Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. F5
  3. F5CAB4

F5 F5CAB4 Exam (page: 1)
F5 BIG-IP Administration Control Plane Administration
Updated on: 06-Apr-2026

Viewing Page 1 of 8
F5CAB4 PDF 53 Questions

When looking at this BIG-IP prompt: root@virtual-bigip1] Peer Time Out of Sync

What does the message indicate? (Choose one answer)

  1. That one of the NTP sources has a skewed clock
  2. That the peer BIG-IP is unreachable for the device group
  3. That the local time is correct, but the remote time is incorrect
  4. That there was a time synchronization issue between the BIG-IP device and its peer

Answer(s): D

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

On BIG-IP systems that participate in a Device Service Cluster (DSC), each device compares the remote device's system time to its own system time. If the difference is outside the ConfigSync time threshold (commonly referenced as 3 seconds by default), BIG-IP updates the shell prompt to show "Peer Time Out of Sync", and ConfigSync operations may fail until time is corrected (typically by fixing NTP reachability/configuration, or in some cases adjusting the threshold). (cdn.studio.f5.com)

This message is specifically about time drift between peers in the trust domain/DSC--not basic reachability (so B is not what it means), and it does not prove which side is "correct" (so C is too specific). It also doesn't directly mean an NTP source is "skewed" (A can be a cause, but the prompt message itself indicates the peer-to-peer time mismatch condition). (cdn.studio.f5.com)



A BIG-IP administrator is troubleshooting inconsistent configuration objects on devices in a device group. The administrator uses the command:

tmsh run /cm watch-devicegroup-device and observes the following output:

devices <devgroup> device clu_id cl_orig cl_time last_sync

20:21 sync_test bigip_a 3273 bigip_a 14:27:00

20:21 sync_test bigip_b 1745 bigip_b 13:52:34 13:42:04

20:21 sync_test bigip_c 1745 bigip_a 13:52:34 13:42:04

What two conclusions can be made about this output? (Choose two answers)

  1. bigip_a has the latest configuration.
  2. Two of the devices in the device group have a configuration that is out of date.
  3. The config from bigip_c was synced to the other devices in the device group during the most recent ConfigSync.
  4. The correct configuration exists on bigip_b and bigip_c because their cluster times match.
  5. The correct configuration exists on bigip_a and bigip_c because their cluster times match.

Answer(s): A,B

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

watch-devicegroup-device shows (among other columns) the commit ID (cid.id / shown here as clu_id), the originating device for that commit (cid-orig / shown here as cl_orig), and the time the configuration change was made (cid.time / shown here as cl_time). The highest/newest commit ID and its time represent the most recent configuration change seen among the devices.
(clouddocs.f5.com)

bigip_a has the latest configuration (A) because it shows commit ID 3273 at 14:27:00, which is newer than commit ID 1745 at 13:52:34 on bigip_b and bigip_c. (clouddocs.f5.com)

Two devices are out of date (B) because bigip_b and bigip_c are still on the older commit ID 1745, so they do not match the latest commit shown on bigip_a. (clouddocs.f5.com)

Why the other options are not supported by this output:

C is not supported: bigip_c is not showing a newer commit than the others; it's on the older commit (1745), so it's not the source of the most recent change. The output's cid-orig column is what tells you where the change was made. (clouddocs.f5.com)

D/E are incorrect logic: matching cid.time between two devices only indicates they share the same change timestamp/commit, not that it is the correct or latest configuration. The "latest" is indicated by the newest commit ID/time (here, bigip_a). (clouddocs.f5.com)



Users are unable to reach an application. The BIG-IP Administrator checks the Configuration Utility and observes that the Virtual Server has a red diamond in front of the status.

What is causing this issue? (Choose one answer)

  1. The Virtual Server is receiving HTTPS traffic over an HTTP virtual
  2. All pool members are down
  3. All pool members have been disabled
  4. The Virtual Server is disabled

Answer(s): D

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

In the BIG-IP Configuration Utility, status icons provide immediate health information. A red diamond specifically indicates that the object itself is administratively disabled.
When a virtual server is disabled, BIG-IP will not accept or process traffic for that virtual server, regardless of pool or node state.

If all pool members were down, the virtual server would typically show a yellow triangle (available but no resources).

If all pool members were disabled, the virtual server would usually still be enabled but unavailable due to pool status, not shown as a red diamond.

Protocol mismatch (HTTPS sent to HTTP) does not change the administrative status icon of the virtual server.

Therefore, the red diamond clearly indicates the virtual server is disabled, making D the correct answer.



