Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. F5
  3. F5CAB1

F5 F5CAB1 Exam (page: 1)
F5 BIG-IP Administration Install, Initial Configuration, and Upgrade
Updated on: 12-Jan-2026

Viewing Page 1 of 7
F5CAB1 PDF 42 Questions

A BIG-IP Administrator plans to upgrade a BIG-IP device to the latest TMOS version.

Which two tools could the administrator leverage to verify known issues for the target versions? (Choose two.)

  1. F5 End User Diagnostics (EUD)
  2. F5 iHealth
  3. F5 University
  4. F5 Bug Tracker
  5. F5 Downloads

Answer(s): B,D

Explanation:

Comprehensive and Detailed Explanation (Paraphrased from F5 BIG-IP Administration Install, Initial Configuration, and Upgrade concepts)

When performing a TMOS upgrade, F5 recommends validating the target software version to ensure that the release does not contain defects that may impact system behavior. The upgrade preparation process includes checking for known issues, validating compatibility, and reviewing advisory information for the intended version. Two primary F5 tools serve this purpose:

B . F5 iHealth iHealth is a cloud-based diagnostic and analysis platform used to evaluate the operational state of a BIG-IP system.

Administrators upload a QKView file to iHealth to receive an automated assessment of the system.
As part of upgrade planning, iHealth provides:

Version-specific issue analysis, comparing the system's configuration and hardware against F5's internal catalog of published issues.

Upgrade advisories, identifying potential risks such as deprecated features, module compatibility concerns, or changes in behavior between TMOS versions.

Checks against known defects, allowing administrators to determine whether the target TMOS version contains issues relevant to their deployment.

This aligns with F5's recommended upgrade workflow, where iHealth is used before upgrading to confirm system readiness and detect software-level concerns.

D . F5 Bug Tracker

The Bug Tracker is F5's dedicated interface for reviewing software defects across TMOS releases.

It enables administrators to:

Search for known bugs by TMOS version, module, severity, or defect ID.

Review the status of defects (open, resolved, fixed in later releases).

Identify whether high-impact or security-related issues are associated with the target upgrade version.

F5 documentation emphasizes reviewing known defects prior to installation of new software images, making the Bug Tracker a critical resource for upgrade validation.

Why the other options are not correct

A . F5 End User Diagnostics (EUD)

EUD is used exclusively for hardware diagnostics (ports, memory, fans). It does not provide software-

related issue verification and is not used for upgrade planning.

C . F5 University

This is a training platform, not an operational tool. It does not provide defect listings or upgrade- specific warnings.

E . F5 Downloads

Although it provides access to software images and release notes, it is not a tool for identifying known bugs. Release notes summarize general fixes and features, but systematic bug verification requires iHealth or the Bug Tracker.



When using the tmsh shell of a BIG-IP system, which command will display the management-ip address?

  1. run /util bash ifconfig mgmt
  2. list /sys management-ip
  3. show /sys management-ip

Answer(s): B

Explanation:

Comprehensive and Detailed Explanation (Paraphrased from F5 BIG-IP Administration / Installation / Initial Configuration concepts)

Within the BIG-IP Traffic Management Shell (tmsh), system configuration objects--including the management IP--are organized under the /sys hierarchy. The management IP address is a configurable property stored in the system configuration and can be viewed using the tmsh list command, which displays configuration objects and their currently assigned values.

Why "list /sys management-ip" is correct

The list command in tmsh is used to display configured system values, not runtime statistics.

The object that holds the management IP settings on BIG-IP systems is located at:

/sys management-ip

Running the command:

list /sys management-ip will reveal the settings for the management IP interface, including the address, netmask, and any associated attributes.

This is the standard method used during system setup and verification to confirm the management IP configuration.

This behavior aligns with BIG-IP administration procedures, where configuration information is retrieved using list, while operational data is retrieved using show.

Why the other options are incorrect

A . run /util bash ifconfig mgmt

This command enters the Bash shell, then runs ifconfig to display the management interface.

While this can show the management interface address, it is not a tmsh-native command, and the question specifically asks for a tmsh command.

Administrators use tmsh directly for configuration display rather than leaving the shell.

C . show /sys management-ip

The show command displays statistics or operational data, not configuration values.

The management-ip object does not maintain statistics; therefore show does not return the configuration details required.

Only the list command reveals stored configuration data such as IP address and netmask.



The BIG-IP Administrator received a ticket that an authorized user is attempting to connect to the Configuration Utility from a jump host and is being denied.

