시험덤프
매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
  / F5CAB1 덤프  / F5CAB1 문제 연습

F5 F5CAB1 시험

BIG-IP Administration Install, Initial Configuration, and Upgrade 온라인 연습

최종 업데이트 시간: 2026년06월29일

당신은 온라인 연습 문제를 통해 F5 F5CAB1 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.

시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 F5CAB1 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 42개의 시험 문제와 답을 포함하십시오.

 / 3

Question No : 1


A BIG-IP Administrator is using Secure Copy Protocol (SCP) to transfer a TMOS image to the BIG-IP system in preparation for an upgrade.
To what directory should the file be transferred?

정답:
Explanation:
BIG-IP systems require all ISO images (base TMOS images and HotFix images) to be stored in a specific directory used for software installation:
/shared/images/
This directory:
Is the only supported location from which the BIG-IP software installation system validates and installs ISO files
Is accessible by both the GUI and TMSH installers
Has adequate storage space allocated specifically for images Is part of the shared partition that persists across reboots
When transferring images via SCP, the administrator must copy them directly into /shared/images/ so that:
The GUI (System → Software Management → Available Images) can detect the image TMSH install software image commands can reference it
Other directories such as /local/images/ or /var/images/ are not valid storage paths for software images.

Question No : 2


An F5 BIG-IP Administrator is asked to report which modules are provisioned on the BIG-IP.
In which two ways can this be done? (Choose two.)

정답:
Explanation:
Provisioning determines:
Which BIG-IP modules are enabled (LTM, ASM, APM, AFM, DNS, etc.) Their provisioning levels (None, Minimal, Nominal, Dedicated) Two accurate ways to view provisioning settings are:
A. GUI ― System → Resource Provisioning → Module Allocation This is the primary GUI screen showing: All modules
Their provisioning level
System resource distribution impact
Administrators commonly use this page to confirm or change module provisioning.
D. TMSH ― list /sys provision
This tmsh command displays each module and its provisioning level:
sys provision ltm { level nominal }
sys provision asm { level none }
...
This is the authoritative CLI method for checking module provisioning configurations.
Why the other options are incorrect:
B. show /sys provision
Shows runtime information but not the actual configuration levels.
list is the correct command for configuration details.
C. Statistics → Module Statistics
Shows performance statistics, NOT provisioning status.
Therefore, the correct responses are A and D.

Question No : 3


A BIG-IP Administrator needs to install a HotFix on a standalone BIG-IP device. The device currently has HD1.1 as the Active Boot Location.
The administrator has already reactivated the license and created a UCS archive.
In which sequence should the administrator perform the remaining steps?

정답:
Explanation:
When installing a software upgrade with a HotFix on BIG-IP, the correct workflow requires:
Install the base TMOS image on an unused boot volume
Install the corresponding HotFix onto that same boot volume
Activate the updated boot volume to boot into the new software
This method ensures:
The existing active system (HD1.1) is untouched
The upgrade occurs in a new, clean volume (HD1.2)
The HotFix applies properly to the same base image
The administrator can revert to HD1.1 if issues occur
Option C matches the correct F5 upgrade sequence:

Question No : 4


A BIG-IP Administrator needs to verify the state of equipment in the data center.
A BIG-IP appliance has a solid yellow indicator on the status LED.
How should the administrator interpret this LED indicator?

정답:
Explanation:
BIG-IP hardware platforms use chassis LEDs to indicate system health states.
A solid yellow status LED typically indicates a warning condition, such as:
A non-critical hardware alert
A temperature threshold nearing limit
A minor fan or sensor irregularity
Other non-fatal environmental or system conditions
This state reflects a warning-level alarm, meaning the unit is operational but requires investigation.
Why the other options are incorrect
A. Halted or EUD mode
This is associated with different LED patterns (usually flashing conditions or specific color codes), not a solid yellow status LED.
B. Standby in device group
HA state is not indicated by the chassis status LED.
Standby status is a logical device state, not a hardware LED state.
D. Power supply failure
Power supply indicators use separate LEDs located on each power module (usually flashing amber/red), not the system status LED.
Thus, a solid yellow status indicator signifies a warning-level alarm.

