BIG-IP Administration Control Plane Administration 온라인 연습
최종 업데이트 시간: 2026년06월29일
당신은 온라인 연습 문제를 통해 F5 F5CAB4 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 F5CAB4 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 53개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
Comprehensive and Detailed Explanation From BIG-IP A34dministration Control Plane Administration documents: Authentication and authorization events are handled by the system's PAM (Pluggable Authentication Modules). For Control Plane security auditing, all login attempts― whether local or remote (LDAP/RADIUS/TACACS+)―and SSH-related security events are recorded in /var/log/secure. This is the primary log for troubleshooting administrative access issues
정답:
Explanation:
When a failover occurs, the newly active device must inform the surrounding network that it now "owns" the shared IP addresses. Without MAC Masquerade, the new device uses its own hardware MAC, requiring upstream routers to update their ARP tables (which causes a delay). MAC Masquerading allows the HA pair to share a "floating" MAC address, ensuring the Control Plane transition is transparent to the network layer
정답:
Explanation:
Comprehensive and Detailed Explanation From BIG-IP Administratio24n Control Plane Administration documents: TMOS Device Service Cluste25ring (DSC) allows for configuration changes to be made on any device within a synchronization group. If Auto-Sync is enabled, the Control Plane detects the change on the Standby unit and automatically propagates (pushes) that updated configuration to the other members of the HA pair
정답:
Explanation:
Comprehensive and Detailed Explan13ation From BIG-IP Administration Control Plane Administration documents: Monitoring the physical status of the device is critical for reporting device health. In F5 nomenclature, "1.0", "1.1", etc., represent physical hardware interfaces. To verify if a physical link is up or down as reported by the Control Plane's SNMP agent, the administrator must check the Interface List located under Network > Interfaces
정답:
Explanation:
Managing how a BIG-IP communicates with external management services like Syslog is a core Control Plane task. The Configuration Utility organizes these settings under the "System" menu. Specifically, to define remote logging destinations and formats, the administrator must navigate to System > Logs > Configuration to ensure the Control Plane correctly forwards system events to external collectors
정답:
Explanation:
Audit logging is a specialized feature within TMOS designed to track administrative actions. According to F5 documentation, whenever a system object (like a virtual server, pool, or profile) is created, modified, or deleted, the system records the event. These logs are stored specifically in /var/log/audit. This is essential for control plane administration to track "who did what and when" regarding the device configuration.
정답:
Explanation:
In a BIG-IP Device Service Cluster (DSC), manual configuration synchronization is performed using the ConfigSync framework.
The supported and documented command to manually push the local configuration to a specific device group is:
tmsh run cm config-sync to-group <device_group>
This command:
Initiates a one-time manual ConfigSync
Pushes the local device’s configuration to all members of the specified device group
Is commonly used when auto-sync is disabled or when the administrator wants explicit control over synchronization timing
Why the other options are incorrect:
A is not a valid TMSH command for ConfigSync.
B enables auto-sync but does not perform an immediate synchronization.
D is not a valid or supported TMSH command for device group configuration synchronization.
Therefore, the correct command to manually synchronize configuration to a device group is C.
정답:
Explanation:
When a BIG-IP Administrator changes module provisioning (for example, enabling ASM on a system previously provisioned only for LTM), the BIG-IP system must restart the Traffic Management Microkernel (TMM) process.
The TMM process is responsible for:
Traffic handling
LTM, ASM, and other traffic-processing modules
Enforcing security and application policies
Provisioning changes affect how traffic modules are loaded and integrated into TMM. As a result, TMM is restarted, which causes a temporary interruption of traffic processing. This is expected behavior and is why module provisioning changes should be planned during a maintenance window.
Why the other options are incorrect:
A. bd is related to blade/platform management, not module provisioning.
C. sshd handles SSH access and is not affected by provisioning changes.
D. httpd supports the Configuration Utility (GUI) and does not restart due to module provisioning.
Therefore, the correct answer is B. tmm.
정답:
Explanation:
When restoring a UCS file to replacement hardware (RMA device), the license from the original device is not valid on the new system. If the UCS restore attempts to load the old license, BIG-IP reports license errors such as “License is not operational”, which can prevent traffic objects (including pools and virtual servers) from loading correctly.
To avoid this issue, F5 documentation recommends restoring the UCS without the license, using the following command:
tmsh load /sys ucs <ucs filename> no-license
This approach:
Restores all configuration objects (LTM, networking, certificates, keys, etc.)
Excludes the invalid license tied to the old hardware
Allows the administrator to activate a new license separately on the replacement device
Why the other options are incorrect:
A. Remove the license information from the UCS archive
Not supported or recommended; UCS files should not be manually modified.
