매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
BIG-IP Administration Data Plane Concepts (F5CAB2) exam 온라인 연습
최종 업데이트 시간: 2026년03월09일
당신은 온라인 연습 문제를 통해 F5 F5CAB2 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 F5CAB2 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 40개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
To meet the requirement of fault tolerance when one interface goes down, BIG-IP must use link aggregation so that loss of a single physical link does not isolate the VLAN(s).
How the objects relate (data plane view)
Interfaces = physical links.
Trunk (LACP) = bundles multiple interfaces into one logical link that provides redundancy (and possibly bandwidth aggregation).
VLANs are assigned to interfaces or trunks. If you need multiple VLANs on the same trunk, they must use 802.1Q tagging (because you can only have one untagged VLAN per interface/trunk).
Self IPs are then placed on the VLANs to provide BIG-IP presence and routing/ARP functions, but self IPs are not what provides link resiliency―the trunk does.
Why Option D is correct
You have two physical interfaces and you want resiliency if one fails → put both interfaces into one trunk with LACP enabled.
You need both external and internal VLANs on those same two links → both VLANs should be configured as tagged on that trunk, so they can coexist on the same aggregated link.
If either physical interface fails, the trunk remains up via the remaining interface, keeping both VLANs operational.
Why the other options are incorrect
A: Two VLANs cannot both be untagged on the same trunk/interface. Only one untagged VLAN is possible; additional VLANs must be tagged.
B: Two trunks “each with one VLAN” would typically mean splitting VLANs across separate trunks. With only two interfaces total, that becomes one interface per trunk―if one interface goes down, the VLAN on that interface is down (no redundancy for that VLAN).
C: Same redundancy problem as B, and disabling LACP removes the negotiated aggregation behavior expected when the switch engineer specifically requested LACP.
정답:
Explanation:
This question tests understanding of Priority Group Activation (PGA) and how BIG-IP determines which pool members are eligible to receive traffic.
Key BIG-IP Priority Group Concepts:
Higher priority group numbers = higher priority
BIG-IP will only send traffic to the highest priority group that meets the Priority Group Activation condition
Lower priority groups are activated only when the condition is met Only available (green) members count toward the activation threshold Configuration from the Exhibit:
Priority Group Activation: Less than 2 available members
Pool Members and Status:
Step-by-Step Traffic Decision:
BIG-IP first evaluates the highest priority group (Priority Group 2)
Priority Group 2 has:
serv1 → available
serv2 → unavailable
Total available members = 1
Activation rule is Less than 2 available members
Condition is true (1 < 2)
BIG-IP activates the next lower priority group (Priority Group 1)
Traffic is now sent to:
serv1 (Priority Group 2)
serv3 and serv4 (Priority Group 1)
Final Result:
Traffic is distributed to serv1, serv3, and serv4
Why the Other Options Are Incorrect:
A C Ignores activation of the lower priority group
B C serv4 is also active and eligible
C C serv2 is down and cannot receive traffic
Key Data Plane Concept Reinforced:
Priority Group Activation controls when lower-priority pool members are allowed to receive traffic, based strictly on the number of available members in the higher-priority group. In this case, the failure of one high-priority member caused BIG-IP to expand traffic distribution to lower-priority members to maintain availability.
정답:
Explanation:
BIG-IP uses a virtual server matching and precedence algorithm to determine which virtual server processes an incoming connection. This decision is made entirely in the data plane and is based on how specifically a virtual server matches the destination IP address and port.
BIG-IP Virtual Server Selection Rules (Simplified):
When multiple virtual servers could match a packet, BIG-IP selects the most specific match, using the following precedence:
Exact IP address and exact port
Exact IP address with wildcard port (port 0 / any)
Wildcard IP address with exact port
Wildcard IP address and wildcard port
Applying the Rules to This Scenario:
Incoming traffic destination: 1.0.0.10:8080
Option C: 1.0.0.10:8080
Exact IP match
Exact port match
Highest possible specificity
If the virtual server is available (green), it wins the match
Option B: 1.0.0.10:any
Exact IP match, but wildcard port
Lower priority than an exact IP + exact port match
Option D: 0.0.0.0:8080
Wildcard IP, exact port
Lower priority than an exact IP match
Option A: 0.0.0.0:any
Wildcard IP and wildcard port
Lowest priority, used only if no more specific virtual server exists
Final Determination:
Because a virtual server configured with destination 1.0.0.10:8080 exactly matches both the IP address and port of the incoming connection―and is available―it will always be selected to process the traffic.
