F5CAB4 Exam Questions 2026 – Real Practice Test with Verified Answers

Home / F5 / F5CAB4

Latest F5CAB4 Exam Practice Questions

The practice questions for F5CAB4 exam was last updated on 2026-07-13 .

Viewing page 1 out of 1 pages.

Viewing questions 1 out of 9 questions.

Question#1

The BIG-IP system is provisioned for LTM only. The BIG-IP Administrator is tasked with provisioning ASM.
What process restarts when the BIG-IP Administrator changes the module provisioning? (Choose one answer)

A. bd
B. tmm
C. sshd
D. httpd

Explanation:
When a BIG-IP Administrator changes module provisioning (for example, enabling ASM on a system previously provisioned only for LTM), the BIG-IP system must restart the Traffic Management Microkernel (TMM) process.
The TMM process is responsible for:
Traffic handling
LTM, ASM, and other traffic-processing modules
Enforcing security and application policies
Provisioning changes affect how traffic modules are loaded and integrated into TMM. As a result, TMM is restarted, which causes a temporary interruption of traffic processing. This is expected behavior and is why module provisioning changes should be planned during a maintenance window.
Why the other options are incorrect:
A. bd is related to blade/platform management, not module provisioning.
C. sshd handles SSH access and is not affected by provisioning changes.
D. httpd supports the Configuration Utility (GUI) and does not restart due to module provisioning.
Therefore, the correct answer is B. tmm.

Question#2

A BIG-IP Administrator discovers malicious brute-force attempts to access the BIG-IP device on the management interface via SSH. The BIG-IP Administrator needs to restrict SSH access to the management interface.
Where should this be accomplished?

A. System > Configuration
B. Network > Interfaces
C. Network > Self IPs
D. System > Platform

Explanation:
The "Management Port" is distinct from TMM data ports. Configuration for global platform-level settings, including administrative access restrictions (IP Allow lists for SSH and HTTPS) for the management port, is found under System > Platform. This is a critical Control Plane hardening step to prevent unauthorized remote access
Here is the next batch of 10 questions from your document that are 100% related to BIG-IP

Question#3

A BIG-IP Administrator needs to determine who changed a Virtual Server configuration.
In which log file would the BIG-IP Administrator find this data? (Choose one answer)

A. /var/log/audit
B. /var/log/secure
C. /var/log/ltm

Explanation:
The audit log (/var/log/audit) records configuration changes made on the BIG-IP system, including:
Who made the change (user account)
What was changed (for example, a virtual server modification)
When the change occurred
How it was performed (GUI, TMSH, or API)
Why the other options are incorrect:
/var/log/secure logs authentication events such as login successes and failures, not configuration changes.
/var/log/ltm logs traffic-management and runtime LTM events, not administrative configuration modifications.
Therefore, the correct log file for tracking who changed a virtual server is /var/log/audit.

Question#4

A BIG-IP Administrator defines a device Self IP. The Self IP is NOT reachable from the network.
What should the administrator verify first?

A. The correct Trunk has been selected.
B. The correct VLAN has been selected.
C. Verify if auto last hop is disabled.
D. The correct Interface has been selected.

Explanation:
Connectivity management requires a proper logical-to-physical mapping within the BIG-IP Control Plane.
VLAN Association: In TMOS, a Self IP address is not assigned directly to a physical interface. Instead, it is assigned to a VLAN (Virtual Local Area Network) object.
Procedural Troubleshooting: If a Self IP is unreachable, the primary failure point is often that the IP was associated with the wrong VLAN, or the VLAN itself is not correctly associated with the intended physical interface or trunk.
Layer 2 Mapping: The Control Plane requires the VLAN to be "up" and "untagged" or "tagged" on a valid interface for traffic to flow. If the administrator selects the incorrect VLAN, the Self IP will exist in the configuration but will be logically isolated from the physical network wire.

Question#5

A BIG-IP Administrator finds the following log entry: tnm tmm[7141]: 011e0002:4: sweeper_update: aggressive mode activated.
Which action should the BIG-IP Administrator take to mitigate this memory issue?

A. Configure the redundant pair to be active-active
B. Decrease the TCP profile Idle Timeout value
C. Increase the TCP profile Idle Timeout value
D. Configure the server to use Connection Mirroring

Explanation:
This log message indicates that the system is low on memory and has activated 'Aggressive Mode' to reclaim resources by closing old connections37. In an HA environment, one way to ensure state stability during memory pressure is to manage how connection data is handled38. While the document suggests D, procedural mitigation for 'Aggressive Mode' often involves reviewing resource provisioning or optimizing connection idle timeouts to reduce memory footprint39.

Disclaimer

This page is for educational and exam preparation reference only. It is not affiliated with F5, F5-CA, or the official exam provider. Candidates should refer to official documentation and training for authoritative information.

Exam Code: F5CAB4Q & A:  67  Q&As Updated:  2026-07-13

  Get All F5CAB4 Q&As