Question No : 5


Which configuration file can a BIG-IP administrator use to verify the provisioned modules?

정답:
Explanation:
Provisioning settings define which modules are enabled and how system resources are allocated to them.
These provisioning declarations are stored in:
/config/bigip.conf
This file contains:
Full module provisioning statements
TMSH-equivalent provisioning configurations such as:
sys provision ltm { level nominal }
sys provision asm { level nominal }
It is the primary system configuration file that stores all active provisioning details.
Why the other answers are incorrect
A. /config/bigip.license
Shows licensed modules, not provisioned modules.
B. /config/bigip_base.conf
Stores base networking (VLANs, Self-IPs, routes), not provisioning.
D. config.ucs
A backup archive, not a live configuration file.
Thus, the correct file to review active module provisioning is /config/bigip.conf.

Question No : 6


For an upgrade of a standalone BIG-IP, a maintenance window is available in which brief interruptions are allowed.
Actions with no impact can be done outside the maintenance window.
When should a license reactivation be performed?

정답:
Explanation:
License reactivation updates the BIG-IP device’s license file to ensure:
The Service Check Date is current
The device is eligible to install the intended TMOS version Any module entitlement updates are received
Reactivation does not interrupt traffic and does not require a reboot, making it safe to perform before the maintenance window.
F5 best practices state:
Perform all non-impact tasks prior to the scheduled maintenance window
Leave the window available for activities that require rebooting, such as the software installation itself
Since license reactivation is non-disruptive, it should be done before the upgrade window starts.

Question No : 7


Which two items demonstrate the creation of a new volume for software images? (Choose two.)

정답:
Explanation:
In BIG-IP, software images are installed on boot volumes (for example, HD1.1, HD1.2, HD1.3, etc.).
To install software on a new volume, the administrator must instruct the system to create a new boot location before installation.
There are two correct ways to create a new volume:
A. tmsh command (with correct syntax)
tmsh install software image /shared/images/BIGIP-<version>.iso volume HD1.5 create-volume
This syntax correctly includes:
install software image
full path to ISO (/shared/images/...)
volume name (HD1.5)
create-volume keyword
This instructs BIG-IP to create the new boot volume as part of the installation.
C. Using the GUI → System > Disk Management
From the Disk Management menu, the administrator can:
Select “New Volume”
Enter the volume identifier (e.g., HD1.5)
Apply changes
This GUI method is officially supported and explicitly creates a new boot volume before installing the software.
Why the other options are incorrect:
B. Incorrect tmsh syntax
Missing /shared/images/ path
Incorrect command structure
D. Incorrect command structure
Missing required keywords and correct command hierarchy
E. Software Management → Install does NOT create volumes
This installs to an existing volume only
The GUI install dialog does not create new boot volumes
Thus, only Option A and Option C properly create a new software volume.

Question No : 8


The BIG-IP Administrator wants to manage the newly built F5 system through an in-band Self-IP.
The administrator has configured a VLAN and Self-IP and can ping the IP from their workstation, but cannot access the system via SSH or HTTPS.
What port lockdown settings should the BIG-IP Administrator use to allow management access on
the Self-IP? (Choose two.)

정답:
Explanation:
Self-IPs include a security feature called Port Lockdown, which restricts which services respond on that Self-IP.
By default, Self-IPs block management access (SSH and HTTPS/TMUI), meaning an administrator cannot manage the device through in-band Self-IPs unless explicitly allowed.
Allow Mgmt / Allow Management
These settings enable only the management services required for administrative access, specifically:
SSH (22)
HTTPS/TMUI (443)
These options allow secure administration without opening unnecessary ports.
Why these are correct:
They provide only the essential access for management.
They follow F5 security best practices when using in-band admin access.
They do not expose all services, reducing the attack surface.
Why the other options are incorrect:
A. Allow Default
This allows only a minimal set of system-required ports (e.g., failover, config sync), not SSH or HTTPS.
Administrator access would still fail.
B. Allow All
Opens all ports on the Self-IP, which is not secure.
Exposes services that should remain restricted.
Therefore, Allow Mgmt / Allow Management are the correct choices.