Key Data Plane Concept Reinforced:
BIG-IP always processes traffic using the most specific matching virtual server. Exact destination IP and port matches take precedence over any wildcard or forwarding virtual server definitions.
정답:
Explanation:
BIG-IP virtual server types define how traffic is handled at the data plane when it matches a virtual server’s destination address and service port.
According to BIG-IP Administration Data Plane Concepts:
Standard virtual server
The default and most commonly used type
Accepts client connections and forwards traffic to pool members
Supports both TCP and UDP traffic
Allows full use of profiles (UDP, FastL4, persistence, etc.) and iRules
Required when the goal is to process and pass traffic through BIG-IP
Drop virtual server
Silently discards matching traffic
No response is sent to the client
Reject virtual server
Actively rejects traffic by sending an error response
For UDP, BIG-IP may send an ICMP unreachable message
Block virtual server
Used to block traffic at the virtual server level
Traffic is neither forwarded nor processed by pools
In this scenario:
The administrator explicitly wants the UDP traffic to be forwarded
Only a Standard virtual server forwards traffic to a pool or next-hop destination
Why the Other Options Are Incorrect:
A. Drop C Traffic is silently discarded
B. Reject C Traffic is actively rejected
C. Block C Traffic is blocked and not forwarded
Key Data Plane Concept Reinforced:
When traffic must be accepted and forwarded―regardless of whether it is TCP or UDP―the BIG-IP administrator must use a Standard virtual server, which is the only virtual server type designed for normal application traffic processing.
정답:
Explanation:
In BIG-IP architecture, link aggregation and redundancy at Layer 2 are implemented using Trunks, not virtual servers or pools.
According to BIG-IP Administration Data Plane Concepts:
Interfaces are the physical network ports on the BIG-IP device
A Trunk is a logical grouping of multiple interfaces
Trunks can be configured to use LACP (Link Aggregation Control Protocol) to:
Provide link redundancy
Increase aggregate bandwidth
Allow automatic detection of link failures
VLANs are then assigned to the trunk, not directly to individual interfaces, once aggregation is in place
Correct Design for the Scenario:
To connect BIG-IP to two upstream switches with LACP: One physical interface from BIG-IP connects to Switch A Another physical interface from BIG-IP connects to Switch B Both interfaces are placed into the same trunk LACP is enabled on the trunk and on the switches This configuration allows:
Traffic to continue flowing if one interface or switch fails
Proper LACP negotiation between BIG-IP and the upstream switches
Clean separation of responsibilities (Layer 2 handled by trunking, Layer 4C7 by virtual servers)
Why Option D Is Correct:
A Trunk containing an interface connected to each switch is exactly how BIG-IP implements LACP-based interface binding
The trunk handles link state, load distribution, and failover at the data plane
Why the Other Options Are Incorrect:
A & B C Virtual servers operate at Layers 4C7 and have nothing to do with physical link aggregation or LACP
C C VLAN IDs and MAC addresses are not configured inside a trunk definition; trunks aggregate interfaces, and VLANs are applied to trunks
Key Data Plane Concept Reinforced:
On BIG-IP systems, LACP is always configured on a Trunk, which aggregates physical interfaces to provide Layer 2 resiliency and bandwidth aggregation. Virtual servers and pools are not involved in physical interface binding.
정답:
Explanation:
When troubleshooting performance and latency issues on BIG-IP, especially under peak load
conditions, it is critical to identify which Virtual Servers are consuming the most resources. This is a core data plane analysis task.
BIG-IP provides multiple views of configuration and status, but only certain areas expose real-time and historical traffic statistics that correlate directly with CPU usage and throughput.
Why Option C Is Correct:
Statistics > Module Statistics > Local Traffic > Virtual Servers provides:
Real-time and cumulative statistics per Virtual Server
Metrics such as:
Bits in / Bits out
Packets in / Packets out
Current connections
Connection rate
Total requests
The ability to identify high-traffic or high-connection Virtual Servers, which are the most likely contributors to elevated CPU utilization
These statistics allow the administrator to objectively determine which Virtual Servers are the top consumers of system resources and therefore good candidates for migration to a dedicated BIG-IP device.
