F5CAB3 Online Practice Questions

Explanation:
DNS traffic is primarily transported using UDP port 53. In the exhibit, the Virtual Server is configured with the Protocol set to TCP, which prevents standard DNS queries from being processed correctly. BIG-IP Virtual Servers must be configured with the correct Layer 4 protocol to match the application traffic they are handling.
According to the BIG-IP Administration: Data Plane Configuration documentation:
The Protocol setting on a Virtual Server defines whether traffic is processed as TCP, UDP, or another supported transport protocol.
Standard DNS queries and responses use UDP, while TCP is only required for DNS zone transfers (AXFR) or exceptionally large responses.
When a DNS Virtual Server is incorrectly configured with TCP, UDP-based DNS queries are dropped, causing all requests to fail.
Why the other options are incorrect:
A. Protocol profile (Client) to DNS_OPTIMIZED
A DNS profile enhances DNS functionality but does not correct an incorrect transport protocol configuration.
B. Type to Performance (HTTP)
Performance (HTTP) Virtual Servers are designed for HTTP traffic and are not suitable for DNS services.
C. Source Address to 192.168.10.0/24
The existing source IPs already fall within the allowed range, so this setting does not address the failure.
Correct Resolution:
Changing the Protocol to UDP aligns the Virtual Server with standard DNS transport requirements, allowing DNS queries to be successfully processed and load-balanced.

Explanation:
SSH is a Layer 4 TCP-based protocol that operates on TCP port 22 and does not use HTTP in any capacity. In the exhibit, the Virtual Server is configured with an HTTP Profile applied, which is inappropriate for SSH traffic and causes connection failures.
According to the BIG-IP Administration: Data Plane Configuration documentation:
An HTTP profile must only be applied to Virtual Servers handling HTTP or HTTPS traffic.
When an HTTP profile is attached, BIG-IP expects HTTP headers and attempts to parse application-layer data.
Non-HTTP protocols such as SSH, FTP (control), SMTP, and other raw TCP services will fail if an HTTP profile is enabled.
Why the other options are incorrect:
A. Set Protocol to UDP
SSH uses TCP, not UDP. Changing the protocol would break SSH entirely.
B. Set Source Address to 10.1.1.2
The source address setting controls client access restrictions and is unrelated to protocol parsing issues.
C. Set Destination Address/Mask to 0.0.0.0/0
The destination address is already valid for a specific SSH service and does not impact protocol handling.
Correct Resolution:
The BIG-IP Administrator should remove the HTTP Profile (set it to None) so the Virtual Server functions as a pure Layer 4 TCP service, allowing SSH connections to pass through successfully.

Explanation:
URI-based traffic steering requires inspection of the HTTP request. BIG-IP processes HTTP headers and URIs in the HTTP_REQUEST event. Pool member selection based on URI must occur before the request is sent to the server, making HTTP_REQUEST the correct event.

Explanation:
In BIG-IP systems, iRules influence traffic only when they are attached to a Virtual Server. If application traffic is being sent to nodes or pool members that are not defined in the pool, this typically indicates that an iRule is overriding the default load-balancing behavior by explicitly selecting a pool or node.
According to BIG-IP Administration: Data Plane Configuration and official F5 guidance:
iRules are associated with Virtual Servers, not directly with pools or nodes.
To determine whether an iRule is actively affecting traffic, the administrator must inspect the Virtual Server configuration.
Explanation of the correct answers:
B. Via the GUI at the Resources tab for the virtual server
The Resources tab in the Configuration Utility displays all traffic-handling objects applied to the Virtual Server, including assigned iRules. This is the primary GUI location to verify whether an iRule is influencing data plane traffic.
C. Via TMSH with the list /ltm virtual <virtual_server> command
This TMSH command displays the full Virtual Server configuration, including any iRules listed under the rules section. It is the authoritative CLI method to confirm iRule usage.
Why the other options are incorrect:
A. Via TMSH with the list /ltm rule <irule> command
This command only shows the contents of an iRule and does not indicate whether the iRule is attached to or used by any Virtual Server.
D. Via the GUI at the iRule tab for the virtual server
BIG-IP does not provide a dedicated “iRule” tab on Virtual Servers. iRules are viewed and managed under the Resources tab.
Correct Conclusion:
To verify whether an iRule is responsible for unexpected node selection, the BIG-IP Administrator must examine the Virtual Server configuration, either through the Resources tab in the GUI or by using TMSH to list the Virtual Server configuration.

Explanation:
WAN-optimized TCP profiles improve performance for high-latency Internet clients, while LAN profiles are optimal for backend servers.