F5-LTM Specialist Maintain & Troubleshoot

Question - 30 Maximum mark : - 56

Home
All Exams
F5-LTM Specialist Maintain & Troubleshoot Online Practice Exams
F5-LTM Specialist Maintain & Troubleshoot

Which iRule will reject any connection originating from a 10.0.0.0/8 network?

when CLIENT_ACCEPTED {
set remote_ip [IP::addr [IP::remote_addr] mask 8]
switch $remote_ip {
"10.0.0.0" { reject }
"11.0.0.0" { pool pool_http1}
default { pool http_pool }
}
}

✘

when CLIENT_ACCEPTED {set remote_ip [IP::addr [IP::local_addr] mask 8]
switch $remote_ip {
"10.0.0.0" { reject }
"11.0.0.0" { pool pool_http1}
default { pool http_pool }
}
}

✘

when CLIENT_ACCEPTED {set remote_ip [IP::addr [IP::client_addr] mask 255.0.0.0]
switch $remote_ip {
"10.0.0.0" { reject }
"11.0.0.0" { pool pool_http1}
default { pool http_pool }
}
}

✘

when CLIENT_ACCEPTED {set remote_ip [IP::addr [IP::local_addr] mask 255.0.0.0]
switch $remote_ip {
"10.0.0.0" { reject }
"11.0.0.0" { pool pool_http1}
default { pool http_pool }
}
}

✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

There is a fault with an LTM device load balanced trading application that resides on directly connected VLAN vlan-301. The application virtual server is 10.0.0.1:80 with trading application backend servers on subnet 192.168.0.0/25. The LTM Specialist wants to save a packet capture with complete payload for external analysis. Which command should the LTM Specialist execute on the LTM device command line interface?

tcpdump -vvv -w /var/tmp/trace.cap 'net 192.168.0.0/25'

✘

tcpdump -vvv -s 0 -w /var/tmp/trace.cap 'net 192.168.0.0/25'

✘

tcpdump -vvv -nni vlan-301 -w /var/tmp/trace.cap 'net 192.168.0.0/25'

✘

tcpdump -vvv -s 0 -nni vlan-301 -w /var/tmp/trace.cap 'net 192.168.0.0/25'

✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

An LTM Specialist has just captured trace /var/tmp/trace.cap for site www.example.com while listening on virtual address 10.0.0.1:443 configured on partition ApplicationA. The data payload being captured is SSL encrypted. Which command should the LTM Specialist execute to decrypt the data payload?

ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/Common_d/certificate_d/:Common:www.example.com.crt_1 ✘ ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 ✘ ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/ApplicationA_d/certificate_d/:ApplicationA:www.example.com.crt_1 ✘ ssldump -Aed -nr /var/tmp/trace.cap -k /config/filestore/files_d/ApplicationA_d/certificate_key_d/:ApplicationA:www.example.com.key_1 ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

A new VLAN vlan301 has been configured on a highly available LTM device in partition ApplicationA. A new directly connected backend server has been placed on vlan301. However, there are connectivity issues pinging the default gateway. The VLAN self IPs configured on the LTM devices are 192.168.0.251 and 192.168.0.252 with floating IP 192.168.0.253. The LTM Specialist needs to perform a packet capture to assist with troubleshooting the connectivity. Which command should the LTM Specialist execute on the LTM device command line interface to capture the attempted pings to the LTM device default gateway on VLAN vlan301?

tcpdump -ni /ApplicationA/vlan301 'host 192.168.0.253'

✘

tcpdump -ni vlan301 'host 192.168.0.253'

✘

tcpdump -ni /ApplicationA/vlan301 'host 192.168.0.251 or host 192.168.0.252'

✘

tcpdump -ni vlan301 'host 192.168.0.251 or host 192.168.0.252'

✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

An LTM Specialist needs to modify the logging level for tcpdump execution events. Checking the BigDB Key, the following is currently configured: sys db log.tcpdump.level { value "Notice" } Which command should the LTM Specialist execute on the LTM device to change the logging level to informational?

tmsh set /sys db log.tcpdump.level value informational ✘ tmsh set /sys db log.tcpdump.level status informational ✘ tmsh modify /sys db log.tcpdump.level value informational ✘ tmsh modify /sys db log.tcpdump.level status informational ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

An application is configured on an LTM device:
Virtual server: 10.0.0.1:80 (VLAN vlan301)
SNAT IP: 10.0.0.1
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)
Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only client traffic specifically for this virtual server?

tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap

✘

tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

✘

tcpdump -ni vlan301 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap

✘

tcpdump -ni vlan302 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap

✔

tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Given this as the first packet displayed of an ssldump:
2 2 1296947622.6313 (0.0001) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
19 21 d7 55 c1 14 65 63 54 23 62 b7 c4 30 a2 f0
b8 c4 20 06 86 ed 9c 1f 9e 46 0f 42 79 45 8a 29
session_id[32]=
c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad
4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
In reviewing the rest of the ssldump, the application data is NOT being decrypted. Why is ssldump failing to decrypt the application data?

The application data is encrypted with SSLv3. ✘ The application data is encrypted with TLSv1. ✘ The data is contained within a resumed TLS session. ✘ The BigDB Key Log.Tcpdump.Level needs to be adjusted. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

An LTM Specialist is troubleshooting virtual server 10.0.0.1:443 residing on VLAN vlan301. The web application is accessed via www.example.com. The LTM Specialist wants to save a packet capture with complete decrypted payload for external analysis. Which command should the LTM Specialist execute on the LTM device command line interface?

tcpdump -vvv -s 0 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap

✘

tcpdump -vvv -s 0 -ni vlan301 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap

✘

ssldump -Aed -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap

✘

ssldump -Aed -ni vlan301 -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap

✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap

✘

tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

✘

tcpdump -ni vlan302 -s 0 'port 8080 and (host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

✘

tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

10.

An LTM Specialist sees these entries in /var/log/ltm:
Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443

Assume 172.16.20.0/24 is attached to the VLAN "internal."

What should the LTM Specialist use to troubleshoot this issue?

curl -d - -k https://172.16.20.1 ✘ ssldump -i internal host 172.16.20.1 ✘

tcpdump -i internal host 172.16.20.1 > /shared/ssl.pcapssldump < /shared/ssl.pcap

✘ tcpdump -s 64 -i internal -w /shared/ssl.pcap host 172.16.20.1ssldump -r /shared/ssl.pcap ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Prev Next

Congratulations

you have successfully completed the test

Back to Question View Result

Detail Form

We will send your result on your email id and phone no. please fill detail

Name

Email ID Note: Report will be send to the above Email ID

Phone No

F5-LTM Specialist Maintain & Troubleshoot

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner