answer: A
Explanation:

QUESTION NO: 24

Which two of the following options can LTM use when all of the pool members are not available or
if the pool is overloaded?

A.
Floating IPs

B.
Fallback host

C.
Auto last hop

D.
SNAT automap

E.
Pool offload

F.
Priority group activation

Answer: D
Explanation:

http://support.f5.com/kb/en-
us/products/bigip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_pools.html

QUESTION NO: 25

"Pass Any Exam. Any Time." - www.actualtests.com 14

 F5 101 Exam
The least connections load balancing method functions best when all pool members share similar
characteristics.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 26 CORRECT TEXT

The layer 3 security feature _______ Cookies that protects against SYN floods, DoS, and DDoS
attacks. (Fill in)

Answer:
contain / include

QUESTION NO: 27

A top-level DNS zone uses a CNAME record to point to a sub-zone. Which of the following is an
example of a sub-zone?

A.
www.F5.com/sub

B.
www.F5.com

C.
www.gslb.F5.com

D.
.com

E.
f5.com

"Pass Any Exam. Any Time." - www.actualtests.com 15

 F5 101 Exam
Answer: C
Explanation:

QUESTION NO: 28 CORRECT TEXT

A _______ object maps a FQDN to virtual servers. (Fill in)

Answer:
Wide IP

QUESTION NO: 29

Which three of the following must be done in order for GTM to properly communicate LTM?
(Choose three.)

A.
Connect the GTM and LTM with a network crossover cable.

B.
Synchronize the big3d versions between GTM and LTM.

C.
Add the LTM object to the GTM configuration.

D.
Configure the GTM and LTM to we MAC masquerading.

E.
Ensure that GTM and LTM use the same floating IP address.

F.
Exchange SSL certificates between the two devices.

Answer: B,C,F
Explanation:

Integrating LTM systems with GTM systems on a network

Running the bigip_add utility

"Pass Any Exam. Any Time." - www.actualtests.com 16

 F5 101 Exam
Determine the self IP addresses of the BIG-IP LTM systems that you want to communicate with
BIG-IP GTM.

Run the bigip_add utility on BIG-IP GTM. This utility exchanges SSL certificates so that each
system isauthorized to communicate with the other.

When the LTM and GTM systems use the same version of the big3d agent, you run the bigip_add
utility toauthorize communications between the systems.

http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations11-3-
0/7.html

Note:

The BIG-IP GTM and BIG-IP LTM systems must have TCP port 4353 open through the firewall
between the systems. The BIG-IP systems connect and communicate through this port.

QUESTION NO: 30

DNSSEC is a GTM add-on licensing feature.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 31 CORRECT TEXT

GTM uses the F5 ___________ protocol to synchronize performance metrics between GTM
devices. (Fill in)

Answer:
iQuery

"Pass Any Exam. Any Time." - www.actualtests.com 17

 F5 101 Exam
QUESTION NO: 32

Which four of the monitoring methods listed below can GTM use to determine the status and
performance of BIG-IP and servers? (Choose four.)

A.
ping

B.
Application monitors

C.
Inband monitors

D.
SSH

E.
iQuery

F.
SNMP

Answer: A,B,E,F
Explanation:

http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-concepts-11-30/1.html

Configuring

GTMto determine packet gateway health and availability

http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations11-5-
0/9.html

sol13690:

Troubleshooting BIG-IP GTM synchronization and iQuery connections (11.x)

http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13690.html

QUESTION NO: 33

What happens when the data center that GTM recommends for a client is unavailable?
"Pass Any Exam. Any Time." - www.actualtests.com 18
 F5 101 Exam
A.
GTM uses cached information to determine an alternate route.

B.
GTM queries the local DNS server.

C.
GTM sends subsequent queries to the next preferred data center.

D.
GTM directs the client to use its DNS cache to select an alternate location.

E.
The client continues to attempt to access the preferred data center.

Answer: C
Explanation:

QUESTION NO: 34

GTM can load balance to LTM in addition to non-BIG-IP hosts.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 35

Which of the following is NOT included on the F5 DevCentral site?

A.
Subscription purchasing options

B.
"Pass Any Exam. Any Time." - www.actualtests.com 19
 F5 101 Exam
Actual iRules written by other customers

C.
iRules reference materials

D.
Forums

E.
The F5 iRule editor

Answer: A
Explanation:

Subscription purchasing options is in Partner Resource Center

QUESTION NO: 36

If LTM uses the least connections load balancing method, which pool member in the following
diagram receives the next request?

"Pass Any Exam. Any Time." - www.actualtests.com 20

 F5 101 Exam

A.
A

B.
B

C.
C

D.
D

Answer: B
Explanation:

QUESTION NO: 37
"Pass Any Exam. Any Time." - www.actualtests.com 21
 F5 101 Exam
Why does deploying LTM into an existing network immediately improve security?

A.
Only requests for specific ports are allowed through LTM.

B.
All traffic through LTM is checked for DDoS attacks.

C.
No traffic A allowed through LTM until it has been specified.

D.
All users must authenticate before accessing applications through LTM.

E.
Only LAN administrators can access resources through LTM.

Answer: C
Explanation:

QUESTION NO: 38

You can use an HTTP class profile to forward traffic that matches which three of these types of
criteria? (Choose three.)

A.
Port

B.
HTTP header

C.
URI path

D.
User name

E.
Protocol

F.
Host name

"Pass Any Exam. Any Time." - www.actualtests.com 22

 F5 101 Exam
Answer: B,C,F
Explanation:

QUESTION NO: 39

When an optimized TCP connection exists between LTM and the pool member, LTM can accept
server responses faster than the client. What is the name of this feature?

A.
HTTP caching

B.
OneConnect

C.
TCP connection queuing

D.
Content spooling

E.
Priority activation

Answer: D
Explanation:

QUESTION NO: 40

As a full TCP proxy, LTM acts as the termination point for both requests from the client and
responses from the server.

A.
True

B.
False

Answer: A
"Pass Any Exam. Any Time." - www.actualtests.com 23
 F5 101 Exam
Explanation:

QUESTION NO: 41

FastCache will NOT work with compressed objects.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 42

Which of the following can be accomplished using iRules?

A.
Track inbound and outbound traffic

B.
Perform deep packet inspection

C.
Inspect traffic and drop it

D.
All of the above

E.
Intercept traffic and redirect it

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 24

 F5 101 Exam

QUESTION NO: 43

GTM uses Auto Discovery to add virtual servers from both LTM and non-BIG-IP load balancers.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 44

Which four of the following statements about LDNS probes are true? (Choose four.)

A.
Only GTM devices can act as a prober.

B.
They check each requesting LDNS that has made a request of the GTM.

C.
They can determine available cache size on the client.

D.
They are used to develop path metrics.

E.
They verify the link between a data center and an LDNS.

F.
Probing only takes place if GTM is configured to use dynamic load balancing.

Answer: B,D,E,F
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 25

 F5 101 Exam

QUESTION NO: 45

Similar to LTM monitors, GTM monitors use both an Interval and a Timeout value.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 46

Since F5 built GTM on the TMOS platform it can exist on the same BIGIP device as LTM:

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 47

An administrator is adding GTM to the network infrastructure. Which of the following requirements
would lead them to select an Authoritative Screening architecture rather than Delegation?

A.
They want GTM to examine all DNS queries.

B.
"Pass Any Exam. Any Time." - www.actualtests.com 26
 F5 101 Exam
They want GTM to make load balancing decisions based on metrics.

C.
They have data centers in several countries.

D.
They are using several operating systems for the local DNS servers.

Answer: C
Explanation:

QUESTION NO: 48

The BIG-IP full proxy architecture has full visibility from the client to the server and from the server
to the client.

What security benefit does this provide to customers?

A.
Offloads security functionality from other devices such as network firewalls and Intrusion
Prevention Systems (IPS), which may experience performance degradation when inspecting DNS
queries and responses.

B.
provides enhanced support for DNS servers.

C.
Establishes highly detailed policies based on your customer's business in requirements, performs
multiple factors of authentication, detects corporate versus non-corporate devices, checks OS
patch levels, and determines antivirus patch levels.

D.
Provides industry-leading knowledge of application behavior as it travels through a network, and it
applies that knowledge to security because it knows how an application behaves at any point in
the reply request process

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 27

 F5 101 Exam
QUESTION NO: 49

Select the key reasons F5 is able to handle DNS DDoS attacks so effectively? Select two.

A.
F5 can ensure a DNS DDoS attack is not successful.

B.
F5 has high performance DNS services.

C.
F5 can answer the DNS queries directly.

D.
With Global Traffic Manager (GTM), F5 completely stops all DNS DDoS attacks.

E.
F5 can ensure a customer never faces a DNS DDoS attack.

Answer: C,E
Explanation:

QUESTION NO: 50

Which of the following are the three main business drivers for placing LTM into a network?
(Choose three.)

A.
Secure the connection between WAN sites.

B.
Improve application availability and scalability.

C.
Authenticate and authorize users.

D.
Boost application performance.

E.
Include application security.

F.

"Pass Any Exam. Any Time." - www.actualtests.com 28

 F5 101 Exam
Act as a Web application firewall

Answer: B,D,E
Explanation:

QUESTION NO: 51

If a customer has an application that uses a customized protocol, what LTM feature can help
optimize the traffic from the application?

A.
iRules

B.
Network virtual servers

C.
HTTP classes

D.
Packet filtering

E.
Transparent virtual servers

Answer: A
Explanation:

QUESTION NO: 52

An LTM object represents a downstream server that hosts a secure Web site and contains the IP
address and port combination 192.168.9.250:443. What is this object?

A.
Self IP

B.
Virtual Server
"Pass Any Exam. Any Time." - www.actualtests.com 29
 F5 101 Exam
C.
Pool

D.
Node

E.
Pool Member

Answer: E
Explanation:

QUESTION NO: 53

Adding more RAM to a GTM device drastically improves query performance.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 54

Which of the following are four of the security benefits of TMOS? (Choose four.)

A.
It verifies traffic based on antivirus signatures.

B.
It provides protection against DDoS.

C.
It uses SYN cookies and dynamic connection reapers.

"Pass Any Exam. Any Time." - www.actualtests.com 30

 F5 101 Exam
D.
It supplies guidance for poorly developed applications.

E.
It denies all traffic that hasn't been defined.

F.
It can hide confidential information from outbound traffic.

Answer: B,C,E,F
Explanation:

QUESTION NO: 55

The LTM "Manager" authentication role can create iRules.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 56

Which of the following statements about cookie persistence is NOT true?

A.
The cookie's timeout value can be customized.

B.
They are F5'spreferred persistence method.

C.
No persistence information is placed on LTM.

"Pass Any Exam. Any Time." - www.actualtests.com 31

 F5 101 Exam
D.
Web servers must be configured to send cookies to clients.

E.
They do not add a performance impact on LTM.

Answer: D
Explanation:

QUESTION NO: 57

An LTM object that represents a downstream server contains the IP address 192.168.9.250 and
no port. What is this object?

A.
Pool member

B.
Virtual server

C.
Pool

D.
Self IP

E.
Node

Answer: E
Explanation:

QUESTION NO: 58

Which three of the metrics listed below can GTM use when making load balancing decisions for a
client? (Choose three.)

A.
"Pass Any Exam. Any Time." - www.actualtests.com 32
 F5 101 Exam
TCP payload

B.
IP geolocation

C.
Hop count

D.
Round trip time

E.
Browser user agent

Answer: B,C,D
Explanation:

QUESTION NO: 59

In order to improve GTM performance, administrators should use multiple complex monitors to
ensure resources are functioning properly:

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 60

Which three of the following are unique differentiators for F5 in the marketplace? (Choose three.)

A.
VLANs

"Pass Any Exam. Any Time." - www.actualtests.com 33

 F5 101 Exam
B.
Load-balancing pools

C.
Secure remote access

D.
TMOS

E.
OneConnect

F.
iRules

Answer: D,E,F
Explanation:

QUESTION NO: 61

Which three of these file types work well with HTTP compression? (Choose three.)

A.
MP4 videos

B.
Digital photos

C.
Text files

D.
Static HTML Web pages

E.
CD quality songs

F.
Microsoft Word documents

Answer: C,D,F
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 34

 F5 101 Exam

QUESTION NO: 62

Match each persistence method with the correct statement describing it:

A.
Cookie persistence

B.
Source address persistence

C.
SSL persistence

D.
Universal persistence

Answer: B
Explanation:

QUESTION NO: 63

Which two of the following LTM load balancing methods require the least amount of resources?
(Choose two.)

A.
Round robin

B.
Ratio

C.
Observed

D.
Fastest

E.
Predictive

F.
Least connections
"Pass Any Exam. Any Time." - www.actualtests.com 35
 F5 101 Exam
Answer: A,B
Explanation:

QUESTION NO: 64

When using a redundant pair of LTMs, it is most advantageous to use them in an Active/Active
scenario because this provides additional load balancing capabilities.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 65

An LTM object contains both IP address and port combinations 20.18.9.250:80 and
20.18.9.251:80 and host the same Web application. What is this object?

A.
Pool

B.
Self-IP

C.
Node

D.
Pool member

E.
Virtual Server

Answer: A
"Pass Any Exam. Any Time." - www.actualtests.com 36
 F5 101 Exam
Explanation:

QUESTION NO: 66

Which of the following are four of the benefits of the TMOS architecture? (Choose four.)

A.
User authentication

B.
Server-side optimization

C.
Dynamic DDoS protection

D.
Web application security

E.
Client-side optimization

F.
Antivirus checking

Answer: B,C,D,E
Explanation:

QUESTION NO: 67

In order to further accelerate applications, the external router can direct subsequent client traffic to
bypass LTM and communicate directly with the server.

A.
True

B.
False

"Pass Any Exam. Any Time." - www.actualtests.com 37

 F5 101 Exam
Answer: B
Explanation:

QUESTION NO: 68 CORRECT TEXT

LTM runs on________F5's proprietary product platform. (Fill in the correct answer)

Answer:
TMOS

QUESTION NO: 69

When using only LTM in redundant pairs, a customer can load balance to multiple data centers.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 70

Application templates save the time it typically takes to create nodes, pools, pool members, virtual
servers, and monitors.

A.
True

B.
False

"Pass Any Exam. Any Time." - www.actualtests.com 38

 F5 101 Exam
Answer: A
Explanation:

QUESTION NO: 71

Which of the following TMOS feature enables BIG-IP to scale performance based to the available
CPU cores?

A.
Clustered multi-processing

B.
OneConnect

C.
HTTP class

D.
Session persistence

E.
Auto Last Hop

Answer: A
Explanation:

QUESTION NO: 72

In a routed configuration, what does LTM do with the packet before sending it to the pool
member?

A.
Change the source IP and the destination IP address

B.
Leave it unchanged and forward it

C.
Change the source IP address
"Pass Any Exam. Any Time." - www.actualtests.com 39
 F5 101 Exam
D.
Change the destination IP address

Answer: D
Explanation:

QUESTION NO: 73

If the BIG-IP device is NOT always located between the client and the server, it will NOT provide
full optimization and security.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 74

TCP Express enables LTM to use different TCP settings for the connection between the client and
LTM, and the connection between LTM and the pool member.

A.
True

B.
False

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 40

 F5 101 Exam
QUESTION NO: 75

Where do you configure GTM client persistence?

Case Study Title (Case Study):

A.
On a DNS listener object

B.
On a wide IP object

C.
Within a load balancing method

D.
On a DNS pool object

E.
On a virtual server object

Answer: B
Explanation:

QUESTION NO: 76

Administrators can configure which three of the following load balancing options in GTM? (Choose
three.)

A.
Alternate

B.
Fallback

C.
Required

D.
Preferred

E.
Backup

"Pass Any Exam. Any Time." - www.actualtests.com 41

 F5 101 Exam
F.
Optional

Answer: A,B,D
Explanation:

QUESTION NO: 77

Over the years, F5 has led the industry in which of the four following areas? (Choose three.)

A.
Security

B.
Acceleration

C.
Application availability

D.
Application scalability

E.
Application design

F.
Remote access

Answer: A,B,D
Explanation:

QUESTION NO: 78

Which of the following is NOT a method that TMOS uses to improve the performance of
applications?

