Pass4Future also provide interactive practice exam software for preparing F5 Networks BIG-IP Administration Data Plane Concepts (F5CAB2) Exam effectively. You are welcome to explore sample free F5 Networks F5CAB2 Exam questions below and also try F5 Networks F5CAB2 Exam practice test software.
Do you know that you can access more real F5 Networks F5CAB2 exam questions via Premium Access? ()
An ecommerce company is experiencing latency issues with online shops during Black Friday's peak season. The BIG-IP Administrator detects an overall high CPU load on the BIG-IP device and wants to move the top utilized Virtual Servers to a dedicated BIG-IP device. Where should the BIG-IP Administrator determine the problematic Virtual Servers? (Choose one answer)
Answer : C
Comprehensive and Detailed Explanation From BIG-IP Administration Data Plane Concepts documents:
When troubleshooting performance and latency issues on BIG-IP, especially under peak load conditions, it is critical to identify which Virtual Servers are consuming the most resources. This is a core data plane analysis task.
BIG-IP provides multiple views of configuration and status, but only certain areas expose real-time and historical traffic statistics that correlate directly with CPU usage and throughput.
Why Option C Is Correct:
Statistics > Module Statistics > Local Traffic > Virtual Servers provides:
Real-time and cumulative statistics per Virtual Server
Metrics such as:
Bits in / Bits out
Packets in / Packets out
Current connections
Connection rate
Total requests
The ability to identify high-traffic or high-connection Virtual Servers, which are the most likely contributors to elevated CPU utilization
These statistics allow the administrator to objectively determine which Virtual Servers are the top consumers of system resources and therefore good candidates for migration to a dedicated BIG-IP device.
Why the Other Options Are Incorrect:
A . Local Traffic > Virtual Servers > Virtual Server List
Primarily a configuration view
Does not provide sufficient performance or utilization statistics to identify CPU-heavy Virtual Servers
B . System > Platform
Displays hardware-level information such as CPU cores, memory, disk, and platform type
Does not break down utilization by Virtual Server
D . Local Traffic > Network Map
Provides a logical topology view of Virtual Servers, pools, and pool members
Useful for understanding relationships, but not for identifying high-utilization Virtual Servers
Key Data Plane Concept Reinforced:
To diagnose performance problems and plan traffic redistribution, BIG-IP administrators must rely on Module and object-level statistics, not configuration screens. The Virtual Server statistics view is the authoritative location for identifying traffic hotspots that directly impact CPU and latency during peak events such as Black Friday.
===========
A virtual server is listening at 10.10.1.100:80 and has the following iRule associated with it:
when HTTP_REQUEST { if { [HTTP::header UserAgent] contains "MSIE" }
{ pool MSIE_pool }
else { pool Mozilla_pool }
If a user connects to http://10.10.1.100/foo.html and their browser does not specify a UserAgent, which pool will receive the request?
Answer : B
A BIG-IP Administrator configures remote authentication and needs to ensure that users can still log in even when the remote authentication server is unavailable. Which action should the BIG-IP Administrator take in the remote authentication configuration to meet this requirement? (Choose one answer)
Answer : C
Comprehensive and Detailed Explanation From BIG-IP Administration Data Plane Concepts documents:
Although remote authentication (LDAP, RADIUS, TACACS+) is a control-plane / management-plane feature, it directly affects availability and resiliency of administrative access, which is a critical operational HA consideration.
How BIG-IP Remote Authentication Works:
BIG-IP can authenticate administrators against:
LDAP
RADIUS
TACACS+
When remote authentication is enabled, BIG-IP by default relies on the remote server for user authentication
If the remote authentication server becomes unreachable, administrators may be locked out unless fallback is configured
Why ''Fallback to Local'' Is Required:
The Fallback to Local option allows BIG-IP to:
Attempt authentication against the remote authentication server first
If the remote server is unreachable or unavailable, fall back to:
Local BIG-IP user accounts (admin, or other locally defined users)
This ensures:
Continuous administrative access
Safe recovery during:
Network outages
Authentication server failures
Maintenance windows
This behavior is explicitly recommended as a best practice in BIG-IP administration to avoid loss of management access.