What are the recommended methods for forcing a BIG-IP system to standby mode? (Choose two answers)

  1. Active BIG-IP: CLI > tmsh run /sys failover device standby
  2. Active BIG-IP: Configuration Utility > Device Management > Devices > Local Device (Self) > Force to
    Standby
  3. Active BIG-IP: Configuration Utility > Device Management > Traffic Groups > Local Device (Self) > Force to Standby
  4. Active BIG-IP: CLI > tmsh run /sys failover standby

Answer(s): A,B

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

BIG-IP provides two supported and documented methods to manually force a device into standby state in a high-availability (HA) configuration:

CLI method (A):

tmsh run /sys failover device standby

This is the correct and supported TMSH command to force the local device to transition from active to standby.

Configuration Utility method (B):

Navigating to Device Management > Devices > Local Device (Self) and selecting Force to Standby performs the same operation through the GUI and is fully supported.

Why the other options are incorrect:

C is incorrect: Traffic Groups do not provide a "Force to Standby" option for the local device; traffic groups are used to manage which device owns specific traffic, not to force device-level failover.

D is incorrect: tmsh run /sys failover standby is not a valid TMSH command. The correct syntax requires device standby.

Thus, the correct answers are A and B.



Which method is recommended for creating a new user from the CLI? (Choose one answer)

  1. Run tmsh create auth user username prompt-for-password from bash
  2. Edit bigip.conf to add the new user and the user's clear-text password
  3. Run f5adduser 'username' then f5passwd username from bash or tmsh
  4. Run useradd 'username' then passwd username from bash or tmsh

Answer(s): A

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

The recommended and supported method for creating BIG-IP users from the CLI is through TMSH, using the authentication subsystem.

tmsh create auth user <username> prompt-for-password:

Properly creates the user within BIG-IP's AAA/authentication framework

Encrypts the password securely

Ensures the user is stored and managed correctly in the BIG-IP configuration database

Is fully supported and documented

Why the other options are incorrect:

B is unsafe and unsupported because editing bigip.conf directly and storing clear-text passwords violates security and configuration management best practices.

C (f5adduser / f5passwd) is deprecated and not recommended for modern BIG-IP versions.

D creates a Linux system user only, not a BIG-IP administrative user, and will not allow access to the Configuration Utility or TMSH roles.



A BIG-IP Administrator needs to determine who changed a Virtual Server configuration.

In which log file would the BIG-IP Administrator find this data? (Choose one answer)

  1. /var/log/audit
  2. /var/log/secure
  3. /var/log/ltm

Answer(s): A

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

The audit log (/var/log/audit) records configuration changes made on the BIG-IP system, including:

Who made the change (user account)

What was changed (for example, a virtual server modification)

When the change occurred

How it was performed (GUI, TMSH, or API)

Why the other options are incorrect:

/var/log/secure logs authentication events such as login successes and failures, not configuration changes.

/var/log/ltm logs traffic-management and runtime LTM events, not administrative configuration modifications.

Therefore, the correct log file for tracking who changed a virtual server is /var/log/audit.



What is the tmsh command to list the IP ranges that can access the management interface via SSH? (Choose one answer)

  1. tmsh show /sys sshd allow
  2. tmsh list /sys sshd allow
  3. tmsh show /sys sshd /etc/hosts.allow
  4. tmsh list /sys sshd /etc/hosts.allow

Answer(s): B

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

On BIG-IP systems, SSH access restrictions are configured under the /sys sshd object. The allow property defines the IP addresses or networks permitted to connect to the management interface using SSH.

The list command is used to display the current configuration settings.

Therefore, tmsh list /sys sshd allow correctly displays the configured allowed IP ranges.

Why the other options are incorrect:

A (show) displays runtime or statistical information, not configuration values.

C and D incorrectly reference /etc/hosts.allow; BIG-IP manages SSH access through TMSH objects, not by directly listing host files in this context.



The BIG-IP Administrator runs the command:

netstat -an | grep 443

and sees the following output:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN

What does this output indicate about the service on port 443? (Choose one answer)

  1. The service is actively listening only on the loopback interface.
  2. The service is actively listening on all interfaces for HTTPS traffic.
  3. The service indicates no connections to the LISTEN port.
  4. The service is in a standby state and unable to accept connections.

Answer(s): B

Explanation:

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Administration documents:

In netstat output:

0.0.0.0:443 means the service is bound to all available IPv4 interfaces on the system.

LISTEN indicates the service is actively waiting for incoming connection requests.

Therefore, this output confirms that a service (commonly HTTPS/443, such as the BIG-IP Configuration Utility or an application listener) is actively listening on all interfaces, making B the correct answer.

Why the other options are incorrect:

A would show 127.0.0.1:443 if it were loopback-only.

