Home Ustad Pro Most Common F5 101 exam question and Answers

Most Common F5 101 exam question and Answers

If you are network Engineer, Network Security Engineer, Network Articetct and you want to make your career in F5 then the first exam that you need to crack is exam code 101.

These questions and answers are just for your exam topic revisions, please keep in mind you need complete knowledge of F5 LTM before this exam. Recently I passed the 101 exams and in this tutorial, i tired to combined my all question that I used to prepare and also I tried to collect questions from my other friends.

LTM (Local Traffic Manager):- Full proxy between users and application servers. Creates a layer of abstraction to secure, optimize, and load balance application traffic

GTM ( Global Traffic Manager):- 
Automatically routes connections to the closest or best-performing data center in the event of an outage, overload, or other disruption

APM (Access Policy Manager):-
Provides secure,context-aware, and policy-based access control. It centralizes and simplifies AAA management directly on the BIG-IP system.

ASM ( Application Security Manager):-

Advanced web application firewall that protects critical applications and their data by defending against application-specific attacks that bypass conventional firewalls

LTM initial set up steps:-

  1. Setup MGMT port IP address via config utility
  2. License the system through web interface
  3. Run the setup utility

Default LTM MGMT port IP address?

To gain a license, you need to use your registration key to generate what?

a Dossier and they present the dossier to the license server

A base registration key is how many characters?


Systems are shipped with your registration key where?


After generating the dossier, what is it names and where is it located?


Dedicated:- designed for situations where only one module is functional on the system, such as GTM

Minimal:- Gives the module its minimum functional resources and distributes additional resources to the module if they are available.

Minimum:-Give the module minimum functional resources and distributes additional resources to other modules.

None:- Designed for situation where another module need dedicated access to resources

Setup Utility includes the following:-

  • Self-IP Addresses and Netmasks for VLANS
  • Assign interfaces to VLANs
  • IP address of the default route
  • root password for CLI
  • admin password for GUI
  • IP address allowed for ssh

Administrative IP access Files:-


Interface and configuration files:-


Default terminal settings for console access:-

8-N-1 19,200 bps

File extension for backups:-


Pool members are?

Each of the actual servers used for client traffic.
includes an IP address and port

The devices represented by the IP addresses of pool members are called what?

Nodes — they may represent multiple pool members

A pool is what?

A group of pool members.

system logs


packet filter logs


local traffic logs


audit logs

Displays system configuration chagnes by user ad time.

A Full proxy maintains how many session tables?


ugger-and-stitch- methodology

Proxy buffers a connection, often through the TCP handshake process and potentially into the first few packets of application data, but then stitches a connection to a given server on the back-end using either layer 4 or layer 7 data.

DSR (Direct Server Return):
Requests are proxied by the device, but the responses do not return the device. Known as a half proxy because only half the connection is proxied.

What is a proxy-based design

A full proxy completely understands the protocols, and is itself an endpoint and an originator for the protocols. The connections between a client and the full proxy is fully independent of the connection between the full proxy and the server.


scripts created using TCL with custom F5 extensions that enable users to create unique functions triggered by TMOS events.

Single Device HA

Core services being up and running on that device
-VLANs being able to send and receive traffic

Redundant system configuration HA

Core system services being up and running on one of the two BIP-IP systems Connection being available between the BIP-IP system and a pool of routers, and VLANs on the system being able to send and receive traffic.

Hard-wired failover

you enable failover by using a failover cable to physically connect the two redundant units default setting

Network Failover

Enable failover by configuring the redundant system to use the network to determine the status of the active unit.

what is ConfigSync

a process where you replicate one unit main config file on the peer unit.

What does SNAT do?

Secure Network Address Translation
maps the source client IP in a request to a translation address defined on the BIG-IP device.

what is Intelligent SNAT?

The mapping of one or more original client IP address to a translation address. However, you implement this type of SNAT mapping within an iRule Can be based on any piece of packet data you specify.

how to monitor the number of concurrent connections going through the SNAT?

tmsh show /ltm snat

Auto Last Hop

Is a global setting that is used to track the source MAC address of incoming connections. Allows the BIG-IP system to send return traffic from pools to the MAC address that transmitted the request, even though the routing table points to a different network or interface.

what is a node?

