無料F5-CA F5CAB3究極の学習ガイド(更新された76問あります)
トップクラスのF5CAB3練習試験問題
質問 # 23
An organization is reporting slow performance accessing their Intranet website. All employees use a single Proxy Server with a public IP.
What should the BIG-IP Administrator do to fix this issue?
- A. Change Load Balancing Method to Least Connections
- B. Change Source Address to proxy IP
- C. Change Fallback Persistence Profile to source_addr
- D. Change Default Persistence Profile to cookie
正解:D
解説:
When multiple users share one source IP, source-address persistence fails. Cookie persistence uniquely identifies users at Layer 7 and ensures correct session handling.
質問 # 24
An organization reports slow performance accessing an Intranet website. All employees use a single proxy IP.
What should the BIG-IP Administrator do?
- A. Change Default Persistence to cookie
- B. Change Fallback Persistence to source_addr
- C. Change Source Address to proxy IP
- D. Change Load Balancing to Least Connections
正解:A
解説:
When many users share one source IP, source-address persistence fails. Cookie persistence uniquely identifies clients at Layer 7.
質問 # 25
A BIG-IP Administrator configures a Virtual Server to load balance traffic between 50 webservers for an ecommerce website. Traffic is being load balanced using the Least Connections (node) method. The webserver administrators report that customers are losing the contents from their shopping carts and are unable to complete their orders. What should the BIG-IP Administrator do to resolve the issue?
- A. Change Default Persistence Profile setting to cookie
- B. Change Default Persistence Profile setting to sip_info
- C. Change Load Balancing method to Ratio (member)
- D. Change Load Balancing method to Ratio (node)
正解:A
解説:
The issue of "lost shopping carts" in an ecommerce environment is a classic symptom of a missing or improperly configured Persistence Profile. In modern web applications, session data-such as items added to a cart-is often stored locally on the specific web server that initially handled the user's request. If the BIG-IP system load balances a user's subsequent request (like clicking "Checkout") to a different server among the 50 webservers, the new server will not have the session data, and the user will appear to have an empty cart.
While Least Connections (node) is an efficient load balancing algorithm, it makes a new decision for every connection unless persistence is enabled. To resolve this, the administrator must implement a persistence mechanism. HTTP Cookie Persistence (Option A) is the industry standard for web applications. By assigning a cookie persistence profile to the Virtual Server, the BIG-IP inserts a unique cookie into the HTTP response.
When the user's browser returns that cookie in future requests, the BIG-IP identifies the specific server that handled the first request and consistently directs the user back to that same server for the duration of their session.
Sip_info (Option B) is a persistence method for VOIP traffic and is not applicable to web traffic. Ratio load balancing (Options C and D) merely changes the distribution frequency but still does not guarantee that a specific user will stay on the same server across multiple requests. Therefore, adding a cookie persistence profile is the direct procedural fix to maintain session state and ensure ecommerce functionality.
質問 # 26
What is the status of a pool member when manual resume is enabled and a health check first fails and then passes?
- A. Available (Disabled)
- B. Offline (Enabled)
- C. Offline (Disabled)
- D. Available (Enabled)
正解:C
解説:
With manual resume enabled, BIG-IP does not automatically return a pool member to service after recovery.
The member remains offline until manually re-enabled.
質問 # 27
During high-demand traffic events, the BIG-IP Administrator needs to limit new connections per second.
What should be applied?
- A. HTTP Compression profile
- B. Connection rate limit
- C. OneConnect profile
- D. Connection limit
正解:B
解説:
Connection rate limiting controls how many new connections per second are accepted, protecting backend resources.
質問 # 28
Which persistence profile would be the most appropriate to ensure an HTTP web request connects to the same pool member? (Choose one answer)
- A. Hash persistence
- B. SSL persistence
- C. Cookie persistence
- D. Destination address
正解:C
解説:
For HTTP-based applications, cookie persistence is the most appropriate and commonly recommended persistence method.
