EMT Practice Test

1. Question Content...


Question List

Question1: For a typical business, what percentage of data does the ARX usually move to a secondary tier?

Question2: Which two of the following are costs businesses may face in dealing with unstructured data? (Choose two.)

Question3: A monitor has been defined using the HTTP monitor template. The send and receive strings were customized, but all other settings were left at their defaults. Which resources can the monitor be assigned to?

Question4: Why does the F5 Application Delivery Firewall solution mitigate SSL attacks more effectively than any other firewalls?

Question5: Which of the following statements are correct regarding Attack signatures? (Choose two.)

Question6: To function properly, an Enterprise Manager device is required within each data center.

Question7: Which event is always triggered when the client sends data to a virtual server using TCP?

Question8: Using Fast Cache with ASM will:

Question9: To share device information with F5 technical support, a customer must either verbally share the information over the phone or copy and send the information in an Email.

Question10: Which events are valid iRule events triggered by BIG-IP ASM processing? (Choose two.)

Question11: All members of a pool must share the same service port?

Question12: Tightening is a feature of which type of entity?

Question13: Sensitive parameter is a feature used to hide sensitive information from being displayed in which of the following?

Question14: What is the purpose of the GTM Systems Address Exclusion List concerning local DNS servers?

Question15: Assume the bigd daemon fails on the active system. Which three are possible results? (Choose three.)

Question16: What is the expected difference between two source address persistence profiles if profile A has a mask of
255.255.255.0 and profile B has a mask of 255.255.0.0?

Question17: Assume a BIG-IP has no NATs or SNATs configured. Which two scenarios are possible when client traffic arrives on a BIG-IP that is NOT destined to a self-IP? (Choose two.)

Question18: ARX will detect any modification to a file on the second tier because all clients are being _______ by the ARX to get to the storage.

Question19: Select the question you would ask your customer related to DNS attacks. Based on the material, choose the most appropriate question.

Question20: If a client's browser does not accept cookies, what occurs when the client connects to a virtual server using cookie persistence?

Question21: The default staging-tightening period for attack signatures and wildcard entities is?

Question22: Which of the following are default settings when using the Policy Builder to build a security policy based on the QA lab deployment scenario? (Choose two.)

Question23: Which statement is correct concerning differences between BIG-IP ASM platforms?

Question24: Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server processing takes place. Also assume that the NAT definition specifies a NAT address and an origin address while all other settings are left at their defaults. If the origin server were to initiate traffic via the BIG-IP, what changes, if any, would take place when the BIG-IP processes such packets?

Question25: Which statement is true concerning cookie persistence.

Question26: Which VLANs must be enabled for a SNAT to perform as desired (translating only desired packets)?

Question27: The BIG-IP ASM System sets two types of cookies to enforce elements in the security policy. The two types are main and frame cookies. What is the purpose of the frame cookie? (Choose two.)

Question28: Which statement is true concerning iRule events.

Question29: Which of the following methods of protection is not available within the Protocol Security Manager for FTP protection?

Question30: What is the primary benefit of associating Servers with Data Centers?

Question31: Which of the following mitigation techniques is based on anomaly detection? (Choose two)

Question32: What is the purpose of provisioning?

Question33: A virtual server is listening at 10.10.1.100:any and has the following iRule associated with it:

Question34: DRAG DROP
Place the following items in the order that the BIG-IP device uses when processing a packet.
Select and Place:

Question35: The SNMP monitor can collect data based on which three metrics? (Choose three.)

Question36: Which statement is correct if a TOP-based monitor is assigned to an LTM System and an HTTP-based monitor is assigned to one of that LTM System's Virtual Servers?

Question37: How does the ARX eliminate the disruption caused by re-provisioning storage?

Question38: Which of the following does not pertain to protecting the Requested Resource (URI) element?

Question39: A site needs a virtual server that will use an iRule to parse HTTPS traffic based on HTTP header values.
Which two profile types must be associated with such a virtual server?
(Choose two.)

