301b : BIG-IP Local Traffic Manager (LTM) Specialist Maintain & Troubleshoot : Part 09

  1. A client is attempting to log in to a web application that requires authentication. The following HTTP headers are sent by the client:

    GET /owa/ HTTP/1.1
    Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
    User-Agent: curl/7.26.0
    Host: 10.0.0.14
    Accept: */*
    Accept-EncodinG. gzip,deflate

    The web server is responding with the following HTTP headers:

    HTTP/1.1 401 Unauthorized
    Content-TypE. text/html
    Server: Microsoft-IIS/7.5
    WWW-AuthenticatE. NTLM
    DatE. Wed, 16 Aug 1977 19:12:31 GMT
    Content-LengtH. 1293

    The client has checked the login credentials and believes the correct details are being entered.

    What is the reason the destination web server is sending an HTTP 401 response?

    • The username and password are incorrect.
    • The server has an incorrect date configured.
    • The client is using the wrong type of browser.
    • The wrong authentication mechanism is being used.
  2. An LTM Specialist needs to rewrite text within an HTML response from a web server. A client is sending the HTTP request below:

    GET / HTTP/1.1
    Host: www.f5.com
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-LanguagE. en-US,en;q=0.5
    Accept-EncodinG. gzip, deflate
    Cache-Control: no-cache
    Connection: keep-alive
    CookiE. somecookie=1

    Although a stream profile has been added to the virtual server, the content within the HTTP response is NOT being matched, and therefore NOT modified.

    Which HTTP header should the LTM Specialist remove from the request to ensure the content can be matched and modified?

    • Connection
    • Accept
    • Cache-Control
    • Accept-Encoding
  3. An LTM Specialist needs to rewrite text within an HTML response from a web server. A client is sending the following HTTP request:

    GET / HTTP/1.1
    Host: www.example.com
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-LanguagE. en-US,en;q=0.5
    Accept-EncodinG. gzip, deflate
    Cache-Control: no-cache
    Connection: keep-alive
    CookiE. somecookie=1

    HTTP/1.1 200 OK
    Server: Apache/2.2.15 (Unix)
    Last-ModifieD. Wed, 12 Aug 2009 00:00:30 GMT
    Accept-Ranges: bytes
    Content-LengtH. 1063
    X-Cnection: close
    Content-TypE. text/html; charset=UTF-8
    Vary: Accept-Encoding
    Content-EncodinG. gzip
    Connection: Keep-Alive

    Although a stream profile has been added to the virtual server, the content within the HTTP response is NOT being matched and therefore NOT modified.

    Which header field is contributing to the issue?

    • HTTP Method
    • Cookie content
    • User-Agent Value
    • Accept-Encoding header
  4. An LTM Specialist is troubleshooting an issue with a new virtual server. When connecting through the virtual server, clients receive the message “Unable to connect” in the browser, although connections directly to the pool member show the application is functioning correctly. The LTM device configuration is:

    ltm virtual /Common/vs_https {
    destination /Common/10.10.1.110:443
    ip-protocol udp
    mask 255.255.255.255
    pool /Common/pool_https
    profiles {
    /Common/udp { }
    }
    translate-address enabled
    translate-port enabled
    vlans-disabled
    }

    ltm pool /Common/pool_https {
    members {
    /Common/172.16.20.1:443 {
    address 172.16.20.1
    }
    }
    }

    What issue is the LTM Specialist experiencing?

    • The virtual server is disabled on all VLANs.
    • The pool member is marked down by a monitor.
    • The pool member is marked down administratively.
    • The virtual server is configured for the incorrect protocol.
  5. A web developer has created a custom HTTP call to a backend application. The HTTP headers being sent by the HTTP call are:

    GET / HTTP/1.1
    User-Agent: MyCustomApp (v1.0)
    Accept: text/html
    Cache-Control: no-cache
    Connection: keep-alive
    CookiE. somecookie=1

    The backend server is responding with the following:

    HTTP/1.1 400 Bad Request
    DatE. Wed, 20 Jul 2012 17:22:41 GMT
    Connection: close

    Why is the HTTP web server responding with a HTTP 400 Bad Request?

    • The client request does NOT include a Host header.
    • The User-Agent header contains an invalid character.
    • The web server is NOT expecting a keep-alive connection.
    • The web server is configured to accept HTTP 1.0 requests only.
  6. A web application is meant to log the URI of the resource that responded to the client’s initial Request-URI.