A.
Caching HTTP data
"Pass Any Exam. Any Time." - www.actualtests.com 42
 F5 101 Exam
B.
Optimizing the TCP connection between the client and the BIG-IP device

C.
Offloading SSL decryption from downstream servers

D.
Discarding unnecessary data from server responses before sending to the client

E.
Compressing HTTP data

Answer: D
Explanation:

QUESTION NO: 79

The drawback to having BIG-IP act as a full application proxy is the decrease in application
performance.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 80

The Policy Builder benefits include:

A.
Doesn't require in depth web application knowledge

B.
Only requires limited ASM knowledge
"Pass Any Exam. Any Time." - www.actualtests.com 43
 F5 101 Exam
C.
All of the above

D.
Very low administrative impact

Answer: C
Explanation:

QUESTION NO: 81

CSRF is difficult to detect because:

A.
The attacks are requests a user should be allowed to make

B.
The attacks always utilize obfuscation

C.
The attacks are always encrypted

D.
All of the above

Answer: A
Explanation:

QUESTION NO: 82

Information leakage is a major obstacle to achieving PCI DSS compliance.

A.
True

B.
False

"Pass Any Exam. Any Time." - www.actualtests.com 44

 F5 101 Exam
Answer: A
Explanation:

QUESTION NO: 83

Requests that do not meet the ASM security policies can:

A.
Generate learning suggestions

B.
Be blocked

C.
All of the above

D.
Be logged

Answer: C
Explanation:

QUESTION NO: 84

What is NOT a benefit of using a SNAT?

A.
ASM can be deployed easily

B.
No changes are needed on the servers

C.
Fail open is easy to add

D.
Higher performance than other configuration

"Pass Any Exam. Any Time." - www.actualtests.com 45

 F5 101 Exam
Answer: D
Explanation:

QUESTION NO: 85

ASM's Web Scraping protection:

A.
Is simple to configure

B.
Cannot accommodate good scrapers

C.
Will protect the site by blocking all requests

D.
Is difficult to configure

Answer: A
Explanation:

QUESTION NO: 86

The PCI compliance report is proof that a company is secure.

A.
True

B.
False

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 46

 F5 101 Exam
QUESTION NO: 87

ASM offers the most extensive, effective, and simplest to configure CSRF protection in the WAF
market.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 88

The APM Dashboard enables administrators to monitor which two of these metrics? (Choose two.)

A.
Number of active sessions

B.
Number of new sessions

C.
Number of denied users

D.
Number of users from each country

Answer: A,B
Explanation:

QUESTION NO: 89

Although APM can interoperate with LTM, it is unable to use iRules for advanced processing.

"Pass Any Exam. Any Time." - www.actualtests.com 47

 F5 101 Exam
A.
True

B.
false

Answer: B
Explanation:

QUESTION NO: 90

APM provides access control lists at which two 051 layers

A.
Layer 6

B.
Layer 5

C.
Layer 7

D.
Layer 4

E.
Layer 3

F.
Layer 2

Answer: C,D
Explanation:

QUESTION NO: 91

Which of the following statements about Web server offload is NOT true?

"Pass Any Exam. Any Time." - www.actualtests.com 48

 F5 101 Exam
A.
It performs rate shaping to reduce overflow.

B.
It forces the client browser to use multiple connections streams.

C.
It uses OneConnect to reduce multiple TCP connections.

D.
It utilizes cached content to prevent unnecessary trips for the same content.

E.
It uses specialized hardware for SSL offload.

Answer: B
Explanation:

QUESTION NO: 92

A network administrator tells you that they do NOT need WebAccelerator because their Web
application is fine. What is your best response?

A.
Challenge them to run performance testing on their Web site.

B.
Access their Web site with them to display its response.

C.
Request a follow up meeting within the next three months.

D.
Ask for an opportunity to speak with the CIO or a member of their Web application team.

Answer: D
Explanation:

QUESTION NO: 93

"Pass Any Exam. Any Time." - www.actualtests.com 49

 F5 101 Exam
When sizing a WebAccelerator deployment, you should base the WA capacity on the
LTMcapacity.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 94

Which three of the following are benefits of adding WebAccelerator to the network infrastructure?
(Choose three.)

A.
It adds a layer, security to a Web site

B.
It speeds up a secure Web site

C.
It reduces the need to purchase additional bandwidth

D.
It analyzes Web content, and caches and compresses it accordingly

E.
It improves the performance, large object file transfers

Answer: B,C,D
Explanation:

QUESTION NO: 95

IP Enforcer blocks IP addresses that have repeatedly and regularly attacked the site.
"Pass Any Exam. Any Time." - www.actualtests.com 50
 F5 101 Exam
A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 96

One reason APM beats the competition is its ability to perform both user authentication and
authorization on a single device.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 97

Which three of these scenarios should you identify as being an APM opportunity? (Choose three.)

A.
An organization using Novell Netware for authentication.

B.
An organization that has been recently fined for failing security compliance.

C.
An organization with a traveling sales force.

D.
An organization with a single location and no remote employees.
"Pass Any Exam. Any Time." - www.actualtests.com 51
 F5 101 Exam
E.
An organization that needs to ensure users are using Symantec antivirus software.

F.
An organization sharing a public Web site for all Internet users.

Answer: B,C,E
Explanation:

QUESTION NO: 98

When an administrator creates a new access policy in the Visual Policy Editor, which three options
are included by default? (Choose three.)

A.
A fallback option

B.
An Allow Ad box

C.
A Deny End box

D.
An empty Resource Assign item

E.
A Start box

F.
A Block All option

Answer: A,C,E
Explanation:

QUESTION NO: 99

Poor Web application performance contributes to which four of these issues for businesses?
(Choose four.)
"Pass Any Exam. Any Time." - www.actualtests.com 52
 F5 101 Exam
A.
A Web site that goes unused

B.
Increased support calls

C.
Loss of users

D.
Loss of revenue

E.
DDoS attacks

F.
Identity theft

Answer: A,B,C,D
Explanation:

QUESTION NO: 100

Organizations are moving towards a cloud solution are good candidates for F5 WOM solutions.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 101

Using WOM for vMotion transfers across the WAN prevents VMware users from experiencing
interruptions.

"Pass Any Exam. Any Time." - www.actualtests.com 53

 F5 101 Exam
A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 102

The administrator must specify APM access control entries as either L4 or L7.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 103

Administrators can customize APM to resemble other internal Web applications in the
organization.

A.
True

B.
False

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 54

 F5 101 Exam

QUESTION NO: 104

Which of the following is a client-side action in the Visual Policy Editor that prevents external
access and deletes any files created during a secure access session?

A.
Windows Group Policy

B.
Resource Assign

C.
Protected Workspace

D.
Virtual Keyboard

E.
Browser Cache and Session Control

Answer: C
Explanation:

QUESTION NO: 105

The main drawback to using an APM Deployment Wizard is that it is not possible to edit the
resulting objects, including the access policy.

A.
True

B.
False

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 55

 F5 101 Exam
QUESTION NO: 106

Mobile device browsers typically display Web pages more slowly than PC browsers.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 107

Which two of the following factors are often responsible for poor Web application performance?
(Choose two.)

A.
The time it takes to generate an HTTP request.

B.
The time it takes to deliver the HTTP response over the network.

C.
The time it takes to display the HTTP response in the browser.

D.
The time it takes to generate the HTTP response.

Answer: B,D
Explanation:

QUESTION NO: 108

WebAccelerator uses three tiers to improve performance. What are the three tiers? (Choose
three.)
"Pass Any Exam. Any Time." - www.actualtests.com 56
 F5 101 Exam
A.
Bandwidth offload

B.
Client offload

C.
Application offload

D.
Protocol offload

E.
Web server offload

F.
Network offload

Answer: C,E,F
Explanation:

QUESTION NO: 109

ASM can detect Layer 7 DoS attacks by which four ways of monitoring: (Choose four.)

A.
Monitoring for a threshold of increased number of transactions per second per URL.

B.
Monitoring for a % change in transactions per second per URL.

C.
Monitoring for a % change in server latency or TPS.

D.
Monitoring for a threshold of increased server latency or TPS.

E.
Monitoring ASM policy builder performance.

F.
Monitoring BIG-IP CPU utilization.

G.
Deep Packet inspection.
"Pass Any Exam. Any Time." - www.actualtests.com 57
 F5 101 Exam
Answer: A,B,C,D
Explanation:

QUESTION NO: 110

Application trends and drivers that increase the need for application security are:

A.
Intelligent Browsers

B.
Webification

C.
Targeted attacks

D.
All the above

Answer: D
Explanation:

QUESTION NO: 111

The Rapid Deployment Policy is used to:

A.
Improve website performance

B.
Quickly protect web sites for most common attacks

C.
Improve ASM performance

D.
Provide wizard functionality for quick policy creation

Answer: B
"Pass Any Exam. Any Time." - www.actualtests.com 58
 F5 101 Exam
Explanation:

QUESTION NO: 112

ASM combined with LTM provides protection against:

A.
Layer 7 DoS attacks

B.
All of the above

C.
Layer 4 DoS attacks

D.
DDoS attacks

Answer: B
Explanation:

QUESTION NO: 113

When using a single BIG-IP with APM, an organization can support up to 60,000 concurrent
remote access users.

A.
True

B.
False

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 59

 F5 101 Exam
QUESTION NO: 114

An F5 customer must install WebAccelerator on top of LTM:

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 115

The Protected Workspace client-side action provides more client-side security than the Cache and
Session Control action.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 116

Which WOM feature replaces a long byte pattern, such as "100000111000110101", with a shorter
reference to the pattern?

A.
Symmetric adaptive compression

B.

"Pass Any Exam. Any Time." - www.actualtests.com 60

 F5 101 Exam
Symmetric data deduplication

C.
Bandwidth allocation

D.
Application protocol acceleration

E.
TCP optimization

Answer: B
Explanation:

QUESTION NO: 117

In order to ensure that a specific file type is never moved down to a secondary file tier, the
administrator should:

A.
Set up an automated bot that accesses that file once a week.

B.
This is not possible on the ARX.

C.
Set a policy that the file type remains on primary storage.

D.
Instruct the end users to put the file in a non-tiered directory.

Answer: C
Explanation:

QUESTION NO: 118

How does the ARX eliminate the disruption caused by re-provisioning storage?

"Pass Any Exam. Any Time." - www.actualtests.com 61

 F5 101 Exam
A.
By identifying data that has not been modified and moving it to a secondary tier.

B.
By reducing the time necessary to run a complete backup.

C.
By allowing system administrators to apply policy to specific types data.

D.
By automating capacity balancing and allowing seamless introduction of file systems into the
environment after the ARX is installed.

Answer: D
Explanation:

QUESTION NO: 119

Which of the following statements is true about ARX's capacity balancing ability?

A.
When new files are created, the ARX can determine in real time where to place each file based on
the available space on each storage device

B.
When configuring the ARX, customers can choose to implement either an age-based policy or a
capacity based policy, but are not able to run both policies at the same time

C.
All files created at approximately the same time (within 10 minutes) will be stored on the same tier
of storage to minimize latency and improve the user experience

D.
The ARX balances capacity within tiers A storage, but cannot balance capacity across tiers of
storage

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 62

 F5 101 Exam
QUESTION NO: 120

The Device Inventory option in Enterprise Manager can replace an organization's static Excel
spreadsheet containing similar data.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 121

Which of the following statements best describes the ARX architecture?

A.
The ARX's split path architecture has a data path that handles the most common operations, and
a control path that handles other operations requiring deeper inspection and updating of the index.

B.
The ARX's architecture has redundancy built in, allowing a single ARX to be deployed in most use
cases which provides a huge cost savings to customers.

C.
All of the above.

D.
It is a software agent that installs on the storage device.

Answer: A
Explanation:

QUESTION NO: 122

"Pass Any Exam. Any Time." - www.actualtests.com 63

 F5 101 Exam
The ARX is like a mini network manager. It is able to check the health of the environment and can
raise alerts when thresholds are reached.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 123

Which two of the following are costs businesses may face in dealing with unstructured data?
(Choose two.)

A.
Lost productivity due to server downtime

B.
Buying backup media

C.
Buying additional storage capacity

D.
Paying to convert unstructured data into structured data

Answer: B,C
Explanation:

QUESTION NO: 124 DRAG DROP

Place the following items in the order that the BIG-IP device uses when processing a packet.

"Pass Any Exam. Any Time." - www.actualtests.com 64

 F5 101 Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 65

 F5 101 Exam
Explanation:

1) Check for a match with a self-IP

2) Search for an existing connection

3) Examine source IP for a standalone SNAT

4) Check if the destination matches a NAT

5) Look for a virtual server address match

6) Look for a match in a packet filter rule

QUESTION NO: 125

In the current version of BIG-IP, what happens if the GTM does not find a wide IP that matches the
DNS request?

A.
It sends a broadcast request to all GTM devices.

B.
It uses iQuery to request the information from LTM.

C.
It sends a request to its configured backup GTM device.

D.
It sends an un-resolvable error to the client.

E.
It sends the request to an external DNS.

Answer: E
Explanation:

QUESTION NO: 126

Using IP Geolocation, an organization can always direct a client request from France to a data

"Pass Any Exam. Any Time." - www.actualtests.com 66

 F5 101 Exam
enter in Dublin.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 127

In most cases, F5 recommends using round robin load balancing.

A.
True

B.
False

Answer: B
Explanation:

Using round robin load balancing is recommended when Server is not so strong and using easy
WebApplication.

QUESTION NO: 128

Which three of the following statements describe a data center object?

A.
It attempts to match a DNS request with a configured wide IP.

B.
It is attached to multiple Internet links.

"Pass Any Exam. Any Time." - www.actualtests.com 67

 F5 101 Exam
C.
It becomes available for use when an assigned server is up.

D.
It retains statistics for each data center.

E.
It is a logical representation of a physical location.

F.
It specifies how users access the Internet.

Answer: B,C
Explanation:

QUESTION NO: 129

Which four of the following items are physical objects used by GTM?

A.
Virtual servers

B.
Links

C.
Servers

D.
Wide IPs

E.
Data centers

F.
Pools

Answer: A,B,C,E
Explanation:

These components include:

Data centers, Servers, Links, Virtual servers

"Pass Any Exam. Any Time." - www.actualtests.com 68

 F5 101 Exam
http://support.f5.com/kb/en-
us/products/bigip_gtm/manuals/product/gtm_config_10_2/gtm_components_overview.html

Links

+ Wide IPs + Data centers + Pools

Links

+ Wide IPs + Data centers + Virtual servers

Links

+ Servers + Virtual servers + Pools the physical network, such as data centers, servers, and links,
and the components that comprise the logical network, such as wide IPs, pools, and global
settings. Most of the configuration components you build using the Configuration utility are saved
to the wideip.conf file.

Logical objects/components include: Listeners - Pools - Wide IPs - Distributed applications

QUESTION NO: 130

Which three are GTM server dynamic load balancing modes? (Choose three.)

A.
Packet Rate

B.
Virtual Server Score

C.
CPU

D.
Fallback IP

E.
Ratio

Answer: A,B,C
Explanation:

The Global Traffic Manager supports the following dynamic load balancing modes:

Completion Rate
"Pass Any Exam. Any Time." - www.actualtests.com 69
 F5 101 Exam
CPU

Hops

Kilobytes/Second

Least Connections

Packet Rate

Quality of Service (QoS)

Round Trip Times (RTT)

Virtual Server Score

VS Capacity

QUESTION NO: 131

Which four are GTM server static load balancing modes? (Choose four.)

A.
Return to DNS

B.
CPU

C.
Packet Rate

D.
Drop Packet

E.
Round Robin

F.
Static Persist

Answer: A,D,E,F
Explanation:

Global Traffic Manager supports the following static load balancing modes:

"Pass Any Exam. Any Time." - www.actualtests.com 70

 F5 101 Exam
Drop Packet

Fallback IP

Global Availability

None

Ratio

Return to DNS

Round Robin

Static Persist

Topology

QUESTION NO: 132

The F5 Application Delivery Firewall has the ability to outperform traditional and next

generation firewalls during DDoS attacks by leveraging the performance and scalability of BIG-IP
to hand extremely high loads, including high throughput, high connection count, and high number
of connections per second.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 133

What is the main cause of high latency in a Web application?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 71
 F5 101 Exam
The version, the client's browser

B.
The distance between the client and Web server

C.
The number of CPUs on the Web server

D.
The size of the objects on the page

Answer: B
Explanation:

QUESTION NO: 134 DRAG DROP

Match these terms with their description.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 72

 F5 101 Exam

Explanation:

Disaster recovery SLA – Measured by RPOs and RTOs

Recovery point objective – The amount of data that can be lost

Recovery time objective – How fast operations need to return to normal

QUESTION NO: 135

Network Security personnel are entirely responsible for web application security.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 136

"Pass Any Exam. Any Time." - www.actualtests.com 73

 F5 101 Exam
ASM Geolocation reporting provides information regarding:

A.
The number of attacks from a specific state

B.
The types of attacks from a city

C.
All of the above

D.
The countries from which the attacks originated

Answer: D
Explanation:

QUESTION NO: 137

An inline ASM configuration requires:

A.
Two network connections

B.
None of the above

C.
Two disk drives

D.
Two power supplies

Answer: A
Explanation:

QUESTION NO: 138

"Pass Any Exam. Any Time." - www.actualtests.com 74

 F5 101 Exam
Which three of these are the potential ending options for branches in the Visual Policy Editor?
(Choose three.)