According to the BIG-IP Administration: Data Plane Configuration documentation:
Cookie persistence inserts or uses an HTTP cookie to maintain session affinity.
It operates at Layer 7 (HTTP) and is application-aware.
It allows persistence to be maintained even when multiple clients are behind a NAT device.
Why the other options are incorrect:
A . Destination address
Destination address persistence is generally used for inbound traffic patterns such as firewall or proxy scenarios.
B . Hash persistence
Hash persistence is less granular and not HTTP-specific.
C . SSL persistence
SSL persistence is typically used when SSL session IDs are reused and is less reliable than cookies for HTTP applications.
Correct Resolution:
Using cookie persistence ensures that HTTP web requests are consistently directed to the same pool member.
質問 # 29
The BIG-IP Administrator has to provide encrypted communication between the users and the virtual server they access. Multiple hostnames are configured in DNS with the same IP address. Which profile type and setting in the profile should be used?
- A. Client SSL, Client Name
- B. Server SSL, Client Name
- C. Server SSL, Server Name
- D. Client SSL, Server Name
正解:D
解説:
When a single IP address (Virtual Server) must host multiple hostnames (e.g., site1.com, site2.com) over HTTPS, the BIG-IP must be able to present the correct SSL certificate for each site during the initial handshake. This requirement is handled by a technology called Server Name Indication (SNI).
To implement this on the BIG-IP, the administrator must use a Client SSL profile because the encryption is occurring between the user (Client) and the Virtual Server. Within the Client SSL profile settings, there is a field called Server Name. By creating multiple Client SSL profiles-each with a different "Server Name" (the hostname) and its corresponding certificate-and attaching them all to the same Virtual Server, the BIG-IP can inspect the SNI extension in the client's "Client Hello" packet. It then selects the specific profile that matches the requested hostname.
Option A is incorrect because "Client Name" is not the standard field name used for SNI hostname matching in the profile. Options B and C refer to Server SSL profiles, which manage the connection between the BIG- IP and the backend servers. While Server SSL profiles also have a "Server Name" field (used to send SNI to a backend server), the requirement here is to provide encrypted communication for "users" accessing the virtual server, which definitively requires a Client-side SSL configuration.
質問 # 30
Due to a change in application requirements, a BIG-IP Administrator needs to modify the configuration of a Virtual Server to include a Fallback Persistence Profile.
Which persistence profile type should the BIG-IP Administrator use?
- A. Hash
- B. SSL
- C. Universal
- D. Source Address Affinity
正解:D
解説:
Fallback persistence is used when the primary persistence method fails. Source Address Affinity is a Layer 4 persistence method and is fully supported as a fallback option for most virtual server types.
質問 # 31
A BIG-IP Administrator uses backend servers to host multiple services per server. There are multiple virtual servers and pools defined, referencing the same backend servers.
Which load balancing algorithm is most appropriate to have an equal number of connections on each backend server? (Choose one answer)
- A. Least Connections (member)
- B. Predictive (member)
- C. Least Connections (node)
- D. Predictive (node)
正解:C
解説:
In this scenario, each backend node (server) hosts multiple services and is referenced by multiple pools and virtual servers. The goal is to ensure an equal number of total connections per backend server, regardless of how many pool members (services/ports) exist on that server.
According to the BIG-IP Administration: Data Plane Configuration documentation:
* Least Connections (node) tracks the total number of active connections to a node across all pool members and services.
* This algorithm ensures load distribution is balanced at the server level, not just at the individual service (member) level.
* It is specifically recommended when:
* Multiple pool members exist on the same backend server
* Multiple virtual servers reference the same backend servers
Why the other options are incorrect:
* B. Predictive (member)Predictive algorithms are advanced and traffic-pattern based, but they operate at the member level and do not guarantee equal connections per server.
* C. Least Connections (member)This balances connections per pool member, which can overload a server hosting multiple members while still appearing "balanced" per member.
* D. Predictive (node)Although node-aware, predictive algorithms are less deterministic and not the best choice when strict equality of connections is required.