C is incorrect because LISTEN explicitly indicates readiness to accept connections.

D is unrelated; standby state does not affect socket binding shown by netstat.

Hence, the correct answer is B.



Viewing Page 1 of 8



Share your comments for F5 F5CAB4 exam with other users:

Franklin Allagoa 7/5/2023 5:16:00 AM

i want hcia exam dumps
Anonymous


SSA 12/24/2023 1:18:00 PM

good training
Anonymous


BK 8/11/2023 12:23:00 PM

very useful
INDIA


Deepika Narayanan 7/13/2023 11:05:00 PM

yes need this exam dumps
Anonymous


Blessious Phiri 8/15/2023 3:31:00 PM

these questions are a great eye opener
Anonymous


Jagdesh 9/8/2023 8:17:00 AM

thank you for providing these questions and answers. they helped me pass my exam. you guys are great.
CANADA


TS 7/18/2023 3:32:00 PM

good knowledge
Anonymous


Asad Khan 11/1/2023 2:44:00 AM

answer 10 should be a because only a new project will be created & the organization is the same.
Anonymous


Raj 9/12/2023 3:49:00 PM

can you please upload the dump again
UNITED STATES


Christian Klein 6/23/2023 1:32:00 PM

is it legit questions from sap certifications ?
UNITED STATES


anonymous 1/12/2024 3:34:00 PM

question 16 should be b (changing the connector settings on the monitor) pc and monitor were powered on. the lights on the pc are on indicating power. the monitor is showing an error text indicating that it is receiving power too. this is a clear sign of having the wrong input selected on the monitor. thus, the "connector setting" needs to be switched from hdmi to display port on the monitor so it receives the signal from the pc, or the other way around (display port to hdmi).
UNITED STATES


NSPK 1/18/2024 10:26:00 AM

q 10. ans is d (in the target org: open deployment settings, click edit next to the source org. select allow inbound changes and save
Anonymous


mohamed abdo 9/1/2023 4:59:00 AM

very useful
Anonymous


Tom 3/18/2022 8:00:00 PM

i purchased this exam dumps from another website with way more questions but they were all invalid and outdate. this exam dumps was right to the point and all from recent exam. it was a hard pass.
UNITED KINGDOM


Edrick GOP 10/24/2023 6:00:00 AM

it was a good experience and i got 90% in the 200-901 exam.
Anonymous


anonymous 8/10/2023 2:28:00 AM

hi please upload this
Anonymous


Bakir 7/6/2023 7:24:00 AM

please upload it
UNITED KINGDOM


Aman 6/18/2023 1:27:00 PM

really need this dump. can you please help.
UNITED KINGDOM


Neela Para 1/8/2024 6:39:00 PM

really good and covers many areas explaining the answer.
NEW ZEALAND


Karan Patel 8/15/2023 12:51:00 AM

yes, can you please upload the exam?
UNITED STATES


NISHAD 11/7/2023 11:28:00 AM

how many questions are there in these dumps?
UNITED STATES


Pankaj 7/3/2023 3:57:00 AM

hi team, please upload this , i need it.
UNITED STATES


DN 9/4/2023 11:19:00 PM

question 14 - run terraform import: this is the recommended best practice for bringing manually created or destroyed resources under terraform management. you use terraform import to associate an existing resource with a terraform resource configuration. this ensures that terraform is aware of the resource, and you can subsequently manage it with terraform.
Anonymous


Zhiguang 8/19/2023 11:37:00 PM

please upload dump. thanks in advance.
Anonymous


deedee 12/23/2023 5:51:00 PM

great great
UNITED STATES


Asad Khan 11/1/2023 3:10:00 AM

answer 16 should be b your organizational policies require you to use virtual machines directly
Anonymous


Sale Danasabe 10/24/2023 5:21:00 PM

the question are kind of tricky of you didnt get the hnag on it.
Anonymous


Luis 11/16/2023 1:39:00 PM

can anyone tell me if this is for rhel8 or rhel9?
UNITED STATES


hik 1/19/2024 1:47:00 PM

good content
UNITED STATES


Blessious Phiri 8/15/2023 2:18:00 PM

pdb and cdb are critical to the database
Anonymous


Zuned 10/22/2023 4:39:00 AM

till 104 questions are free, lets see how it helps me in my exam today.
UNITED STATES


Muhammad Rawish Siddiqui 12/3/2023 12:11:00 PM

question # 56, answer is true not false.
SAUDI ARABIA


Amaresh Vashishtha 8/27/2023 1:33:00 AM

i would be requiring dumps to prepare for certification exam
Anonymous


Asad 9/8/2023 1:01:00 AM

very helpful
PAKISTAN