Question No : 9


A BIG-IP device will be dedicated to functioning as a WAF, requiring only the ASM module to be provisioned.
What provisioning level will ensure that the system allocates all CPU, memory, and disk resources to this module exclusively?

정답:
Explanation:
Provisioning defines how BIG-IP allocates system resources to modules.
The provisioning levels include:
Dedicated C allocates all CPU, memory, and disk resources to a single module
Nominal C standard resource allocation balanced with other modules
Minimal C lowest level, used for basic utility needs
None C module disabled
Comprehensive / Maximal C not valid TMOS provisioning levels Why “Dedicated” is correct
When a BIG-IP device is intended to run only ASM (Web Application Firewall), the recommended way to maximize performance is to provision the module at Dedicated level.
With ASM: Dedicated:
ASM receives the entire hardware capacity
No other modules can or should be provisioned
This is explicitly recommended when a device is used solely as a WAF platform
Why other options are incorrect
B. Comprehensive /
C. Maximal
These are not valid provisioning modes in BIG-IP.
TMOS supports: Nominal, Minimal, Large (module-specific), and Dedicated.
D. Nominal
Shares resources with other modules
Does not provide full system performance
Not suitable when exclusive resource allocation is required Thus, Dedicated is the correct provisioning choice.

Question No : 10


A BIG-IP device is licensed for LTM, ASM, APM, and AFM.
Currently, it will only be used for load balancing and web application firewalling.
To ensure optimal performance and efficient resource utilization, which of the following module provisioning combinations is the best choice?

정답:
Explanation:
BIG-IP provisioning determines how CPU, memory, and disk resources are allocated to each module. The goal is to provision only the modules required and at levels appropriate to their performance needs.
Requirements in the question
The device will be used for:
LTM (Local Traffic Manager) → load balancing
ASM (Application Security Manager) → WAF
No functions require:
APM (Access Policy Manager)
AFM (Advanced Firewall Manager)
Why Option C is correct
Provisioning both LTM and ASM at Nominal level provides:
Adequate performance for production load
Plentiful system resources while avoiding dedicating the entire system to a single module Balanced allocation without starving memory or CPU
Setting APM: None and AFM: None ensures unused modules consume zero resources.
Why the other options are incorrect
A. Dedicated provisioning for both LTM and ASM
Two modules cannot both run in “Dedicated” mode.
Dedicated mode allocates all resources to a single module ― the second module cannot be dedicated simultaneously.
B. LTM and ASM both Dedicated
Same issue: only one module can be Dedicated at a time.
Also unnecessary for load balancing + WAF.
D. Setting APM and AFM to Minimal
Minimal still consumes memory and CPU.
Unused modules should be set to None.
Therefore, Option C is the best provisioning strategy.

Question No : 11


Which port is an exception to the Port Lockdown function of Self-IPs if a device-group synchronization cluster is configured?

정답:
Explanation:
Self-IPs implement a security feature known as Port Lockdown, which limits which services are reachable on a Self-IP.
However, certain services required for BIG-IP device-to-device communication bypass Port Lockdown to ensure cluster and HA functionality.
TCP 4353
TCP port 4353 is used by Device Service Clustering (DSC) for:
Device trust establishment
Configuration synchronization
Failover communication
Because BIG-IP devices must always be able to communicate for HA functions to remain operational, port 4353 is exempt from Port Lockdown rules.
Why the other options are incorrect
A. TCP 443
Not required for device trust or synchronization.
HTTPS access is fully controlled by Port Lockdown.
C.UDP53
DNS traffic is not required for synchronization and has no exemption under Port Lockdown.

Question No : 12


What are the two options for securing a BIG-IP’s management interface? (Choose two.)

정답:
Explanation:
Securing the BIG-IP management interface is a fundamental administrative responsibility. F5 best practices emphasize restricting who can reach the management port and ensuring that only authorized systems are allowed access.
A. Limiting management access to trusted network segments
F5 recommends placing the management interface on a dedicated, isolated, and secured management network or VLAN, rather than exposing it to production or untrusted networks.
This reduces the attack surface by ensuring only trusted segments have visibility to administrative interfaces.
D. Restricting management access by IP or subnet
F5 BIG-IP uses the /sys httpd allow list (for HTTPS) and configuration options in sshd (for SSH) to control which IP addresses or subnets can access the device.
By specifying only known administrative IPs or ranges, unauthorized users cannot reach the login services.
Why the other options are incorrect
B. Blocking all management HTTPS/SSH ports
This would prevent any administrative access and is not a viable security practice.
C. Using Self-IP addresses for administrative access
F5 explicitly warns against using Self-IPs for management access unless strictly necessary.
Self-IPs are exposed to the data plane and should not be used as the primary administrative interface.