The HTTPD allow list is configured as:

sys httpd {

allow { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }

}

The jump host IP is 172.28.32.22.

What command should the BIG-IP Administrator use to allow HTTPD access for this jump host?

  1. modify /sys httpd allow replace-all-with { 172.28.32.22 }
  2. modify /sys httpd allow delete { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }
  3. modify /sys httpd allow add { 172.28.32.22 }

Answer(s): C

Explanation:

The HTTPD allow list controls which IP addresses or subnets may access the Configuration Utility (TMUI) on the BIG-IP system. The Administrator already has two subnets allowed and needs to add a single host IP to the existing list.

The object /sys httpd allow supports actions such as add, delete, and replace-all-with.

Because the goal is to add one more entry without removing the existing permitted subnets, the correct command is:

modify /sys httpd allow add { 172.28.32.22 }

This appends the new host to the existing list while preserving the previously configured networks.

Why the other options are incorrect:

Option A (replace-all-with) would overwrite the entire allow list, removing existing permitted subnets--unacceptable.

Option B (delete) would remove the existing networks and not add the required host.

Therefore, the correct administrative action is to add the jump host's IP.



The Configuration Utility of a BIG-IP device is currently accessible via its management IP 10.53.1.245 from all VLANs.

The BIG-IP Administrator needs to restrict access so only hosts from the 10.0.0.0/24 subnet can access the Configuration Utility.

Which TMSH command accomplishes this?

  1. (tmos)# create /net acl MGMT.HTTP rule add { (permit tcp 10.0.0.0 0.0.0.255 host 10.53.1.245 http) }
  2. (tmos)# modify /ltm httpd allow replace-all-with {10.0.0.0/24}
  3. (tmos)# create /net acl MGMT.HTTP rule add { (permit tcp 10.0.0.0/24 10.53.1.245 http) (deny ip any any http) }
  4. (tmos)# modify /sys httpd allow replace-all-with {10.0.0.0/24}

Answer(s): D

Explanation:

BIG-IP controls access to the web-based Configuration Utility (TMUI) through the /sys httpd allow list. This parameter specifies which client IPs or subnets may initiate HTTP/HTTPS connections to the management interface.

To restrict TMUI access to only the 10.0.0.0/24 subnet:

The correct method is to modify the HTTPD allow list so that it contains only this subnet.

This requires replacing the entire current list with the new subnet using:

modify /sys httpd allow replace-all-with {10.0.0.0/24}

This ensures that only clients within 10.0.0.0/24 can reach the Configuration Utility.

Why the other options are incorrect:

Options A and C create network ACL objects under /net acl, which apply to data-plane traffic, not management-plane TMUI access. TMUI access is not controlled by LTM ACLs but by the HTTPD allow directive.

Option B is incorrect syntax and references /ltm httpd, which is not the proper object; the correct hierarchy is /sys httpd.

Thus, only modifying the /sys httpd allow list achieves the required restriction.



modification]

An organization is planning to upgrade a BIG-IP system from 16.1.x to 17.1.x.

For a successful upgrade, the Service Check Date must be equal to or newer than the License Check Date required for 17.1.x.

Which command will show the Service Check Date on the BIG-IP system being upgraded?

  1. grep "Service check date" /config/bigip.license
  2. grep "Service check date" /config/bigip.conf
  3. grep "Service check date" /config/svc_chk_date.dat
  4. grep "Service check date" /config/BigDB.dat

Answer(s): A

Explanation:

BIG-IP licensing information, including the Service Check Date, is stored in the file:

/config/bigip.license

This file contains all license attributes downloaded from the F5 licensing server, including:

License key

Licensed modules

Useful life date

Service check date

The Service Check Date determines whether the system is eligible for upgrades to specific TMOS versions.
When reviewing upgrade readiness, administrators extract this value directly from the license file with:

grep "Service check date" /config/bigip.license

Why the other options are incorrect:

/config/bigip.conf stores BIG-IP configuration objects, not license metadata.

/config/svc_chk_date.dat is not a valid file in the licensing system; it does not contain license parameters.

/config/BigDB.dat stores internal database values, not licensing attributes.

Thus, only the bigip.license file contains the correct licensing information required for verifying upgrade eligibility.



An F5 VE has been deployed into a VMware environment via an OVF file.

An administrator wants to configure the management IP address so the VE can be accessed for further setup.