Correct Resolution:
Using Least Connections (node) ensures that each backend server carries an equal connection load across all services and pools.
質問 # 32
A BIG-IP Administrator creates an HTTP Virtual Server using an iApp template. After the Virtual Server is created, the user requests to change the destination IP addresses. The BIG-IP Administrator tries to change the destination IP address from 10.1.1.1 to 10.2.1.1 in Virtual Server settings, but receives the following error:
"The application service must be updated using an application management interface." What is causing this error?
- A. The Application Services have Strict Updates enabled.
- B. The Application Service was NOT deleted before making the IP address change.
- C. The IP addresses used are NOT from the same subnet as the Self IP.
- D. The IP addresses are already in use.
正解:A
解説:
In F5 BIG-IP administration, iApps are designed to manage complex application configurations as a single unit. When an iApp is deployed, it creates an "Application Service" object that owns all the associated LTM objects, such as Virtual Servers, Pools, and Nodes. By default, these iApps are created with Strict Updates enabled. Strict Updates is a safety mechanism that prevents administrators from making manual "out-of-band" changes to the individual objects created by the iApp. The system enforces this because manual changes would be overwritten the next time the iApp template is updated or re-entered.
When the administrator attempts to change the destination IP address directly on the Virtual Server object, the BIG-IP system checks the "Strict Updates" flag. If it is set to "Enabled," the system blocks the modification and generates the error message stating the service must be updated via the application management interface.
To resolve this, the administrator must navigate to the iApp >> Application Services menu, select the specific application service, and go to the "Reconfigure" tab. Within the iApp configuration form, the destination IP can be safely changed. Alternatively, if the administrator specifically wants to manage the objects manually and forgo the benefits of the iApp template management, they could disable "Strict Updates" in the iApp properties, though this is generally discouraged as it breaks the template's logic. The error is not related to subnetting or duplicate IPs, but strictly to the configuration authority assigned to the iApp service.
質問 # 33
A BIG-IP Administrator creates a new VLAN on BIG-IP Cluster Member A and attaches an interface to it.
Although the Auto Config Sync is in place, the new VLAN does NOT show up on Cluster Member B. What should the BIG-IP Administrator do to ensure the new VLAN is configured on each Cluster Member?
- A. Configure the new VLAN manually on Cluster Member B
- B. Configure a Default Route for the new VLAN on Cluster Member A
- C. Enable the Interface that is attached to the new VLAN on Cluster Member A
- D. Reset the Device Trust of the BIG-IP Cluster on either Cluster Member
正解:A
解説:
In a BIG-IP High Availability (HA) environment, most configuration objects (Virtual Servers, Pools, iRules) are considered "shared" and are synchronized automatically between devices. However, network-level objects-specifically VLANs and Self IPs-are unique to the hardware and are generally not synchronized by the ConfigSync process.
This is intentional because two devices in a cluster may have different physical cabling or interface assignments. For example, Cluster Member A might use interface 1.1 for a specific VLAN, while Cluster Member B might use interface 1.2. Because the BIG-IP system cannot assume that the physical network topology is identical for both appliances, the administrator must Configure the new VLAN manually on Cluster Member B.
Once the VLAN is created manually on both devices with the exact same name, it can then be used to host
"shared" floating Self IP addresses or traffic groups that will synchronize. Failing to create the VLAN on the peer device will prevent the traffic group from failing over correctly, as the peer will not have the necessary Layer 2 broadcast domain defined to take over the traffic. Resetting Device Trust (Option D) is a drastic step for fix sync communication issues but will not change the fact that VLANs are non-syncable objects.
Enabling the interface (Option B) only affects the link status of Member A and has no impact on the configuration of Member B.
質問 # 34
A BIG-IP Administrator creates a new Virtual Server to load balance SSH traffic. Users are unable to log on to the servers.
What should the BIG-IP Administrator do to resolve the issue?
