Free Practice Questions for F5 F5CAB1 Exam

The HTTPD allow list controls which IP addresses or subnets may access the Configuration Utility (TMUI) on the BIG-IP system. The Administrator already has two subnets allowed and needs to add a single host IP to the existing list.

The object /sys httpd allow supports actions such as add , delete , and replace-all-with .

Because the goal is to add one more entry without removing the existing permitted subnets, the correct command is:

modify /sys httpd allow add { 172.28.32.22 }

This appends the new host to the existing list while preserving the previously configured networks.

Why the other options are incorrect:

Option A (replace-all-with) would overwrite the entire allow list, removing existing permitted subnets—unacceptable.

Option B (delete) would remove the existing networks and not add the required host.

Therefore, the correct administrative action is to add the jump host’s IP.

The BIG-IP management interface (MGMT port) is controlled through System settings , not through the Network menu.

SSH access on the management interface is configured here:

System → Configuration → Device → General → SSH Access / SSH IP Allow

This section allows the administrator to:

Enable or disable SSH service

Restrict SSH access to specific IP addresses or subnets

Apply security policies to the management interface

Why the other options are incorrect:

A. Network > Interfaces

Used for data-plane physical interface settings, not management plane SSH restrictions.

B. Network > Self IPs

Controls in-band management or data-plane access, not the dedicated management port.

D. System > Platform

Used for hostname, time zone, LCD contrast, hardware settings — not SSH security on the management port.

Therefore, restricting SSH access to the management interface must be done under:

✔ System → Configuration → Device → General

Which corresponds to Option C .

BIG-IP provisioning determines how CPU, memory, and disk resources are allocated to each module. The goal is to provision only the modules required and at levels appropriate to their performance needs.

Requirements in the question

The device will be used for:

LTM (Local Traffic Manager) → load balancing

ASM (Application Security Manager) → WAF

No functions require:

APM (Access Policy Manager)

AFM (Advanced Firewall Manager)

Why Option C is correct

Provisioning both LTM and ASM at Nominal level provides:

Adequate performance for production load

Plentiful system resources while avoiding dedicating the entire system to a single module

Balanced allocation without starving memory or CPU

Setting APM: None and AFM: None ensures unused modules consume zero resources.

Why the other options are incorrect

A. Dedicated provisioning for both LTM and ASM

Two modules cannot both run in “Dedicated” mode.

Dedicated mode allocates all resources to a single module — the second module cannot be dedicated simultaneously.

B. LTM and ASM both Dedicated

Same issue: only one module can be Dedicated at a time.

Also unnecessary for load balancing + WAF.

D. Setting APM and AFM to Minimal

Minimal still consumes memory and CPU.

Unused modules should be set to None .

Therefore, Option C is the best provisioning strategy.

BIG-IP hardware platforms use chassis LEDs to indicate system health states.

A solid yellow status LED typically indicates a warning condition , such as:

A non-critical hardware alert

A temperature threshold nearing limit

A minor fan or sensor irregularity

Other non-fatal environmental or system conditions

This state reflects a warning-level alarm , meaning the unit is operational but requires investigation.

Why the other options are incorrect

A. Halted or EUD mode

This is associated with different LED patterns (usually flashing conditions or specific color codes), not a solid yellow status LED.

B. Standby in device group

HA state is not indicated by the chassis status LED.

Standby status is a logical device state, not a hardware LED state.

D. Power supply failure

Power supply indicators use separate LEDs located on each power module (usually flashing amber/red), not the system status LED.

Thus, a solid yellow status indicator signifies a warning-level alarm .