Why the Other Options Are Incorrect:
A. Local Traffic > Virtual Servers > Virtual Server List
Primarily a configuration view
Does not provide sufficient performance or utilization statistics to identify CPU-heavy Virtual Servers
B. System > Platform
Displays hardware-level information such as CPU cores, memory, disk, and platform type
Does not break down utilization by Virtual Server
D. Local Traffic > Network Map
Provides a logical topology view of Virtual Servers, pools, and pool members
Useful for understanding relationships, but not for identifying high-utilization Virtual Servers
Key Data Plane Concept Reinforced:
To diagnose performance problems and plan traffic redistribution, BIG-IP administrators must rely on Module and object-level statistics, not configuration screens. The Virtual Server statistics view is the authoritative location for identifying traffic hotspots that directly impact CPU and latency during peak events such as Black Friday.
정답:
Explanation:
In BIG-IP LTM, health monitors are used to determine the availability of pool members and directly influence traffic flow decisions in the data plane.
Key characteristics of the default HTTP monitor according to BIG-IP Administration Data Plane Concepts:
Sends an HTTP request (typically GET /)
Expects an HTTP response code of 200 OK
Any response other than 200 is treated as a monitor failure
A failed monitor causes the pool member to be marked offline (down)
In this scenario:
Two pool members return 404 Not Found
A 404 response indicates that the requested object was not found
This does not meet the success criteria of the default HTTP monitor
These two members are therefore marked offline
One pool member returns 200 OK
This matches the expected response
The member is marked online
Resulting Pool Member Availability:
2 members: Offline
1 member: Online
Why the Other Options Are Incorrect:
B C 404 responses are not considered healthy by the default HTTP monitor
C C At least one member responds with the expected 200 OK
D C Members returning 404 responses fail the monitor and cannot be marked online
Key Data Plane Concept Reinforced:
BIG-IP health monitors make binary availability decisions based strictly on configured success criteria. For HTTP monitors, response codes matter―404 is a failure, even if the service is technically reachable.
정답:
Explanation:
In BIG-IP LTM, a pool member state directly affects how traffic is handled at the data plane level. When a pool member is manually disabled, BIG-IP changes the member’s availability state to disabled, which has specific and predictable traffic-handling consequences.
According to BIG-IP Administration Data Plane Concepts:
A disabled pool member:
Does not accept new connections
Continues to process existing non-persistent connections until they naturally close
Is removed from load-balancing decisions, including persistence lookups
Most importantly for this
question:
Persistent connections
(such as those created using source-address persistence, cookie persistence, or SSL persistence) are not honored for a disabled pool member
BIG-IP will not send new persistent traffic to a disabled member, even if persistence records exist
Therefore, when a pool member is manually disabled, it stops processing persistent connections, while allowing existing non-persistent flows to drain gracefully.
Why the Other Options Are Incorrect:
B C Persistent connections are not honored for a disabled pool member
C C Existing connections are not immediately terminated when a pool member is disabled
D C Only the disabled pool member stops accepting new connections, not all pool members
Key Data Plane Concept Reinforced:
Manually disabling a pool member is a graceful administrative action that prevents new and persistent traffic from reaching the member while allowing existing connections to complete, which is critical for maintenance and troubleshooting scenarios.
정답:
Explanation:
In a BIG-IP high availability (HA) configuration, Auto-Sync is a device trust feature that automatically synchronizes configuration changes from the Active device to the Standby device within a Sync-Failover device group.
Key principles from BIG-IP Administration Data Plane Concepts: The Active device is always the authoritative source of configuration Configuration changes are intended to be made only on the Active device
With Auto-Sync enabled, any time the Active device configuration changes, the system automatically pushes the configuration to all Standby members of the device group
Configuration changes made directly on a Standby device are not preserved
In this scenario:
The administrator modifies a Virtual Server on the Standby device
That change is local only and does not alter the device group’s synchronized configuration
When Auto-Sync next runs (triggered by a change on the Active device or an internal sync event), the Active device configuration overwrites the Standby configuration
As a result, the configuration change made on the Standby device is undone.