- A. Set Destination Address/Mask to 0.0.0.0/0
- B. Set Protocol to UDP
- C. Set Source Address to 10.1.1.2
- D. Set HTTP Profile to None
正解:D
解説:
SSH is a TCP Layer 4 protocol. Applying an HTTP profile causes BIG-IP to expect HTTP headers, breaking SSH sessions. Removing the HTTP profile allows raw TCP forwarding.
質問 # 35
In a pool there are 2 pool members out of the 5 members that are older servers. The number of connections these can handle is less than the other 3 pool members. Which load balancing method would allow more traffic to be directed to the newer servers?
- A. Global Availability
- B. Least Connections (member)
- C. Weighted Least Connections (member)
- D. Round Robin
正解:C
解説:
When dealing with heterogeneous server hardware where some servers are more powerful than others, a dynamic load balancing method that accounts for both current load and server capacity is required. The Weighted Least Connections (member) method is the most appropriate choice. This method works by tracking the number of active connections to each pool member and then "weighting" that number based on a user-defined Ratio value assigned to the member. For example, the administrator can assign a higher Ratio to the three newer, more powerful servers and a lower Ratio to the two older servers. The BIG-IP then uses a formula to calculate which server should receive the next connection, ensuring that the newer servers handle a proportionately larger share of the total concurrent connections.
Standard Round Robin (Option C) would be ineffective because it distributes connections strictly sequentially (1, 2, 3, 4, 5) without regard for the servers' capacity or current load, which would eventually overwhelm the older servers. Least Connections (member) (Option D) is better than Round Robin because it picks the server with the fewest active connections, but it still assumes all servers are equal; it would try to keep the connection counts identical across all 5 servers, which would still stress the older hardware more than the new. Global Availability (Option B) is a GSLB (DNS-based) method used for multi-site redundancy, not for local pool member load balancing. By using Weighted Least Connections, the administrator achieves a balance where the more capable servers take the brunt of the work while the older servers are utilized only to their specific safe capacity.
質問 # 36
Refer to the exhibit.
A BIG-IP Administrator creates a new Virtual Server to load balance SSH traffic. Users are unable to log on to the servers.
What should the BIG-IP Administrator do to resolve the issue? (Choose one answer)
- A. Set Destination Address/Mask to 0.0.0.0/0
- B. Set Protocol to UDP
- C. Set Source Address to 10.1.1.2
- D. Set HTTP Profile to None
正解:D
解説:
SSH is a Layer 4 TCP-based protocol that operates on TCP port 22 and does not use HTTP in any capacity. In the exhibit, the Virtual Server is configured with an HTTP Profile applied, which is inappropriate for SSH traffic and causes connection failures.
According to the BIG-IP Administration: Data Plane Configuration documentation:
An HTTP profile must only be applied to Virtual Servers handling HTTP or HTTPS traffic.
When an HTTP profile is attached, BIG-IP expects HTTP headers and attempts to parse application-layer data.
Non-HTTP protocols such as SSH, FTP (control), SMTP, and other raw TCP services will fail if an HTTP profile is enabled.
Why the other options are incorrect:
A . Set Protocol to UDP
SSH uses TCP, not UDP. Changing the protocol would break SSH entirely.
B . Set Source Address to 10.1.1.2
The source address setting controls client access restrictions and is unrelated to protocol parsing issues.
C . Set Destination Address/Mask to 0.0.0.0/0
The destination address is already valid for a specific SSH service and does not impact protocol handling.
Correct Resolution:
The BIG-IP Administrator should remove the HTTP Profile (set it to None) so the Virtual Server functions as a pure Layer 4 TCP service, allowing SSH connections to pass through successfully.
質問 # 37
All pool members are online. All other virtual server settings are at default. What might alter the load balancing behavior?
