Ltm

Within the pool definition

Within the node definition

Within the virtual server definition

Within the pool member definition

No SSL certificates are required on the BIG-IP

The BIG-IP's SSL certificates must only exist

The BIG-IP's SSL certificates must be issued from a certificate authority

The BIG-IP's SSL certificates must be created within the company hosting the BIG-IPs

Synching should not be performed

The first system to be updated will assume the Active role

This is not possible since both systems are updated simultaneously

The older system will issue SNMP traps indicating a communication error with the partner

The source address would not change, but the destination address would be translated to the origin address

The destination address would not change, but the source address would be translated to the origin address

The source address would not change, but the destination address would be translated to the NAT's address

The destination address would not change, but the source address would be translated to the NAT's address

A virtual server that has both ClientSSL and ServerSSL profiles can still support cookie persistence

Decrypting traffic at the BIG-IP allows the use of iRules for traffic management, but increases the load on the pool member

When any virtual server uses a ClientSSL profile, all SSL traffic sent to the BIG-IP is decrypted before it is forwarded to servers

If a virtual server has both a ClientSSL and ServerSSL profile, the pool members have less SSL processing than if the virtual server had only a ClientSSL profile

All changes to TEST1 are propagated to TEST2

Some of the changes to TEST1 may propagate to TEST2

Changes to TEST1 cannot affect TEST2 once TEST2 is saved

When TEST1 is changed, the administrator is prompted and can choose whether to propagate changes to TEST2

If the destination of the traffic does not match a virtual server, the traffic will be discarded

If the destination of the traffic does not match a virtual server, the traffic will be forwarded based on routing tables

If the destination of the traffic matches a virtual server, the traffic will be processed per the virtual servers definition

If the destination of the traffic matches a virtual server, the traffic will be forwarded, but it cannot be load-balanced since no SNAT has been configured

The connection request is not processed

The connection request is sent to an apology server

The connection request is load-balanced to an available pool member

The connection request is refused and the client is sent a "server not available" message

As long as network communication is not lost, no change will occur

Nothing. Fail-over due to loss of voltage will not occur if the voltage is lost for less than ten seconds

When the cable is disconnected, both systems will become active. When the voltage is restored, unit two will revert to standby mode

When the cable is disconnected, both systems will become active. When the voltage is restored, both systems will maintain active mode

All open connections are lost.

All open connections are maintained.

When persistence mirroring is enabled, open connections are maintained even if a fail-over occurs.

Long-lived connections such as Telnet and FTP are maintained, but short-lived connections such as HTTP are lost.

All open connections are lost, but new connections are initiated by the newly active BIG-IP, resulting in minimal client downtime.

The SNAT must be enabled for all VLANs.

The SNAT must be enabled for the VLANs where desired packets leave the BIG-IP.

The SNAT must be enabled for the VLANs where desired packets arrive on the BIG-IP.

The SNAT must be enabled for the VLANs where desired packets arrive and leave the BIG-IP.

CLI access to the serial console port

SSH access to the management port

SSH access to any of the switch ports

HTTP access to the management port

HTTP access to any of the switch ports

HTTPS access to the management port

HTTPS access to any of the switch ports

Never. Each virtual server has a maximum of one profile.

Often. Profiles work on different layers and combining profiles is common.

Rarely. One combination, using both the TCP and HTTP profile does occur, but it is the exception.

Unlimited. Profiles can work together in any combination to ensure that all traffic types are supported in a given virtual server.

The active device will take the action specified for the failure.

The standby device also detects the failure and assumes the active role.

The active device will wait for all connections to terminate and then fail-over.

The standby device will begin processing virtual servers that have failed, but the active device will continue servicing the functional virtual servers.

Pool1

Pool2

None. The request will be dropped.

Unknown. The pool cannot be determined from the information provided.

Ratio values

Priority values

Health monitors

Connection limits

Load-balancing mode

The active system will note the failure in the HA table.

The active system will reboot and the standby system will go into active mode.

