Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. F5
  3. F5CAB4

F5 F5CAB4 Exam (page: 1)
F5 BIG-IP Administration Control Plane Administration
Updated on: 19-Feb-2026

Viewing Page 1 of 8
F5CAB4 PDF 53 Questions

When looking at this BIG-IP prompt: root@virtual-bigip1] Peer Time Out of Sync

What does the message indicate? (Choose one answer)

  1. That one of the NTP sources has a skewed clock
  2. That the peer BIG-IP is unreachable for the device group
  3. That the local time is correct, but the remote time is incorrect
  4. That there was a time synchronization issue between the BIG-IP device and its peer

Answer(s): D

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

On BIG-IP systems that participate in a Device Service Cluster (DSC), each device compares the remote device's system time to its own system time. If the difference is outside the ConfigSync time threshold (commonly referenced as 3 seconds by default), BIG-IP updates the shell prompt to show "Peer Time Out of Sync", and ConfigSync operations may fail until time is corrected (typically by fixing NTP reachability/configuration, or in some cases adjusting the threshold). (cdn.studio.f5.com)

This message is specifically about time drift between peers in the trust domain/DSC--not basic reachability (so B is not what it means), and it does not prove which side is "correct" (so C is too specific). It also doesn't directly mean an NTP source is "skewed" (A can be a cause, but the prompt message itself indicates the peer-to-peer time mismatch condition). (cdn.studio.f5.com)



A BIG-IP administrator is troubleshooting inconsistent configuration objects on devices in a device group. The administrator uses the command:

tmsh run /cm watch-devicegroup-device and observes the following output:

devices <devgroup> device clu_id cl_orig cl_time last_sync

20:21 sync_test bigip_a 3273 bigip_a 14:27:00

20:21 sync_test bigip_b 1745 bigip_b 13:52:34 13:42:04

20:21 sync_test bigip_c 1745 bigip_a 13:52:34 13:42:04

What two conclusions can be made about this output? (Choose two answers)

  1. bigip_a has the latest configuration.
  2. Two of the devices in the device group have a configuration that is out of date.
  3. The config from bigip_c was synced to the other devices in the device group during the most recent ConfigSync.
  4. The correct configuration exists on bigip_b and bigip_c because their cluster times match.
  5. The correct configuration exists on bigip_a and bigip_c because their cluster times match.

Answer(s): A,B

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

watch-devicegroup-device shows (among other columns) the commit ID (cid.id / shown here as clu_id), the originating device for that commit (cid-orig / shown here as cl_orig), and the time the configuration change was made (cid.time / shown here as cl_time). The highest/newest commit ID and its time represent the most recent configuration change seen among the devices.
(clouddocs.f5.com)

bigip_a has the latest configuration (A) because it shows commit ID 3273 at 14:27:00, which is newer than commit ID 1745 at 13:52:34 on bigip_b and bigip_c. (clouddocs.f5.com)

Two devices are out of date (B) because bigip_b and bigip_c are still on the older commit ID 1745, so they do not match the latest commit shown on bigip_a. (clouddocs.f5.com)

Why the other options are not supported by this output:

C is not supported: bigip_c is not showing a newer commit than the others; it's on the older commit (1745), so it's not the source of the most recent change. The output's cid-orig column is what tells you where the change was made. (clouddocs.f5.com)

D/E are incorrect logic: matching cid.time between two devices only indicates they share the same change timestamp/commit, not that it is the correct or latest configuration. The "latest" is indicated by the newest commit ID/time (here, bigip_a). (clouddocs.f5.com)



Users are unable to reach an application. The BIG-IP Administrator checks the Configuration Utility and observes that the Virtual Server has a red diamond in front of the status.

What is causing this issue? (Choose one answer)

  1. The Virtual Server is receiving HTTPS traffic over an HTTP virtual
  2. All pool members are down
  3. All pool members have been disabled
  4. The Virtual Server is disabled

Answer(s): D

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

In the BIG-IP Configuration Utility, status icons provide immediate health information. A red diamond specifically indicates that the object itself is administratively disabled.
When a virtual server is disabled, BIG-IP will not accept or process traffic for that virtual server, regardless of pool or node state.

