F5CAB2 Online Practice Questions

Explanation:
Understanding the default behavior of a Standard Virtual Server regarding address and port translation is fundamental to BIG-IP administration.
Source Address Translation (SNAT): By default, the BIG-IP system does not perform Source Address Translation (SNAT). This means that the packet's source IP address (the Client IP) remains preserved as it passes through the BIG-IP to the pool member. This is critical for backend servers to identify the original client for logging and security purposes. Therefore, the client IP address is unchanged between the client-side and server-side connections.
Destination Address Translation (DAT): By default, a Standard Virtual Server always performs Destination Address Translation. The BIG-IP system changes the destination IP from the Virtual Server's IP address to the IP address of the specific Pool Member selected by the load balancing algorithm. Consequently, the server-side destination IP is different from the client-side destination IP.
Port Translation: By default, Port Translation is enabled. If a Virtual Server is listening on port 80 and the selected pool member is configured for port 8080, the BIG-IP will translate the destination port. Even if the ports happen to be the same, the setting allows for change, whereas the default SNAT setting (None) ensures the client IP remains static.

Explanation:
To meet the requirement of fault tolerance when one interface goes down, BIG-IP must use link aggregation so that loss of a single physical link does not isolate the VLAN(s).
How the objects relate (data plane view)
Interfaces = physical links.
Trunk (LACP) = bundles multiple interfaces into one logical link that provides redundancy (and possibly bandwidth aggregation).
VLANs are assigned to interfaces or trunks. If you need multiple VLANs on the same trunk, they must use 802.1Q tagging (because you can only have one untagged VLAN per interface/trunk).
Self IPs are then placed on the VLANs to provide BIG-IP presence and routing/ARP functions, but self IPs are not what provides link resiliency―the trunk does.
Why Option D is correct
You have two physical interfaces and you want resiliency if one fails → put both interfaces into one trunk with LACP enabled.
You need both external and internal VLANs on those same two links → both VLANs should be configured as tagged on that trunk, so they can coexist on the same aggregated link.
If either physical interface fails, the trunk remains up via the remaining interface, keeping both VLANs operational.
Why the other options are incorrect
A: Two VLANs cannot both be untagged on the same trunk/interface. Only one untagged VLAN is possible; additional VLANs must be tagged.
B: Two trunks “each with one VLAN” would typically mean splitting VLANs across separate trunks. With only two interfaces total, that becomes one interface per trunk―if one interface goes down, the VLAN on that interface is down (no redundancy for that VLAN).
C: Same redundancy problem as B, and disabling LACP removes the negotiated aggregation behavior expected when the switch engineer specifically requested LACP.

Explanation:
Cookie Persistence is a Layer 7 persistence method that leverages an HTTP cookie to track a user session.
IP Independence: Unlike "Source Address Affinity" (which relies on the client's IP), Cookie persistence identifies the session base16d on a unique token provided by the BIG-IP system. This is crucial for environments where many users share a single gateway (NAT) or where a client's IP might change mid-session.
Encryption and Decryption: For the BIG-IP to insert or read a cookie, it must be able to see the HTTP header. If the traffic is encrypted end-to-end (SSL Pass-through), the BIG-IP cannot use cookie persistence. SSL must be terminated at the BIG-IP (Option B is false).
Security: By default, BIG-IP cookies are encoded, not clear text. Modern versions allow for easy encryption of these cookies to prevent information leakage (Option C is false).
Memory vs. Disk: The default behavior is "session-based" (In-memory). A cookie is only written to the client's file system (disk) if an Expiration is configured in the persistence profile (Option D is false).

Explanation:
With Least Connections (member), BIG-IP attempts to send new connections to the pool member with the fewest current connections. In a perfectly “stateless” scenario (no affinity), this often trends toward a fairly even distribution over time.
However, persistence overrides load balancing:
When a persistence profile is applied, BIG-IP will continue sending a client (or client group) to the same pool member based on the persistence record (cookie / source address / SSL session ID, etc.).
This means even if another pool member has fewer connections, BIG-IP may still select the persisted member to honor session affinity.
The result can be uneven active connection counts, even though the configured load balancing method is Least Connections.
Why the other options are not the best cause:
A. Priority Group Activation is disabled
Priority Group Activation only affects selection when priority groups are configured; disabling it does not inherently create uneven distribution under Least Connections.
B. SSL Profile Server is applied
A server-side SSL profile affects encryption to pool members, but it does not by itself cause skewed selection across pool members. (Skew could happen indirectly if members have different performance/latency, but that’s not the primary, expected exam answer.)
D. Incorrect load balancing method
Least Connections is a valid method and does not itself explain unevenness unless something is overriding it (like persistence) or pool members are not all eligible.
Conclusion:
A persistence profile is the most common and expected reason that active connections become unevenly distributed, because persistence takes precedence over the Least Connections load-balancing decision.