Why the Other Options Are Incorrect:
A C The change is not undone only when another change is made; it is undone during the next Auto-Sync operation
B C Changes made on the Standby device are never propagated to the Active device
D C Auto-Sync does not merge or promote Standby changes into the HA pair configuration
Best Practice Reinforced:
Always perform configuration changes on the Active BIG-IP device when Auto-Sync is enabled to ensure consistent and predictable HA behavior.
정답:
Explanation:
In BIG-IP high availability (HA) configurations, MAC Masquerade is used to speed up failover by allowing traffic-group-associated Self IPs to retain the same MAC address when moving between devices. This prevents upstream switches and routers from having to relearn ARP entries during a failover event, resulting in near-instant traffic recovery.
By default, MAC masquerade applies one MAC address per traffic group, regardless of how many VLANs the traffic group spans. This can create problems in some network designs because the same MAC address appearing on multiple VLANs may violate network policies or confuse switching infrastructure.
To address this, BIG-IP provides Per-VLAN MAC Masquerade, enabled by the database variable:
`tm.macmasqaddr_per_vlan = true`
When this feature is enabled:
BIG-IP derives a unique MAC address per VLAN
The base MAC address configured on the traffic group remains the first four octets
The last two octets are replaced with the VLAN ID expressed in hexadecimal
The VLAN ID is encoded in network byte order (high byte first, low byte second)
### VLAN ID Conversion:
VLAN ID: 1501 (decimal)
Convert to hexadecimal:
1501 ₁₀ = 0x05DD
High byte: 05
Low byte: DD
### Resulting MAC Address:
Base MAC: `02:12:34:56:00:00`
Per-VLAN substitution → last two bytes = `05:DD`
Final MAC address:
`02:12:34:56:05:dd`
### Why the Other Options Are Incorrect:
A (01:15) C Incorrect hexadecimal conversion of 1501
B (dd:05) C Byte order reversed (little-endian, not used by BIG-IP) D (15:01) C Uses decimal values instead of hexadecimal
### Key BIG-IP HA Concept Reinforced:
Per-VLAN MAC Masquerade ensures Layer 2 uniqueness per VLAN while preserving the fast failover benefits of traffic groups, making it the recommended best practice in multi-VLAN HA deployments.
정답:
Explanation:
This scenario combines session continuity, multiple protocols (HTTP and FTP), and HA failover behavior, which directly implicates persistence handling across devices and services.
Key Requirements Breakdown
Same pool member for entire session
Session must survive failover
Session must span multiple services (HTTP and FTP)
Why Persistence Mirroring + Match Across Services Is Required
Persistence Mirroring
Ensures persistence records are synchronized from the active BIG-IP to the standby BIG-IP.
Without mirroring:
After failover, the standby device has no persistence table
Clients are load-balanced again
Sessions break, forcing users to restart
Persistence mirroring is essential for session continuity during failover
Match Across Services
Allows a single persistence record to be shared across multiple virtual servers / protocols
Required when:
HTTP and FTP must use the same pool member
Multiple services are part of a single application session
Together, these settings ensure:
Persistence survives device failover
Persistence is honored across HTTP and FTP
Why the Other Options Are Incorrect
A. Cookie persistence and session timeout
Cookie persistence only applies to HTTP and does not address FTP or failover synchronization. B. Stateful failover and Network Failover detection
Stateful failover applies to connection state, not persistence records, and does not link HTTP and FTP sessions.
D. SYN-cookie insertion threshold and connection low-water mark
These are DoS / SYN flood protection settings, unrelated to persistence or HA behavior.
정답:
Explanation:
To select the correct virtual server type, an administrator must balance the need for L7 intelligence versus raw throughput and hardware offloading:
Performance (Layer 4) Virtual Server: This type is designed for maximum speed. It uses the fastL4 profile, which allows the BIG-IP system to leverage the ePVA (Embedded Packet Velocity Accelerator) hardware chip. When a Performance (L4) virtual server is used, the system processes packets at the network layer (L4) without looking into the application payload (L7). This fulfills the requirement for hardware acceleration and avoids the overhead of HTTP optimization features, which are not needed in this scenario.
Performance (HTTP) Virtual Server: While fast, this type uses the fasthttp profile to provide some L7 awareness and optimization (like header insertion or small-scale multiplexing). Since the requirement specifically states HTTP optimization is not required, the L4 variant is more efficient.