- A. Adding a oneconnect profile
- B. Enabling SNAT automap
- C. Enabling a fallback host in the http profile
- D. Adding a persistence profile
正解:D
解説:
In a default BIG-IP configuration, the system utilizes the Load Balancing Method (typically Round Robin) to distribute each new connection across available pool members. However, the introduction of a persistence profile fundamentally changes this behavior. Persistence (also known as "stickiness") ensures that once a client has been load balanced to a specific pool member, all subsequent requests from that same client during a defined session or timeout period are directed to that same member, bypassing the standard load balancing algorithm. This is critical for applications that maintain state, such as shopping carts or authenticated sessions, where moving a user to a different server would result in a loss of session data.
While other options affect traffic handling, they do not "alter" the fundamental load balancing decision in the same way. A OneConnect profile (Option A) optimizes connection management by pooling idle server-side connections; while it changes how connections are reused, the initial load balancing decision still follows the configured method. A fallback host (Option C) is only utilized when the primary pool is unavailable, and since the question states all pool members are online, it remains inactive. SNAT Automap (Option D) changes the source IP address of the packet as it exits the BIG-IP toward the server to ensure return traffic passes back through the ADC, but it does not dictate which server is chosen for the request. Therefore, the persistence profile is the primary configuration element that overrides the load balancing algorithm to maintain a client-to- server relationship.
質問 # 38
A BIG-IP Administrator needs to configure health monitors for a pool containing HTTP, HTTPS, FTP, and SSH services.
Which configuration ensures accurate member status?
- A. ICMP + TCP with all
- B. All monitors with Availability Requirement = at least one
- C. HTTP and HTTPS only
- D. All monitors with Availability Requirement = all
正解:B
解説:
Using "at least one" ensures each member is marked up based on its relevant service monitor.
質問 # 39
Refer to the exhibit.
A BIG-IP Administrator needs to configure health monitors for a newly configured server pool named Pool_B.
Which health monitor settings will ensure that all pool members will be accurately marked as available or unavailable? (Choose one answer)
- A. HTTPS, HTTP, FTP, and SSH with the Availability Requirement of all health monitors
- B. HTTP, HTTPS, FTP, and ICMP with the Availability Requirement of at least one health monitor
- C. HTTPS, HTTP, FTP, and SSH with the Availability Requirement of all health monitors
- D. HTTPS, HTTP, FTP, and SSH with the Availability Requirement of at least one health monitor
正解:D
解説:
From the exhibit, the pool contains different applications on different service ports (for example, HTTP/80, FTP/21, HTTPS/443, SSH/22). To mark pool members correctly, BIG-IP must be able to verify the actual service running on each member's port.
In BIG-IP Administration: Data Plane Configuration, monitor behavior is described as follows:
When multiple monitors are assigned to a pool, the Availability Requirement controls how monitor results are evaluated:
At least one = the pool member is marked up if any one of the assigned monitors succeeds.
All = the pool member is marked up only if every assigned monitor succeeds.
For pools containing members with different services/ports, using All can incorrectly mark members down because monitors intended for other services will fail on the wrong port.
Why C is correct:
Assigning HTTPS, HTTP, FTP, and SSH covers the actual services shown in the pool.
Setting the Availability Requirement to at least one ensures that each pool member is considered available when its appropriate service monitor succeeds, without being forced to pass unrelated service monitors.
Why the other options are incorrect:
A / D (Availability Requirement = all): would cause members to be marked down when unrelated monitors fail (e.g., SSH monitor against an HTTP member).
B (includes ICMP): ICMP can indicate the host is reachable even if the application service is down, which does not "accurately" reflect service availability.
Therefore, the best choice is HTTPS, HTTP, FTP, and SSH with Availability Requirement of at least one health monitor.
質問 # 40
A node is a member of multiple pools hosting different web applications. If one application fails, only that pool member should be marked down.
What should be configured?
- A. HTTP monitor with custom send/receive
- B. UDP monitor
- C. TCP monitor
- D. ICMP + TCP monitor
正解:A
解説:
Application-specific health checks must validate application responses, which requires HTTP monitors with custom send/receive strings.
