Free F5CAB1 Exam Dumps

A BIG-IP Administrator discovers malicious brute-force attempts to access the BIG-IP device on the
management interfacevia SSH.
The administrator needs to restrict SSH access to the management interface. Where should this be accomplished?

Correct Answer:C
The BIG-IPmanagement interface (MGMT port)is controlled throughSystem settings, not through the Network menu.
SSH access on the management interface is configured here:
System # Configuration # Device # General # SSH Access / SSH IP Allow
This section allows the administrator to:
Enable or disable SSH service
Restrict SSH access to specific IP addresses or subnets
Apply security policies to the management interface
Why the other options are incorrect:
* A. Network > Interfaces
Used for data-plane physical interface settings, not management plane SSH restrictions.
* B. Network > Self IPs
Controls in-band management or data-plane access, not the dedicated management port.
* D. System > Platform
Used for hostname, time zone, LCD contrast, hardware settings — not SSH security on the management port.
Therefore, restricting SSH access to themanagement interfacemust be done under:
#System # Configuration # Device # General
Which corresponds toOption C.

In order to configure allowed IP addresses forSSH accessto a BIG-IP device, the BIG-IP Administrator has issued the commands shown in the exhibit.

Which IP addresses will have SSH access after issuing the shown commands? (Choose two.)

Correct Answer:AB
From the exhibit, the administrator performs the following actions:
Displays the current SSH allow configuration:
tmsh list sys sshd allow allow { ALL }
Replaces the existing SSH allow list with a specific subnet: tmsh modify sys sshd allow replace-all-with { 10.0.0.0/24 }
Confirms the updated configuration: tmsh list sys sshd allow
allow { 10.0.0.0/24 }
This configuration restricts SSH access to only hosts that fall within the10.0.0.0/24network.
Evaluation of the options A. 10.0.0.100
This address is within the 10.0.0.0/24 subnet and is a valid host address, so SSH access is permitted.
* B. 10.0.0.254
This address is also within the 10.0.0.0/24 subnet and is a valid host address, so SSH access is permitted.
* C. 10.0.0.256
This is not a valid IP address because an IPv4 octet cannot exceed 255.
* D. 100.0.1.10
This address is outside the configured 10.0.0.0/24 subnet and will not be allowed.
* E. 100.0.0.10
This address is also outside the configured subnet and will not be allowed.

For an upgrade of a standalone BIG-IP, a maintenance window is available in which brief interruptions are allowed.
Actions with no impact can be done outside the maintenance window.
When should a license reactivation be performed?

Correct Answer:B
License reactivation updates the BIG-IP device??s license file to ensure:
TheService Check Dateis current
The device is eligible to install the intended TMOS version
Any module entitlement updates are received
Reactivationdoes not interrupt trafficand does not require a reboot, making it safe to performbeforethe maintenance window.
F5 best practices state:
Performall non-impact tasks priorto the scheduled maintenance window
Leave the window available for activities that require rebooting, such as the software installation itself Since license reactivation isnon-disruptive, it should be donebeforethe upgrade window starts.

Given thatBIGIP-.isoandHotfix-BIGIP--ENG.isohave been uploaded to/shared/images on an F5 device, what is the appropriatetmsh command to prepare and update the BIG-IP device with the hotfixof a software version on a new volume HD1.2?
(Choose one.)

Correct Answer:B
When installing a BIG-IP software versionwith a HotFixon anew boot volume, F5 requires that both thebase TMOS imageand theHotFix imagebe installed together as part of the same installation workflow.
The correct process is:
Specify thebase TMOS ISO
Specify theHotFix ISOthat corresponds to that base version
Instruct the system tocreate a new boot volume
Install both images into that new volume
This is achieved with the following tmsh syntax:
tmsh install /sys software BIGIP-<version>.iso hotfix Hotfix-BIGIP-<version>-ENG.iso create-volume HD1.2 This command:
Installs the base image first
Applies the HotFix on top of the base image
Creates and installs everything onHD1.2
Leaves the currently active volume untouched for rollback
Why the other options are incorrect
* A. Installing only the hotfix
A HotFix cannot be installed by itself on a new volume. A base image must already be present.
* C. Using create instead of install
The create keyword is not valid for software installation operations.
* D. Using copy
The copy command does not install software images or hotfixes.

The device is currently onv15.1.2.1.
The BIG-IP Administrator needs to boot the device back tov13.1.0.6to gather data for troubleshooting.
The system shows: Sys::Software Status
Volume Product Version Build Active Status Allowed HD1.1 BIG-IP 15.1.2.1 0.0.10 yes complete yes HD1.2 BIG-IP 13.1.0.6 0.0.3 no complete yes
Which is the correct command-line sequence to boot the device to version13.1.0.6?

Correct Answer:B
To change the boot volume on a BIG-IP system from one installed TMOS version to another, the correct CLI tool is:
switchboot
The correct syntax uses the-bflag:
switchboot -b <volume>
This command marks the specified boot location as the one to be used on the next reboot. Thus, to boot intoHD1.2which contains13.1.0.6, the sequence is:
Mark HD1.2 as the next boot location:
switchboot -b HD1.2
Reboot the system:
reboot
This is the standard and officially supported method for selecting a different installed volume.
Why the other options are incorrect:
* A. "tmsh reboot HD1.2"
There is no such tmsh syntax.
Boot volume cannot be selected by adding a parameter to reboot.
* C. switchboot -I HD1.2
The -I flag is invalid. Only -b is used.
* D. "tmsh switchboot HD1.2"
switchboot isnota tmsh command; it is a system-level shell utility.
Therefore,Option Bis the correct and valid command sequence.