F5 301b 問題集

質問 1：
-- Exhibit-

-- Exhibit --
Refer to the exhibit.
An LTM Specialist is troubleshooting a sync-failover group of three BIG-IP LTM devices.
The command used is "tmsh run cm watch-devicegroup-device."
What does the output mean?
A. Configuration is not synchronized. Some modifications have been done on bigipB.
B. Configuration is synchronized between all the devices.
C. Configuration is not synchronized. Some modifications have been done on bigipC.
D. Configuration is not synchronized. Some modifications have been done on bigipA.
正解：A

質問 2：
-- Exhibit-


-- Exhibit --
Refer to the exhibits.
Which URL on which server is causing the highest latency for users?
A. /slow1.php on 172.16.20.3
B. /Compress.HTML on 172.16.20.1
C. /slow2.php on 172.16.20.1
D. /reflector.php on 172.16.20.2
正解：A

質問 3：
An LTM Specialist configures an HTTP monitor as follows:
ltm monitor http stats_http_monitor {
defaults-from http
destination *:*
interval 5
recv "Health check: OK"
send "GET /stats/stats.html HTTP/1.1\\r\\nHost: www.example.com\\r\\nAccept-
EncodinG.gzip, deflate\\r\\nConnection: close\\r\\n\\r\\n"
time-until-up 0 timeout 16 }
The monitor is marking all nodes as down. A trace of the HTTP conversation shows the following:
GET /stats/stats.html HTTP/1.1 Host: www.example.com Accept-EncodinG.gzip, deflate Connection: close
HTTP/1.1 401 Authorization Required DatE.Tue, 23 Oct 2012 19:38:56 GMT Server: Apache/2.2.15 (Unix) WWW-AuthenticatE.Basic realm="Please enter your credentials" Content-LengtH.480 Connection: close Content-TypE.text/html; charset=iso-8859-1
Which action will resolve the problem?
A. Add a backslash before the colon in the receive string.
B. Add a valid username and password to the monitor.
C. Add an NTLM profile to the virtual server.
D. Use an HTTPS monitor with a valid certificate instead.
正解：B

質問 4：
An LTM Specialist has configured a virtual server for www.example.com, load balancing connections to a pool of application servers that provide a shopping cart application. Cookie persistence is enabled on the virtual server. Users are able to connect to the application, but the user's shopping cart fails to update. A traffic capture shows the following:
Request: GET /cart/updatecart.php HTTP/1.1 Host: www.example.com Connection: keep-alive Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.4 (KHTML,
like Gecko) Chrome/22.0.1229.94 Safari/537.4 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-EncodinG.gzip,deflate,sdch Accept-LanguagE.en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 CookiE.BIGipServerwebstore_pool=353636524.20480.0000
Response:
HTTP/1.1 200 OK
DatE.Wed, 24 Oct 2012 18:00:13 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.1
Set-CookiE.cartID=647A5EA6657828C69DB8188981CB5; path=/;
domain=wb01.example.com
Keep-AlivE.timeout=5, max=100
Connection: Keep-Alive
Content-TypE.text/html
No changes can be made to the application.
What should the LTM Specialist do to resolve the problem?
A. Create a universal persistence profile on the cartID cookie.
B. Create a cookie persistence profile with "match across services" enabled.
C. Use an iRule to rewrite the cartID cookie domain.
D. Enable source address persistence as a fallback persistence method.
正解：C

質問 5：
A failover event is recorded in the following log messages:
Jan 01 00:56:56 BIG-IP notice mcpd[5318]: 01070727:5: Pool /Common/my-pool member /Common/10.0.0.10:80 monitor status down.
Jan 01 00:56:56 BIG-IP notice sod[5855]: 010c0045:5: Leaving active, group score 10 peer group score 20.
Jan 01 00:56:56 BIG-IP notice sod[5855]: 010c0052:5: Standby for traffic group /Common/traffic-group-1.
Jan 01 00:56:56 BIG-IP notice sod[5855]: 010c0018:5: Standby
Jan 01 00:57:06 BIG-IP notice logger: /usr/bin/tmipsecd --tmmcount 4 ==> /usr/bin/bigstart stop racoon
What is the cause of the failover?
A. The HA group score changed.
B. The peer device left the traffic group.
C. The racoon service stopped responding.
D. No traffic is seen on traffic-group-1.
正解：A

質問 6：
Given the iRule:
when HTTP_REQUEST {
if {([HTTP::username] ne "") and ([HTTP::password] ne "") } {
log local0. "client ip [IP::remote_addr] credentials provided [HTTP::username] [HTTP::password]"}
else {
pool old_application_pool
}
}
The associated virtual server has a default pool named new_application_pool.
Which functionality does the iRule provide?
A. Allows clients with credentials to access the old_application_pool and logs the attempted access of clients with credentials to the new_application_pool.
B. Allows clients without credentials to access the old_application_pool and logs the attempted access of clients without credentials to the new_application_pool.
C. Allows clients with credentials to access the old_application_pool and logs the access of clients without credentials to the new_application_pool.
D. Allows clients without credentials to access the old_application_pool and logs the access of clients with credentials to the new_application_pool.
正解：D

質問 7：
The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the networklevel and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect.
The virtual server is configured with the default OneConnect profile.
The ACL is defined on the web server as:
Permit: 192.168.136.0/24
Deny: 192.168.116.0/24
The packet capture is taken of two individual client flows to a virtual server with IP address
192.168.136.100.
Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:
Clientside:
09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack 869998902 win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425
09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425 09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678
Serverside:
09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack 685865803 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380
09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380
09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108
Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100:
Clientside:
09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack 3320618939 win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425
09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678
Serverside:
09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904
09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142 Why was the second client flow permitted by the web server?
A. A global SNAT is defined.
B. The idle TCP session from the first client was re-used.
C. A source address persistence profile is assigned to the virtual server.
D. SNAT automap was enabled on the virtual server.
正解：B

質問 8：
An LTM Specialist configures two LTM devices in a high-availability pair with trusts established and device groups configured properly using network failover. After several months, the LTM Specialist notices that changes made to one LTM device do NOT cause the synchronization status to update to "changes pending," and this device does NOT synchronize with the device group.
Which two steps should the LTM Specialist take to identify the issue? (Choose two.)
A. Verify that the devices are not using self-signed certificates.
B. Verify the network connectivity between the devices.
C. Verify that port lockdown on the ConfigSync interface is set to allow port 1026.
D. Verify that ConfigSync is using the management IP address.
E. Verify that NTP is synchronized.
正解：B,E

質問 9：
-- Exhibit- -- Exhibit -

Refer to the exhibit.
A user is unable to access a secure application via a virtual server.
What is the cause of the issue?
A. The client and server CANNOT agree on a common cipher.
B. The virtual server does NOT have a pool configured.
C. The virtual server does NOT have a client SSL profile configured.
D. The client authentication failed.
正解：D