B. Revoke the license prior to restoring
License revocation does not prevent the UCS from attempting to load license data.
D. Reactivate the license on the new device using the manual activation method
This must be done after restoring the UCS and does not prevent the restore failure itself.
Therefore, the correct and supported method to avoid this error is C.
정답:
Explanation:
On a BIG-IP system, NTP (Network Time Protocol) configuration is part of the system-level configuration settings. In the Configuration Utility, NTP servers are configured under the System configuration hierarchy.
The correct navigation path is:
System > Configuration > Device > NTP
This location allows the administrator to:
Add, modify, or remove NTP servers
Ensure accurate system time synchronization
Maintain proper time alignment required for features such as ConfigSync, HA failover, logging, and certificate validation
Why the other options are incorrect:
A. System > Platform is used for hardware-related settings.
B. System > Preferences manages UI and user preferences.
C. System > Services controls system daemons and services, not time configuration.
Therefore, the correct answer is D. System > Configuration.
정답:
Explanation:
A BIG-IP device group cannot be deleted if it still contains device members, even if one of those devices has already been decommissioned or is unreachable. Before deleting the device group, the administrator must explicitly remove the decommissioned device from the device group configuration.
Once the removed or unreachable device is deleted from the device group membership, the BIG-IP system allows the remaining administrator to successfully delete the device group.
Why the other options are incorrect:
A. Remove all members from the device group
This is not required; the key requirement is removing the decommissioned device, not all members.
B. Make sure all members are in sync
Synchronization status does not prevent device group deletion.
D. Disable the device group
Device groups cannot be disabled; they must be modified or deleted.
Therefore, the correct prerequisite action is to remove the decommissioned device from the device group, making C the correct answer.
정답:
Explanation:
In the BIG-IP Configuration Utility, all system backup and restore operations―including UCS (User Configuration Set) file restoration―are performed from the Archives section.
The correct navigation path is:
System > Archives
From this location, the administrator can:
Upload UCS files
Restore UCS backups
Manage system archive files used for backup and recovery
Why the other options are incorrect:
A. System > Configuration is used for general system settings, not backup restoration.
C. Local Traffic > Virtual Servers is used for application traffic objects.
D. Local Traffic > Policies manages traffic policies, not system backups.
Therefore, the correct section to restore a UCS file using the Configuration Utility is System > Archives.
정답:
Explanation:
On BIG-IP systems, all authentication attempts for administrative access―including logins to the Configuration Utility (GUI)―are logged in /var/log/secure.
This log file records:
Successful and failed login attempts
The username used
The authentication method (local, LDAP, RADIUS, etc.)
Access denials and PAM authentication errors
Why the other options are incorrect:
/var/log/pam/tallylog tracks account lockouts and failed attempt counters, not detailed login attempts.
/var/log/ltm logs traffic management events, not administrative authentication.
/var/log/httpd logs web server activity but does not record authentication success or failure for BIG-IP administrative users.
Therefore, the correct log file to verify whether a user attempted to log in to the BIG-IP Configuration Utility is /var/log/secure.
정답:
Explanation:
When restoring a User Configuration Set (UCS) file, BIG-IP allows administrators to selectively exclude the license during the restore process. From the CLI, this is accomplished using the no-license option with the tmsh load /sys ucs command.
The command:
tmsh load /sys ucs <ucs filename> no-license
restores:
System configuration
Certificates and keys
Device and traffic objects
while explicitly excluding the license file, which is required when:
Migrating configurations between devices
Restoring to hardware with a different license
Avoiding license conflicts or overwrites
Why the other options are incorrect:
A does not provide the option to exclude the license.
B restores the UCS including the license, which does not meet the requirement.
D is incorrect because the BIG-IP GUI does not provide a checkbox to exclude the license during UCS restore.
Therefore, the correct and supported method is C.
정답:
Explanation:
When BIG-IP is configured to use remote authentication (such as LDAP), all authentication and authorization attempts―including successes and failures―are logged to /var/log/secure.
For LDAP-based administrative login issues, /var/log/secure contains:
LDAP authentication failures
PAM authentication errors
Authorization and access-denied messages
Details explaining why a remote user could not log in
Why the other options are incorrect:
/var/log/user.log is not a standard BIG-IP log file for authentication.
/var/log/ltm logs traffic management events, not user authentication.
/var/log/messages contains general system messages but not detailed authentication failure information.
Therefore, the correct log file to troubleshoot LDAP administrative login failures is /var/log/secure.