Which two are valid methods for configuring the management-ip address? (Choose two.)

  1. Log into the remote console and configure the management IP by running the config executable.
  2. Log into the remote console and configure the management IP through TMSH using:
    create sys management-ip <ip address>/<mask>
  3. Log into the remote console and configure the management IP through TMSH using:
    create ltm management-ip <ip address>/<mask>
  4. Log into the remote console and configure the management IP by running the setup command.

Answer(s): A,B

Explanation:

A newly deployed BIG-IP Virtual Edition (VE) in VMware requires initial configuration of its management-ip address so it can be accessed over the network. F5 provides several valid mechanisms during initial console access:

A . Running the config utility

The config script is available on new BIG-IP installations and VE deployments.

It launches a guided text-based wizard allowing configuration of:

Management IP

Netmask

Default route

This is a standard and recommended method during first-time setup.

B . Using TMSH with create sys management-ip

Administrators can enter TMSH directly from the console and run:

create sys management-ip <ip>/<mask>

The management-ip object resides under sys, not under ltm or any other module.

This is the correct tmsh method for defining the management interface address.

Why the other options are incorrect:

C . create ltm management-ip

There is no such object under /ltm.

LTM handles traffic objects (virtual servers, pools), not system management interfaces.

D . Running the setup command

The setup command is used for general system configuration but does not configure the management-ip.

It is not the supported method for initial management IP assignment on VE deployments.

Therefore, the valid methods are running the config utility and using the sys management-ip command within TMSH.



The BIG-IP Administrator needs to update access to the Configuration Utility to include the 172.28.31.0/24 and 172.28.65.0/24 networks.

From the TMOS Shell (tmsh), which command should the BIG-IP Administrator use to complete this task?

  1. modify /sys httpd allow add { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }
  2. modify /sys httpd allow add { 172.28.31.0 172.28.65.0 }
  3. modify /sys httpd permit add { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }

Answer(s): A

Explanation:

Access to the BIG-IP Configuration Utility (TMUI) is controlled through the /sys httpd allow list.

This list defines which IP addresses or subnets are allowed to connect to the management web interface.

To allow two new subnets--172.28.31.0/24 and 172.28.65.0/24--the administrator must add both subnets to the existing list without removing current entries.

In tmsh, subnet entries must be specified in network/netmask format, for example:

172.28.31.0/255.255.255.0

The correct tmsh command to append these networks is:

modify /sys httpd allow add { 172.28.31.0/255.255.255.0 172.28.65.0/255.255.255.0 }

Why the other options are incorrect:

Option B:

IPs are listed without masks, which is invalid for subnet-based access control.

The system requires network/netmask format.

Option C:

The command uses permit instead of allow, which is not a valid attribute of /sys httpd.

The correct keyword must be allow.

Thus, only Option A correctly adds both permitted subnets in the proper tmsh format.



A BIG-IP Administrator is responsible for deploying a new software image on an F5 BIG-IP HA pair and has scheduled a one-hour maintenance window.

With a focus on minimizing service disruption, which of the following strategies is the most appropriate?

  1. Update the active node first, reboot to the newly updated boot location and verify functionality, then push the update from the active to the standby node and reboot the standby node.
  2. Reset the Device Trust, apply the update to each node separately, reboot both nodes, then re- establish the Device Trust.
  3. Update the standby node first and reboot it to the newly updated boot location, failover to the newly updated node and verify functionality. Repeat the upgrade procedures on the next node, which is now in standby mode.
  4. Update both nodes in the HA pair, then reboot both nodes simultaneously to ensure they run the same software version.

Answer(s): C

Explanation:

For BIG-IP high-availability (HA) pairs, F5's recommended upgrade workflow prioritizes service continuity, predictable failover, and minimal downtime. The established best-practice sequence is:

Upgrade the standby unit first

Because the standby device is not passing traffic, upgrading and rebooting it does not impact production.

Boot the standby unit into the newly installed version

Once online, the administrator verifies basic health, device sync status, cluster communication, and module functionality.

Perform a controlled failover to the upgraded unit

Traffic shifts to the newly upgraded device, allowing validation of the configuration and operational behavior under real traffic loads.

Upgrade the second device (now standby)

The previously active device becomes standby after failover, allowing it to be safely upgraded and rebooted without interruption.

This phased approach ensures only one device is unavailable at a time, allowing continuous traffic flow throughout the upgrade process.

Why the Correct Answer is C

Option C exactly matches F5's documented production-safe upgrade method:

Upgrade the standby node first

Reboot into new image

Failover to upgraded device

Validate

Upgrade the remaining (now-standby) device

This procedure minimizes risk and traffic disruption.

Why the other options are incorrect:

A . Upgrade the active node first

Upgrading the active device requires removing it from service and failing over abruptly. This is not recommended and increases service disruption risk.

B . Resetting device trust

Resetting trust is unnecessary and can disrupt configuration sync, peer communication, and cluster operation. It is not part of any standard upgrade workflow.

D . Upgrading and rebooting both nodes simultaneously

This would cause total outage, because both HA members would be unavailable at the same time.



Viewing Page 1 of 7



Share your comments for F5 F5CAB1 exam with other users:

Aloke Paul 9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...
CHINA


Calbert Francis 1/15/2024 8:19:00 PM

great exam for people taking 220-1101
UNITED STATES


Ayushi Baria 11/7/2023 7:44:00 AM

this is very helpfull for me
Anonymous


alma 8/25/2023 1:20:00 PM

just started preparing for the exam
UNITED KINGDOM


CW 7/10/2023 6:46:00 PM

these are the type of questions i need.
UNITED STATES


Nobody 8/30/2023 9:54:00 PM

does this actually work? are they the exam questions and answers word for word?
Anonymous


Salah 7/23/2023 9:46:00 AM

thanks for providing these questions
Anonymous


Ritu 9/15/2023 5:55:00 AM

interesting
CANADA


Ron 5/30/2023 8:33:00 AM

these dumps are pretty good.
Anonymous


Sowl 8/10/2023 6:22:00 PM

good questions
UNITED STATES


Blessious Phiri 8/15/2023 2:02:00 PM

dbua is used for upgrading oracle database
Anonymous


Richard 10/24/2023 6:12:00 AM

i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.
Anonymous


Janjua 5/22/2023 3:31:00 PM

please upload latest ibm ace c1000-056 dumps
GERMANY


Matt 12/30/2023 11:18:00 AM

if only explanations were provided...
FRANCE


Rasha 6/29/2023 8:23:00 PM

yes .. i need the dump if you can help me
Anonymous


Anonymous 7/25/2023 8:05:00 AM

good morning, could you please upload this exam again?
SPAIN


AJ 9/24/2023 9:32:00 AM

hi please upload sre foundation and practitioner exam questions
Anonymous


peter parker 8/10/2023 10:59:00 AM

the exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?
Anonymous


Berihun 7/13/2023 7:29:00 AM

all questions are so important and covers all ccna modules
Anonymous


nspk 1/19/2024 12:53:00 AM

q 44. ans:- b (goto setup > order settings > select enable optional price books for orders) reference link --> https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/sfom_impl_b2b_b2b2c.pdf(decide whether you want to enable the optional price books feature. if so, select enable optional price books for orders. you can use orders in salesforce while managing price books in an external platform. if you’re using d2c commerce, you must select enable optional price books for orders.)
Anonymous


Muhammad Rawish Siddiqui 12/2/2023 5:28:00 AM

"cost of replacing data if it were lost" is also correct.
SAUDI ARABIA


Anonymous 7/14/2023 3:17:00 AM

pls upload the questions
UNITED STATES


Mukesh 7/10/2023 4:14:00 PM

good questions
UNITED KINGDOM


Elie Abou Chrouch 12/11/2023 3:38:00 AM

question 182 - correct answer is d. ethernet frame length is 64 - 1518b. length of user data containing is that frame: 46 - 1500b.
Anonymous


Damien 9/23/2023 8:37:00 AM

i need this exam pls
Anonymous


Nani 9/10/2023 12:02:00 PM

its required for me, please make it enable to access. thanks
UNITED STATES


ethiopia 8/2/2023 2:18:00 AM

seems good..
ETHIOPIA


whoAreWeReally 12/19/2023 8:29:00 PM

took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
EUROPEAN UNION


vs 9/2/2023 12:19:00 PM

no comments
Anonymous


john adenu 11/14/2023 11:02:00 AM

nice questions bring out the best in you.
Anonymous


Osman 11/21/2023 2:27:00 PM

really helpful
Anonymous


Edward 9/13/2023 5:27:00 PM

question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
CANADA


Monti 5/24/2023 11:14:00 PM

iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
UNITED STATES


Anon 10/25/2023 10:48:00 PM

some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?
MALAYSIA