If all pool members were down, the virtual server would typically show a yellow triangle (available but no resources).

If all pool members were disabled, the virtual server would usually still be enabled but unavailable due to pool status, not shown as a red diamond.

Protocol mismatch (HTTPS sent to HTTP) does not change the administrative status icon of the virtual server.

Therefore, the red diamond clearly indicates the virtual server is disabled, making D the correct answer.



What are the recommended methods for forcing a BIG-IP system to standby mode? (Choose two answers)

  1. Active BIG-IP: CLI > tmsh run /sys failover device standby
  2. Active BIG-IP: Configuration Utility > Device Management > Devices > Local Device (Self) > Force to
    Standby
  3. Active BIG-IP: Configuration Utility > Device Management > Traffic Groups > Local Device (Self) > Force to Standby
  4. Active BIG-IP: CLI > tmsh run /sys failover standby

Answer(s): A,B

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

BIG-IP provides two supported and documented methods to manually force a device into standby state in a high-availability (HA) configuration:

CLI method (A):

tmsh run /sys failover device standby

This is the correct and supported TMSH command to force the local device to transition from active to standby.

Configuration Utility method (B):

Navigating to Device Management > Devices > Local Device (Self) and selecting Force to Standby performs the same operation through the GUI and is fully supported.

Why the other options are incorrect:

C is incorrect: Traffic Groups do not provide a "Force to Standby" option for the local device; traffic groups are used to manage which device owns specific traffic, not to force device-level failover.

D is incorrect: tmsh run /sys failover standby is not a valid TMSH command. The correct syntax requires device standby.

Thus, the correct answers are A and B.



Which method is recommended for creating a new user from the CLI? (Choose one answer)

  1. Run tmsh create auth user username prompt-for-password from bash
  2. Edit bigip.conf to add the new user and the user's clear-text password
  3. Run f5adduser 'username' then f5passwd username from bash or tmsh
  4. Run useradd 'username' then passwd username from bash or tmsh

Answer(s): A

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

The recommended and supported method for creating BIG-IP users from the CLI is through TMSH, using the authentication subsystem.

tmsh create auth user <username> prompt-for-password:

Properly creates the user within BIG-IP's AAA/authentication framework

Encrypts the password securely

Ensures the user is stored and managed correctly in the BIG-IP configuration database

Is fully supported and documented

Why the other options are incorrect:

B is unsafe and unsupported because editing bigip.conf directly and storing clear-text passwords violates security and configuration management best practices.

C (f5adduser / f5passwd) is deprecated and not recommended for modern BIG-IP versions.

D creates a Linux system user only, not a BIG-IP administrative user, and will not allow access to the Configuration Utility or TMSH roles.



A BIG-IP Administrator needs to determine who changed a Virtual Server configuration.

In which log file would the BIG-IP Administrator find this data? (Choose one answer)

  1. /var/log/audit
  2. /var/log/secure
  3. /var/log/ltm

Answer(s): A

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

The audit log (/var/log/audit) records configuration changes made on the BIG-IP system, including:

Who made the change (user account)

What was changed (for example, a virtual server modification)

When the change occurred

How it was performed (GUI, TMSH, or API)

Why the other options are incorrect:

/var/log/secure logs authentication events such as login successes and failures, not configuration changes.

/var/log/ltm logs traffic-management and runtime LTM events, not administrative configuration modifications.

Therefore, the correct log file for tracking who changed a virtual server is /var/log/audit.



What is the tmsh command to list the IP ranges that can access the management interface via SSH? (Choose one answer)

  1. tmsh show /sys sshd allow
  2. tmsh list /sys sshd allow
  3. tmsh show /sys sshd /etc/hosts.allow
  4. tmsh list /sys sshd /etc/hosts.allow

Answer(s): B

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

On BIG-IP systems, SSH access restrictions are configured under the /sys sshd object. The allow property defines the IP addresses or networks permitted to connect to the management interface using SSH.