The physical server itself that will receive traffic from the load balancer.

How is a member different than a node?

a member includes the TCP port of the actual application that will be receiving the traffic.

What is a basic load balancing transaction?

  1. Client attempts to connect with the service on the load balancer
  2. LB accepts the connection and changes the destination IP to match the service of the selected host
  3. Host accepts the connection and responds back to the original source, the client, via its default route
  4. The LB intercepts the return packet from the host and now changes the source IP to match the virtual server IP and port, and forward.

Round Robin Algorithm

passes each new connection request to the next server in line, eventually distributing connection evenly across the array of machines being load balanced.

Weighted Route Robin Algorithm(Ratio) Algorithm

The number of connections that each machine receives over time is proportionate to a ratio weight you define for each machine.

Dynamic Round Robin (dynamic ratio) Algorithm

Weights are based on continuous monitoring of the servers and are therefore continually changing. Distributed based on real-time server performance analysis.

Fastest Algorithm

Passes a new connection based on the fastest response time of all

Least Connections Algorithm

The system passes a new connection to the server that has the least number of current connections. Works best with equipment all has similar capabilities.

Observed Algorithm

Uses a combination of the logic used in the Least Connections and Fastest Algorithms to load balance connections to servers. Servers are ranked based on current connections and response time.

Predictive Algorithm

The system analyzes the trend of the ranking over time, determining whether the performance of a server is currently improving or declining.

What is the primary reason for tracking and storing session data?

To ensure that client requests are directed to the same pool member throughout the life of a session, or during subsequent sessions.

what is a Persistence Profile?

a pre-configured object that automatically enables persistence when you assign the profile to a VS.

Cookie persistence

Cookie persistence uses an HTTP cookie stored on a client computer to allow the client to reconnect to the same server previously visited at a web site.

Destination address affinity persistence

Also known as sticky persistence, destination address affinity persistence supports TCP and UDP protocols and directs session requests to the same server based solely on the destination IP address of a packet.

hash persistence

Hash persistence allows you to create a persistence hash based on an existing iRule

Source address affinity persistence

Also known as simple persistence, source address affinity persistence supports TCP and UDP protocols and directs session requests to the same server based solely on the source IP address of a packet.

SSL Persistence

SSL persistence is a type of persistence that tracks non-terminated SSL sessions, using the SSL session ID.

Universal persistence

Universal persistence allows you to write an expression that defines what to persist on in a packet. The expression, written using the same expression syntax that you use in iRulesTM, defines some sequence of bytes to use as a session identifier.

What is the Positive Security Model

One that defines what is allowed, and rejects everything else.

What is the Negative Security Model

Defines what is disallowed, while implicitly allowing everything else.

Benefit of the Positive Security Model

Is that new attacks, not anticipated by the admin/developer, will be prevented.

Reset on Timeout

The system sends a reset (RST) and deletes the TCP connection when the connection exceeds the idle timeout value. If disabled, the system will delete the TCP connection when it exceeds the idle timeout value, but will not send an RST to the client.

HTTP Header Methods?


With the get method, all query parameters are part of what?


200 OK

This indicates a success

304 Not Modified

This shows that the resource in question has not changed and the browser should load it from its cache instead. This is used only when the browser performs a conditional GET request.

404 Not Found

This suggests that the resource requested cannot be found on the server.

401 Authorization Required

This indicates that the resource is protected and requires valid credentials before the server can grant access.

500 Internal Error

This signifies that the server had a problem processing the request.

most important browser headers?

HTTP Version
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
If-* headers
Cache-Control or Pragma no cache

Most important web server headers?

HTTP Version
connection: Keep-Alive/Close
Encoding: gzip, deflate
Cach-strong headers (max-age)
Accept-Ranges: bytes

no-cache meta tag

instructs the browser to not cache the object that contains the meta tag Forces the browser to always get a full download of that object.

refresh meta tag

often used to mimic an HTTP 302 redirect response.
Tells the browser to override the browser’s cache settings and revalidate every object referenced by the refresh tag.


IP layer protocol that enables the sending and receiving of cryptographically protected packets of any times (TCP, UDP, ICMP) without any modification.

