Exam Questions and Answers for 303 Study Guide Questions and Answers!
BIG-IP ASM Specialist Certification Sample Questions and Practice Exam
NEW QUESTION 72
An LTM Specialist must create a new virtual server for HTTP access. The LTM Specialist creates a forwarding virtual server to reach the resource.
What is a potential result of this action?
- A. Packet filter allowances are also required
- B. HTTP traffic is NOT allowed
- C. Other service ports could be allowed
- D. IP conflict result
Answer: B
NEW QUESTION 73
An LTM Specialist needs to modify the logging level for tcpdump execution events. Checking the BigDB Key, the following is currently configured:
sys db log.tcpdump.level {
value "Notice"
}
Which command should the LTM Specialist execute on the LTM device to change the logging level to informational?
- A. tmsh set /sys db log.tcpdump.level status informational
- B. tmsh set /sys db log.tcpdump.level value informational
- C. tmsh modify /sys db log.tcpdump.level value informational
- D. tmsh modify /sys db log.tcpdump.level status informational
Answer: C
NEW QUESTION 74
-- Exhibit -

-- Exhibit --
Refer to the exhibits.
An LTM Specialist is reconfiguring a virtual server to redirect all clients to HTTPS. Testing reveals that the redirect is functioning incorrectly. As part of the troubleshooting process, the LTM Specialist performs a packet capture.
What is the issue?
- A. The virtual server is missing a clientssl profile.
- B. The virtual server is incorrectly processing the HTTP request.
- C. The redirect is sending the client to the incorrect location.
- D. The redirect is causing an infinite loop.
Answer: C
NEW QUESTION 75
-- Exhibit -
-- Exhibit --
Refer to the exhibit.
A layer 2 nPath routing configuration has been deployed. A packet capture contains a client connection packet with the following properties:
Source IP: <Virtual Server>
Destination IP: <Client A>
At which two locations could the packet capture have been taken? (Choose two.)
- A. the DMZ interface of the Internet firewall
- B. the network interface of web server
- C. the internal interface of the Internet firewall
- D. the external VLAN interface of the LTM device
Answer: B,C
NEW QUESTION 76
Refer to the exhibit. The BIG-IP Administrator needs to avoid overloading any of the Pool Members with connections, when they become active.
What should the BIG-IP Administrator configure to meet this requirement?
- A. Action On Service Down to Reselect
- B. Different Ratio for each member
- C. Same Priority Group to each member
- D. Slow Ramp Time to the Pool
Answer: D
NEW QUESTION 77
A 816-IP Administrator recently deployed an application Users are experiencing slow performance with the application on some remote networks.
Which two modifications can the BIG-IP Administrator make to address this issue? (Choose two)
- A. Apply dest addr profile to the Virtual Server
- B. Apply source_addr profile to the Virtual Server
- C. Apply fasti_4 profile to the Virtual Server
- D. Apply f5-tcp-lan profile to the Virtual Server
- E. Apply f5-tcp-wan profile to the Virtual Server
Answer: D,E
NEW QUESTION 78
Refer to the exhibit.
Which two pool members should be chosen for a new connection? (Choose two.)
- A. 172.10.15.2.80
- B. 172.16.15.7.80
- C. 172.16.15.1.80
- D. 172.16.15.4.80
- E. 172.16.15.9.80
Answer: B,D
NEW QUESTION 79
An F5 LTM Specialist needs to perform an LTM device configuration backup prior to RMA swap.
Which command should be executed on the command line interface to create a backup?
- A. bigpipe config save /var/tmp/backup.ucs
- B. tmsh save /sys config ucs /var/tmp/backup.ucs
- C. tmsh save /sys config /var/tmp/backup.ucs
- D. tmsh save /sys ucs /var/tmp/backup.ucs
Answer: D
NEW QUESTION 80
The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect.
The virtual server is configured with the default OneConnect profile.
The ACL is defined on the web server as:
Permit: 192.168.136.0/24
Deny: 192.168.116.0/24
The packet capture is taken of two individual client flows to a virtual server with IP address 192.168.136.100.
Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:
Clientside:
09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192 <mss
1460,nop,wscale 2,nop,nop,sackOK>
09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack
869998902 win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425
09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678 Serverside:
09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380 <mss
1460,nop,wscale 0,sackOK,eol>
09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack
685865803 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380
09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380
09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108 Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100:
Clientside:
09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192
<mss 1460,nop,wscale 2,nop,nop,sackOK>
09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack
3320618939 win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425
09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678 Serverside:
09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904
09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142 Why was the second client flow permitted by the web server?
- A. SNAT automap was enabled on the virtual server.
- B. The idle TCP session from the first client was re-used.
- C. A source address persistence profile is assigned to the virtual server.
- D. A global SNAT is defined.
Answer: B
NEW QUESTION 81
-- Exhibit -
-- Exhibit --
Refer to the exhibit.
