Free F5CAB1 Exam Dumps

Question 11

What command will allow the BIG-IP Administrator to view theconfigured management IPof a BIG-IP system?
(Choose one.)

A. tmsh show sys management-ip
B. tmsh list sys management-ip
C. tmsh list sys management-route
D. tmsh list net self

Correct Answer:B
Comprehensive and Detailed Explanation (Paraphrased)
The BIG-IP stores the configured management IP address as asystem configuration objectunder the/syshierarchy.
To display configured (persistent) values, BIG-IP uses thetmsh list command, not show.
Why tmsh list sys management-ip is correct
The management IP configuration is defined under:
/sys management-ip
Running:
tmsh list sys management-ip
displays:
The configured management IP address
Netmask
Associated attributes
This command shows theactual configured management IP, which is what the question asks for.
Why the other options are incorrect
* A. tmsh show sys management-ip
The show command is used for runtime statistics and status.
management-ip is a configuration object, not a statistics object.
* C. tmsh list sys management-route
Displays management routing information, not the management IP address itself.
* D. tmsh list net self
Displays Self IPs used on the data plane.
Does not show the management interface IP.

Question 12

The BIG-IP Administrator received a ticket that an authorized user is attempting to connect to the Configuration Utility from a jump host and is being denied.
The HTTPD allow list is configured as:
sys httpd {
allow { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }
}
The jump host IP is172.28.32.22.
What command should the BIG-IP Administrator use to allow HTTPD access for this jump host?

A. modify /sys httpd allow replace-all-with { 172.28.32.22 }
B. modify /sys httpd allow delete { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }
C. modify /sys httpd allow add { 172.28.32.22 }

Correct Answer:C
The HTTPD allow list controls which IP addresses or subnets may access the Configuration Utility (TMUI) on the BIG-IP system. The Administrator already has two subnets allowed and needs to add a single host IP to the existing list.
The object/sys httpd allow supports actions such as add,delete, and replace-all-with.
Because the goal is toaddone more entry without removing the existing permitted subnets, the correct command is:
modify /sys httpd allow add { 172.28.32.22 }
This appends the new host to the existing list while preserving the previously configured networks.
Why the other options are incorrect:
Option A (replace-all-with)would over write the entire allow list, removing existing permitted subnets—unacceptable.
Option B (delete) would remove the existing networks and not add the required host.
Therefore, the correct administrative action is toaddthe jump host's IP.

Question 13

A BIG-IP Administrator is responsible for deploying a new software image on an F5 BIG-IP HA pair and has scheduled a one-hour maintenance window.
With a focus on minimizing service disruption, which of the following strategies is the most appropriate?

A. Update the active node first, reboot to the newly updated boot location and verify functionality, then push the update from the active to the standby node and reboot the standby node.
B. Reset the Device Trust, apply the update to each node separately, reboot both nodes, then re-establish the Device Trust.
C. Update the standby node first and reboot it to the newly updated boot location, failover to the newly updated node and verify functionalit
D. Repeat the upgrade procedures on the next node, which is now in standby mode.
E. Update both nodes in the HA pair, then reboot both nodes simultaneously to ensure they run the same software version.

Correct Answer:C
For BIG-IP high-availability (HA) pairs, F5's recommended upgrade workflow prioritizesservice continuity,predictable failover, andminimal downtime. The established best-practice sequence is:
Upgrade the standby unit first
Because the standby device is not passing traffic, upgrading and rebooting it does not impact production.
Boot the standby unit into the newly installed version
Once online, the administrator verifies basic health, device sync status, cluster communication, and module functionality.
Perform a controlled failover to the upgraded unit
Traffic shifts to the newly upgraded device, allowing validation of the configuration and operational behavior under real traffic loads.
Upgrade the second device (now standby)
The previously active device becomes standby after failover, allowing it to be safely upgraded and rebooted without interruption.
This phased approach ensures only one device is unavailable at a time, allowing continuous traffic flow throughout the upgrade process.
Why the Correct Answer is C
OptionCexactly matches F5's documented production-safe upgrade method:
Upgrade thestandbynode first
Reboot into new image
Failover to upgraded device
Validate
Upgrade the remaining (now-standby) device
This procedure minimizes risk and traffic disruption.
Why the other options are incorrect:
* A. Upgrade the active node first
Upgrading the active device requires removing it from service and failing over abruptly. This is not recommended and increases service disruption risk.
* B. Resetting device trust
Resetting trust is unnecessary and can disrupt configuration sync, peer communication, and cluster operation. It is not part of any standard upgrade workflow.
* D. Upgrading and rebooting both nodes simultaneously
This would causetotal outage, because both HA members would be unavailable at the same time.