Question40: Which statement describes a typical purpose of iRules?

Question41: A, steaming profile will do which of the following?

Question42: An age-based policy is set up on the ARX that retains only data modified in the last 3 months on tier 1 storage and moves the rest of the data to secondary storage. What happens when the end user tries to access data that has not been touched in 6 months?

Question43: Which two of the following statements are accurate descriptions of the ARX index? (Choose two.)

Question44: Which three properties can be assigned to nodes? (Choose three.)

Question45: How is persistence configured?

Question46: A BIG-IP has two SNATs, a pool of DNS servers and a virtual server configured to load balance UDP traffic to the DNS servers. One SNAT's address is 64.100.130.10; this SNAT is defined for all addresses.
The second SNAT's address is 64.100.130.20; this SNAT is defined for three specific addresses,
172.16.3.54, 172.16.3.55, and 172.16.3.56. The virtual server's destination is 64.100.130.30:53. The SNATs and virtual server have default VLAN associations. If a client with IP address 172.16.3.55 initiates a request to the virtual server, what is the source IP address of the packet as it reaches the chosen DNS server?

Question47: Which of the following methods of protection operates on server responses?

Question48: When a business is hacked, they often lose more than money. What are the other consequences to a business as a result of being hacked? Select two.

Question49: Identifying users by their IP address is a sufficient method of performing authentication and authorization.

Question50: Which is an advantage of terminating SSL communication at the BIG-IP rather than the ultimate web server.

Question51: A GTM System would like to ensure that a given LTM System is reachable and iQuery communication is allowed prior to sending it client request. What would be the simplest monitor template to use?

Question52: If the config tool is complete, which two access methods are available by default for GTM administration and configuration? (Choose two.)

Question53: In the next few years, 75% of new storage capacity will shift to unstructured data (also known as file data).
Which two of the following are examples of unstructured data? (Choose two.)

Question54: Select the key question you would use to ask your customer related to DNS attacks?

Question55: Which statement about root DNS servers is true?

Question56: Logging profiles are assigned to?

Question57: The Protected Workspace client-side action provides more client-side security than the Cache and Session Control action.

Question58: Which of these statements about a stream profile is false?

Question59: Which two of the following statements about how TMOS typically manages traffic between a client and server are accurate? (Choose two.)

Question60: Which of the following is NOT a logging option within an APM access control entry?

Question61: If LTM uses the round robin load balancing method, which pool member in the diagram above will receive the next request?

Question62: There are many user roles configurable on the BIG-IP ASM System. Which of the following user roles have access to make changes to ASM policies? (Choose three.)

Question63: Which two are events that can be used to trigger GTM iRule data processing? (Choose two.)

Question64: Which two statements are true about NATs? (Choose two.)

Question65: Which two statements are true concerning the default communication between a redundant pair of BIG-IP systems? (Choose two.)

Question66: A pool is using Round Trip Time as its load balancing method (Alternate: Round Robin; Fallback:None).
The last five resolutions have been C, D, C, D, C Given the current conditions shown in the table below, which address will be used for the next resolution?

Question67: DRAG DROP
Match the security-related term with the correct definition.
1. Demilitarized zone (DMZ)
2. Denial of service (DoS)
3. DNS Express
4. DNS Security Extensions (DNSSEC)
5. Endpoint inspection
Select and Place:

Question68: Which of the following is a language used for content provided by a web server to a web client?

Question69: The ARX can see ________ when a data modification takes place and will cue that file to be migrated back to the primary tier.

Question70: In most cases, F5 recommends using round robin load balancing.

Question71: Brute force protection will:

Question72: Which parameters are set to the same value when a pair of BIG-IP devices are synchronized?

Question73: The ARX saves customers time, money and frustration through a stub-based system that makes a slight modification to each file in order to more efficiently sort and store end user data.