What two cryptographic services does IPSec provide?

  1. confidentiality and authenticity (Encapsulated Security Payload)
  2. Or authenticity only. (Authentication Header)

What does Phase 2 do?

Negotiates the cipher and authentication algorithm required to protect further transactions.

What does Phase 1 do?

Performs mutual authentication and produces the encryption key required to protect Phase 2.

What is SSL?

an application layer protocol. Mostly utilized to protect HTTP transactions, and has been used for other purposed like IMAP and POP3 Only compatible with applications running over TCP.

SSL is composed of what 4 protocols?

Handshake protocol
Change Cipher Spec protocol
Alert protocol
Application Data protocol

What is the handshake protocol used for?

To perform authentication and key exchanges

What is the Change Cipher Spec Protocol used for?

To indicate that the chosen keys will now be used

What is the Alert protocol used for?

Signaling errors and session closure

What is the application data protocol used for?

to transmit and receive encrypted data

Hash algorithms used in SSL “Client Authentication”?

MD5 and SHA-1

IPSec supports the use of Digital Signature ad the use of a Secret KEy Algorithm, where SSL supports only the use of what?

Digital Signature

What two connection modes what IPSec have?

Tunnel Mode
Transport Mode

What is Tunnel mode?

Established between gateway-to-gateway, gateway-to-host, and host-to-host. It established a tunnel between the endpoint and it requires adding a new IP header to the original packet.

What is Transport mode?

Host-to-host connection. The data between the two entities are encrypted.


Perfect Forward Secrecy
Exchanges new DH values each time a session is resumed


Security Network Address Translation
Maps the source client IP address in a request to a translation address defined on the BIG-IP device.

(Q) Which three of the metrics listed below can GTM use when making load balancing decisions for a client?

A.TCP payload

B.IP geolocation

C.Hop count

D.Round trip time

E.Browser user agent

(Q) An LTM object that represents a downstream server contains the IP address and no port. What is this object?

A.Pool member

B.Virtual server


D.Self IP


(Q) When using a routed configuration, the real server must point to the LTM as the………

A.Default gateway

B.Virtual IP

C.DNS server

D.NTP server

E.WINS server

(Q) Which of the following statements about cookie persistence is NOT true?

A.The cookie’s timeout value can be customized

B.They are F5’s preferred persistence method

C.No persistence information is placed on LTM

D.Web servers must be configured to send cookies to clients

E.They do not add a performance impact on LTM

(Q)True or false? The LTM “Manager” authentication role can create iRules.



(Q)Which of the following are four of the security benefits of TMOS?

A.it verifies traffic based on antivirus signatures

B.It provides protection against DDoS

C.It uses SYN cookies and dynamic connection reapers

D.It supplies guidance for poorly developed applications

E.It denies all traffic that hasn’t been defined

F.It can hide confidential information from outbound traffic

(Q)An LTM object represents a downstream server that hosts a secure Web site and contains the IP address and port combination What is this object?

A.Self IP

B.Virtual Server



E.Pool Member

True or false, The least connections load balancing method functions best when all pool members share similar characteristics.



If a customer has an application that uses a customized protocol, what LTM feature can help optimize the traffic from the application?


B.Network virtual servers

C.HTTP classes

D.Packet filtering

E.Transparent virtual servers

Which of the following are the three main business drivers for placing LTM into a network?

A.Secure the connection between WAN sites

B.Improve application availability and scalability

C.Authenticate and authorize users

D.Boost application performance

E.Include application security

F.Act as a Web application firewall

True or false? Adding more RAM to a GTM device drastically improves query performance.



An administrator is adding GTM to the network infrastructure. Which of the following requirements would lead them to select an Authoritative Screening architecture
rather than Delegation?

A.They want GTM to examine all DNS queries

B.They want GTM to make load balancing decisions based on metrics

C.They have data centers in several countries

D.They are using several operating systems for the local DNS servers

True or false? Since F5 built GTM on the TMOS platform it can exist on the same BIG-IP device as LTM



True or false? FastCache will NOT work with compressed objects.



True or false? As a full TCP proxy, LTM acts as the termination point for both requests from the client and responses from the server.