Question No : 13


A BIG-IP Administrator is responsible for deploying a new software image on an F5 BIG-IP HA pair and has scheduled a one-hour maintenance window.
With a focus on minimizing service disruption, which of the following strategies is the most appropriate?

정답:
Explanation:
For BIG-IP high-availability (HA) pairs, F5’s recommended upgrade workflow prioritizes service continuity, predictable failover, and minimal downtime.
The established best-practice sequence is:
Upgrade the standby unit first
Because the standby device is not passing traffic, upgrading and rebooting it does not impact production.
Boot the standby unit into the newly installed version
Once online, the administrator verifies basic health, device sync status, cluster communication, and module functionality.
Perform a controlled failover to the upgraded unit
Traffic shifts to the newly upgraded device, allowing validation of the configuration and operational behavior under real traffic loads.
Upgrade the second device (now standby)
The previously active device becomes standby after failover, allowing it to be safely upgraded and rebooted without interruption.
This phased approach ensures only one device is unavailable at a time, allowing continuous traffic flow throughout the upgrade process.
Why the Correct Answer is C
Option C exactly matches F5’s documented production-safe upgrade method:
Upgrade the standby node first
Reboot into new image
Failover to upgraded device
Validate
Upgrade the remaining (now-standby) device
This procedure minimizes risk and traffic disruption.
Why the other options are incorrect:
A. Upgrade the active node first
Upgrading the active device requires removing it from service and failing over abruptly. This is not recommended and increases service disruption risk.
B. Resetting device trust
Resetting trust is unnecessary and can disrupt configuration sync, peer communication, and cluster operation. It is not part of any standard upgrade workflow.
D. Upgrading and rebooting both nodes simultaneously
This would cause total outage, because both HA members would be unavailable at the same time.

Question No : 14


The BIG-IP Administrator needs to update access to the Configuration Utility to include the 172.28.31.0/24 and 172.28.65.0/24 networks.
From the TMOS Shell (tmsh), which command should the BIG-IP Administrator use to complete this task?

정답:
Explanation:
Access to the BIG-IP Configuration Utility (TMUI) is controlled through the /sys httpd allow list.
This list defines which IP addresses or subnets are allowed to connect to the management web interface.
To allow two new subnets―172.28.31.0/24 and 172.28.65.0/24―the administrator must add both subnets to the existing list without removing current entries.
In tmsh, subnet entries must be specified in network/netmask format, for example:

Question No : 15


An F5 VE has been deployed into a VMware environment via an OVF file.
An administrator wants to configure the management IP address so the VE can be accessed for further setup.
Which two are valid methods for configuring the management-ip address? (Choose two.)

정답:
Explanation:
A newly deployed BIG-IP Virtual Edition (VE) in VMware requires initial configuration of its management-ip address so it can be accessed over the network.
F5 provides several valid mechanisms during initial console access:
A. Running the config utility
The config script is available on new BIG-IP installations and VE deployments.
It launches a guided text-based wizard allowing configuration of:
Management IP
Netmask
Default route
This is a standard and recommended method during first-time setup.
B. Using TMSH with create sys management-ip
Administrators can enter TMSH directly from the console and run:
create sys management-ip <ip>/<mask>
The management-ip object resides under sys, not under ltm or any other module.
This is the correct tmsh method for defining the management interface address.
Why the other options are incorrect:
C. create ltm management-ip There is no such object under /ltm.
LTM handles traffic objects (virtual servers, pools), not system management interfaces.
D. Running the setup command
The setup command is used for general system configuration but does not configure the management-ip.
It is not the supported method for initial management IP assignment on VE deployments.
Therefore, the valid methods are running the config utility and using the sys management-ip command within TMSH.

 / 3
F5