Question74: Monitors can be assigned to which three resources? (Choose three.)

Question75: What are two advantages of the Quality of Service (QoS) load balancing method? (Choose two.)

Question76: Replicating a large database between sites could take several hours without WOM, and only several minutes with WOM.

Question77: Which of the following statements are correct regarding positive and negative security models? (Choose two.)

Question78: Which two statements are true about SNATs? (Choose two.)

Question79: Which is NOT an ASM protection method for cross site scripting?

Question80: The BIG-IP ASM System is configured with a virtual server that contains an HTTP class profile and the protected pool members are associated within the HTTP class profile pool definition. The status of this virtual server is unknown (Blue). Which of the following conditions will make this virtual server become available (Green)?

Question81: You have a pool of servers that need to be tested. All of the servers but one should be tested every 10 seconds, but one is slower and should only be tested every 20 seconds. How do you proceed?

Question82: Which statement is true regarding failover?

Question83: Which three of the following are some of the methods that F5 uses with its environmental stress screening chamber? (Choose three.)

Question84: A BIG-IP has two load balancing virtual servers at 150.150.10.10:80 and 150.150.10.10:443. The port 80 virtual server has SNAT automap configured. There is also a SNAT configured at 150.150.10.11 set for a source address range of 200.200.1.0 / 255.255.255.0. All other settings are at their default states.
If a client with the IP address 200.200.1.1 sends a request to https://150.150.10.10, what is the source IP address when the associated packet is sent to the pool member?

Question85: It is common for free storage space to exist somewhere in a business network that is not easy for storage administrators to utilize. What solution can the ARX provide in this situation?

Question86: There are multiple HTTP class profiles assigned to a virtual server. Each profile has Application Security enabled. Which statement is true?

Question87: In order to ensure that a specific file type is never moved down to a secondary file tier, the administrator should:

Question88: Using file virtualization, what can the ARX do for customers?

Question89: Which process or system can be monitored by the BIG-IP system and used as a failover trigger in a redundant pair configuration.

Question90: Which statement accurately describes the difference between two load balancing modes specified as
"member" and "node"?

Question91: A GTM System performs a name resolution that is not a Wide-IP. The name is in a domain for which the GTM System is authoritative. Where does the information come from?

Question92: What technology does ARX use to create a logical abstraction of the physical storage environment?

Question93: Which of the following is correct regarding static parameters?

Question94: Where is connection mirroring configured?

Question95: Which facility logs messages concerning GTM System parameters?

Question96: ASM Geolocation reporting provides information regarding:

Question97: Generally speaking, should the monitor templates be used as production monitors or should they be customized prior to use?

Question98: What is the advantage of specifying three load balancing methods when load balancing within pools?

Question99: Which two methods can be used to determine which BIG-IP is currently active? (Choose two.)

Question100: Administrators can specify an APM access profile when defining a virtual server in LTM.

Question101: Which of the following business benefits does storage tiering offer to customers?

Question102: What feature of the F5 Exchange solution helps administrators to streamline implementation for added security and granular control?

Question103: A virtual server is defined per the charts. The last five client connections were to members C, D, A, B, B.
Given the conditions shown in the above graphic, if a client with IP address 205.12.45.52 opens a connection to the virtual server, which member will be used for the connection?

Question104: What is the difference between primary and secondary DNS servers?

Question105: A customer says his business wouldn't benefit from buying ARX because it already has block based storage virtualization in place. Is he right? Why or why not?

Question106: A site wishes to perform source address translation on packets from some clients but not others. The determination is not based on the client's IP address, but on the virtual servers their packets arrive on.
What could best accomplish this goal?

Question107: A standard virtual server is defined with a pool and a SNAT using automap. All other settings for the virtual server are at defaults. When client traffic is processed by the BIG-IP, what will occur to the IP addresses?

Question108: What is the purpose of floating self-IP addresses?

Question109: Where is persistence mirroring configured?