Why the Other Options Are Incorrect:
A . Configure a second remote user directory
Provides redundancy only if both directories are reachable
Does not help if remote authentication as a whole is unavailable
B . Configure a remote role group
Maps remote users to BIG-IP roles
Does not affect authentication availability
D . Set partition access to ''All''
Controls authorization scope after login
Has no impact on authentication success
Key Availability Concept Reinforced:
To maintain administrative access resiliency, BIG-IP administrators should always enable Fallback to Local when using remote authentication. This prevents lockouts and ensures access even during authentication infrastructure failures.
===========
A BIG-IP system receives UDP traffic from a specific source. The administrator wants the traffic to be forwarded, not dropped or rejected. Which virtual server type should be used? (Choose one answer)
Answer : D
Comprehensive and Detailed Explanation From BIG-IP Administration Data Plane Concepts documents:
BIG-IP virtual server types define how traffic is handled at the data plane when it matches a virtual server's destination address and service port.
According to BIG-IP Administration Data Plane Concepts:
Standard virtual server
The default and most commonly used type
Accepts client connections and forwards traffic to pool members
Supports both TCP and UDP traffic
Allows full use of profiles (UDP, FastL4, persistence, etc.) and iRules
Required when the goal is to process and pass traffic through BIG-IP
Drop virtual server
Silently discards matching traffic
No response is sent to the client
Reject virtual server
Actively rejects traffic by sending an error response
For UDP, BIG-IP may send an ICMP unreachable message
Block virtual server
Used to block traffic at the virtual server level
Traffic is neither forwarded nor processed by pools
In this scenario:
The administrator explicitly wants the UDP traffic to be forwarded
Only a Standard virtual server forwards traffic to a pool or next-hop destination
Why the Other Options Are Incorrect:
A . Drop -- Traffic is silently discarded
B . Reject -- Traffic is actively rejected
C . Block -- Traffic is blocked and not forwarded
Key Data Plane Concept Reinforced:
When traffic must be accepted and forwarded---regardless of whether it is TCP or UDP---the BIG-IP administrator must use a Standard virtual server, which is the only virtual server type designed for normal application traffic processing.
===========
An application is configured so that the same pool member must be used for an entire session, and this behavior must persist across HTTP and FTP traffic. A user reports that a session terminates and must be restarted after the active BIG-IP device fails over to the standby device.
Which configuration settings should the BIG-IP Administrator verify to ensure proper behavior when BIG-IP failover occurs? (Choose one answer)
Answer : C
Comprehensive and Detailed Explanation (BIG-IP Administration -- Data Plane Concepts):
This scenario combines session continuity, multiple protocols (HTTP and FTP), and HA failover behavior, which directly implicates persistence handling across devices and services.
Key Requirements Breakdown
Same pool member for entire session
Session must survive failover
Session must span multiple services (HTTP and FTP)
Why Persistence Mirroring + Match Across Services Is Required
Persistence Mirroring
Ensures persistence records are synchronized from the active BIG-IP to the standby BIG-IP.
Without mirroring:
After failover, the standby device has no persistence table
Clients are load-balanced again
Sessions break, forcing users to restart
Persistence mirroring is essential for session continuity during failover
Match Across Services
Allows a single persistence record to be shared across multiple virtual servers / protocols
Required when:
HTTP and FTP must use the same pool member
Multiple services are part of a single application session
Together, these settings ensure:
Persistence survives device failover
Persistence is honored across HTTP and FTP
Why the Other Options Are Incorrect
A . Cookie persistence and session timeout
Cookie persistence only applies to HTTP and does not address FTP or failover synchronization.
B . Stateful failover and Network Failover detection
Stateful failover applies to connection state, not persistence records, and does not link HTTP and FTP sessions.