    Which HTTP header will supply this information?

    • Via
    • Server
    • Trailer
    • Referer
  7. A web application requires the client to provide the destination server and service identification.

    Which HTTP header will supply this information?

    • Host
    • From
    • Expect
    • Connection
  8. Which three HTTP headers allow an application server to determine the client’s language compatibility, browser, operating system type, and compression compatibility? (Choose three.)

    • Accept
    • Accept-Encoding
    • Accept-Language
    • Host
    • User-Agent
  9. A web application sends information about message integrity and content life time to the client.

    Which two HTTP headers should be used in sending the client information? (Choose two.)

    • ETag
    • Expect
    • Expires
    • Content-MD5
    • Content-Range
    • Content-Length
  10. An HTTP 1.1 application utilizes chunking.

    Which header should be used to notify the client’s browser that there are additional HTTP headers at the end of the message?

    • ETag
    • From
    • Trailer
    • Expect
  11. The end users of a web application need to verify that their browsers received the complete message-body from the web server.

    Which HTTP header will accomplish this?

    • Range
    • Expect
    • Accept-Ranges
    • Content-Length
  12. An LTM Specialist loads a UCS file generated on a different LTM device and receives the following error message:

    “mcpd[2395]: 01070608:0: License is not operational (expired or digital signature does not match contents)”

    Which command should the LTM Specialist use to prevent the error?

    • tmsh show /sys license
    • tmsh show /sys hardware
    • bigpipe config save /config.ucs
    • tmsh load /sys /ucs rma <path/to/UCS>
    • tmsh load /sys ucs <path/to/UCS> no-license
  13. An LTM device supports two power supplies. The value of the BigDB key “platform.powersupplymonitor” is equal to enable.

    Where would the error message be visible if one of the power supplies fails or is NOT plugged in?

    • visible only via the console
    • in the /var/log/ltm log file
    • in the /var/log/kern.log file
    • in the /var/log/tmm log file
  14. An LTM device has been configured to log the reasons for generating TCP RST packets.

    The following log entry occurs:

    “01230140:3: RST sent from 192.168.1.100:80 to 192.168.1.124:39272, [0x112d82a:1721] {peer} TCP RST from remote system.”

    Which condition will trigger this log entry?

    • A virtual server connection limit has been reached.
    • The host at the other end terminated the TCP connection.
    • The LTM device reset the connection because no pool members are available.
    • The LTM device has reached the maximum number of allowed attempts to send the data segment to the affected TCP connection.
  15. An LTM Specialist troubleshooting an issue looks at the following /var/log/ltm entries:

    Oct 2 04:52:42 slot1/tmm7 crit tmm7[21734]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)
    Oct 2 05:37:16 slot1/tmm7 crit tmm7[21734]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)
    Oct 2 05:57:32 slot1/tmm2 crit tmm2[21729]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)
    Oct 2 06:30:03 slot1/tmm7 crit tmm7[21734]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)
    Oct 2 06:37:44 slot1/tmm2 crit tmm2[21729]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)
    Oct 2 06:47:05 slot1/tmm5 crit tmm5[21732]: 01010201:2: Inet port exhaustion on 10.143.109.5 to 10.143.147.150:53 (proto 17)

    Which configuration item should the LTM Specialist review to fix the issue?

    • SNAT Pool
    • Pool Member
    • Port Lockdown
    • Virtual Server Port Translation
  16. An LTM Specialist wants to allow access to the Always On Management (AOM) from the network.

    Which two methods should the LTM Specialist use to configure the AOM interface? (Choose two.)

    • Configure the AOM IP from the front panel buttons and LCD.
    • Choose the network configurator in the AOM menu on the serial port.
    • Configure the AOM network address in the GUI under System>Platform.
    • Log in to the Host via ssh, “ssh aom”, and modify the network configuration file.
  17. These log entries can have different root causes:

    Jun 28 05:01:21 LTM_A notice mcpd[27545]: 0107143a:5: CMI reconnect timer: enabled
    Jun 28 05:01:21 LTM_A notice mcpd[27545]: 01071431:5: Attempting to connect to CMI peer 1.1.1.2 port 6699
    Jun 28 05:01:21 LTM_A notice mcpd[27545]: 01071432:5: CMI peer connection established to 1.1.1.2 port 6699
    Jun 28 05:01:26 LTM_A notice mcpd[27545]: 0107143a:5: CMI reconnect timer: disabled, all peers are connected

    Which two commands should be used to obtain additional information on these entries? (Choose two.)