Question110: A BIG-IP has a virtual server at 150.150.10.10:80 with SNAT automap configured. This BIG-IP also has a SNAT at 150.150.10.11 set for a source address range of 200.200.1.0 / 255.255.255.0. All other settings are at their default states. If a client with the IP address 200.200.1.1 sends a request to the virtual server, what is the source IP address when the associated packet is sent to the pool member?

Question111: Which two ports must be enabled to establish communication between GTM Systems and other BIG IP Systems? (Choose two.)

Question112: A user's access to resources can change based on the computer they connect from.

Question113: Which of the following statements is true about ARX's capacity balancing ability?

Question114: Using IP Geolocation, an organization can always direct a client request from France to a data enter in Dublin.

Question115: Which IP address will the client address be changed to when SNAT automap is specified within a Virtual Server configuration?

Question116: Which is NOT a function of ASM?

Question117: Select the best word or phrase to complete the following sentence.
Using the _______ feature in GTM, F5's Application Delivery Firewall solution can handle a significantly higher number of queries than traditional DNS servers.

Question118: Which event is always triggered when a client initially connects to a virtual server configured with an HTTP profile?

Question119: Which of the following does NOT describe network performance management?

Question120: A site wishes to perform source address translation on packets arriving from the Internet for clients sing some pools but not others. The determination is not based on the client's IP address, but on the pool they are load balanced to. What could best accomplish this goal?

Question121: Even though F5 is an application delivery controller, it can also effectively mitigate attacks directed at the network layer.

Question122: Which of the following is correct regarding User-defined Attack signatures?

Question123: A request is sent to the BIG-IP ASM System that generates a Length error violation. Which of the following length types provides a valid learning suggestion? (Choose three.)

Question124: In the current version of BIG-IP, what happens if the GTM does not find a wide IP that matches the DNSrequest?

Question125: Use a proprietary syntax language. Must contain at least one event declaration. Must contain at least one conditional statement. Must contain at least one pool assignment statement. What must be sent to the license server to generate a new license?

Question126: Which of the following platforms support both standalone and modular BIG-IP ASM implementations?
(Choose 2)

Question127: Which three must be done so that Generic Host Servers can be monitored using SNMP? (Choose three.)

Question128: When users are created, which three access levels can be granted through the GTM Configuration Utility?
(Choose three.)

Question129: iQuery is a proprietary protocol that distributes metrics gathered from which three sources? (Choose three.)

Question130: Which of the following can be associated with an XML profile?

Question131: Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the BIG-IP?

Question132: The F5 Application Delivery Firewall has the ability to outperform traditional and next generation firewalls during DDoS attacks by leveraging the performance and scalability of BIG-IP to hand extremely high loads, including high throughput, high connection count, and high number of connections per second.

Question133: When we have a * wildcard entity configured in the File Type section with tightening enabled, the following may occur when requests are passed through the policy. Which is the most accurate statement?

Question134: Which of the following protocol protections is not provided by the Protocol Security Manager?

Question135: Assuming there are open connections through an active system's NAT and a failover occurs, by default, what happens to those connections?

Question136: How is persistence configured?

Question137: ASM provides antivirus protection by:

Question138: When probing LDNSs, which protocol is used by default?

Question139: Which of the following methods are used by the BIG-IP ASM System to protect against SQL injections?

Question140: A virtual server is listening at 10.10.1.100:80 and has the following iRule associated with it:

If a user connects to http://10.10.1.100/foo.html and their browser does not specify a UserAgent, which pool will receive the request?

Question141: An administrator is planning on solving latency issues by placing the backup data center in a neighboring city to the primary data center. Why isn't this effective solution?

Question142: A virtual server is listening at 10.10.1.100:80 and has the following iRule associated with it:

If a user connects to http://10.10.1.100/foo.html, which pool will receive the request?

Question143: A site wishes to delegate the name .wmysite.com to a GTM System. Which entry would be appropriate in their current DNS servers?