A.
Reject

B.
Fallback

C.
Allow

D.
Deny

E.
Limit

F.
Redirect

Answer: C,D,F
Explanation:

QUESTION NO: 139

The Protected Workspace client-side action provides more client-side security than the Cache and
Session Control action.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 140

"Pass Any Exam. Any Time." - www.actualtests.com 75
 F5 101 Exam
Which of the following is NOT a logging option within an APM access control entry?

A.
Packet

B.
Verbose

C.
Nominal

D.
Summary

E.
None

Answer: C
Explanation:

QUESTION NO: 141

Administrators can specify an APM access profile when defining a virtual server in LTM.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 142

Using Fast Cache with ASM will:

"Pass Any Exam. Any Time." - www.actualtests.com 76

 F5 101 Exam
A.
Improve user experience

B.
Improve server performance

C.
All of the above

D.
Improve BIG-IP ASM performance

Answer: C
Explanation:

QUESTION NO: 143

ASM provides antivirus protection by:

A.
Extracting files being uploaded and sending them to an AV system via ICAP

B.
Running a local antivirus program on the BIG-IP

C.
None of the above

D.
Using IP Penalty enforcement to block requests from hackers IPs

Answer: A
Explanation:

Supported ICAP Servers in TMOS 11.5:

"Pass Any Exam. Any Time." - www.actualtests.com 77

 F5 101 Exam
QUESTION NO: 144

APM can verify which four of the following details before granting a user access to a resource?
(Choose four.)

A.
The user's Web browser

B.
The user's computer

C.
User's hard drive encryption software

D.
Groups the user is a member of

E.
The network speed

F.
The user's username

Answer: A,B,D,F
Explanation:

QUESTION NO: 145

Which four of these benefits does APM provide? (Choose four.)

A.
Enables remote access by several thousand simultaneous users.

B.
Basic Web application firewall capabilities.

C.
User authentication based on identity.

D.
Acceleration of Web content to the client.

E.

"Pass Any Exam. Any Time." - www.actualtests.com 78

 F5 101 Exam
Granular authorization to resources.

F.
Client workstation security checking.

Answer: A,C,E,F
Explanation:

QUESTION NO: 146

Which four of these statements regarding object size and WebAccelerator performance are true?
(Choose four.)

A.
Large objects such as video cache well

B.
Large objects allow fewer requests per second

C.
Large objects result in higher throughput

D.
Small objects result in higher throughput

E.
Small objects such as images cache well

F.
Small objects allow more requests per second

Answer: B,C,E,F
Explanation:

QUESTION NO: 147

Which four of these scenarios will benefit from F5's WAN Optimization Module? (Choose four.)

"Pass Any Exam. Any Time." - www.actualtests.com 79

 F5 101 Exam
A.
An international organization with data centers in different countries.

B.
An organization that does not want to rely on using tape backup.

C.
An organization with one site but hundreds of Web servers.

D.
An organization whose users create extremely large files.

E.
An organization that expects their Web site usage to double in the next year.

F.
An organization attempting to lower costs by reducing the number of data centers.

Answer: A,B,D,F
Explanation:

QUESTION NO: 148

An administrator is planning on solving latency issues by placing the backup data center in a
neighboring city to the primary data center. Why isn't this effective solution?

A.
It does not provide an acceptable disaster recovery solution.

B.
It won't improve latency between the data centers.

C.
It won't improve the backup time from the primary data center to the backup data center.

D.
Users near the data centers will find their connections going back and forth between the two site

E.
It costs more to have the data centers close together than further apart.

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 80

 F5 101 Exam
It does not provide an acceptable disaster recovery solution, it is too close in proximity

QUESTION NO: 149

Which is NOT an ASM protection method for cross site scripting?

A.
Signatures

B.
URl character set limiting

C.
Token injection

D.
Parameter character set limiting

Answer: C
Explanation:

QUESTION NO: 150

Which item is NOT a function of a properly deployed and configured ASM?

A.
Detects attacks

B.
Stops hackers from attacking

C.
Provides protection visibility

D.
Provides security agility

Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com 81

 F5 101 Exam
Explanation:

QUESTION NO: 151

Which is NOT a function of ASM?

A.
Attack signature enforcement

B.
HTTP protocol enforcement

C.
Network security

D.
Parameter value enforcement

Answer: C
Explanation:

QUESTION NO: 152

True or False, WOM speeds up large file data transfer across the WAN between a Windows client
and a Windows file Server.

A.
True

B.
False

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 82

 F5 101 Exam
QUESTION NO: 153

Which item is NOT a function of ASM?

A.
Provides authentication and authorization services

B.
Logs and reports full HTTP messages

C.
Provides comprehensive Web application security

D.
Provides application level performance information

Answer: A
Explanation:

QUESTION NO: 154

Learning suggestions can be the result of:

A.
A false positive

B.
A malicious attack

C.
A change in the web site content

D.
All the above

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 83

 F5 101 Exam
QUESTION NO: 155

Identifying users by their IP address is a sufficient method of performing authentication and

authorization.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 156

A user's access to resources can change based on the computer they connect from.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 157

Replicating a large database between sites could take several hours without WOM, and only
several minutes with WOM.

A.
True

B.
False
"Pass Any Exam. Any Time." - www.actualtests.com 84
 F5 101 Exam
Answer: A
Explanation:

QUESTION NO: 158

Brute force protection will:

A.
Block a user after a specified number, unsuccessful login attempts

B.
Block a user after a specified number of page requests are attempted

C.
None of the above

D.
Block a user from downloading too much content from the site

Answer: A
Explanation:

QUESTION NO: 159

What technology does ARX use to create a logical abstraction of the physical storage
environment?

A.
Data de-duplication

B.
File virtualization

C.
Server virtualization

D.
SSL encryption

"Pass Any Exam. Any Time." - www.actualtests.com 85

 F5 101 Exam
Answer: B
Explanation:

QUESTION NO: 160

Using file virtualization, what can the ARX do for customers?

A.
Match data to the most appropriate tier of storage (e.g. critical data on tier 1 storage; older data on
secondary storage tier).

B.
All of the above.

C.
Move individual files or entire file systems in real-time without disruption of down-time.

D.
Automate many storage management tasks such as storage tiering, dynamic capacity balancing,
and no disruptive data migration.

Answer: B
Explanation:

QUESTION NO: 161

A customer says his business wouldn't benefit from buying ARX because it already has block
based storage virtualization in place. Is he right? Why or why not?

A.
Yes. Block based storage virtualization is just another name for file virtualization.

B.
No. ARX allows customers to implement storage tiering benefits, but block based storage
virtualization does not.

C.
Yes. Block based storage virtualization offers the same functionality as ARX's file virtualization,

"Pass Any Exam. Any Time." - www.actualtests.com 86

 F5 101 Exam
although it uses slightly different technology.

D.
No. Both technologies attempt to solve similar problems, but only the ARX allows the customer to
have visibility into their data and apply business policy at the file level. Block based virtualization
has no visibility into the type of data.

Answer: D
Explanation:

QUESTION NO: 162

Select F5 platforms have which three certifications? (Choose three.)

A.
FIPS

B.
SECG

C.
NEBS

D.
IEEE

E.
Common Criteria

F.
AFSSI

Answer: A,C,E
Explanation:

QUESTION NO: 163

Which three of the following are some of the methods that F5 uses with its environmental stress
screening chamber? (Choose three.)
"Pass Any Exam. Any Time." - www.actualtests.com 87
 F5 101 Exam
A.
Varying the voltage from extreme high to extreme low.

B.
Running a product 300 to 500 times on each cycle.

C.
Repairing failed components until they function properly.

D.
Alternate temperature from -5 degrees Celsius to 60 degrees Celsius.

E.
Ensuring continual functioning through fire or flooding conditions.

Answer: A,B,D
Explanation:

QUESTION NO: 164

The ARX can see ________ when a data modification takes place and will cue that file to be
migrated back to the primary tier.

A.
In real time

B.
Nightly

C.
Weekly

D.
At the time of a system scan

E.
When scheduled by administrator

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 88

 F5 101 Exam
QUESTION NO: 165 DRAG DROP

Match the five elements of the intelligent file virtualization with the appropriate ARX feature:

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 89

 F5 101 Exam

Explanation:

A. Real Time

B. Non-Disruptive

C. Heterogeneous

D. Data Integrity

E. Scale and Performance

"Pass Any Exam. Any Time." - www.actualtests.com 90
 F5 101 Exam

QUESTION NO: 166

ARX can classify data based on all of the following EXCEPT:

A.
Paths

B.
File Size

C.
Extensions

D.
Security Level

E.
File Name

Answer: D
Explanation:

QUESTION NO: 167

For a typical business, what percentage of data does the ARX usually move to a secondary tier?

A.
20-30%

B.
50-60%

C.
80-90%

D.
0-10%

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 91

 F5 101 Exam
Explanation:

QUESTION NO: 168

It is common for free storage space to exist somewhere in a business network that is not easy for
storage administrators to utilize. What solution can the ARX provide in this situation?

A.
The ARX identifies the exact location of the free storage, which allows network administrators to
target those locations when provisioning additional storage.

B.
The ARX extends the capacity of each server by 10-15, through intelligent file virtualization.

C.
The ARX uses the extra storage for transaction logs and index files.

D.
The ARX allows the customer to pool storage from anywhere within the enterprise and capacity
balance the overflow across devices.

Answer: D
Explanation:

QUESTION NO: 169

Which of the following does NOT describe network performance management?

A.
Updating software on various devices

B.
Seeing graphs in near real-time

C.
Visibility into multiple network devices

D.
Being alerted to an issue as it happens
"Pass Any Exam. Any Time." - www.actualtests.com 92
 F5 101 Exam
E.
Viewing virtual server statistics

Answer: A
Explanation:

QUESTION NO: 170

What is the main business driver for bringing Enterprise Manager into the network infrastructure?

A.
Consolidate management of administrator and user accounts

B.
Consolidate management of licenses

C.
Consolidate management of SSL certificates

D.
Consolidate management of BIG-IP devices

E.
Consolidate management of access policies

Answer: D
Explanation:

QUESTION NO: 171

To function properly, an Enterprise Manager device is required within each data center.

A.
True

B.
False

"Pass Any Exam. Any Time." - www.actualtests.com 93

 F5 101 Exam
Answer: B
Explanation:

QUESTION NO: 172

Which two F5 platforms include specialized compression hardware? (Choose two.)

A.
4200

B.
3900

C.
1600

D.
11050

E.
6900

F.
8900

Answer: E,F
Explanation:

QUESTION NO: 173

ARX will detect any modification to a file on the second tier because all clients are being _______
by the ARX to get to the storage.

A.
Moved

B.
Copied

"Pass Any Exam. Any Time." - www.actualtests.com 94

 F5 101 Exam
C.
Proxied

D.
Backed up

E.
Deleted

Answer: C
Explanation:

QUESTION NO: 174

In the next few years, 75% of new storage capacity will shift to unstructured data (also known as
file data). Which two of the following are examples of unstructured data? (Choose two.)

A.
CAD drawings

B.
Location data in a GIS (geographic information system)

C.
Customer records and product records in a CRM (customer relationship management) database

D.
Microsoft Office and PDF documents

Answer: A,D
Explanation:

QUESTION NO: 175

The ARX saves customers time, money and frustration through a stub-based system that makes a
slight modification to each file in order to more efficiently sort and store end user data.

A.
"Pass Any Exam. Any Time." - www.actualtests.com 95
 F5 101 Exam
True

B.
False

Answer: B
Explanation:

QUESTION NO: 176

Which two of the following statements are accurate descriptions of the ARX index? (Choose two.)

A.
The ARX index stores the bulk of its data as bit arrays and answers most questions by performing
bitwise logical operations on these bitmaps.

B.
The ARX index contains the index keys in sorted order, with the leaf level of the index containing
the pointer to the page and the row number in the data page.

C.
The ARX index is the key enabler of transparent data mobility because the ARX tracks where files
reside at all times, from creation through migration and deletion.

D.
The ARX index is 100% disposable and can be rebuilt at any point in time without disrupting client
or application access to data.

Answer: B,D
Explanation:

QUESTION NO: 177

To share device information with F5 technical support, a customer must either verbally share the
information over the phone or copy and send the information in an Email.

A.
True
"Pass Any Exam. Any Time." - www.actualtests.com 96
 F5 101 Exam
B.
False

Answer: B
Explanation:

QUESTION NO: 178

When installing LTM on different VIPRION performance blades, each instance of LTM needs to be
licensed separately.

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 179

The VIPRION provides hot-pluggable capabilities for which four of these types of hardware?
(Choose four.)

A.
LCD displays

B.
Fan trays

C.
Memory

D.
Power supplies

E.
"Pass Any Exam. Any Time." - www.actualtests.com 97
 F5 101 Exam
Performance blades

F.
CompactFlash

Answer: B,C,D,E
Explanation:

The VIPRION provides hot-pluggable capabilities for Fan trays, Memory, Power supplies, and
Performance blades

QUESTION NO: 180

A customer wants the best possible throughput but only has a maximum of 3RU rack space.
Which F5 platform should you recommend?

A.
BIG-IP 11050

B.
VIPRION with only 1 performance blade

C.
BIG-IP 8950

D.
BIG-IP 8900

E.
VIPRION with 4 performance blades

Answer: A
Explanation:

QUESTION NO: 181

Which of the following business benefits does storage tiering offer to customers?

"Pass Any Exam. Any Time." - www.actualtests.com 98

 F5 101 Exam
A.
Reduces time for backups because data on the secondary tier can have a less time intensive
backup policed applied to it.

B.
All of the above.

C.
Enables customers to apply a more aggressive RTO/RPO for business critical Tier-1 unstructured
data.

D.
Reduces money spent on storage since the majority of data can be moved to less expensive
secondary tier storage.

Answer: B
Explanation:

QUESTION NO: 182

An age-based policy is set up on the ARX that retains only data modified in the last 3 months on
tier 1 storage and moves the rest of the data to secondary storage. What happens when the end
user tries to access data that has not been touched in 6 months?

A.
The end user is unaware that the data has been moved to secondary tier storage and is able to
access the data without difficulty.

B.
The networking mapping window appears, allowing the end user to re-establish direct access to
the data even though it has been moved to secondary storage.

C.
An error message appears saying "File is no longer unavailable."

D.
A message appears explaining that the file has been archived, and a link to the new secondary
storage tier location is provided.

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 99

 F5 101 Exam

QUESTION NO: 183

Although not all modules run on all platforms, each F5 hardware platform can run LTM plus at
least one additional software module.

A.
True

B.
False

Answer: A
Explanation:

QUESTION NO: 184

The production version of BIG-IP Virtual Edition is limited to 200 Mbps throughput.

A.
True

B.
False

Answer: B
Explanation:

The production version of BIG-IP Virtual Edition can be at 25Mbps / 200Mbps / 1Gbps / or 5Gbps
throughput served and maybe higher in the next versions.

QUESTION NO: 185

What percentage of storage in a typical environment is actively used and modified?

"Pass Any Exam. Any Time." - www.actualtests.com 100

 F5 101 Exam
A.
5%

B.
50%

C.
25%

D.
10%

E.
90%

Answer: D
Explanation:

QUESTION NO: 186

________% of F5 products are sent through thorough software testing before being sold to
customers.

A.
100

B.
50

C.
60

D.
80

Answer: A
Explanation:

QUESTION NO: 187

"Pass Any Exam. Any Time." - www.actualtests.com 101

 F5 101 Exam
Which of these statements about a stream profile is false?

A.
It is applied to an HTTP class profile.

B.
It is not recommended for telnet traffic.

C.
It can replace one data string for another for all traffic going through a virtual server.

D.
It applies to both inbound and outbound traffic.

E.
It will not inspect HTTP headers when an HTTP profile is present.

Answer: A
Explanation:

QUESTION NO: 188

If LTM uses the round robin load balancing method, which pool member in the diagram above will
receive the next request?

"Pass Any Exam. Any Time." - www.actualtests.com 102

 F5 101 Exam

A.
A

B.
C

C.
D

D.
B

Answer: D
Explanation:

LTM uses the round robin load balancing method so after A will be B.

"Pass Any Exam. Any Time." - www.actualtests.com 103

 F5 101 Exam
QUESTION NO: 189

Basic F5 IP Geo location provides which four types of client information? (Choose four.)

A.
State

B.
Continent

C.
Postal code

D.
City

E.
Carrier

F.
Country

Answer: A,B,E,F
Explanation:

State - Country - Continent - City

State - Country - Postal code - City

The BIG-IP system uses geo location software to identify the geographic location of a client or web
application user. The default IP geo location database provides IPv4 addresses at the continent,
country, state, ISP, and organization levels, and IPv6 addresses at the continent and country
levels. The database consists of the following files:

F5GeoIP.dat

F5GeoIPv6.dat

F5GeoIPISP.dat

F5GeoIPOrg.dat

QUESTION NO: 190

"Pass Any Exam. Any Time." - www.actualtests.com 104

 F5 101 Exam
All members of a pool must share the same service port?

A.
True

B.
False

Answer: B
Explanation:

QUESTION NO: 191

When using SNAT, which additional IP addresses will the BIG-IP system change? (Choose two.)

A.
The source IP address on the client to BIG-IP request packet.

B.
The source IP address on the BIG-IP to pool member request packet.

C.
The destination IP address on the BIG-IP to pool member request packet.

D.
The source IP address on the BIG-IP to client response packet.

E.
The destination IP address on the BIG-IP to client response packet.

F.
The destination IP address on the pool member to BIG-IP response packet.

Answer: B,E
Explanation:

QUESTION NO: 192

"Pass Any Exam. Any Time." - www.actualtests.com 105

 F5 101 Exam
Which two of the following statements about how TMOS typically manages traffic between a client
and server are accurate? (Choose two.)

A.
It changes the destination address before forwarding a request to the server.

B.
It changes the destination address before sending a response to the client.

C.
It changes the source address before sending a response to the client.

D.
It changes the source address before forwarding a request to the server.

Answer: B,D
Explanation:

QUESTION NO: 193 DRAG DROP

Match the security-related term with the correct definition.

1. Demilitarized zone (DMZ)

2. Denial of service (DoS)

3. DNS Express

4. DNS Security Extensions (DNSSEC)

5. Endpoint inspection

"Pass Any Exam. Any Time." - www.actualtests.com 106

 F5 101 Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 107

 F5 101 Exam

Explanation:

1. Demilitarized zone (DMZ) – A portion of an enterprise network that sits behind a firewall but
outside of or segmented from the internal network.

2. Denial of service (DoS) – An attack that floods a network or server with requests and data
making it unavailable.

3. DNS Express – A high-speed in-memory authoritative DNS slave that can dramatically reduce
the DNS server infrastructure.

4. DNS Security Extensions (DNSSEC) – A set of standards created to address vulnerabilities in

the Domain Name System (DNS) and protect it from online threats.

5. Endpoint inspection – Ensures a client device does not present a security risk before it is
granted a remote-access connection to the network.

"Pass Any Exam. Any Time." - www.actualtests.com 108

 F5 101 Exam

QUESTION NO: 194

What feature of the F5 Exchange solution helps administrators to streamline implementation for
added security and granular control?

A.
iControl

B.
Enterprise Manager

C.
iApps

D.
WebAccelerator

Answer: A
Explanation:

QUESTION NO: 195

Select the key question you would use to ask your customer related to DNS attacks?

A.
Do you over-provision your DNS infrastructure?

B.
Do you regularly update BIND or some other DNS application to the latest release?

C.
Do you rely on your network firewall to protect your DNS server?

D.
How do you secure your DNS infrastructure against attacks?

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 109

 F5 101 Exam

QUESTION NO: 196

When a business is hacked, they often lose more than money. What are the other

consequences to a business as a result of being hacked? Select two.

A.
Helpful third party reviews of the security needs of the customer's web applications.

B.
Valuable free press that occurs as companies address hacking incidents.

C.
Penalties related to non-compliance with laws and regulations.

D.
Final resolution of all security vulnerabilities of the business' web applications.

E.
Loss of customers when slow connections drive customers to competitor's site.

Answer: A,D
Explanation:

QUESTION NO: 197 DRAG DROP

Match the security-related term with the correct definition.

1. OWASP Top 10

2. Secure Socket Layer (SSL)

3. Bot

4. Certificate

5. Content scrubbing

"Pass Any Exam. Any Time." - www.actualtests.com 110

 F5 101 Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 111

 F5 101 Exam

Explanation:

1. OWASP Top 10 – A list of the 10 most dangerous current Web application security flaws, along
with the effective methods of dealing with those flaws.

2. Secure Socket Layer (SSL) – A cryptographic protocol used to secure communications over the
Internet.

3. Bot – Malicious software placed on other people’s computers to perform automated tasks over
the Internet.

4. Certificate – A digitally signed statement issued by a trusted organization that contains

information about an entity and the entity’s public key.

5. Content scrubbing – Obfuscating identity information to prevent confidential information from

being sent in a web application response.

"Pass Any Exam. Any Time." - www.actualtests.com 112

 F5 101 Exam

QUESTION NO: 198

Complete the statement below by choosing the correct word or phrase to complete the sentence.
By identifying IP addresses and security categories associated with malicious activity, the BIG-IP
_______ service can incorporate dynamic lists of threatening IP addresses into the BIG-IP
platform, adding context to policy decisions.

A.
Edge Client

B.
iRules

C.
LTM

D.
IP intelligence

E.
iApps

Answer: D
Explanation:

QUESTION NO: 199

Even though F5 is an application delivery controller, it can also effectively mitigate attacks directed
at the network layer.

A.
True

B.
False

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 113

 F5 101 Exam

QUESTION NO: 200

Select the best word or phrase to complete the following sentence.

Using the _______ feature in GTM, F5's Application Delivery Firewall solution can handle a
significantly higher number of queries than traditional DNS servers.

A.
DNS Express

B.
BIND

C.
Site availability request

D.
Location-based routing

Answer: A
Explanation:

QUESTION NO: 201

If your customer has a policy requirement that cannot be handled in the Visual Policy

Editor, what would you use to supplement the Visual Policy Editor?

A.
iApps

B.
TMOS

C.
iControl

D.
iRules

"Pass Any Exam. Any Time." - www.actualtests.com 114

 F5 101 Exam
Answer: D
Explanation:

QUESTION NO: 202

Which aspect of F5's Intelligent Services Platform helps you extend your security conversation to
include F5professionals and customers?

A.
Modular Functionality

B.
iApps

C.
TMOS

D.
DevCentral

Answer: D
Explanation:

QUESTION NO: 203

Why is BIG-IP ASM ideally suited to protect against layer 7 attacks, including HTTP and
HTTPS/SSL traffic, when compared to an intrusion prevention system (IPS)?

A.
An intrusion prevention system (IPS) is based on Packet Filtering.

B.
An IPS doesn't have the visibility into HTTPS traffic. it doesn't understand what applications are in
the network.

C.
An IPS only focus on operating system attacks; it doesn't understand what application are in the
network.

"Pass Any Exam. Any Time." - www.actualtests.com 115

 F5 101 Exam
D.
An IPS can only look at overall traffic patterns; it doesn't understand what applications are in the
network.

Answer: D
Explanation:

QUESTION NO: 204

The F5 Visual Policy Editor (VPE) is unique to the F5 BIG-IP APM module; no other access
management tool has this capability. Select the features that the VPE provides. Select two.

A.
Develop customized reports on user access

B.
Customize landing or login pages

C.
Establish highly detailed policies based on customer business requirements

D.
Configure authentication server objects

E.
Perform multiple factors of authentication

Answer: C,E
Explanation:

QUESTION NO: 205

The F5 Visual Policy Editor (VPE) is unique to the F5 BIG-IP APM module; no other access
management tool has this capability. Select the features that the VPE provides. Select two.

A.
Determines antivirus patch levels

"Pass Any Exam. Any Time." - www.actualtests.com 116

 F5 101 Exam
B.
Customizes landing or login page

C.
Provides vulnerability scanning

D.
Checks operating system patch levels

E.
Assigns a lease pool address

Answer: A,D
Explanation:

QUESTION NO: 206

Select the two best questions you would use to ask your customer about their current web access
management solution. Select two.

A.
What impact are slow remote access connections having on productivity?

B.
Are you using Google multi-factor authentication?

C.
Is user authentication data sitting on partner systems outside your control?

D.
Have you standardized on Androids or iPhones?

E.
How are you planning to extend Exchange to your mobile users?

F.
How do you think a global remote access deployment with integrated acceleration and availability
services might benefit your business?

Answer: A,F
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 117

 F5 101 Exam

QUESTION NO: 207

Data centers often rely on either traditional firewalls or next generation firewalls. Select the core
weakness of the traditional or next generation firewalls when it comes to DDoS attacks.

A.
They are limited in amount of connections per second and the amount of sustained connections
they can handle

B.
The cost performance ratio of next generation firewalls is too high.

C.
The agility of traditional firewalls is too limited when it comes to DDoS attacks.

D.
Data center traffic is primarily outbound.

Answer: A
Explanation:

QUESTION NO: 208

Select the question you would ask your customer related to DNS attacks. Based on the material,
choose the most appropriate question.

A.
How do you secure you DNS infrastructure against attacks?

B.
Do you rely on your network firewall to protect you DNS server?

C.
Do you over-provision your DNS infrastructure?

D.
Do you regularly update BIND or some other DNS application to the latest release?

Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com 118

 F5 101 Exam
Explanation:

QUESTION NO: 209

Why does the F5 Application Delivery Firewall solution mitigate SSL attacks more effectively than
any other firewalls?

A.
Because F5 has unlimited capacity to handle SSL traffic.

B.
Because F5 has full visibility and control of SSL traffic.

C.
Because F5 has a separate iApp to handle SSL traffic.

D.
Because F5 supports large SSL key sizes.

Answer: B
Explanation:

NEW QUESTIONS

QUESTION NO: 210

Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server processing
takes place. Also assume that the NAT definition specifies a NAT address and an origin address
while all other settings are left at their defaults. If the origin server were to initiate traffic via the
BIG-IP, what changes, if any, would take place when the BIG-IP processes such packets?

A.
The BIG-IP would drop the request since the traffic didn’t arrive destined to the NAT address.

B.
The source address would not change, but the destination address would be changed to the NAT

address.
"Pass Any Exam. Any Time." - www.actualtests.com 119
 F5 101 Exam
C.
The source address would be changed to the NAT address and destination address would be left

unchanged.

D.
The source address would not change, but the destination address would be changed to a self-IP
of the BIG-IP.

Answer: C
Explanation:

QUESTION NO: 211

A site wishes to perform source address translation on packets arriving from the Internet for clients
sing some pools but not others. The determination is not based on the client's IP address, but on
the pool they are load balanced to. What could best accomplish this goal?

A.
A SNAT for all addresses could be defined, and then disable the SNAT processing for select

pools.

B.
The decision to perform source address translation is always based on VLAN. Thus, the goal

cannot be achieved.

C.
For each virtual server, regardless their default load balancing pools, association with SNAT

pools could vary dependent upon need.

D.
The decision to perform source address translation is always based on a client's address (or

network). Thus, this goal cannot be achieved.

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 120

 F5 101 Exam
QUESTION NO: 212

Which two statements are true about SNATs? (Choose two.)

A.
SNATs are enabled on all VLANs, by default.

B.
SNATs can be configured within a Profile definition.

C.
SNATs can be configured within a Virtual Server definition.

D.
SNAT's are enabled only on the VLAN where origin traffic arrives, by default.

Answer: A,C
Explanation:

QUESTION NO: 213

What is the purpose of floating self-IP addresses?

A.
to define an address that grants administrative access to either system at any time

B.
to define an address that allows either system to initiate communication at any time

C.
to define an address that allows network devices to route traffic via a single IP address

D.
to define an address that gives network devices greater flexibility in choosing a path to forward

traffic

Answer: C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 121

 F5 101 Exam
QUESTION NO: 214

Which parameters are set to the same value when a pair of BIG-IP devices are synchronized?

A.
host names

B.
system clocks

C.
profile definitions

D.
VLAN failsafe settings

E.
MAC masquerade addresses

Answer: C
Explanation:

QUESTION NO: 215

Which two statements are true concerning the default communication between a redundant pair

of BIG-IP systems? (Choose two.)

A.
Synchronization occurs via a TCP connection using ports 683 and 684.

B.
Connection mirroring data is shared via a TCP connection using port 1028.

C.
Persistence mirroring data is shared via a TCP connection using port 1028.

D.
Connection mirroring data is shared through the serial failover cable unless network failover is

enabled.

Answer: B,C

"Pass Any Exam. Any Time." - www.actualtests.com 122

 F5 101 Exam
Explanation:

QUESTION NO: 216

Which two methods can be used to determine which BIG-IP is currently active? (Choose two.)

A.
The bigtop command displays the status.

B.
Only the active system's configuration screens are active.

C.
The status (Active/Standby) is embedded in

the command prompt.

D.
The ifconfig a command displays the floating addresses on the active system.

Answer: A,C
Explanation:

QUESTION NO: 217

As a part of the Setup Utility, the administrator sets the host name for the BIG-IP.

What would be the result if the two systems in a redundant pair were set to the same host name?

A.
Host names do not matter in redundant pair communication.

B.
In a redundant pair, the two systems will always have the same host name. The parameter is

synchronized between the systems.

C.
The first time the systems are synchronized the receiving system will be assigned the same self-

IP addresses as the source system.

"Pass Any Exam. Any Time." - www.actualtests.com 123
 F5 101 Exam
D.
When the administrator attempts to access the configuration utility using the host name, they will

always connect to the active system.

Answer: C
Explanation:

QUESTION NO: 218

When network failover is enabled, which of the following is true?

A.
The failover cable status is ignored. Failover is determined by the network status only.

B.
Either a network failure or loss of voltage across the failover cable will cause a failover.

C.
A network failure will not cause a failover as long as there is a voltage across the failover cable.

D.
The presence or absence of voltage over the failover cable takes precedence over network
failover.

Answer: C
Explanation:

QUESTION NO: 219

Where is connection mirroring configured?

A.
It an option within a TCP profile.

B.
It is an optional feature of each pool.

C.
It is not configured; it is default behavior.
"Pass Any Exam. Any Time." - www.actualtests.com 124
 F5 101 Exam
D.
It is an optional feature of each virtual server.

Answer: D
Explanation:

QUESTION NO: 220

Which statement is true regarding failover?

A.
Hardware failover is disabled by default.

B.
Hardware failover can be used in conjunction with network failover.

C.
If the hardware failover cable is disconnected, both BIG-IP devices will

always assume the active role.

D.
By default, hardware failover detects voltage across the failover cable and monitors traffic across
the internal VLAN.

Answer: B
Explanation:

QUESTION NO: 221

Where is persistence mirroring configured?

A.
It is always enabled.

B.
It is part of a pool definition.

C.
It is part of a profile definition.
"Pass Any Exam. Any Time." - www.actualtests.com 125
 F5 101 Exam
D.
It is part of a virtual server definition.

Answer: C
Explanation:

QUESTION NO: 222

Assume the bigd daemon fails on the active system. Which three are possible results? (Choose

three.)

A.
The active system will restart the bigd daemon and continue in active mode.

B.
The active system will restart the TMM daemon and continue in active mode.

C.
The active system will reboot and the standby system will go into active mode.

D.
The active system will failover and the standby system will go into active mode.

E.
The active system will continue in active mode but gather member and node state information

from the standby system.

Answer: A,C,D
Explanation:

QUESTION NO: 223

What is the purpose of MAC masquerading?