    • tmsh show /sys mcpd
    • bigstart status mcpd
    • tmsh modify /sys db log.mcpd.level value debug
    • tmsh modify /sys db log.cmi.level value debug
  18. An LTM Specialist is troubleshooting a problem on an eCommerce website. The user browses the online store using port 80, adding items to the shopping cart. The user then clicks the “Checkout” button on the site, which redirects the user to port 443 for the checkout process. Suddenly, the user’s shopping cart is shown as empty. The shopping cart data is stored in memory on the server, and the default source address persistence profile is used on both virtual servers.

    How should the LTM Specialist resolve this issue?

    • Add an HTTP profile to both virtual servers.
    • Enable SNAT Automap on both virtual servers.
    • Create a custom persistence profile and enable “Map Proxies.”
    • Create a custom persistence profile and enable “Match Across Services.”
  19. An LTM Specialist is troubleshooting an HTTP monitor. The pool member is accessible directly through a browser, but the HTTP monitor is marking the pool member as down.

    GET / HTTP/1.1

    HTTP/1.1 400 Bad Request
    DatE. Tue, 23 Oct 2012 21:39:07 GTM
    Server: Apache/2.2.22 (FreeBSD) PHP/5.4.4
    mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2
    Content-LengtH. 226
    Connection: close
    Content-TypE. text/html; charset=iso-8859-1

    How should the LTM Specialist resolve this issue?

    • Add ‘200 OK’ to the monitor’s receive string.
    • Add ‘Connection: close\r\n’ to the monitor’s send string.
    • Change the interval on the monitor from 5 seconds to 30 seconds.
    • Change the HTTP version in the send string from HTTP/1.1 to HTTP/1.0.
  20. There are three servers in the pool: 172.16.20.1, 172.16.20.2, and 172.16.20.3, with the virtual IP address 10.0.20.88.

    A user CANNOT connect to an HTTP application. To understand the problem and find a solution, the LTM Specialist runs two concurrent traces on the LTM device, with the following results:

    Trace on client side:
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes
    22:22:07.423759 IP 172.16.20.100.53875 > 10.0.20.88.80: S 998346084:998346084(0) win 5840 <mss 1460,sackOK,timestamp 67942058 0,nop,wscale 4>
    22:22:07.424056 IP 10.0.20.88.80 > 172.16.20.100.53875: S 4671780:4671780(0) ack 998346085 win 4380 <mss 1460,nop,wscale 0,nop,nop,timestamp 2392362490 67942058,sackOK,eol>
    22:22:07.424776 IP 172.16.20.100.53875 > 10.0.20.88.80: . ack 1 win 365 <nop,nop,timestamp 67942058 2392362490>
    22:22:07.424790 IP 172.16.20.100.53875 > 10.0.20.88.80: P 1:149(148) ack 1 win 365 <nop,nop,timestamp 67942058 2392362490>
    22:22:07.424891 IP 10.0.20.88.80 > 172.16.20.100.53875: . ack 149 win 4528 <nop,nop,timestamp 2392362491 67942058>
    22:22:12.024850 IP 10.0.20.88.80 > 172.16.20.100.53875: R 1:1(0) ack 149 win 4528

    6 packets captured
    6 packets received by filter
    0 packets dropped by kernel

    Trace on server side:
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on internal, link-type EN10MB (Ethernet), capture size 96 bytes
    22:22:07.424881 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 <mss 1460,nop,wscale 0,nop,nop,timestamp 2392362491 0,sackOK,eol>
    22:22:08.424893 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 <mss 1460,nop,wscale 0,nop,nop,timestamp 2392363491 0,sackOK,eol>
    22:22:09.625082 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 <mss 1460,nop,wscale 0,nop,nop,timestamp 2392364691 0,sackOK,eol>
    22:22:10.825194 IP 172.16.20.100.53875 > 172.16.20.2.80: S 51116678:51116678(0) win 4380 <mss 1460,sackOK,eol>

    4 packets captured
    4 packets received by filter
    0 packets dropped by kernel

    What should the LTM Specialist do to solve the problem?

    • Edit the packet filter rules.
    • Modify the monitor of the pool.
    • Enable the virtual server.
    • Configure the virtual server to use SNAT.
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments