Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is troubleshooting a virtual server. Both the virtual server and the pool are showing blue squares for their statuses, and new clients report receiving "The connection was reset" through their browsers. Connections directly to the pool member are successful.

What is the issue?

A.

The pool member is disabled.

B.

The node is marked as disabled.

C.

The HTTP profile has incorrect settings.

D.

The virtual server is disabled on all VLANs.

Full Access
Question # 5

An LTM Specialist configured a virtual server to load balance a custom application. The application works when it is tested from within the firewall but it fails when tested externally. The pool member address is 192.168.200.10:80. A capture from an external client shows:

GET /index.jsp HTTP/1.1

Host: 207.206.201.100

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Connection: keep-alive

HTTP/1.1 302 Found

DatE. Wed, 17 Oct 2012 23:09:55 GMT

Server: Apache/2.2.15 (CentOS)

Location: http://192.168.200.10/user/home.jsp

Content-LengtH. 304

Connection: close

What is the solution to this issue?

A.

Assign a SNAT pool to the virtual server.

B.

Add a Web Acceleration Profile to the virtual server.

C.

Configure redirect rewrite option in the HTTP profile.

D.

Configure a content filter on the backend web server.

Full Access
Question # 6

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A pair of LTM devices are configured for HA. The LTM Specialist observes from a capture that there is a successful connection from a client directly to a web server and an unsuccessful connection from a client via the LTM device to the same web server.

Which two solutions will solve the configuration problem? (Choose two.)

A.

Configure SNAT on the pool.

B.

Configure SNAT on the virtual server.

C.

Change server default gateway to point at LTM internal self IP.

D.

Change server default gateway to point at LTM internal floating IP.

Full Access
Question # 7

Which command should the LTM Specialist use to determine the current system time?

A.

date

B.

time

C.

uname -a

D.

ntpq -p

Full Access
Question # 8

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is investigating reports that users are unable to perform some commands through an FTP virtual server. The users are receiving the FTP error "500 Illegal PORT command." The virtual server is configured to SNAT using automap. The LTM Specialist performs a capture on the server side of the LTM device.

Why is the server returning this error?

A.

LIST command disallowed

B.

PORT command disallowed

C.

Active IP address in PORT command

D.

Active IP address in LOGIN command

Full Access
Question # 9

Which three HTTP headers allow an application server to determine the client's language compatibility, browser, operating system type, and compression compatibility? (Choose three.)

A.

Accept

B.

Accept-Encoding

C.

Accept-Language

D.

Host

E.

User-Agent

Full Access
Question # 10

An LTM Specialist with the Administrator role and terminal access of "tmsh" logs in via ssh and is in the Traffic Manager Shell. The LTM Specialist wants to enter the bash shell to review log files.

Which command does the LTM Specialist need to run to access the bash shell?

A.

exit

B.

quit

C.

run /cli bash

D.

run /util bash

Full Access
Question # 11

An LTM Specialist is troubleshooting an issue with a new virtual server. When connecting through the virtual server, clients receive the message "Unable to connect" in the browser, although connections directly to the pool member show the application is functioning correctly. The LTM configuration is:

ltm virtual /Common/vs_https {

destination /Common/10.10.1.110:443

ip-protocol udp

mask 255.255.255.255

pool /Common/pool_https

profiles {

/Common/udp { }

}

translate-address enabled

translate-port enabled

vlans-disabled

}

ltm pool /Common/pool_https {

members {

/Common/172.16.20.1:443 {

address 172.16.20.1

}

}

}

How should the LTM Specialist resolve this issue?

A.

Remove an HTTP monitor from the pool.

B.

Add an HTTP profile to the virtual server.

C.

Enable the pool member on the correct VLAN.

D.

Select the correct protocol for the virtual server.

Full Access
Question # 12

An LTM Specialist has just manually failed the active LTM device over to the standby LTM device. The LTM Specialist notices the newly active LTM device is NOT currently receiving traffic. The LTM Specialist verifies the newly active device is responding to ARP but still no traffic is hitting the virtual servers. The LTM Specialist also notices that the virtual servers eventually start responding.

What should be added to the configuration to resolve the problem?

A.

vlan failsafe

B.

floating self IP

C.

network failover

D.

MAC masquerading

E.

connection mirroring

Full Access
Question # 13

An LTM Specialist has set up a custom SNMP alert.

Which command line tool should the LTM Specialist use to test the alert?

A.

logger

B.

logtest

C.

testlog

D.

snmptest

Full Access
Question # 14

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist sets up AVR alerts and notifications for a specific virtual server if the server latency exceeds 50ms. The LTM Specialist simulates a fault so that the server latency is consistently exceeding the 50ms threshold; however, no alerts are being received.

Which configuration should the LTM Specialist modify to achieve the expected results?

A.

The rule should be adjusted to trigger when server latency is above 50ms.

B.

SNMP alerting should be enabled to allow e-mail to be sent to the support team.

C.

User Agents needs to be enabled to ensure the correct information is collected to trigger the alert.

D.

The metric "Page Load Time" needs to be enabled to ensure that the correct information is collected.

Full Access
Question # 15

The active LTM device in a high-availability (HA) pair performs a failover at the same time the network team reports an outage of a switch on the network.

Which two items could have caused the failover event? (Choose two.)

A.

a VLAN fail-safe setting

B.

a monitor on a pool in an HA group

C.

the standby LTM that was rebooted

D.

an Auditor role that has access to the GUI

E.

the standby LTM that lost connectivity on the failover VLAN

Full Access
Question # 16

An LTM Specialist has a single HTTPS virtual server doing SSL termination. No server SSL profile is defined. The pool members are on the internal VLAN answering on HTTP port 80. Users with certain browsers are experiencing issues.

Which two locations are most appropriate to gather packets needed to determine the SSL issue? (Choose two.)

A.

server interface

B.

user's computer

C.

LTM device's external VLAN

D.

LTM device's internal VLAN

E.

LTM device's management interface

Full Access
Question # 17

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

Which step should an LTM Specialist take to utilize AVR?

A.

provision AVR

B.

reboot the device

C.

install the AVR add-on

D.

license the device for AVR

Full Access
Question # 18

A web application requires the client to provide the destination server and service identification.

Which HTTP header will supply this information?

A.

Host

B.

From

C.

Expect

D.

Connection

Full Access
Question # 19

Which iRule will reject any connection originating from a 10.0.0.0/8 network?

A.

when CLIENT_ACCEPTED {

set remote_ip [IP::addr [IP::remote_addr] mask 8]

switch $remote_ip {

"10.0.0.0" { reject }

"11.0.0.0" { pool pool_http1}

default { pool http_pool }

}

}

B.

when CLIENT_ACCEPTED {

set remote_ip [IP::addr [IP::local_addr] mask 8]

switch $remote_ip {

"10.0.0.0" { reject }

"11.0.0.0" { pool pool_http1}

default { pool http_pool }

}

}

C.

when CLIENT_ACCEPTED {

set remote_ip [IP::addr [IP::client_addr] mask 255.0.0.0]

switch $remote_ip {

"10.0.0.0" { reject }

"11.0.0.0" { pool pool_http1}

default { pool http_pool }

}

}

D.

when CLIENT_ACCEPTED {

set remote_ip [IP::addr [IP::local_addr] mask 255.0.0.0]

switch $remote_ip {

"10.0.0.0" { reject }

"11.0.0.0" { pool pool_http1}

default { pool http_pool }

}

}

Full Access
Question # 20

An LTM device pool has suddenly been marked down by a monitor. The pool consists of members 10.0.1.1:443 and 10.0.1.2:443 and are verified to be listening. The affected virtual server is 10.0.0.1:80.

Which two tools should the LTM Specialist use to troubleshoot the associated HTTPS pool monitor via the command line interface? (Choose two.)

A.

curl

B.

telnet

C.

ssldump

D.

tcpdump

Full Access
Question # 21

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A pair of LTM devices are deployed in a high-availability (HA) pair as the diagram shows. After inserting a new rule on the firewalls, the LTM devices become Standby. The rule drops all outbound sessions to the Internet. Only inbound connections are allowed from the Internet. There are no other changes to the environment.

What triggered the LTM device failover?

A.

HA Group

B.

Auto Failback

C.

VLAN Failsafe

D.

Gateway Failsafe

Full Access
Question # 22

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is troubleshooting an issue with SSL and is receiving the error shown when connecting to the virtual server. When connecting directly to the pool member, clients do NOT receive this message, and the application functions correctly. The LTM Specialist exports the appropriate certificate and key from the pool member and imports them into the LTM device. The LTM Specialist then creates the Client SSL profile and associates it with the virtual server.

What is the issue?

A.

The SSL certificate and key have expired.

B.

The SSL certificate and key do NOT match.

C.

The client CANNOT verify the certification path.

D.

The common name on the SSL certificate does NOT match the hostname of the site.

Full Access
Question # 23

An LTM Specialist is troubleshooting an issue with a new virtual server. When connecting through the virtual server, clients receive the message "The connection was reset" in the browser, although connections directly to the pool member show the application is functioning correctly.

ltm pool srv1_https_pool {

members {

192.168.2.1:https{

address 192.168.2.1

}

}

}

ltm virtual https_example_vs {

destination 192.168.1.155:https

ip-protocol tcp

mask 255.255.255.255

pool srv1_https_pool

profiles {

http { }

tcp { }

}

snat automap

vlans-disabled

}

How should the LTM Specialist resolve this issue?

A.

Enable HTTP monitoring on the pool.

B.

Add a ClientSSL profile to the virtual server.

C.

Disable SNAT Automap on the virtual server.

D.

Remove the HTTP profile from the virtual server.

Full Access
Question # 24

A web application requires knowledge of the client's true IP address for logging and analysis purposes. Instances of the application that can decode X-Forwarded-For HTTP headers reside in pool_a, while pool_b instances assume the source IP is the true address of the client.

Which iRule provides the proper functionality?

A.

when HTTP_DATA {

if {[HTTP::header exists X-Forwarded-For]}{

pool pool_a

} else {

pool pool_b

}

}

B.

when HTTP_RESPONSE {

if {[HTTP::header exists X-Forwarded-For]}{

pool pool_a

} else {

pool pool_b

}

}

C.

when HTTP_REQUEST {

if {[HTTP::header exists X-Forwarded-For]}{

pool pool_a

} else {

pool pool_b

}

}

D.

when HTTP_OPEN {

if {[HTTP::header exists X-Forwarded-For]}{

pool pool_a

} else {

pool pool_b

}

}

Full Access
Question # 25

An LTM Specialist notices the following error on the stdout console:

mcpd[2395]: 01070608:0: License is not operational(expired or digital signature does not match contents)

Which command should be executed to verify the LTM device license?

A.

bigpipe version

B.

tmsh show /sys license

C.

tmsh /util bigpipe version

D.

tmsh show /sys license status

Full Access
Question # 26

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

An LTM Specialist is investigating reports that users are unable to perform some commands through an FTP virtual server. The LTM Specialist performs a capture on the server side of the LTM device.

What is the issue with the application?

A.

data connection failing

B.

LIST command disallowed

C.

PORT command disallowed

D.

command connection failing

Full Access
Question # 27

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

The virtual server is listening on port 443.

What is the solution to the problem?

A.

Add an SSL Client profile to the existing virtual server.

B.

Modify the virtual server HTTP Profile to 'Redirect RewritE.All'.

C.

Modify the virtual server TCP profile to disable Nagle's Algorithm.

D.

Modify the virtual server HTTP Profile to 'Redirect RewritE.Matching'.

Full Access
Question # 28

There are three servers in the pool: 172.16.20.1, 172.16.20.2, and 172.16.20.3, with the virtual IP address 10.0.20.88.

A user CANNOT connect to an HTTP application. To understand the problem and find a solution, the LTM Specialist runs two concurrent traces on the LTM device, with the following results:

Trace on client side:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes

22:22:07.423759 IP 172.16.20.100.53875 > 10.0.20.88.80: S 998346084:998346084(0) win 5840

22:22:07.424056 IP 10.0.20.88.80 > 172.16.20.100.53875: S 4671780:4671780(0) ack 998346085 win 4380

22:22:07.424776 IP 172.16.20.100.53875 > 10.0.20.88.80: . ack 1 win 365

22:22:07.424790 IP 172.16.20.100.53875 > 10.0.20.88.80: P 1:149(148) ack 1 win 365

22:22:07.424891 IP 10.0.20.88.80 > 172.16.20.100.53875: . ack 149 win 4528

22:22:12.024850 IP 10.0.20.88.80 > 172.16.20.100.53875: R 1:1(0) ack 149 win 4528

6 packets captured

6 packets received by filter

0 packets dropped by kernel

Trace on server side:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on internal, link-type EN10MB (Ethernet), capture size 96 bytes

22:22:07.424881 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380

22:22:08.424893 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380

22:22:09.625082 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380

22:22:10.825194 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380

4 packets captured

4 packets received by filter

0 packets dropped by kernel

What should the LTM Specialist do to solve the problem?

A.

Edit the packet filter rules.

B.

Modify the monitor of the pool.

C.

Enable the virtual server.

D.

Configure the virtual server to use SNAT.

Full Access
Question # 29

A virtual server for a set of web services is constructed on an LTM device. The LTM Specialist has created an iRule and applied this iRule to the virtual server:

when HTTP_REQUEST {

switch [HTTP::uri] {

"/WS1/ws.jsp" {

log local0. "[HTTP::uri]-Redirected to JSP Pool"

pool JSP

}

default { log local0. "[HTTP::uri]-Redirected to Non-JSP Pool"

pool NonJSP

}

}

}

However, the iRule is NOT behaving as expected. Below is a snapshot of the log:

/WS1/ws.jsp-Redirected to JSP Pool

/WS1/ws.jsp-Redirected to JSP Pool

/WS1/ws.jsp-Redirected to JSP Pool

/WS1/WS.jsp-Redirected to Non-JSP Pool

/ws1/WS.jsp-Redirected to Non-JSP Pool

/WS1/ws.jsp-Redirected to JSP Pool

/ws1/ws.jsp-Redirected to Non-JSP Pool

What is the problem?

A.

The condition in the iRule is case sensitive.

B.

The 'switch' command in the iRule has been used incorrectly.

C.

The pool members of both pools need to be set up as case-insensitive members.

D.

The "Process Case-Insensitivity" option for the virtual server needs to be selected.

Full Access
Question # 30

An LTM Specialist configures two LTM devices in a high-availability pair with trusts established and device groups configured properly using network failover. After several months, the LTM Specialist notices that changes made to one LTM device do NOT cause the synchronization status to update to "changes pending," and this device does NOT synchronize with the device group.

Which two steps should the LTM Specialist take to identify the issue? (Choose two.)

A.

Verify that NTP is synchronized.

B.

Verify the network connectivity between the devices.

C.

Verify that the devices are not using self-signed certificates.

D.

Verify that ConfigSync is using the management IP address.

E.

Verify that port lockdown on the ConfigSync interface is set to allow port 1026.

Full Access
Question # 31

-- Exhibit –

-- Exhibit --

Refer to the exhibit.

A user is unable to access a secure application via a virtual server.

What is the cause of the issue?

A.

The client authentication failed.

B.

The virtual server does NOT have a pool configured.

C.

The client and server CANNOT agree on a common cipher.

D.

The virtual server does NOT have a client SSL profile configured.

Full Access