F5CAB1 Exam Questions 2026 – Real Practice Test with Verified Answers

Home / F5 / F5CAB1

Latest F5CAB1 Exam Practice Questions

The practice questions for F5CAB1 exam was last updated on 2026-07-09 .

Viewing page 1 out of 0 pages.

Viewing questions 1 out of 4 questions.

Question#1

What are the two options for securing a BIG-IP’s management interface? (Choose two.)

A. Limiting network access through the management interface to a trusted/secured network VLA
B. Block all management-interface administrative HTTPS and SSH service ports to prevent access.
C. Use the BIG-IP’s Self-IP addresses for administrative access rather than the management interface.
D. Restrict administrative HTTPS and SSH access to specific IP addresses or IP ranges.

Explanation:
Securing the BIG-IP management interface is a fundamental administrative responsibility. F5 best practices emphasize restricting who can reach the management port and ensuring that only authorized systems are allowed access.
A. Limiting management access to trusted network segments
F5 recommends placing the management interface on a dedicated, isolated, and secured management network or VLAN, rather than exposing it to production or untrusted networks.
This reduces the attack surface by ensuring only trusted segments have visibility to administrative interfaces.
D. Restricting management access by IP or subnet
F5 BIG-IP uses the /sys httpd allow list (for HTTPS) and configuration options in sshd (for SSH) to control which IP addresses or subnets can access the device.
By specifying only known administrative IPs or ranges, unauthorized users cannot reach the login services.
Why the other options are incorrect
B. Blocking all management HTTPS/SSH ports
This would prevent any administrative access and is not a viable security practice.
C. Using Self-IP addresses for administrative access
F5 explicitly warns against using Self-IPs for management access unless strictly necessary.
Self-IPs are exposed to the data plane and should not be used as the primary administrative interface.

Question#2

An F5 BIG-IP Administrator is asked to report which modules are provisioned on the BIG-IP.
In which two ways can this be done? (Choose two.)

A. Via the GUI at System → Resource Provisioning → Module Allocation
B. Via TMSH with show /sys provision
C. Via the GUI at Statistics → Module Statistics → System
D. Via TMSH with list /sys provision

Explanation:
Provisioning determines:
Which BIG-IP modules are enabled (LTM, ASM, APM, AFM, DNS, etc.) Their provisioning levels (None, Minimal, Nominal, Dedicated) Two accurate ways to view provisioning settings are:
A. GUI ― System → Resource Provisioning → Module Allocation This is the primary GUI screen showing: All modules
Their provisioning level
System resource distribution impact
Administrators commonly use this page to confirm or change module provisioning.
D. TMSH ― list /sys provision
This tmsh command displays each module and its provisioning level:
sys provision ltm { level nominal }
sys provision asm { level none }
...
This is the authoritative CLI method for checking module provisioning configurations.
Why the other options are incorrect:
B. show /sys provision
Shows runtime information but not the actual configuration levels.
list is the correct command for configuration details.
C. Statistics → Module Statistics
Shows performance statistics, NOT provisioning status.
Therefore, the correct responses are A and D.

Question#3

The device is currently on v15.1.2.1.
The BIG-IP Administrator needs to boot the device back to v13.1.0.6 to gather data for troubleshooting.
The system shows:
Sys::Software Status
Volume Product Version Build Active Status Allowed
Which is the correct command-line sequence to boot the device to version 13.1.0.6?

A. Use tmsh to select a new boot volume, tmsh reboot HD1.2
B. switchboot -b HD1.2, then reboot
C. switchboot -I HD1.2, then reboot
D. Use tmsh to select a new boot volume, tmsh switchboot HD1.2

Explanation:
To change the boot volume on a BIG-IP system from one installed TMOS version to another, the correct CLI tool is:
switchboot
The correct syntax uses the -b flag:
switchboot -b <volume>
This command marks the specified boot location as the one to be used on the next reboot.
Thus, to boot into HD1.2 which contains 13.1.0.6, the sequence is:
Mark HD1.2 as the next boot location:
switchboot -b HD1.2
Reboot the system:
reboot
This is the standard and officially supported method for selecting a different installed volume.
Why the other options are incorrect:
A. "tmsh reboot HD1.2"
There is no such tmsh syntax.
Boot volume cannot be selected by adding a parameter to reboot.
C. switchboot -I HD1.2
The -I flag is invalid. Only -b is used.
D. "tmsh switchboot HD1.2"
switchboot is not a tmsh command; it is a system-level shell utility.
Therefore, Option B is the correct and valid command sequence.

Question#4

Which of the following are resource allocation settings for modules? (Pick the 2 correct responses below)

A. Maximum
B. Nominal
C. Limited
D. Dedicated

Explanation:
Comprehensive and Detailed Explanation From BIG-IP Administration ― Install, Initial Configuration, and Upgrade:
When provisioning modules on a BIG-IP system, F5 provides specific resource allocation settings that define how system resources ― CPU, memory, and disk ― are distributed to each licensed module. The two valid and officially recognised allocation settings are Nominal and Dedicated.
Nominal instructs the system to allocate a moderate, balanced share of resources to the module. It allows the module to function effectively while sharing system resources with other provisioned modules. This is the most commonly used setting in multi-module deployments.
Dedicated allocates the maximum available system resources exclusively to a single module. When this setting is applied, it is typically the only module provisioned, as it consumes resources at a level that prevents other modules from operating concurrently in a meaningful capacity.
Option A ― Maximum is not a valid BIG-IP provisioning allocation level; it does not appear in the official provisioning interface or documentation as a selectable resource tier.
Option C ― Limited similarly does not exist as a defined resource allocation setting within BIG-IP module provisioning. It may superficially resemble valid terminology but has no standing in the official provisioning framework.
Administrators access these settings via System » Resource Provisioning in the Configuration Utility, where each licensed module displays its available allocation options.
Reference Topics: Module Resource Provisioning, Nominal vs. Dedicated Allocation, System Resource Management ― BIG-IP Administration Study Guide

Disclaimer

This page is for educational and exam preparation reference only. It is not affiliated with F5, F5-CA, or the official exam provider. Candidates should refer to official documentation and training for authoritative information.

Exam Code: F5CAB1Q & A:  49  Q&As Updated:  2026-07-09

  Get All F5CAB1 Q&As