The active system will fail-over and the standby system will go into active mode.

The active system will restart the traffic management module to eliminate the possibility that BIG-IP is the cause for the network failure.

The process should always be run from the standby system

The process should always be run from the system with the latest configuration.

The two /config/bigip.conf configuration files are synchronized (made identical) each time the process is run.

Multiple files, including /config/bigip.conf and /config/bigip_base.conf, are synchronized (made identical) each time the process is run.

Licenses only have to be reactivated for RMAs - no other situations.

Licenses generally have to be reactivated during system software upgrades.

Licenses only have to be reactivated when new features are added (IPv6, Routing Modules, etc) - no other situations.

Never. Licenses are permanent for the platform regardless the version of software installed.

TCP

HTTP

HTTPS

ServerSSL

Pool1

Pool2

None. The request will be dropped.

Unknown. The pool cannot be determined from the information provided.

Rule(s)

Pool(s)

Monitor(s)

Node address(es)

Load-balancing method(s)

Specify the desired MAC address for each VLAN for which you want this feature enabled.

Specify the desired MAC address for each self-IP address for which you want this feature enabled.

Specify the desired MAC address for each VLAN on the active system and synchronize the systems.

Specify the desired MAC address for each floating self-IP address for which you want this feature enabled.

The member has no monitor assigned to it.

The member has a monitor assigned to it and the most recent monitor was successful.

The member has a monitor assigned to it and the monitor did not succeed during the most recent timeout period.

The member's node has a monitor assigned to it and the monitor did not succeed during the most recent timeout period.

Persistence is an option within each pool's definition.

Persistence is a profile type; an appropriate profile is created and associated with virtual server.

Persistence is a global setting; once enabled, load-balancing choices are superceded by the persistence method that is specified.

Persistence is an option for each pool member. When a pool is defined, each member's definition includes the option for persistence.

Inherit the pool's monitor

Inherit the node's monitor

Configure a default monitor

Assign a monitor to the specific member

Do not assign any monitor to the specific member

If network fail-over is enabled, the standby system will assume the active mode.

Whether or not network fail-over is enabled, the standby system will stay in standby mode.

Whether or not network fail-over is enabled, the standby system will assume the active mode.

If network fail-over is enabled, the standby system will go into active mode but only until the network recovers.

All of the web pools members nodes are responding to the ICMP monitor as expected.

Less than 50% of the web pools members nodes responded to the ICMP echo request.

All of the members of the web pool have had their content updated recently and their responses no longer match the monitors receive rule.

Over 25% of the web pools members have had their content updated and it no longer matches the receive rule of the custom monitor. The others respond as expected.

LDAP

OCSP

RADIUS

TACACS+

Active Directory

Most templates, such as http and tcp, are as effective as customized monitors.

Monitor template customization is only a matter of preference, not an issue of effectiveness or performance.

Most templates, such as https, should have the receive rule customized to make the monitor more robust.

While some templates, such as ftp, must be customized, those that can be used without modification are not improved by specific changes.

There is no difference; the two terms are referenced for backward compatibility purposes.

When the load-balancing choice references "node", priority group activation is unavailable.

Load-balancing options referencing "nodes" are available only when the pool members are defined for the "any" port.

When the load-balancing choice references "node", the addresses' parameters are used to make the load-balancing choice rather than the member's parameters.

It is always enabled.

It is part of a pool definition.

It is part of a profile definition.

It is part of a virtual server definition.

The following request would be sent to pool2: http://www.xyz.com/i.htm?users=ca5678state=wa

The following request would be sent to pool2: http://www.xyz.com/i.htm?userid=ca5678state=wa

The following request would be sent to pool2: http://www.xyz.com/i.htm?ctrycd=ca5678user=ca5678

The following request would be discarded: http://www.xyz.com/i.htm?users=ca5678state=wa

The following request would be discarded: http://www.xyz.com/i.htm?userid=ca5678state=wa

The following request would be discarded: http://www.xyz.com/i.htm?ctrycd=ca5678user=ca5678

CLIENT_DATA

SERVER_DATA

HTTP_REQUEST

HTTP_RESPONSE

CLIENT_ACCEPTED

SERVER_SELECTED

SERVER_CONNECTED

Communication between the systems cannot be effected by port lockdown settings.