Question144: As a part of the Setup Utility, the administrator sets the host name for the BIG-IP.
What would be the result if the two systems in a redundant pair were set to the same host name?

Question145: When can a single virtual server be associated with multiple profiles?

Question146: Data centers often rely on either traditional firewalls or next generation firewalls. Select the core weakness of the traditional or next generation firewalls when it comes to DDoS attacks.

Question147: What is the purpose of MAC masquerading?

Question148: ARX can classify data based on all of the following EXCEPT:

Question149: A virtual server is listening at 10.10.1.100:any and has the following iRule associated with it:

If a user connects to 10.10.1.100 and port 22, which pool will receive the request?

Question150: ________% of F5 products are sent through thorough software testing before being sold to customers

Question151: Without creating a user defined region, what is the most specific group a topology record can identify?

Question152: The current status of a given pool member is unknown. Which condition could explain that state?

Question153: An inline ASM configuration requires:

Question154: Where is the load balancing mode specified?

Question155: What percentage of storage in a typical environment is actively used and modified?

Question156: Which cookie persistence method requires the fewest configuration changes on the web servers to be implemented correctly?

Question157: What is the main cause of high latency in a Web application?

Question158: DRAG DROP
Match these terms with their description.
Select and Place:

Question159: DRAG DROP
Match the five elements of the intelligent file virtualization with the appropriate ARX feature:
Select and Place:

Question160: Which item is NOT a function of ASM?

Question161: When configuring the BIG-IP ASM System in redundant pairs, which of the following are synchronized?
(Choose two.)

Question162: The production version of BIG-IP Virtual Edition is limited to 200 Mbps throughput.

Question163: Which item is NOT a function of a properly deployed and configured ASM?

Question164: Learning suggestions can be the result of:

Question165: When initially configuring the GTM System using the config tool, which two parameters can be set?
(Choose two.)

Question166: Which two must be included in a Wide-IP definition for the Wide-IP to resolve a DNS query? (Choose two.)

Question167: If your customer has a policy requirement that cannot be handled in the Visual Policy Editor, what would you use to supplement the Visual Policy Editor?

Question168: The F5 Visual Policy Editor (VPE) is unique to the F5 BIG-IP APM module; no other access management tool has this capability. Select the features that the VPE provides. Select two

Question169: Which of the following is correct concerning HTTP classes?

Question170: Which of the following statements best describes the ARX architecture?

Question171: Which WOM feature replaces a long byte pattern, such as "100000111000110101", with a shorter reference to the pattern?

Question172: The Device Inventory option in Enterprise Manager can replace an organization's static Excel spreadsheet containing similar data.

Question173: What are some changes that must be made on the GTM System so that log messages are sent to centralized System Log servers?

Question174: Although not all modules run on all platforms, each F5 hardware platform can run LTM plus at least one additional software module.

Question175: With standard DNS, assuming no DNS request failures, which process describes the normal resolution process on a "first time" DNS request?

Question176: Which of the following is not a configurable parameter data type?

Question177: Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server processing takes place. Also assume that the NAT definition specifies a NAT address and an origin address while all other settings are left at their defaults. If a client were to initiate traffic to the NAT address, what changes, if any, would take place when the BIG-IP processes such packets?

Question178: You have created a custom profile named TEST2. The parent profile of TEST2 is named TEST1. If additional changes are made to TEST1, what is the effect on TEST2?

Question179: A client sends a request to a virtual server http://www.foo.com configured on the BIG-IP ASM System. The virtual server has an HTTP class profile associated with Application Security enabled, all class filters set to match all, and a pool consisting of foo.com members. The virtual server also has a default pool associated with it. When the client sends a request for
http://www.foo.com, this traffic will be forwarded to which of the following?

Question180: When network failover is enabled, which of the following is true?

Question181: What is the main business driver for bringing Enterprise Manager into the network infrastructure?