The list command is used to display the current configuration settings.

Therefore, tmsh list /sys sshd allow correctly displays the configured allowed IP ranges.

Why the other options are incorrect:

A (show) displays runtime or statistical information, not configuration values.

C and D incorrectly reference /etc/hosts.allow; BIG-IP manages SSH access through TMSH objects, not by directly listing host files in this context.



The BIG-IP Administrator runs the command:

netstat -an | grep 443

and sees the following output:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN

What does this output indicate about the service on port 443? (Choose one answer)

  1. The service is actively listening only on the loopback interface.
  2. The service is actively listening on all interfaces for HTTPS traffic.
  3. The service indicates no connections to the LISTEN port.
  4. The service is in a standby state and unable to accept connections.

Answer(s): B

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

In netstat output:

0.0.0.0:443 means the service is bound to all available IPv4 interfaces on the system.

LISTEN indicates the service is actively waiting for incoming connection requests.

Therefore, this output confirms that a service (commonly HTTPS/443, such as the BIG-IP Configuration Utility or an application listener) is actively listening on all interfaces, making B the correct answer.

Why the other options are incorrect:

A would show 127.0.0.1:443 if it were loopback-only.

C is incorrect because LISTEN explicitly indicates readiness to accept connections.

D is unrelated; standby state does not affect socket binding shown by netstat.

Hence, the correct answer is B.



Viewing Page 1 of 8



Share your comments for F5 F5CAB4 exam with other users:

Blessious Phiri 8/13/2023 8:37:00 AM

making progress
Anonymous


Nabla 9/17/2023 10:20:00 AM

q31 answer should be d i think
FRANCE


vladputin 7/20/2023 5:00:00 AM

is this real?
UNITED STATES


Nick W 9/29/2023 7:32:00 AM

q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it
Anonymous


Naveed 8/28/2023 2:48:00 AM

good questions with simple explanation
UNITED STATES


cert 9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
Anonymous


Yves 8/29/2023 8:46:00 PM

very inciting
Anonymous


Miguel 10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;
SPAIN


Byset 9/25/2023 12:49:00 AM

it look like real one
Anonymous


Debabrata Das 8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps
Anonymous


nITA KALE 8/22/2023 1:57:00 AM

i need dumps
Anonymous


CV 9/9/2023 1:54:00 PM

its time to comptia sec+
GREECE


SkepticReader 8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).
UNITED STATES


Nabin 10/16/2023 4:58:00 AM

helpful content
MALAYSIA


Blessious Phiri 8/15/2023 3:19:00 PM

oracle 19c is complex db
Anonymous


Sreenivas 10/24/2023 12:59:00 AM

helpful for practice
Anonymous


Liz 9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.
UNITED STATES


Namrata 7/15/2023 2:22:00 AM

helpful questions
Anonymous


lipsa 11/8/2023 12:54:00 PM

thanks for question
Anonymous


Eli 6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.
EUROPEAN UNION


open2exam 10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?
Anonymous


Gerald 9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam
UNITED STATES


ryo 9/10/2023 2:27:00 PM

very helpful
MEXICO


Jamshed 6/20/2023 4:32:00 AM

i need this exam
PAKISTAN


Roberto Capra 6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?
Anonymous


Synt 5/23/2023 9:33:00 PM

need to view
UNITED STATES


Vey 5/27/2023 12:06:00 AM

highly appreciate for your sharing.
CAMBODIA


Tshepang 8/18/2023 4:41:00 AM

kindly share this dump. thank you
Anonymous


Jay 9/26/2023 8:00:00 AM

link plz for download
UNITED STATES


Leo 10/30/2023 1:11:00 PM

data quality oecd
Anonymous


Blessious Phiri 8/13/2023 9:35:00 AM

rman is one good recovery technology
Anonymous


DiligentSam 9/30/2023 10:26:00 AM

need it thx
Anonymous


Vani 8/10/2023 8:11:00 PM

good questions
NEW ZEALAND


Fares 9/11/2023 5:00:00 AM

good one nice revision
Anonymous