Data for both connection and persistence mirroring are shared through the same TCP connection.

Regardless of the configuration, some data is communicated between the systems at regular intervals.

Connection mirroring data is shared through the serial fail-over cable unless network fail-over is enabled.

HTTP_DATA

CLIENT_DATA

HTTP_REQUEST

CLIENT_ACCEPTED

The floating self IP address on the VLAN where the packet leaves the system.

The floating self IP address on the VLAN where the packet arrives on the system.

It will alternate between the floating and non-floating self IP address on the VLAN where the packet leaves the system so that port exhaustion is avoided.

It will alternate between the floating and non-floating self IP address on the VLAN where the packet arrives on the system so that port exhaustion is avoided..

All iRule events relate to HTTP processes.

All client traffic has data that could be used to trigger iRule events.

All iRule events are appropriate at any point in the client-server communication.

If an iRule references an event that doesn't occur during the client's communication, the client's connection will be terminated prematurely.

Traffic initiated by the pool members will have the source address translated to a self-IP address but the destination address will not be changed.

Traffic initiated to the virtual server will have the destination address translated to a pool members address and the source address translated to a self-IP address.

Traffic initiated by selected clients, based on their IP address, will have the source address translated to a self-IP address but the destination will only be translated if the traffic is destined to the virtual server.

Traffic initiated to the virtual server will have the destination address translated to a pool members address and the source address translated to a self-IP address. Traffic arriving destined to other destinations will have the source translated to a self-IP address only.

Rule(s)

Profile(s)

Monitor(s)

Persistence type

Load-balancing mode

Monitors are performed only by the active system.

Fail-over triggers only cause changes on the active system.

Virtual server addresses are hosted only by the active system.

Configuration changes can only be made on the active system.

Floating self-IP addresses are hosted only by the active system.

The fail-over cable status is ignored. Fail-over is determined by the network status only.

Either a network failure or loss of voltage across the fail-over cable will cause a fail-over.

A network failure will not cause a fail-over as long as there is a voltage across the fail-over cable.

The presence or absence of voltage over the fail-over cable takes precedence over network fail-over.

To prevent ARP cache errors

To minimize ARP entries on routers

To minimize connection loss due to ARP cache refresh delays

To allow both BIG-IP devices to simultaneously use the same MAC address

The BIG-IP would drop the request since the traffic didnt arrive destined to the NAT address.

The source address would not change, but the destination address would be changed to the NAT address.

The source address would be changed to the NAT address and destination address would be left unchanged.

The source address would not change, but the destination address would be changed to a self-IP of the BIG-IP.

Hardware fail-over is disabled by default.

Hardware fail-over can be used in conjunction with network failover.

If the hardware fail-over cable is disconnected, both BIG-IP devices will always assume the active role.

By default, hardware fail-over detects voltage across the fail-over cable and monitors traffic across the internal VLAN.

Create profiles, create the iRule, create required pools, create the Virtual Server

Create the Virtual Server, create required pools, create the iRule, edit the Virtual Server

Create a custom HTTP profile, create required pools, create the Virtual Server, create the iRule

Create required pools, create a custom HTTP profile, create the iRule, create the Virtual Server

MSIE_pool

Mozilla_pool

None. The request will be dropped.

Unknown. The pool cannot be determined from the information provided.

UserID

Password

Administrator Role

Valid Access Times

That support is never available.

The virtual server must be enabled for both VLANs.

The virtual server must be enabled on the internal VLAN.

The virtual server must be enabled on the external VLAN.

Bandwidth utilization

Duplicate IP address

CPU utilization percentage

VLAN communication ability