When an optimized TCP connection exists between LTM and the pool member, LTM can accept server responses faster than the client. What is the name of this

A.HTTP caching


C.TCP connection queuing

D.Content spooling

E.Priority activation

You can use an HTTP class profile to forward traffic that matches which three of these types of criteria?


B.HTTP header

C.URI path

D.User name


F.Host name

Why does deploying LTM into an existing network immediately improve security?

A.Only requests for specific ports are allowed through LTM

B.All traffic through LTM is checked for DDoS attacks

C.No traffic A allowed through LTM until it has been specified

D.All users must authenticate before accessing applications through LTM

E.Only LAN administrators can access resources through LTM

Which of the following is NOT included on the F5 DevCentral site?

A.Subscription purchasing options

B.Actual iRules was written by other customers

C.iRules reference materials


E.The F5 iRule editor

True or false? GTM can load balance to LTM in addition to non-BIG-IP hosts.



What happens when the data center that GTM recommends for a client is unavailable

A.GTM uses cached information to determine an alternate route

B.GTM queries the local DNS server

C.GTM sends subsequent queries to the next preferred data center

D.GTM directs the client to use its DNS cache to select an alternate location

E.The client continues to attempt to access the preferred data center

Which four of the monitoring methods listed below can GTM use to determine the status and performance of BIG-IP and servers?


B.Application monitors

C.Inband monitors




GTM uses the F5………….protocol to synchronize performance metrics between GTM
devices. (Fill in)

Answer: iQuery

True or false? DNSSEC is a GTM add-on licensing feature.



Which three of the following must be done in order for GTM to properly communicate LTM?

A.Connect the GTM and LTM with a network crossover cable

B.Synchronize the big3d versions between GTM and LTM

C.Add the LTM object to the GTM configuration

D.Configure the GTM and LTM to we MAC masquerading

E.Ensure that GTM and LTM use the same floating IP address

F.Exchange SSL certificates between the two devices

……..object maps an FQDN to virtual servers. (Fill in)

Answer: Wide IP

A top-level DNS zone uses a CNAME record to point to a sub-zone. Which of the following is an example of a sub-zone?






The layer 3 security feature….. Cookies protects against SYN floods, DoS, and DDoS attacks. (Fill in)

Answer: contain / include

True or false? The least connections load balancing method functions best when all pool members share similar characteristics.



True or false, Customers can purchase LTM as a stand-alone product, or layer it with additional software modules to increase the functionality of the BIG-IP device



Which three of these software modules can you layer on top of LTM on a BIG-IP device?

A.Web Accelerator





F. Enterprise Manager

Which of the following is a benefit of using iRules?

A.They can be used as templates for creating new applications

B.They provide an automated way to create LTM objects

C.They can use Active Directory to authenticate and authorize users

D.They provide a secure connection between a client and LTM

E.They enable granular control of traffic

True or false, Using IP Geolocation, an organization can always direct a client request from France to a data center in Dublin.



GTM solves which three of these standard DNS limitations?

A.It can verify that a host is available before resolving a host name for a client

B.It can use HTTPS for the connection between itself and the client

C.It can ensure that clients remain at the same data center for stateful applications

D.It can verify that a client does not have any viruses before sending the IP address

E.It has more complex load balancing methods

Which two of these statements about OneConnect are true?

A.It decreases the CPU load on LTM

B.It aggregates multiple client connections into a single server connection

C.It decreases the amount of traffic between multiple clients and LTM

D.It requires SNAT to be configured

E.It decreases the CPU load on pool members

True or false? LTM can only load balance outbound traffic by using iRules



True or false? TCP Express is licensed separately from LTM



When using a routed configuration, the real server must point to the LTM as the…..

A.NTP Server

B.DNS Server

C.Virtual IP

D.WINS server

E.Default gateway

We are recommending F5 Networks Application Delivery Fundamentals Study Guide to our readers to read properly before the exam.

Authenticating a Local Traffic Manager (LTM) User through APM

Hope my article “Most Common F5 101 exam question and Answers” helps.

Kindly share your questions with me, I will add in this article.

Also Check Most Common Interview Questions on OSI model