A.
to prevent ARP cache errors

B.
to minimize ARP entries on routers
"Pass Any Exam. Any Time." - www.actualtests.com 126
 F5 101 Exam
C.
to minimize connection loss due to ARP cache refresh delays

D.
to allow both BIG-IP devices to simultaneously use the same MAC address

Answer: C
Explanation:

QUESTION NO: 224

Which process or system can be monitored by the BIG-IP system and used as a failover trigger in

a redundant pair configuration.

A.
bandwidth utilization

B.
duplicate IP address

C.
CPU utilization percentage

D.
VLAN communication ability

Answer: D
Explanation:

QUESTION NO: 225

Assuming there are open connections through an active system's NAT and a failover occurs, by

default, what happens to those connections?

"Pass Any Exam. Any Time." - www.actualtests.com 127

 F5 101 Exam

A.
All open connections will be lost.

B.
All open connections will be maintained.

C.
The "Mirror" option must be chosen on the NAT and the setting synchronized prior to the
connection establishment.

D.
Long-lived connections such as Telnet and FTP will be maintained while short-lived connections
such as HTTP will be lost.

E.
All open connections are lost, but new connections are initiated by the newly active BIG-IP,
resulting in minimal client downtime.

Answer: B
Explanation:

QUESTION NO: 226

"Pass Any Exam. Any Time." - www.actualtests.com 128

 F5 101 Exam
A virtual server is defined per the charts. The last five client connections were to members C, D,

A, B, B. Given the conditions shown in the above graphic, if a client with IP address 205.12.45.52

opens a connection to the virtual server, which member will be used for the connection?

A.
172.16.20.1:80

B.
172.16.20.2:80

C.
172.16.20.3:80

D.
172.16.20.4:80

E.
172.16.20.5:80

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 129

 F5 101 Exam
QUESTION NO: 227

Which statement is correct if a TOP-based monitor is assigned to an LTM System and an

HTTP-based monitor is assigned to one of that LTM System's Virtual Servers?

A.
The Virtual Server status is based on the TCP monitor only.

B.
The Virtual Server status is based on the HTTP monitor only.

C.
GTM Systems do not allow monitors on both an LTM System and one of its Virtual Servers.

D.
The Virtual Server status is based on both the TOP and HTTP monitor; if either fails, the Virtual

Server is unavailable.

E.
The Virtual Server status is based on both the TOP and HTTP monitor; if either succeeds, the

Virtual Server is available.

Answer: B
Explanation:

QUESTION NO: 228

With standard DNS, assuming no DNS request failures, which process describes the normal
resolution process on a "first time" DNS request?

A.
Client requests address from root server, root server returns IP address to Authoritative DNS,

Authoritative DNS returns requested IP address, LDNS returns requested IP address to client.

B.
Client requests address from LDNS, LDNS requests from GTM, GTM requests from Authoritative
DNS, Authoritative DNS returns requested IP address, LDNS returns requested IP address to
client.

C.

"Pass Any Exam. Any Time." - www.actualtests.com 130

 F5 101 Exam
Client requests address from LDNS, Authoritative DNS receives request from root server, root
server returns LDNS address, LDNS returns client address, Authoritative DNS returns requested

IP address, LDNS returns requested IP address to client.

D.
Client requests address from LDNS, LDNS requests from root server, root server returns

Authoritative DNS address, LDNS requests from Authoritative DNS, Authoritative DNS returns

requested IP address, LDNS returns requested IP address to client.

Answer: D
Explanation:

QUESTION NO: 229

What is the purpose of provisioning?

A.
Provisioning allows modules that are not licensed to be fully tested.

B.
Provisioning allows modules that are licensed be granted appropriate resource levels.

C.
Provisioning allows the administrator to activate modules in nonstandard combinations.

D.
Provisioning allows the administrator to see what modules are licensed, but no user action is ever

required.

Answer: B
Explanation:

QUESTION NO: 230

Which three properties can be assigned to nodes? (Choose three.)

"Pass Any Exam. Any Time." - www.actualtests.com 131

 F5 101 Exam
A.
ratio values

B.
priority values

C.
health monitors

D.
connection limits

E.
load balancing mode

Answer: A,C,D
Explanation:

QUESTION NO: 231

Where is the load balancing mode specified?

A.
within the pool definition

B.
within the node definition

C.
within the virtual server definition

D.
within the pool member definition

Answer: A
Explanation:

QUESTION NO: 232

Which statement accurately describes the difference between two load balancing modes specified

"Pass Any Exam. Any Time." - www.actualtests.com 132

 F5 101 Exam
as "member" and "node"?

A.
There is no difference; the two terms are referenced for backward compatibility purposes.

B.
When the load balancing choice references "node", priority group activation is unavailable.

C.
Load balancing options referencing "nodes" are available only when the pool members are

defined for the "any" port.

D.
When the load balancing choice references "node", the addresses' parameters are used to make

the load balancing choice rather than the member's parameters.

Answer: D
Explanation:

QUESTION NO: 233

Which two can be a part of a virtual server's definition? (Choose two.)

A.
rule(s)

B.
pool(s)

C.
monitor(s)

D.
node address(es)

E.
load balancing method(s)

Answer: A,B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 133

 F5 101 Exam

QUESTION NO: 234

Assume a BIG-IP has no NATs or SNATs configured. Which two scenarios are possible when

client traffic arrives on a BIG-IP that is NOT destined to a self-IP? (Choose two.)

A.
If the destination of the traffic does not match a virtual server, the traffic will be discarded.

B.
If the destination of the traffic does not match a virtual server, the traffic will be forwarded based

on routing tables.

C.
If the destination of the traffic matches a virtual server, the traffic will be processed per the virtual
server definition. If the destination of the traffic matches a virtual server, the traffic will be

processed per the virtual server. definition.

D.
If the destination of the traffic matches a virtual server, the traffic will be forwarded, but it cannot be
load balanced since no SNAT has been configured.

Answer: A,C
Explanation:

QUESTION NO: 235

When configuring a pool member's monitor, which three association options are available?

(Choose three.)

A.
inherit the pool's monitor

B.
inherit the node's monitor

C.
configure a default monitor

"Pass Any Exam. Any Time." - www.actualtests.com 134

 F5 101 Exam
D.
assign a monitor to the specific member

E.
do not assign any monitor to the specific member

Answer: A,D,E
Explanation:

QUESTION NO: 236

The current status of a given pool member is unknown. Which condition could explain that state?

A.
The member has no monitor assigned to it.

B.
The member has a monitor assigned to it and the most recent monitor was successful.

C.
The member has a monitor assigned to it and the monitor did not succeed during the most recent

timeout period.

D.
The member's node has a monitor assigned to it and the monitor did not succeed during the most

recent timeout period.

Answer: A
Explanation:

QUESTION NO: 237

The default staging-tightening period for attack signatures and wildcard entities is?

A.
5 days

B.
"Pass Any Exam. Any Time." - www.actualtests.com 135
 F5 101 Exam
7 days

C.
10 days

D.
30 days

Answer: B
Explanation:

QUESTION NO: 238

Generally speaking, should the monitor templates be used as production monitors or should they
be customized prior to use?

A.
Most templates, such as HTTP and TCP, are as effective as customized monitors.

B.
Monitor template customization is only a matter of preference, not an issue of effectiveness or

performance.

C.
Most templates, such as https, should have the receive rule customized to make the monitor more
robust.

D.
While some templates, such as ftp, must be customized, those that can be used without
modification are not improved by specific changes.

Answer: C
Explanation:

QUESTION NO: 239

You have a pool of servers that need to be tested. All of the servers but one should be tested

every 10 seconds, but one is slower and should only be tested every 20 seconds. How do you
"Pass Any Exam. Any Time." - www.actualtests.com 136
 F5 101 Exam
proceed?

A.
It cannot be done. All monitors test every five seconds.

B.
It can be done, but will require assigning monitors to each pool member.

C.
It cannot be done. All of the members of a pool must be tested at the same frequency.

D.
It can be done by assigning one monitor to the pool and a different monitor to the slower pool

member.

Answer: D
Explanation:

QUESTION NO: 240

When can a single virtual server be associated with multiple profiles?

A.
Never. Each virtual server has a maximum of one profile.

B.
Often. Profiles work on different layers and combining profiles is common.

C.
Rarely. One combination, using both the TCP and HTTP profile does occur, but it is the

exception.

D.
Unlimited. Profiles can work together in any combination to ensure that all traffic types are

supported in a given virtual server.

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 137

 F5 101 Exam
QUESTION NO: 241

A site needs a virtual server that will use an iRule to parse HTTPS traffic based on HTTP header

values. Which two profile types must be associated with such a virtual server?

(Choose two.)

A.
TCP

B.
HTTP

C.
HTTPS

D.
ServerSSL

Answer: A,B
Explanation:

QUESTION NO: 242

You have created a custom profile named TEST2. The parent profile of TEST2 is named TEST1.

If additional changes are made to TEST1, what is the effect on TEST2?

A.
All changes to TEST1 are propagated to TEST2.

B.
Some of the changes to TEST1 may propagate to TEST2.

C.
Changes to TEST1 cannot affect TEST2 once TEST2 is saved.

D.
When TEST1 is changed, the administrator is prompted and can choose whether to propagate

changes to TEST2.

Answer: B
"Pass Any Exam. Any Time." - www.actualtests.com 138
 F5 101 Exam
Explanation:

QUESTION NO: 243

If a client's browser does not accept cookies, what occurs when the client connects to a virtual
server using cookie persistence?

A.
The connection request is not processed.

B.
The connection request is sent to a pology.server. The connection request is sent to a
pology.server.

C.
The connection request is load balanced to an available pool member.

D.
The connection request is refused and the client is sent a "server not available" message.

Answer: C
Explanation:

QUESTION NO: 244

The incoming client IP address is 195.64.45.52 and the last five connections have been sent to
members A, C, E, D and B. Given the virtual server, pool, and persistence definitions and statistics
shown in the above graphic, which member will be used for the next connection?

"Pass Any Exam. Any Time." - www.actualtests.com 139

 F5 101 Exam

A.
10.10.20.1:80

B.
10.10.20.2:80

C.
10.10.20.3:80

D.
10.10.20.4:80

E.
10.10.20.5:80

F.
It cannot be determined with the information given.

"Pass Any Exam. Any Time." - www.actualtests.com 140

 F5 101 Exam
Answer: C
Explanation:

QUESTION NO: 245

Which statement is true concerning cookie persistence.

A.
Cookie persistence allows persistence independent of IP addresses.

B.
Cookie persistence allows persistence even if the data are encrypted from client to pool member.

C.
Cookie persistence uses a cookie that stores the virtual server, pool name, and member IP

address in clear text.

D.
If a client's browser accepts cookies, cookie persistence will always cause a cookie to be written

to the client's file system.

Answer: A
Explanation:

QUESTION NO: 246

How is persistence configured?

A.
Persistence is an option within each pool's definition.

B.
Persistence is a profile type; an appropriate profile is created and associated with virtual server.

C.
Persistence is a global setting; once enabled, load balancing choices are superseded by the

persistence method that is specified.

"Pass Any Exam. Any Time." - www.actualtests.com 141

 F5 101 Exam
D.
Persistence is an option for each pool member. When a pool is defined, each member's definition

includes the option for persistence.

Answer: B
Explanation:

QUESTION NO: 247

Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the BIG-
IP?

A.
No SSL certificates are required on the BIG-IP.

B.
The BIG-IP's SSL certificates must only exist.

C.
The BIG-IP's SSL certificates must be issued from a certificate authority.

D.
The BIG-IP's SSL certificates must be created within the company hosting the BIG-IPs.

Answer: A
Explanation:

QUESTION NO: 248

Assume a virtual server is configured with a ClientSSL profile. What would the result be if the

virtual server's destination port was not 443?

A.
SSL termination could not be performed if the virtual server's port was not port 443.

B.
Virtual servers with a ClientSSL profile are always configured with a destination port of 443.

"Pass Any Exam. Any Time." - www.actualtests.com 142

 F5 101 Exam
C.
As long as client traffic was directed to the alternate port, the virtual server would work as

intended.

D.
Since the virtual server is associated with a ClientSSL profile, it will always process traffic sent to
port 443.

Answer: C
Explanation:

QUESTION NO: 249

Which statement is true concerning SSL termination.

A.
A virtual server that has both ClientSSL and ServerSSL profiles can still support cookie

persistence.

B.
Decrypting traffic at the BIG-IP allows the use of iRules for traffic management, but increases the
load on the pool member.

C.
When any virtual server uses a ClientSSL profile, all SSL traffic sent to the BIG-IP is decrypted

before it is forwarded to servers.

D.
If a virtual server has both a ClientSSL and ServerSSL profile, the pool members have less SSL

processing than if the virtual server had only a ClientSSL profile.

Answer: A
Explanation:

QUESTION NO: 250

A site wishes to perform source address translation on packets from some clients but not others.
"Pass Any Exam. Any Time." - www.actualtests.com 143
 F5 101 Exam
The determination is not based on the client's IP address, but on the virtual servers their packets
arrive on. What could best accomplish this goal?

A.
A SNAT for all addresses could be defined, and then disable the SNAT processing for select

VLANs.

B.
Some virtual servers could be associated with SNAT pools and others not associated with SNAT

pools.

C.
The decision to perform source address translation is always based on VLAN. Thus, the goal

cannot be achieved.

D.
The decision to perform source address translation is always based on a client's address (or

network). Thus, this goal cannot be achieved.

Answer: B
Explanation:

QUESTION NO: 251

Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server processing

takes place. Also assume that the NAT definition specifies a NAT address and an origin address
while all other settings are left at their defaults. If a client were to initiate traffic to the NAT address,
what changes, if any, would take place when the BIG-IP processes such packets?

A.
The source address would not change, but the destination address would be translated to the

origin address.

B.
The destination address would not change, but the source address would be translated to the

origin address.

C.

"Pass Any Exam. Any Time." - www.actualtests.com 144

 F5 101 Exam
The source address would not change, but the destination address would be translated to the

NAT's address.

D.
The destination address would not change, but the source address would be translated to the

NAT's address.

Answer: A
Explanation:

QUESTION NO: 252

A standard virtual server is defined with a pool and a SNAT using automap. All other settings for

the virtual server are at defaults. When client traffic is processed by the BIG-IP, what will occur to

the IP addresses?

A.
Traffic initiated by the pool members will have the source address translated to a self-IP address

but the destination address will not be changed.

B.
Traffic initiated to the virtual server will have the destination address translated to a pool member
address and the source address. Traffic initiated to the virtual server will have the destination
address translated to a pool member. address and the source address translated to a self-IP
address.

C.
Traffic initiated by selected clients, based on their IP address, will have the source address

translated to a self-IP address but the destination will only be translated if the traffic is destined to

the virtual server.

D.
Traffic initiated to the virtual server will have the destination address translated to a pool member
address and the source address. Traffic initiated to the virtual server will have the destination
address translated to a pool member. address and the source address translated to a self-

IP address. Traffic arriving destined to other destinations will have the source translated to a self-
IP

"Pass Any Exam. Any Time." - www.actualtests.com 145

 F5 101 Exam
address only.

Answer: B
Explanation:

QUESTION NO: 253

Which VLANs must be enabled for a SNAT to perform as desired (translating only desired

packets)?

A.
The SNAT must be enabled for all VLANs.

B.
The SNAT must be enabled for the VLANs where desired packets

leave the BIG-IP.

C.
The SNAT must be enabled for the VLANs where desired packets arrive on the BIG-IP.

D.
The SNAT must be enabled for the VLANs where desired packets arrive and leave the BIG-

IP.

Answer: C
Explanation:

QUESTION NO: 254

A BIG-IP has a virtual server at 150.150.10.10:80 with SNAT automap configured. This BIG-

IP also has a SNAT at 150.150.10.11 set for a source address range of 200.200.1.0 /
255.255.255.0. All other settings are at their default states. If a client with the IP address
200.200.1.1 sends a request to the virtual server, what is the source IP address when the
associated packet is sent to the pool member?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 146
 F5 101 Exam
200.200.1.1

B.
150.150.10.11

C.
Floating self IP address on VLAN where the packet leaves the system

D.
Floating self IP address on VLAN where the packet arrives on the system

Answer: C
Explanation:

QUESTION NO: 255

Which IP address will the client address be changed to when SNAT automap is specified within a

Virtual Server configuration?

A.
The floating self IP address on the VLAN where the packet

leaves the system.