An LTM Specialist configures a virtual server that balances HTTP connections to a pool of three application servers. Approximately one out of every three connections to the virtual server fails.
Which two actions will resolve the problem? (Choose two.)
- A. Verify the default gateway on the application servers.
- B. Assign a custom HTTP monitor to the pool.
- C. Increase the TCP timeout value in the default TCP profile.
- D. Verify that port lockdown is set to allow port 80.
- E. Enable SNAT automap on the virtual server.
Answer: A,E
NEW QUESTION 82
-- Exhibit -
-- Exhibit --
Refer to the exhibit.
A user is unable to access a secure application via a virtual server.
What is the cause of the issue?
- A. The virtual server does NOT have a pool configured.
- B. The client and server CANNOT agree on a common cipher.
- C. The virtual server does NOT have a client SSL profile configured.
- D. The client authentication failed.
Answer: D
NEW QUESTION 83
A BIG-IP Administrator wants to add the ASM Module to an HA pair of BIG-IP devices. The BIG-IP Administrator has already installed a new Add-On License on both devices in the HA pair. What should the BIG-IP Administrator do next to use the module?
- A. Provision the new module on both BIG-IP device's
- B. Synchronize both BIG-IP devices
- C. Reboot both BIG-IP devices
- D. Reactivate the Licenses on both BIG IP devices
Answer: A
NEW QUESTION 84
A BIG-IP Administrator configures remote authentication and needs to make sure that users can still login even when the remote authentication server is unavailable.
Which action should the BIG-IP Administrators in the remote authentication configuration to meet this requirement?
- A. Enable the Fallback to Local option
- B. Configure a second remote user directory
- C. Configure a remote role grove
- D. Set partition access to "All"
Answer: A
NEW QUESTION 85
in which Application Visibility and Reporting (AYR) profile must the SMTP profile be defined to configure notifications via email?
- A. customanalytics profile
- B. default analytics profile
- C. App analytics profile
- D. virtual server profile
Answer: A
NEW QUESTION 86
Refer to the exhibit.
How many nodes are represented on the network map shown?
- A. Two
- B. Three
- C. One
- D. Four
Answer: B
NEW QUESTION 87
TWO BIG-IP appliances need to be configured to load balance multiple firewall in a firewall sandwich, Which health monitor setting should be used to verify that the firewalls are able to forward traffic?
- A. Up internal
- B. Transparent
- C. Reverse
- D. Adaptive
Answer: B
Explanation:
Explanation
Sandwich architect firewalls are generally deployed transparently. You can enable Transparent to point to the next-hop address of the firewall and associate it with the firewall pool member for detection.
NEW QUESTION 88
An LTM Specialist needs to create a pool with a set of monitor that checks both the pool members and corresponding application service ports. The pool members have services on port 80. The application service is on port 8009.
The LTM device should load balance traffic to the pool member when the pool member and corresponding application service pass monitor.
Which monitor and parameter set meets this requirement?
- A. TCP monitor for port*
Plus a custom TCP monitor with alias port 8009
And the pool 's availability requirement set to 1. - B. TCP monitor for port*
Plus a custom TCPmonitor with alias port 8009,
And the pool's availability requirements set to the ALL - C. TCP monitor for port
Plus a custom TCP monitor with alias port 80
And the pool's availability requirement set to ALL - D. TCP monitor for port
Plus a ustom TCP monitor with alias port 8009,
And the pool's availability requirement set to All
Answer: B
NEW QUESTION 89
A user is having issues with connectivity to an HTTPS virtual server. The virtual server is on the LTM device's external vlan, and the pools associated with the virtual server are on the internal vlan. An LTM Specialist does a tcpdump on the external interface and notices that the host header is incomplete.
In which location should the LTM Specialist put a traffic analyzer to gather the most pertinent data?
- A. external VLAN
- B. server
- C. client machine
- D. internal VLAN
Answer: C
NEW QUESTION 90
An LTM Specialist needs to rewrite text within an HTML response from a web server. A client is sending the HTTP request below:
GET / HTTP/1.1
Host: www.f5.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-LanguagE. en-US,en;q=0.5 Accept-EncodinG. gzip, deflate Cache-Control: no-cache Connection: keep-alive CookiE. somecookie=1 Although a stream profile has been added to the virtual server, the content within the HTTP response is NOT being matched, and therefore NOT modified.
Which HTTP header should the LTM Specialist remove from the request to ensure the content can be matched and modified?
- A. Accept
- B. Accept-Encoding
- C. Cache-Control
- D. Connection
Answer: B
NEW QUESTION 91
......
303 certification dumps - BIG-IP ASM 303 guides - 100% valid: https://www.actual4cert.com/303-real-questions.html
100% Pass Your 303 at First Attempt with Actual4Cert: https://drive.google.com/open?id=1oONJnRtq3uaa5NWaaCR8Z3Gckwg6p-3K