質問 # 41
A web server administrator informs the BIG-IP Administrator that web servers currently load-balanced require encrypted traffic. Starting next month, the web server administrator will offload SSL. Starting next month, the BIG-IP device will terminate SSL to reduce web server load. The BIG-IP device is already using Client SSL, Client port, and iRules on HTTP traffic. What actions should the BIG-IP Administrator take to achieve the desired configuration? (Choose one answer)
- A. Remove the client SSL profile and configure the pool members to use HTTP
- B. Remove the server SSL profile and change the Virtual Server to accept HTTP traffic
- C. Remove the client SSL profile and change the Virtual Server to accept HTTP traffic
- D. Remove the server SSL profile and configure the pool members to use HTTP
正解:D
解説:
To solve this requirement, we must distinguish between the two "legs" of an SSL connection in a BIG-IP environment: Client-side and Server-side.
Current State (SSL Bridging): The administrator states the servers currently require encrypted traffic. This means the BIG-IP is likely performing "SSL Bridging." In this setup, a Client SSL profile terminates encryption from the user, and a Server SSL profile re-encrypts the traffic before sending it to the back-end servers.
Target State (SSL Offloading): The requirement is to "offload SSL" to reduce web server load. This means the BIG-IP will continue to handle the encryption for the users (keeping the Client SSL profile) but will communicate with the back-end servers using unencrypted HTTP.
Why Option A is correct:
Remove the Server SSL profile: By removing this profile, the BIG-IP stops attempting to initiate an SSL/TLS handshake with the pool members.
Configure Pool Members to use HTTP: The service port for the pool members must be changed (typically from port 443 to port 80) so that the BIG-IP sends standard HTTP traffic to the servers.
Why other options are incorrect:
B & D: These suggest removing the Client SSL profile. If you remove this, the users can no longer connect via HTTPS, which violates the requirement for encrypted communication between the users and the BIG-IP.
C: Changing the Virtual Server to accept HTTP traffic would mean the user-to-BIG-IP connection is no longer encrypted, which is the opposite of SSL termination/offloading.
質問 # 42
Exhibit:
Due to a change in application requirements, a BIG-IP Administrator needs to modify the configuration of a Virtual Server to include a Fallback Persistence Profile. Which persistence profile type should the BIG-IP Administrator use for this purpose?
- A. Hash
- B. SSL
- C. Universal
- D. Source Address Affinity
正解:D
解説:
In a BIG-IP environment, a Fallback Persistence Profile is utilized as a secondary "stickiness" mechanism when the primary (Default) persistence method fails to provide a valid persistence record. For example, if a Virtual Server uses HTTP Cookie Persistence as its primary method, but a client's browser has cookies disabled, the BIG-IP will be unable to find a persistence cookie in the request. Without a fallback method, the system would treat every request from that client as a new, independent connection, potentially breaking the application session.
Source Address Affinity (also known as Source Address Persistence) is the most common and standard choice for a fallback profile. It operates at the network layer (Layer 3) by tracking the client's source IP address.
Because every IP packet contains a source address, this method is virtually guaranteed to work even when application-layer data (like Cookies or SSL Session IDs) is missing or encrypted beyond the BIG-IP's visibility. While Universal (Option A) and Hash (Option D) profiles are highly flexible and can use iRules to persist on almost any data, they require specific configuration and logic that may not always be present or valid. SSL persistence (Option C) relies on the SSL Session ID, which frequently changes due to modern browser security practices (session renegotiation), making it less reliable than Source Address Affinity. By configuring Source Address Affinity as the fallback, the administrator ensures that the BIG-IP has a "safety net" to maintain session integrity based on the client's IP address when the more granular cookie-based persistence is unavailable.
質問 # 43
......
F5 F5CAB3 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
合格させるF5 F5CAB3試験問題でテスト復刻エンジンとPDF:https://jp.fast2test.com/F5CAB3-premium-file.html
実際問題を使ってF5CAB3問題集無料サンプル問題と練習テストエンジン:https://drive.google.com/open?id=1688xakZPnw0ZgadAhFRAzLlZEdyWjXy6