Question182: When using a single BIG-IP with APM, an organization can support up to 60,000 concurrent remote access users.

Question183: When is a Virtual Server hosted by an LTM System defined with two IP addresses?

Question184: Which of the following methods of protection is not available within the Protocol Security Manager for HTTP traffic?

Question185: The F5 Visual Policy Editor (VPE) is unique to the F5 BIG-IP APM module; no other access management tool has this capability. Select the features that the VPE provides. Select two.

Question186: Why is BIG-IP ASM ideally suited to protect against layer 7 attacks, including HTTP and HTTPS/SSL traffic, when compared to an intrusion prevention system (IPS)?

Question187: Which two can be a part of a virtual server's definition? (Choose two.)

Question188: Which three are GTM server dynamic load balancing modes? (Choose three.)

Question189: When installing LTM on different VIPRION performance blades, each instance of LTM needs to be licensed separately.

Question190: Which of the following statements are incorrect regarding protection of web services? (Choose two.)

Question191: A customer wants the best possible throughput but only has a maximum of 3RU rack space. Which F5platform should you recommend?

Question192: The Protected Workspace client-side action provides more client-side security than the Cache and Session Control action.

Question193: What will likely happen if you were to define a LTM System in the wrong Data Center?

Question194: Complete the statement below by choosing the correct word or phrase to complete the sentence. By identifying IP addresses and security categories associated with malicious activity, the BIG-IP _______ service can incorporate dynamic lists of threatening IP addresses into the BIG-IP platform, adding context to policy decisions.

Question195: Listeners that correspond to nonfloating self IP addresses are stored in which configuration file?

Question196: How do you support non intelligent DNS resolution in an environment with GTM Systems and standard DNS servers? (Choose two.)

Question197: True or False, WOM speeds up large file data transfer across the WAN between a Windows client and a Windows file Server.

Question198: A pool is using Global Availability as its load balancing method (Alternate:Round Robin; Fallback: Return to DNS). The last five resolutions have been C, D, C, D, C Given the current conditions shown in the table, which address will be used for the next resolution?

Question199: An HTTP class is available

Question200: Assume a virtual server is configured with a ClientSSL profile. What would the result be if the virtual server's destination port was not 443?

Question201: The ARX is like a mini network manager. It is able to check the health of the environment and can raise alerts when thresholds are reached.

Question202: The partial configuration below includes an iRule, a virtual server, and pools. When traffic from the client at
160.10.10.10:2056 connects to the virtual server Test_VS and sends an HTTP request, what will the client's source address be translated to as the traffic is sent to the chosen pool member?

Question203: Network Security personnel are entirely responsible for web application security.

Question204: Which statement is true concerning SNATs using automap?

Question205: A security audit has determined that your web application is vulnerable to a cross site scripting attack.
Which of the following measures are appropriate when building a security policy? (Choose two.)

Question206: What is a characteristic of iQuery?

Question207: Which statement is true concerning SSL termination.

Question208: When DNS_REV is used as the probe protocol by the GTM System, which information is expected in the response from the probe?

Question209: DRAG DROP
Match the security-related term with the correct definition.
1. OWASP Top 10
2. Secure Socket Layer (SSL)
3. Bot
4. Certificate
5. Content scrubbing
Select and Place:

Question210: Which aspect of F5's Intelligent Services Platform helps you extend your security conversation to include F5professionals and customers?

Question211: Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the pool members.

Question212: An F5 customer must install WebAccelerator on top of LTM:

Question213: A virtual server at 10.10.1.100:80 has the rule listed below applied. when HTTP_REQUEST { if {[HTTP::uri] ends_with "htm" } { pool pool1 } elseif {[HTTP::uri] ends_with "xt" } { pool pool2 } If a user connects to
http://10.10.1.100/foo.txt which pool will receive the request.

Question214: When configuring a pool member's monitor, which three association options are available? (Choose three.)