B.
The floating self IP address on the VLAN where the packet arrives on the system.

C.
It will alternate between the floating and nonfloating self IP address on the VLAN where the

packet leaves the system so that port exhaustion is avoided.

D.
It will alternate between the floating and nonfloating self IP address on the VLAN where the

packet arrives on the system so that port exhaustion is avoided.

Answer: A
Explanation:

QUESTION NO: 256

"Pass Any Exam. Any Time." - www.actualtests.com 147
 F5 101 Exam
A virtual server at 10.10.1.100:80 has the rule listed below applied. when HTTP_REQUEST { if

{[HTTP::uri] ends_with "htm" } { pool pool1 } elseif {[HTTP::uri] ends_with "xt" } { pool pool2 } If a
user connects to http://10.10.1.100/foo.txt which pool will receive the request.

A.
pool1

B.
pool2

C.
None. The request will be dropped.

D.
Unknown. The pool cannot be determined from the information provided.

Answer: B
Explanation:

QUESTION NO: 257

Which statement is true concerning iRule events.

A.
All iRule events relate to HTTP processes.

B.
All client traffic has data that could be used to trigger iRule events.

C.
All iRule events are appropriate at any point in the client-server communication.

D.
If an iRule references an event that doesn't occur during the client's communication, the client's

connection will be terminated prematurely.

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 148

 F5 101 Exam
QUESTION NO: 258

Which three iRule events are likely to be seen in iRules designed to select a pool for load

balancing. (Choose 3)

A.
CLIENT_DATA

B.
SERVER_DATA

C.
HTTP_REQUEST

D.
HTTP_RESPONSE

E.
CLIENT_ACCEPTED

F.
SERVER_SELECTED

G.
SERVER_CONNECTED

Answer: A,C,E
Explanation:

QUESTION NO: 259

Which event is always triggered when a client initially connects to a virtual server configured with

an HTTP profile?

A.
HTTP_DATA

B.
CLIENT_DATA

C.
HTTP_REQUEST

"Pass Any Exam. Any Time." - www.actualtests.com 149

 F5 101 Exam
D.
CLIENT_ACCEPTED

Answer: D
Explanation:

QUESTION NO: 260

A virtual server is listening at 10.10.1.100:80 and has the following iRule associated with it:

If a user connects to http://10.10.1.100/foo.html, which pool will receive the request?

A.
pool1

B.
pool2

C.
None. The request will be dropped.

D.
Unknown. The pool cannot be determined from the information provided.

Answer: D
Explanation:

QUESTION NO: 261

A virtual server is listening at 10.10.1.100:any and has the following iRule associated with it:

"Pass Any Exam. Any Time." - www.actualtests.com 150

 F5 101 Exam

A.
pool1

B.
pool2

C.
None. The request will be dropped.

D.
Unknown. The pool cannot be determined from the information provided.

Answer: D
Explanation:

QUESTION NO: 262

Which statement is true about the synchronization process, as performed by the Configuration

Utility or by typing b config sync all?

A.
The process should always be run from the standby system.

B.
The process should always be run from the system with the latest configuration.

C.
The two /config/BIG-IP.conf configuration files are synchronized (made identical) each time the

process is run.

D.
Multiple files, including /config/BIG-IP.conf and /config/BIG-IP_base.conf, are synchronized

(made identical) each time the process is run.

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 151

 F5 101 Exam
Explanation:

QUESTION NO: 263

Which statement is true concerning the default communication between a redundant pair of BIG-IP
devices?

A.
Communication between the systems cannot be effected by port lockdown settings.

B.
Data for both connection and persistence mirroring are shared

through the same TCP connection.

C.
Regardless of the configuration, some data is communicated between the systems at regular

intervals.

D.
Connection mirroring data is shared through the serial failover cable unless network failover is

enabled.

Answer: B
Explanation:

QUESTION NO: 264

When upgrading a BIG-IP redundant pair, what happens when one system has been updated but

the other has not?

A.
Synching should not be performed.

B.
The first system to be updated will assume the Active role.

C.
"Pass Any Exam. Any Time." - www.actualtests.com 152
 F5 101 Exam
This is not possible since both systems are updated simultaneously.

D.
The older system will issue SNMP traps indicating a communication error with the partner.

Answer: A
Explanation:

QUESTION NO: 265

When using the setup utility to configure a redundant pair, you are asked to provide a "Failover

Peer IP". Which address is this?

A.
an address of the other system in its management network

B.
an address of the other system in a redundant pair configuration

C.
an address on the current system used to listen for failover messages from the partner BIG-IP

D.
an address on the current system used to initiate mirroring and network failover heartbeat

messages

Answer: B
Explanation:

QUESTION NO: 266

Which two statements describe differences between the active and standby systems? (Choose

two.)

A.
Monitors are performed only by the active system.

"Pass Any Exam. Any Time." - www.actualtests.com 153

 F5 101 Exam
B.
Failover triggers only cause changes on the active system.

C.
Virtual server addresses are hosted only by the active system.

D.
Configuration changes can only be made on the active system.

E.
Floating self-IP addresses are hosted only by the active system.

Answer: C,E
Explanation:

QUESTION NO: 267

Assuming other failover settings are at their default state, what would occur if the failover cable
were to be disconnected for five seconds and then reconnected.

A.
As long as network communication is not lost, no change will occur.

B.
Nothing. Failover due to loss of voltage will not occur if the voltage is lost for less than ten

seconds.

C.
When the cable is disconnected, both systems will become active. When

the voltage is restored, unit two will revert to standby mode.

D.
When the cable is disconnected, both systems will become active. When the voltage is restored,

both systems will maintain active mode.

Answer: C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 154

 F5 101 Exam
QUESTION NO: 268

Given that VLAN failsafe is enabled on the external VLAN and the network that the active BIG-IP's
external VLAN is connected to has failed, which statement is always true about the results?

A.
The active system will note the failure in the HA table.

B.
The active system will reboot and the standby system will go into active mode.

C.
The active system will failover and the standby system will go into active mode.

D.
The active system will restart the traffic management module to eliminate the possibility that BIG-
IP is the cause for the network failure.

Answer: A
Explanation:

QUESTION NO: 269

Assuming there are open connections through an active system's virtual servers and a failover
occurs, by default, what happens to the connections?

A.
All open connections are lost.

B.
All open connections are maintained.

C.
When persistence mirroring is enabled, open connections are maintained even if a failover

occurs.

D.
Long-lived connections such as Telnet and FTP are maintained, but short-lived connections such

as HTTP are lost.

E.

"Pass Any Exam. Any Time." - www.actualtests.com 155

 F5 101 Exam
All open connections are lost, but new connections are initiated by the newly active BIG-IP,

resulting in minimal client downtime.

Answer: A
Explanation:

QUESTION NO: 270

How is MAC masquerading configured?

A.
Specify the desired MAC address for each VLAN for which you want this feature enabled.

B.
Specify the desired MAC address for each self-IP address for which you want this feature

enabled.

C.
Specify the desired MAC address for each VLAN on the active system and synchronize the

systems.

D.
Specify the desired MAC address for each floating self-IP address for which you want this feature
enabled.

Answer: A
Explanation:

QUESTION NO: 271

Which action will take place when a failover trigger is detected by the active system?

A.
The active device will take the action specified for the failure.

B.
The standby device also detects the failure and assumes the active role.
"Pass Any Exam. Any Time." - www.actualtests.com 156
 F5 101 Exam
C.
The active device will wait for all connections to terminate and then failover.

D.
The standby device will begin processing virtual servers that have failed, but the active device will
continue servicing the functional virtual servers.

Answer: A
Explanation:

QUESTION NO: 272

Assuming that systems are synchronized, which action could take place if the failover cable is

connected correctly and working properly, but the systems cannot communicate over the network

due to extern al network problems.

A.
If network failover is enabled, the standby system will assume the active mode.

B.
Whether or not network failover is enabled, the standby system will stay in standby mode.

C.
Whether or not network failover is enabled, the standby system will assume the active mode.

D.
If network failover is enabled, the standby system will go into active mode but only until the

network recovers.

Answer: B
Explanation:

QUESTION NO: 273

Which statement is true concerning iRule context?

A.
The iRule event declaration determines the context.
"Pass Any Exam. Any Time." - www.actualtests.com 157
 F5 101 Exam
B.
The context must be explicitly declared.

C.
The rule command determines the context.

D.
The results of the iRule's conditional statement determines the context.

Answer: A
Explanation:

QUESTION NO: 274

The following iRule is being used within a persistence profile on a virtual server. Assuming the

following HTTP requests are made within the same timeout window, what is the maximum

number of persistence records that will be created iRule:

A.
4

B.
3

C.
10

"Pass Any Exam. Any Time." - www.actualtests.com 158

 F5 101 Exam
D.
It cannot be determined from the given data.

E.
5

F.
1

G.
0

Answer: A
Explanation:

QUESTION NO: 275

Which statement is true concerning SNATs using SNAT pools and SNATs using automap?

A.
SNAT s using automap preferentially translate source addresses to nonfloating self-IP addresses.

B.
SNAT s using a SNAT pool translate source addresses randomly to any of the addresses in the

SNAT pool.

C.
SNAT s using automap translate source addresses randomly to any of the BIG-IP's floating self-IP
addresses.

D.
A SNAT pool can contain virtual server addresses.

Answer: A
Explanation:

QUESTION NO: 276

Why would an administrator capture monitor traffic between a BIG-IP and servers?

"Pass Any Exam. Any Time." - www.actualtests.com 159

 F5 101 Exam
A.
Viewing monitor traffic could help the administrator to define a more robust monitor.

B.
If a client were having difficulty logging into a load balanced SSH server, viewing and analyzing

the connection process would determine the reason.

C.
Only client traffic may be captured; monitor traffic may not be captured.

D.
If client traffic to servers was failing, viewing and analyzing monitor traffic would determine the

reason.

Answer: A
Explanation:

QUESTION NO: 277

When a pool is created and saved to file, where is the default file and location for the pool
configuration? When a pool is created and saved to file, where is the default file and location for
the pool configuration?

A.
/config/BIG-IP_base.conf

B.
lconfig/BIG-IP.conf

C.
/etc/BIG-IP_base.conf

D.
/config/BigDB.dat

Answer: B
Explanation:

QUESTION NO: 278

"Pass Any Exam. Any Time." - www.actualtests.com 160

 F5 101 Exam
Which statement is true concerning packet filters?

A.
In addition to administrator-created filters, three always exists a "deny all" filter that processes

traffic last.

B.
Filters cannot prevent access to the management port.

C.
The order of filters does not affect which traffic is accepted or denied.

D.
Filters cannot prevent the BIG_IP synching process from taking place.

Answer: B
Explanation:

QUESTION NO: 279

Which action CANNOT be performed by an iRule?

A.
Direct a connection request to a specific pool.

B.
Substitute a server's response with alternate data.

C.
Chang the virtual server's default pool.

D.
Direct a client's request to a pool based on the client's browser's language.

E.
Limit a given client to a set amount of bandwidth.

F.
Discard a client before connecting to a server.

Answer: C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 161

 F5 101 Exam

QUESTION NO: 280

Which persistence method will always recognize a client when the client returns to the same

virtual server?

A.
SSL

B.
MSRDP

C.
expression [universal]

D.
No persistence method work in all situations.

E.
source address

Answer: D
Explanation:

QUESTION NO: 281

Which are immediate results of entering the following command:

A.
Requests sent to this BIG-IP system with a destination port of 80 are load balanced between the
members of PoolA.

B.
No changes will take place since the command is missing the monitor component for PoolA.

C.
The /config/BIG-IP.cinf file is updated to include a definition for the pool named

"Pass Any Exam. Any Time." - www.actualtests.com 162

 F5 101 Exam
PoolA.

D.
A new pool is available for association with any iRule or virtual server.

Answer: D
Explanation:

QUESTION NO: 282

Which three statements are true about SNATs? (Choose three.)

A.
SNAT s provide bidirectional traffic initiation.

B.
SNAT s support UDP, TCP, and ICMP traffic.

C.
SNAT s provide a many-to-one mapping between IP addresses.

D.
SNAT addresses can be identical to virtual server IP addresses.

Answer: B,C
Explanation:

QUESTION NO: 283

Given the configuration shown below, if a connection request arrived on the BIG-IP with a source

address of 200.10.10.10:1050 and a destination of 150.10.10.75:80, what would the source IP

address of the associated packet be when it arrived on the choosen member of the web_pool self

150.10.10.1 { netmask 255.255.255.0 unit I floating enable vlan external allow tcp https } self
10.10.1.1 { netmask 255.255.255.0 unit I floating enable vlan internal allow default } pool

web_pool { member 10.10.1.11:80 member 10.10.1.12:80 member 10.10.1.13:80 }snatpool

client_pool { member 10.10.1.100 member 150.10.10.15 }virtual VS_web { destination

"Pass Any Exam. Any Time." - www.actualtests.com 163
 F5 101 Exam
150.10.10.10:80 ip protocol tcp snat automap pool web_pool }virtual VS_network{ destination

150.10.1 0.0:any mask 255.255.255.0 snatpool client_pool ip protocol tcp pool web_pool } virtual

VS_network { destination 150.10.1 0.0:any mask 255.255.255.0 snatpool client_pool ip protocol

tcp pool web_pool } virtual VS_network { destination 150.10.10.0:any mask 255.255.255.0

snatpool client_pool ip protocol tcp pool web_pool }

A.
10.10.1.IA.10.10.1.1

B.
200.10.10.I0D.200.10.10.10

C.
10.10.1.I00B.10.10.1.100

D.
150.10.10.15C.150.10.10.15

Answer: C
Explanation:

QUESTION NO: 284

When a virtual server has an HTTP profile with compression enabled, which traffic is compressed

by the BIG-IP?

A.
selected traffic from the BIG-IP to the client

B.
all sever-side traffic for that virtual server

C.
selected traffic from the pool member to the BIG-IP

D.
all client-side traffic for that virtual server

Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com 164

 F5 101 Exam
Explanation:

QUESTION NO: 285

An LTM has the 3 virtual servers, 2 SNATs, four self IP addresses defined, and the networks
shown in the exhibit. Selected options for each object are shown below. Settings not shown are at
their defaults. Assume port exhaustion has not been reached.

A connection attempt is made with a source IP and port of 10.10.100.50:2222 and a destination

IP and port of 10.10.2.10:80. When the request is processed, what will be the source and
destination IP addresses?

"Pass Any Exam. Any Time." - www.actualtests.com 165

 F5 101 Exam

A.
The request will be droped.

B.
Source IP: 10.10.2.1; Destination IP: 10.10.2.10

C.
Source IP: 10.10.2.102; Destination IP 10.10.2.10

D.
Source IP: Either 172.16.20.50 or 192.168.10.50; Destination IP: 10.10.2.10

E.
Source IP: 10.10.2.1; Destination IP: pool in the 172.16/16 network C

Answer: D
Explanation:

QUESTION NO: 286

Which three parameters could be used to determine whether a connection request will have the

source address translated as the request is processed? (Choose three.)

A.
the client's router's IP address

B.
the client's browser's preferred language

C.

"Pass Any Exam. Any Time." - www.actualtests.com 166

 F5 101 Exam
the client's IP netmask

D.
the client's TCP port

E.
the client's IP address

F.
the client IP fragment offset

Answer: B,D,E
Explanation:

QUESTION NO: 287

A BIG-IP has the following objects configured:

A virtual server at 150.10.30.30:80 that is associated with both the SNAT pool and the

load balancing pool. If a client at IP address 200.10.10.10 initiates a connection to the virtual

server, what will the source IP address be in the packets sent to the chosen pool member?

A.
150.10.33.33

B.
10.10.1.33

C.
10.10.1.10

D.
150.10.30.30

E.
200.10.10.10

"Pass Any Exam. Any Time." - www.actualtests.com 167

 F5 101 Exam
F.
It could be any of the addresses of the members of the load balancing pool.

Answer: B
Explanation:

QUESTION NO: 288

What does the insert X-Forwarded option in an HTTP profile do?

A.
A BIG-IP self-IP is inserted in the source address field on the server-side connection.

B.
A BIG-IP self-IP is inserted in the source address field on the client-side connection.

C.
The client IP addresses are inserted into messages sent to remote syslog servers.

D.
The client IP addresses are inserted into HTTP header.

Answer: D
Explanation:

QUESTION NO: 289

When defining a load balancing pool using the command line, if the load balancing method is not

specified, what is the result?

A.
The default load balancing method would be used.

B.
The load balancing method of the previous pool would be used.

C.
The system would prompt the user for a load balancing method.

"Pass Any Exam. Any Time." - www.actualtests.com 168

 F5 101 Exam
D.
An error would be displayed since no load balancing method was specified.

Answer: A
Explanation:

QUESTION NO: 290

What occurs when a save-config command is issued?

A.
The current configuration files are backed up.

B.
The current configuration files are verified for syntax, then the running configuration is installed in
memory.

C.
The current configuration files are loaded into memory.

D.
The current configuration files are saved into an archive format.

Answer: A
Explanation:

QUESTION NO: 291

How many events can be referenced in a given iRule?

A.
iRules are limited to one event, but a virtual server could be associated with multiple rules.

B.
iRules can have multiple events.

C.
Exactly one.

D.
"Pass Any Exam. Any Time." - www.actualtests.com 169
 F5 101 Exam
iRules can have up to event if one is client-side and one is server-side.

Answer: B
Explanation:

QUESTION NO: 292

Which statement is true regarding OneConnect processing?

A.
The virtual server must have UDP profile.

B.
Server-side request can utilize existing client-side connections.

C.
The number of client connection is reduced.

D.
Client-side request can utilize existing server-side connections.

Answer: D
Explanation:

QUESTION NO: 293

Which tool is used on BIG-IP systems to capture data packets?

A.
tcpdump

B.
snoop

C.
ethereal

D.
qkview

"Pass Any Exam. Any Time." - www.actualtests.com 170

 F5 101 Exam
Answer: A
Explanation:

QUESTION NO: 294

Which statement concerning virtual servers is true?

A.
Virtual servers can keep idle server connections open indefinitely.

B.
Virtual servers can compress data between the BIG-IP and servers.

C.
Virtual servers cannot perform load balancing without performing address translation.

D.
Virtual servers can reuse connections between the BIG-IP and server for multiple HTTP GETs.

E.
Virtual server processing always translates the virtual server address to the address of the

chosen pool member.

Answer: D
Explanation:

QUESTION NO: 295

Click the Exhibit Button an LTM has the 3 virtual servers, a SNAT defined, four self IP addresses

defined and the networks shown in the exhibit. Selected options for each object are shown

below. Settings not shown are at their defaults.

"Pass Any Exam. Any Time." - www.actualtests.com 171

 F5 101 Exam

A connection attempt is made with a source IP and port of 10.20.100.50:80 and a destination IP

and port of 10.10.2.10:80. When the request is processed, what will be the source and

destination IP addresses?

A.
The request will be dropped.

B.
Source IP: Either 172.16.20.50 or 192.168.10.50; Destination IP: 10.10.2010

C.
Source IP: 10.20.100.50; Destination IP: 10.10.2.10

D.
Source IP: 10.10.2.1; Destination IP: 10.10.2.10
"Pass Any Exam. Any Time." - www.actualtests.com 172
 F5 101 Exam
Answer: B
Explanation:

QUESTION NO: 296

A BIG-IP has the following objects configured: A SNAT pool with 2 members:

A virtual server at 150.10.30.30:80 that is associated with both the SNAT pool and the

load balancing pool. If a client at IP address 200.10.10.10 initiates a connection to the virtual

server, what will the source IP address be in the packets sent to the chosen pool

member?

A.
150.10.30.30

B.
150.10.33.33

C.
10.10.1.10

D.
It could be any of the addresses of the members of the load balancing pool.

E.
10.10.1.33

F.
200.10.10.10

Answer: E

"Pass Any Exam. Any Time." - www.actualtests.com 173

 F5 101 Exam
Explanation:

QUESTION NO: 297

Which is a potential result when a trunk is configured on a BIG-IP?

A.
No additional trunks can be configuration since each BIG-IP is limited to one trunk

B.
Packets flowing to the VLAN could arrive on any of the interfaces in the trunk

C.
Since any VLANs associated with the trunk are necessarily associated with multiple interfaces,

the VLAN using the must use tagged packets.

D.
VLAN failsafe is not available for any VLAN associated with any trunks.

Answer: B
Explanation:

QUESTION NO: 298

Which two statements are true concerning capabilities of current BIG-IP platforms? (Choose two.)

A.
The 1600 hosts more ports than the 3900.

B.
All current BIG-IP platform use both an ASIC. And CPU(s)to process traffic.

C.
All current BIG-IP platform can perform hardware compression.

D.
Only 2U BIG-IP Platform have an option of a second power supply.

E.
All BIG-IP have capacity to perform bulk encryption I decryption of SSL traffic independent of the
"Pass Any Exam. Any Time." - www.actualtests.com 174
 F5 101 Exam
CPU.

Answer: B,E
Explanation:

QUESTION NO: 299

Which is the result when multiple monitors are assigned to a pool member?

A.
The member is marked available if sufficient monitors succeed, and as unavailable if insufficient

monitors succeed.

B.
The member is marked as available if any of the monitors succeed.

C.
The member is marked as unavailable if any of the monitors fails.

D.
The member is marked available if all monitors succeed, and as marginal if one or more monitors
fail(s).

Answer: A
Explanation:

QUESTION NO: 300

An LTM has the 3 virtual servers, four self IP addresses defined and the networks shown in the

exhibit. Selected options for each object are shown below. Settings not shown are at their

defaults.

"Pass Any Exam. Any Time." - www.actualtests.com 175

 F5 101 Exam

A connection attempt is made with a source IP and port of 10.20.100.50:2222 and a destination

IP and port of 10.10.2.102:80.

When the request is processed, what will be the destination IP address?

A.
Destination IP: 10.10.2.102

B.
The request will be dropped.

C.

"Pass Any Exam. Any Time." - www.actualtests.com 176

 F5 101 Exam
Destination IP: pool member in the 192.168/16 network

D.
Destination IP: pool member in the 172.16/16 network

Answer: C
Explanation:

QUESTION NO: 301

An LTM has the 3 virtual servers, a SNAT, four self IP addresses defined and the networks

shown in the exhibit. Selected options for each object are shown below. Settings not shown are at

their defaults.

A connection attempt is made with a source IP and port of 10.20.100.50:2222 and a destination

IP and port of 10.10.2.102:80.

When the request is processed, what will be the destination IP address?

"Pass Any Exam. Any Time." - www.actualtests.com 177

 F5 101 Exam

A.
Destination IP: 10.10.2.10

B.
Destination IP: pool member in the 192.168/16 network.

C.
Destination IP: pool member in the 172.16/16

network

D.
The request will be dropped.

Answer: A
Explanation:

QUESTION NO: 302

A site wishes to use an external monitor. Other than what is coded in the monitor script, what

information must be configured on the BIG-IP for the monitor to be functional? (Choose two.)

A.
BIG-IP services that are running on the system to be tested.

B.
BIG-IP the IP addresses of the devices that will be tested. Must know which

C.
BIG-IP node or member the result are to be applied to. Must know all

"Pass Any Exam. Any Time." - www.actualtests.com 178

 F5 101 Exam
D.
BIG-IP must know the name of the program.

E.
BIG-IP must know which function the program is going to test. Must know

Answer: C,D
Explanation:

QUESTION NO: 303

Which statement describes advanced shell access correctly?

A.
Users with advanced shell access can always change, add, or delete LTM objects in all partition.

B.
Users with advance shell access are limited to changing, adding, or deleting LTM object in any

single partition.

C.
Users with advance shell access have the same right as those with mesh access, but right extend

to all partition rather than to a single partition.

D.
All Users can be given advanced shell access.

Answer: A
Explanation:

QUESTION NO: 304

Which statement describes advanced shell access correctly? Which statement describes

advanced shell access correctly?

A.
The context determines the values of commands that vary between client and server.
"Pass Any Exam. Any Time." - www.actualtests.com 179
 F5 101 Exam
B.
The context has no impact on events.

C.
The context determines which events are available for iRule processing.

D.
The context determines which pools are available for load balancing.

Answer: A
Explanation:

QUESTION NO: 305

An LTM has the 3 virtual servers, 2 SNATs, four self IP addresses defined and the networks

shown in the graphic below. Selected options for each object are shown below. Settings not

shown are at their defaults. Assume port exhaustion has not been reached.

A connection attempt is made with a source IP and port of 10.20.10.50:2222 and a destination IP

and port of 10.10.2.102:80.

When the request is processed, what will be the source and destination IP addresses?

"Pass Any Exam. Any Time." - www.actualtests.com 180

 F5 101 Exam

A.
Source IP: 10.20.10.50; Destination IP: pool member in the 172.16/16 network

B.
Source IP: 172316.20.50; Destination IP: pool member in the 182.16/16 network

C.
Source IP: 192.168.1.1; Destination IP: pool member in the 192.168/16 network

D.
The request will be dropped.

E.
Source IP: 10.20.10.50; Destination IP: pool member in the 192.168/16

network

F.
Source IP: 182.16.1.1; Destination IP: pool member in the 172316/16 network

G.
Source IP: 192.168.10.50; Destination IP: pool member in the 192.168/16 network

H.
Source IP:192.168.10.50; Destination IP: pool member in the 192.168./16 network

Answer: F
Explanation:

QUESTION NO: 306

The partial configuration below includes an iRule, a virtual server, and pools. When traffic from

"Pass Any Exam. Any Time." - www.actualtests.com 181

 F5 101 Exam
the client at 160.10.10.10:2056 connects to the virtual server Test_VS and sends an HTTP

request, what will the client's source address be translated to as the traffic is sent to the chosen

pool member?

A.
160.10.10.IOC.160.10.10.10

B.
It could be either 10.10.10.10 or 10.10.10.11.E.It could be either 10.10.10.10 or 10.10.10.11.

C.
10.10.10.2

D.
200.10.10.1D.200.10.10.1

E.
10.10.10.1

Answer: E

QUESTION NO: 307

What is the expected difference between two source address persistence profiles if profile A has

a mask of 255.255.255.0 and profile B has a mask of 255.255.0.0?

A.
Profile A will have more clients matching existing persistence records.

B.
There are no detectable differences.

C.
Profile B has a greater potential number of persistence records.

"Pass Any Exam. Any Time." - www.actualtests.com 182

 F5 101 Exam
D.
Profile B will have fewer persistence records for the sane client base.

Answer: D
Explanation:

QUESTION NO: 308

A BIG-IP has two SNATs, a pool of DNS servers and a virtual server configured to load balance

UDP traffic to the DNS servers. One SNAT's address is 64.100.130.10; this SNAT is defined for

all addresses. The second SNAT's address is 64.100.130.20; this SNAT is defined for three

specific addresses, 172.16.3.54, 172.16.3.55, and 172.16.3.56. The virtual server's destination is

64.100.130.30:53. The SNATs and virtual server have default VLAN associations. If a client with

IP address 172.16.3.55 initiates a request to the virtual server, what is the source IP address of

the packet as it reaches the chosen DNS server?

A.
64.100.130.30

B.
172.16.3.55

C.
64.100.130.20

D.
64.100.130.10

Answer: C
Explanation:

QUESTION NO: 309

A, steaming profile will do which of the following?

"Pass Any Exam. Any Time." - www.actualtests.com 183

 F5 101 Exam
A.
Search and replace all occurrences of a specified string only is responses processed by a virtual

server.

B.
Search and replace all occurrences of a specified string only in request processed by a virtual

server.

C.
Search and replace all occurrences of a specified string in requests and responses processed by

a virtual server.

D.
Search and replace the first occurrence of a specified of a specified string in either a request or

response processed by a virtual server.

Answer: C
Explanation:

QUESTION NO: 310

A monitor has been defined using the HTTP monitor template. The send and receive strings were

customized, but all other settings were left at their defaults. Which resources can the monitor be

assigned to?

A.
only specific pool members

B.
most virtual severs

C.
most nodes

D.
most pools

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 184

 F5 101 Exam
Explanation:

QUESTION NO: 311

When DNS_REV is used as the probe protocol by the GTM System, which information is

expected in the response from the probe?

A.
a reverse name lookup of the GTM System

B.
the list of root servers known by the local DNS

C.
the FQDN of the local DNS being probed for metric information

D.
the revision number of BIND running on the requesting DNS server

Answer: C
Explanation:

QUESTION NO: 312

Which three can be a part of a pool's definition? (Choose three.)

A.
Link

B.
Monitors

C.
Wide IPs

D.
Persistence

E.
Data Centers
"Pass Any Exam. Any Time." - www.actualtests.com 185
 F5 101 Exam
F.
Virtual Servers

Answer: B,D,F
Explanation:

QUESTION NO: 313

Which two must be included in a Wide-IP definition for the Wide-IP to resolve a DNS query?

(Choose two.)

A.
a name

B.
a monitor

C.
a load balancing method

D.
one or more virtual servers

Answer: A,C
Explanation:

QUESTION NO: 314

A GTM System would like to ensure that a given LTM System is reachable and iQuery
communication is allowed prior to sending it client request. What would be the simplest monitor

template to use?

A.
TCP

B.
ICMP

C.
"Pass Any Exam. Any Time." - www.actualtests.com 186
 F5 101 Exam
HTTP

D.
BIG-IP

E.
SNMP

Answer: D
Explanation:

QUESTION NO: 315

Which two ports must be enabled to establish communication between GTM Systems and other

BIG IP Systems? (Choose two.)

A.
22

B.
53

C.
443

D.
4353

E.
4354

Answer: A,D
Explanation:

QUESTION NO: 316

When probing LDNSs, which protocol is used by default?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 187
 F5 101 Exam
TCP

B.
ICMP

C.
DNS_REV

D.
DNS_DOT

Answer: B
Explanation:

QUESTION NO: 317

Which of the following platforms support both standalone and modular BIG-IP ASM

implementations? (Choose 2)

A.
3900

B.
6800

C.
6900

D.
8800

Answer: A,C
Explanation:

QUESTION NO: 318

Use a proprietary syntax language. Must contain at least one event declaration. Must contain at

least one conditional statement. Must contain at least one pool assignment statement. What must

"Pass Any Exam. Any Time." - www.actualtests.com 188

 F5 101 Exam
be sent to the license server to generate a new license?

A.
the system's dossier

B.
the system's base license

C.
the system's serial number

D.
the system's purchase order number

Answer: A
Explanation:

QUESTION NO: 319

What is the difference between primary and secondary DNS servers?

A.
Only primary servers can issue authoritative responses.

B.
Primary servers host the original copy of the zone database file.

C.
Primary servers resolve names more efficiently than secondary servers.

D.
Secondary servers act as backups and will respond only if the primary fails.

Answer: B
Explanation:

QUESTION NO: 320

If the config tool is complete, which two access methods are available by default for GTM

"Pass Any Exam. Any Time." - www.actualtests.com 189

 F5 101 Exam
administration and configuration? (Choose two.)

A.
network access via http

B.
network access via https

C.
network access via telnet

D.
direct access via serial port

Answer: B,D
Explanation:

QUESTION NO: 321

A GTM System performs a name resolution that is not a Wide-IP. The name is in a domain for

which the GTM System is authoritative. Where does the information come from?

A.
It comes from BIND database (zone) files on the GTM System.

B.
GTM System cannot resolve a host name that is not a Wide-IP.

C.
It comes from the database of previously cached

name resolutions.

D.
It comes from a zone transfer initiated when the request was received.

Answer: A
Explanation:

QUESTION NO: 322

"Pass Any Exam. Any Time." - www.actualtests.com 190
 F5 101 Exam
A site wishes to delegate the name .wmysite.com to a GTM System. Which entry would be

appropriate in their current DNS servers?

A.
vww.mysite.com. IN A 132.26.33.15

B.
15.33.addrin.arpa.com IN PRT .wiw.mysite.com.

C.
iw.mysite.com. IN CNAME wwip.mysite.com.

D.
wwmysite.com. IN DEL wiwGTM.mysite.com.

Answer: C
Explanation:

QUESTION NO: 323

Which statement about root DNS servers is true?

A.
Root servers have databases of all registered DNS servers.

B.
Root servers have databases of the DNS servers for top-level domains.

C.
Root servers have databases of DNS servers for each geographical area. They direct requests to

appropriate LDNS servers.

D.
Root servers have databases of commonly accessed sites. They also cache entries for additional

servers as requests are made.

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 191

 F5 101 Exam
QUESTION NO: 324

What is the advantage of specifying three load balancing methods when load balancing within

pools?

A.
Specifying three methods allows the GTM System to use all three methods simultaneously.

B.
Specifying three methods allows the GTM System to choose the optimal method for each name

resolution.

C.
Specifying three methods allows the GTM System alternate methods if insufficient data is

available for other methods.

D.
Specifying three methods allows the GTM System to rotate between the three methods so that no

one method is used too often.

Answer: C
Explanation:

QUESTION NO: 325

A pool is using Round Trip Time as its load balancing method (Alternate: Round Robin; Fallback:

None). The last five resolutions have been C, D, C, D, C. Given the current conditions shown in

the table below, which address will be used for the next resolution?

"Pass Any Exam. Any Time." - www.actualtests.com 192

 F5 101 Exam
A.
A

B.
B

C.
C

D.
D

Answer: B
Explanation:

QUESTION NO: 326

A pool is using Global Availability as its load balancing method (Alternate:Round Robin; Fallback:
Return to DNS). The last five resolutions have been C, D, C, D, C. Given the current conditions
shown in the table, which address will be used for the next resolution?

A.
A

B.
B

C.
C

D.
D

Answer: B
Explanation:

QUESTION NO: 327

What are some changes that must be made on the GTM System so that log messages are sent

"Pass Any Exam. Any Time." - www.actualtests.com 193

 F5 101 Exam
to centralized System Log servers?

A.
The IP address of the server must be added to the wideip.conf file.

B.
The IP address of the server must be added to the syslogng.conf file.

C.
The IP address of the server and valid user id/password combination must be added to the

hosts.allow file.

D.
The IP address of the server and valid user id/password combination must be added to the syslog

ng.conf file.

Answer: B
Explanation:

QUESTION NO: 328

What are two advantages of the Quality of Service (QoS) load balancing method? (Choose two.)

A.
It resolves requests to the site with the highest QoS value in the IP header.

B.
It combines multiple load balancing metric values in a single load balancing method.

C.
It allows the GTM administrator to place relative values on each metric used to determine the

optimum site.

D.
It allows the GTM System to select the optimum virtual server based on all available path and

server metrics.

Answer: B,C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 194

 F5 101 Exam

QUESTION NO: 329

When is a Virtual Server hosted by an LTM System defined with two IP addresses?

A.
Two addresses are used to define the Virtual Server when it is managed by redundant LTM

Systems.

B.
Two addresses are used to define some Virtual Servers so that the GTM System can choose the

better address when resolving the name.

C.
Two addresses are used to define Virtual Servers when the LTM System hosting it is behind a

firewall that is translating the Virtual Server address.

D.
Two addresses are used to define a Virtual Server when the Wide-IP should resolve to a different

address depending on which LTM System is active.

Answer: C
Explanation:

QUESTION NO: 330

What is a characteristic of iQuery?

A.
It uses SSH.

B.
It uses SSL.

C.
It uses SCP.

D.
It uses HTTPS.
"Pass Any Exam. Any Time." - www.actualtests.com 195
 F5 101 Exam
Answer: B
Explanation:

QUESTION NO: 331

Listeners that correspond to nonfloating self IP addresses are stored in which configuration file?

A.
/config/BIG-IP.conf

B.
/config/BIG-IP_base.conf

C.
/config/gtm/wideip.conf

D.
/config/BIG-IP_local.conf

Answer: D
Explanation:

QUESTION NO: 332

What is the primary benefit of associating Servers with Data Centers?

A.
The primary benefit is in assigning a single IP address to identify a

Data Center.

B.
The primary benefit is in combining probing metrics. Load balancing decisions can be made more
intelligently.

C.
The primary benefit is administrative. It is easier to remember to add servers when they are

categorized by a physical location.

D.
"Pass Any Exam. Any Time." - www.actualtests.com 196
 F5 101 Exam
The primary benefit is in load balancing. Clients will not be directed to Data Centers that are

separated from them by great distances.

Answer: B
Explanation:

QUESTION NO: 333

Which two are events that can be used to trigger GTM iRule data processing? (Choose two.)

A.
LB_FAILED

B.
DNS_REQUEST

C.
HTTP REQUEST

D.
CLIENT_ACCEPTED

Answer: A,B
Explanation:

QUESTION NO: 334

How do you support non intelligent DNS resolution in an environment with GTM Systems and

standard DNS servers? (Choose two.)

A.
The GTM System must be a secondary server in all of your zones.

B.
Your GTM System must delegate some DNS names to the DNS Servers.

C.
Your DNS servers may delegate some DNS names to the GTM Systems.
"Pass Any Exam. Any Time." - www.actualtests.com 197
 F5 101 Exam
D.
The GTM System may have a Listener set for your DNS server's address.

E.
The GTM System may have a Listener set for the GTM's loopback address.

Answer: C,D
Explanation:

QUESTION NO: 335

iQuery is a proprietary protocol that distributes metrics gathered from which three sources?

(Choose three.)

A.
SNMP

B.
DNS root servers

C.
path probes such as ICMP

D.
monitors from LTM Systems

E.
monitors from Generic Host Servers

Answer: A,C,D
Explanation:

QUESTION NO: 336

What is the purpose of the GTM Systems Address Exclusion List concerning local DNS servers?

A.
to prevent probing of specific local DNSs

"Pass Any Exam. Any Time." - www.actualtests.com 198

 F5 101 Exam
B.
to prevent name resolution to specific Virtual Servers

C.
to prevent name resolution for requests from specific local DNSs

D.
to prevent probing of any local DNS servers by specific F5 devices

Answer: A
Explanation:

QUESTION NO: 337

Which three must be done so that Generic Host Servers can be monitored using SNMP?

(Choose three.)

A.
The SNMP monitor must be added to all BIG-IP Systems.

B.
The Generic Host Server must be running the big3d agent.

C.
The GTM System must be configured for the appropriate MIB.

D.
The Generic Host Server must be added to the GTM Configuration.

E.
The Generic Host Server must be enabled to answer SNMP queries.

Answer: C,D,E
Explanation:

QUESTION NO: 338

Monitors can be assigned to which three resources? (Choose three.)

A.
"Pass Any Exam. Any Time." - www.actualtests.com 199
 F5 101 Exam
Pools

B.
Servers

C.
Wide-IPs

D.
Data Centers

E.
Pool Members

Answer: A,B,E
Explanation:

QUESTION NO: 339

What will likely happen if you were to define a LTM System in the wrong Data Center?

A.
There would be no effect if the LTM System is defined in the wrong Data Center.

B.
The GTM System would not be able to communicate with that LTM System.

C.
Data from probes from that LTM System might result in inaccurate path metrics and load

balancing decisions.

D.
The GTM System would not be able to resolve Wide-IPs to the addresses associated with that

LTM System's Virtual Servers.

Answer: C
Explanation:

QUESTION NO: 340

"Pass Any Exam. Any Time." - www.actualtests.com 200

 F5 101 Exam
When initially configuring the GTM System using the config tool, which two parameters can be

set? (Choose two.)

A.
System hostname

B.
IP Address of management port

C.
IP Address of the external VLAN

D.
Default route for management port

E.
Port lockdown of management port

Answer: B,D
Explanation:

QUESTION NO: 341

Without creating a user defined region, what is the most specific group a topology record can

identify?

A.
city

B.
country

C.
continent

D.
state/province

E.
region of country

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 201

 F5 101 Exam
Explanation:

QUESTION NO: 342

The SNMP monitor can collect data based on which three metrics? (Choose three.)

A.
packet rate

B.
memory utilization

C.
content verification

D.
current connections

E.
hops along the network path

Answer: A,B,D
Explanation:

QUESTION NO: 343

Which facility logs messages concerning GTM System parameters?

A.
local0

B.
local1

C.
local2

D.
local3

"Pass Any Exam. Any Time." - www.actualtests.com 202

 F5 101 Exam
Answer: C
Explanation:

QUESTION NO: 344

When users are created, which three access levels can be granted through the GTM Configuration
Utility? (Choose three.)

A.
Root

B.
Guest

C.
Operator

D.
Administrator

E.
CLI + Web Read Only

Answer: B,C,D
Explanation:

QUESTION NO: 345

The BIG-IP ASM System is configured with a virtual server that contains an HTTP class profile

and the protected pool members are associated within the HTTP class profile pool definition. The

status of this virtual server is unknown (Blue). Which of the following conditions will make this

virtual server become available (Green)?

A.
Assign a successful monitor to the virtual server

B.
Assign a successful monitor to the members of the HTTP class profile pool
"Pass Any Exam. Any Time." - www.actualtests.com 203
 F5 101 Exam
C.
Associate a fallback host to the virtual server and assign a successful monitor to the fallback host

D.
Associate a default pool to the virtual server and assign a successful monitor to the pool members

Answer: D
Explanation:

QUESTION NO: 346

Which of the following does not pertain to protecting the Requested Resource (URI) element?

A.
File type validation

B.
URL name validation

C.
Domain cookie validation

D.
Attack signature validation

Answer: C
Explanation:

QUESTION NO: 347

Which of the following protocol protections is not provided by the Protocol Security Manager?

A.
FTP

B.
SSH

C.
HTTP
"Pass Any Exam. Any Time." - www.actualtests.com 204
 F5 101 Exam
D.
SMTP

Answer: B
Explanation:

QUESTION NO: 348

Which of the following is correct regarding User-defined Attack signatures?

A.
User-defined signatures use an F5-supplied syntax

B.
User-defined signatures may only use regular expressions

C.
Attack signatures may be grouped within system-supplied signatures

D.
User-defined signatures may not be applied globally within the entire policy

Answer: A
Explanation:

QUESTION NO: 349

Which of the following methods of protection is not available within the Protocol Security Manager

for HTTP traffic?

A.
Data guard

B.
Attack signatures

C.
Evasion techniques

"Pass Any Exam. Any Time." - www.actualtests.com 205

 F5 101 Exam
D.
File type enforcement

Answer: B
Explanation:

QUESTION NO: 350

There are many user roles configurable on the BIG-IP ASM System. Which of the following user

roles have access to make changes to ASM policies? (Choose three.)

A.
Guest

B.
Operator

C.
Administrator

D.
Web Application Security Editor

E.
Web Application Security Administrator

Answer: C,D,E
Explanation:

QUESTION NO: 351

Which of the following statements are correct regarding positive and negative security models?

(Choose two.)

A.
Positive security model allows all transactions by default.

B.
"Pass Any Exam. Any Time." - www.actualtests.com 206
 F5 101 Exam
Negative security model denies all transactions by default.

C.
Negative security model allows all transactions by default and rejects only transactions that

contain attacks.

D.
Positive security mode l denies all transactions by default and uses rules that allow only those

transactions that are considered safe and valid.

Answer: C,D
Explanation:

QUESTION NO: 352

Which events are valid iRule events triggered by BIG-IP ASM processing? (Choose two.)

A.
ASM_REQUEST_BLOCKING

B.
ASM_REQUEST_ACCEPTED

C.
ASM_REQUEST_VIOLATION

D.
ASM_RESPONSE_BLOCKING

Answer: A,C
Explanation:

QUESTION NO: 353

Which of the following methods of protection is not available within the Protocol Security Manager

for FTP protection?

"Pass Any Exam. Any Time." - www.actualtests.com 207

 F5 101 Exam
A.
Session timeout

B.
Command length

C.
Allowed commands

D.
Anonymous FTP restriction

Answer: A
Explanation:

QUESTION NO: 354

Logging profiles are assigned to?

A.
HTTP class

B.
Security policies

C.
Web applications

D.
Attack signatures

Answer: C
Explanation:

QUESTION NO: 355

Which of the following is a language used for content provided by a web server to a web client?

A.
FTP
"Pass Any Exam. Any Time." - www.actualtests.com 208
 F5 101 Exam
B.
TCP

C.
HTTP

D.
HTML

Answer: D
Explanation:

QUESTION NO: 356

Which of the following methods are used by the BIG-IP ASM System to protect against SQL
injections?

A.
HTTP RFC compliancy checks

B.
Metacharacter enforcement and attack signatures

C.
HTTP RFC compliancy checks and length restrictions

D.
Response scrubbing, HTTP RFC compliancy checks, and metacharacter enforcement

Answer: B
Explanation:

QUESTION NO: 357

Which of the following can be associated with an XML profile?

A.
Flow

B.
"Pass Any Exam. Any Time." - www.actualtests.com 209
 F5 101 Exam
Method

C.
Parameter

D.
File type

Answer: C
Explanation:

QUESTION NO: 358

An HTTP class is available

A.
on any BIG-IP LTM system

B.
only when ASM is licensed.

C.
only when ASM or WA are licensed.

D.
only when a specific license key is required.

Answer: A
Explanation:

QUESTION NO: 359

Which of the following methods of protection operates on server responses?

A.
Dynamic parameter protection

B.
Response code validation and response scrubbing

"Pass Any Exam. Any Time." - www.actualtests.com 210

 F5 101 Exam
C.
Response code validation and HTTP method validation

D.
HTTP RFC compliancy check and metacharacter enforcement

Answer: B
Explanation:

QUESTION NO: 360

Which of the following is not a configurable parameter data type?

A.
Email

B.
Array

C.
Binary

D.
Decimal

Answer: B
Explanation:

QUESTION NO: 361

When we have a * wildcard entity configured in the File Type section with tightening enabled, the

following may occur when requests are passed through the policy. Which is the most accurate

statement?

A.
File type violations will not be triggered.

B.
"Pass Any Exam. Any Time." - www.actualtests.com 211
 F5 101 Exam
File type violations will be triggered and learning will be available based on these violations.

C.
File type entities will automatically be added to the policy (policy will tighten).

D.
File type violations will not be triggered and the entity learning section will be populated with file
type recommendations.

Answer: B
Explanation:

QUESTION NO: 362

A request is sent to the BIG-IP ASM System that generates a Length error violation. Which of the

following length types provides a valid learning suggestion? (Choose three.)

A.
URL

B.
Cookie

C.
Response

D.
POST data

E.
Query string

Answer: A,D,E
Explanation:

QUESTION NO: 363

There are multiple HTTP class profiles assigned to a virtual server. Each profile has Application

Security enabled. Which statement is true?

"Pass Any Exam. Any Time." - www.actualtests.com 212
 F5 101 Exam
A.
Traffic will process through every HTTP class profile every time.

B.
Traffic will process through the first HTTP class profile that it matches and then stops.

C.
Traffic will process through one HTTP class profile and if the traffic matches another profile, BIG-
IP System will send a redirect to the client.

D.
Traffic will only process through the HTTP class profile that it matches but always processes

through the whole list and will process through each HTTP class profile it matches.

Answer: B
Explanation:

QUESTION NO: 364

A security audit has determined that your web application is vulnerable to a cross site scripting

attack. Which of the following measures are appropriate when building a security policy? (Choose

two.)

A.
Cookie length must be restricted to 1024 bytes.

B.
Attack signature sets must be applied to any user input parameters.

C.
Parameter data entered for explicit objects must be checked for minimum and maximum values.

D.
Parameter data entered for flow level parameters must allow some metacharacters but not

others.

Answer: B,D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 213

 F5 101 Exam
QUESTION NO: 365

The BIG-IP ASM System sets two types of cookies to enforce elements in the security policy. The

two types are main and frame cookies. What is the purpose of the frame cookie? (Choose two.)

A.
Validates domain cookies

B.
Detects session expiration

C.
Stores dynamic parameters and values

D.
Handles dynamic parameter names and flow extractions

Answer: C,D
Explanation:

QUESTION NO: 366

Which statement is correct concerning differences between BIG-IP ASM platforms?

A.
The 3900 has more ports than the 6800.

B.
The 3900 and 6800 have the same number of ports.

C.
The 3900 and 6800 can support both the module and standalone versions of BIG-IP ASM.

D.
The 3900 can support both module and standalone versions of BIG-IP ASM whereas the 6800 can
support only the module version of BIG-IP ASM.

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 214

 F5 101 Exam
QUESTION NO: 367

Which of the following mitigation techniques is based on anomaly detection? (Choose two)

A.
Brute force attack prevention

B.
Cross site request forgery prevention

C.
Web scraping attack prevention

D.
Parameter tampering prevention

Answer: A,C
Explanation:

QUESTION NO: 368

Which of the following are default settings when using the Policy Builder to build a security policy

based on the QA lab deployment scenario? (Choose two.)

A.
All learned entities are placed in staging.

B.
Attack signatures are not placed in staging

C.
The security policy is placed in blocking mode

D.
Tightening is enabled only on file types and parameters.

Answer: B,C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 215