Standard Virtual Server: This is a full-proxy type. While it offers the most features (SSL offload, iRules, Compression), it processes traffic primarily in the TMOS software layer (or via high-level hardware assistance), which is "slower" than the pure hardware switching path of the Performance (L4) type.
Stateless Virtual Server: This is typically used for specific UDP/ICMP traffic where the system does not need to maintain a connection table. It is not appropriate for standard HTTP (TCP) applications requiring persistent sessions or stateful load balancing.
By choosing Performance (Layer 4) with the fastL4 profile, the organization ensures that the traffic is handled by the hardware acceleration chips, providing the lowest latency and highest throughput possible for their HTTP application.
정답:
Explanation:
The BIG-IP system uses a specific precedence algorithm to determine which virtual server (listener) should process an incoming packet when multiple virtual servers might match the criteria. Since BIG-IP version 11.3.0, the system evaluates three primary factors in a fixed order of importance:
Destination Address: The system first looks for the most specific destination match. A "Host" address (mask /32) is preferred over a "Network" address (mask /24, /16, etc.), which is preferred over a "Wildcard" (0.0.0.0/0).
Source Address: If multiple virtual servers have identical destination masks, the system then evaluates the source address criteria. Again, a specific source host match is preferred over a source network or a wildcard source.
Service Port: Finally, if both destination and source specifications are equal, the system checks the port. A specific port match (e.g., 80) is preferred over a wildcard port (e.g., or 0).
Following this logic, a virtual server configured with a specific destination host, a specific source host, and a specific service port represents the highest level of specificity and thus the highest preference.
정답:
Explanation:
In a BIG-IP device service cluster, configuration objects such as virtual servers, pools, profiles, and iRules are maintained through configuration synchronization (config-sync).
Key BIG-IP concepts involved:
Device Service Cluster (DSC)
A cluster is a group of BIG-IP devices that share configuration data. One device is typically used to make changes, which are then synchronized to the rest of the group.
Config-Sync Direction Matters
Changes are made on a local device
Those changes must be pushed to the group
The correct operation is “Sync Device to Group”
Why C is correct:
The virtual server was created only on device 1
Other devices in the cluster do not yet have this object
To propagate the new virtual server to all cluster members, the administrator must synchronize device 1 to the group
Why the other options are incorrect:
A. Synchronize the settings of the group to device 1
This would overwrite device 1’s configuration with the group’s existing configuration and may remove the newly created virtual server.
B. Create a new cluster on device 1
The cluster already exists. Creating a new cluster is unnecessary and disruptive.
D. Create a new virtual server on device 2
This defeats the purpose of centralized configuration management and risks configuration drift.
Conclusion:
After creating a new virtual server on a BIG-IP device that is part of a cluster, the administrator must synchronize the configuration from that device to the group so all devices share the same ADC application objects.
정답:
Explanation:
For BIG-IP to send or receive traffic on a VLAN, that VLAN must be bound to a physical interface or a trunk. Creating a VLAN object and a Self IP alone is not sufficient to establish data-plane connectivity.
From the exhibit:
The VLAN (vlan_1033) exists and has a tag defined.
A Self IP is configured and associated with the VLAN.
However, traffic cannot reach servers on that VLAN.
This indicates a Layer 2 connectivity issue, not a Layer 3 or HA issue.
Why assigning a physical interface fixes the problem:
BIG-IP VLANs do not carry traffic unless they are explicitly attached to:
A physical interface (e.g., 1.1), or
A trunk
Without an interface assignment, the VLAN is effectively isolated and cannot transmit or receive frames, making servers unreachable regardless of correct IP addressing.
Why the other options are incorrect:
A. Set Port Lockdown to Allow All
Port Lockdown controls which services can be accessed on the Self IP (management-plane access), not whether BIG-IP can reach servers on that VLAN.
B. Change Auto Last Hop to enabled
Auto Last Hop affects return traffic routing for asymmetric paths. It does not fix missing Layer 2 connectivity.
D. Create a Floating Self IP address
Floating Self IPs are used for HA failover. They do not resolve reachability issues on a single device when the VLAN itself is not connected to an interface.
Conclusion:
The servers are unreachable because the VLAN has no physical interface assigned. To restore connectivity, the BIG-IP Administrator must assign a physical interface (or trunk) to the VLAN, enabling Layer 2 traffic flow.