F5CAB5 Online Practice Questions

Explanation:
This virtual server is intended to function as a forwarding (IP-forwarding) virtual server, which is commonly used for routing or firewall-style deployments where BIG-IP forwards traffic transparently without load balancing or address translation. For a forwarding virtual server to match and pass all traffic, the destination must be configured as 0.0.0.0:any with a mask of 0.0.0.0, not 255.255.255.255.
The configured mask 255.255.255.255 represents a /32 host mask, which restricts the virtual server to matching traffic destined only for the exact IP address 0.0.0.0. Since 0.0.0.0 is not a valid routable destination for normal traffic, no packets will ever match the virtual server, causing it to pass no traffic at all.
This is a well-documented BIG-IP behavior:
destination 0.0.0.0:any
mask 0.0.0.0
together define a catch-all forwarding virtual server.
The destination itself (Option A) is correct for a forwarding VS, and disabling address translation (Option C) is expected and required for IP-forwarding mode. Therefore, the incorrect subnet mask is the sole reason the virtual server is not functioning as expected.

Explanation:
Monitoring granular resource utilization is essential when troubleshooting performance degradation for specific applications. While global system stats show overall hardware health, they do not pinpoint which virtual server is overconsuming resources during traffic spikes. To identify the specific application causing a high CPU load, the administrator should navigate to Statistics > Module Statistics > Local Traffic > Virtual Servers7474. This section provides detailed metrics for each virtual server, including CPU cycles used for traffic processing and iRule execution75. Identifying a "top-talker" or a problematic virtual server allows the administrator to take targeted action, such as optimizing an inefficient iRule, adjusting compression levels, or offloading the virtual server to a different device group76. This targeted troubleshooting ensures that one high-demand virtual server does not negatively impact the performance of other services running on the same BIG-IP hardware, maintaining overall system stability and resource availability

Explanation:
The pool member is marked DOWN because it is monitored by multiple health monitors, specifically an HTTP monitor and an HTTP/2 monitor. The status message clearly shows that the HTTP monitor is UP, while the HTTP/2 monitor is DOWN. In BIG-IP, when multiple monitors are assigned to a pool member, the default behavior is AND logic, meaning all assigned monitors must succeed for the pool member to be considered healthy.
In this scenario, the server is responding successfully to standard HTTP (likely HTTP/1.1) requests but does not support or respond correctly to HTTP/2 requests. As a result, the HTTP/2 monitor fails, which causes the overall monitor status to be DOWN, even though HTTP traffic itself is working.
This behavior is expected and documented in BIG-IP monitoring logic. Unless the monitor rule is explicitly changed to “at least one of”, a single failing monitor will mark the pool member down. Therefore, the correct conclusion is that the pool member is only serving HTTP traffic, not HTTP/2.
The resolution would be to either remove the HTTP/2 monitor, correct the application to support HTTP/2, or adjust the monitor rule to match the intended health-check logic.

Explanation:
When traffic "stabilizes after a few minutes" following a failover, it points to a network-level performance issue involving ARP cache on upstream routers and switches. Each BIG-IP interface has a unique hardware MAC address. During failover, the Standby device takes over the floating IP address, but the upstream switch still associates that IP with the MAC of the now-offline device. Traffic is lost until the switch learns the new MAC or its ARP entry expires. "MAC Masquerading" solves this by creating a shared, virtual MAC address for the floating traffic group. This virtual MAC is used by whichever device is currently active. Because the MAC address for the virtual server IP never changes from the perspective of the network, the upstream devices do not need to update their ARP tables. This troubleshooting solution eliminates the delay associated with failover, providing a seamless transition and ensuring that application traffic flow is not disrupted when the BIG-IP HA state changes.

Explanation:
Troubleshooting failed SSL handshakes involves interpreting the resource limits defined by the system's license8888. The log message SSL transaction (TPS) rate limit reached indicates the BIG-IP is dropping SSL connections because it has exceeded its licensed "Transactions Per Second" capacity. When analyzing stats to determine the correct license level, the administrator must focus on "Client-side" SSL TPS. This represents the initial encrypted handshakes between users and the BIG-IP virtual servers91. In this scenario, the peak client-side demand is 1200 TPS. While the 800 server-side transactions represent re-encryption toward the backend, F5's primary SSL TPS license limits typically apply to the client-facing side of the traffic flow. Therefore, to resolve the intermittent connectivity issues and ensure the virtual server works reliably during peaks, the license must be upgraded to at least 1200 TPS949596969696. 9798Confirming this peak via statistics and comparing it to the current license is a standard troubleshooting step for SSL performance issues.