Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. F5
  3. F5CAB5

F5 F5CAB5 Exam (page: 2)
F5 BIG-IP Administration Support and Troubleshooting
Updated on: 06-Apr-2026

Viewing Page 2 of 7
F5CAB5 PDF 42 Questions

Refer to the exhibit.

A BIG-IP Administrator needs to deploy an application on the BIG-IP system to perform SSL offload and re-encrypt the traffic to pool members. During testing, users are unable to connect to the application.

What must the BIG-IP Administrator do to resolve the issue? (Choose one answer)

  1. Remove the configured SSL Profile (Client)
  2. Configure Protocol Profile (Server) as splitsession-default-tcp
  3. Enable Forward Proxy in the SSL Profile (Client)
  4. Configure an SSL Profile (Server)

Answer(s): D

Explanation:

To successfully perform SSL offload and re-encryption on a BIG-IP system, the virtual server must be configured with both a Client SSL profile and a Server SSL profile. The Client SSL profile enables BIG-IP to decrypt inbound HTTPS traffic from clients, while the Server SSL profile is required to re-encrypt traffic before forwarding it to the pool members.

From the exhibit, the virtual server has a Client SSL profile configured, which allows BIG-IP to accept HTTPS connections from clients. However, there is no Server SSL profile attached, meaning BIG-IP attempts to send unencrypted HTTP traffic to pool members listening on HTTPS (port 443). This protocol mismatch causes the server-side SSL handshake to fail, resulting in users being unable to connect to the application.

This behavior is well documented in BIG-IP SSL troubleshooting guides: when backend servers expect HTTPS, a Server SSL profile is mandatory to establish a secure connection from BIG-IP to the pool members.

The other options are incorrect:

Removing the Client SSL profile (Option A) would break client-side HTTPS.

The server-side TCP profile (Option B) is unrelated to SSL encryption.

Forward Proxy (Option C) is only used for outbound SSL inspection scenarios.

Therefore, configuring an SSL Profile (Server) is the correct and required solution.



A BIG-IP Administrator notices that one of the servers that runs an application is NOT receiving any traffic. The BIG-IP Administrator examines the configuration status of the application and observes the displayed monitor configuration and affected pool member status.



What is the possible cause of this issue? (Choose one answer)

  1. The node health monitor is NOT responding.
  2. The application is NOT responding with the expected Receive String.
  3. HTTP 1.1 is NOT appropriate for monitoring purposes.
  4. The BIG-IP device is NOT able to reach the pool.

Answer(s): A

Explanation:

The key clue in the exhibit is the pool member's availability showing "Offline (Enabled) ­ Parent down". In BIG-IP terminology, a pool member inherits the status of its parent node. If the node is marked down (for example, by a node-level monitor or a default "node is down" condition), then all pool members using that node IP will also be marked down and will not receive any traffic, even if the application service on the member port might be healthy.

While the HTTPS monitor configuration (send/receive strings) is displayed, the status specifically indicates a node (parent) failure, not a service-level failure. If the problem were the application not matching the receive string, you would typically see the member down due to the member's monitor failing (and the status would reflect monitor failure details), rather than "parent down."

Option D is too broad; BIG-IP can generally reach the subnet (other servers work), and this symptom points to a specific node condition. Option C is incorrect because HTTP/1.1 is commonly used for monitoring and is valid when properly formatted (especially with a Host header). Therefore, the most likely cause is that the node health monitor is not responding, causing the node--and consequently the member--to be marked down.



Which menu should you use on the BIG-IP Configuration Utility to generate a QKView support file?

(Choose one answer)

  1. System > Configuration
  2. System > Archive
  3. System > Support
  4. System > Logs

Answer(s): C

Explanation:

A QKView is the primary diagnostic file used by F5 Support to analyze BIG-IP system health, configuration, performance, and logs. It collects a wide range of data, including running configuration, license details, module provisioning, hardware status, logs, statistics, and diagnostic command output. Generating a QKView is a standard first step when troubleshooting issues or opening a support case with F5.

In the BIG-IP Configuration Utility (GUI), the correct location to generate a QKView is System > Support (Option C). This menu is specifically designed for support and troubleshooting activities. From this section, administrators can create QKView files, upload them directly to F5 iHealth, or download them locally for later analysis or submission to F5 Support.

The other options are incorrect:

System > Configuration (Option A) is used for system-wide settings such as device name, NTP, and DNS.

System > Archive (Option B) is used to create UCS backups, not diagnostic QKViews.

System > Logs (Option D) is used to view and manage log files, not to generate support bundles.

This workflow is clearly documented in BIG-IP Administration and Support guides and is considered a best practice for efficient troubleshooting and support engagement.



A device group is currently in the Changes Pending sync status. How can the BIG-IP Administrator determine which member of the device group has the most recent configuration? (Choose one answer)

  1. Device Management > Overview
  2. Device Management > Devices
  3. System > High Availability
  4. Device Management > Device Groups

Answer(s): D

Explanation:

When a BIG-IP device group shows a Changes Pending status, it indicates that one or more devices in the group have configuration changes that have not yet been synchronized to the other members. To identify which device has the most recent (authoritative) configuration, the administrator must view the detailed synchronization status at the device group level.

The correct location is Device Management > Device Groups (Option D). Within this menu, the BIG-IP Configuration Utility displays each device group along with its synchronization status and provides details about which device has pending changes. From this view, the administrator can clearly see which device is marked as having changes pending, making it the source device that should be used to initiate a Sync to Group operation.

The other options do not provide the required level of detail:

Device Management > Overview (Option A) shows general HA status but not configuration ownership.

Device Management > Devices (Option B) lists devices but does not clearly identify which one holds unsynchronized changes.

System > High Availability (Option C) focuses on failover and traffic groups, not configuration sync state.

This workflow aligns with BIG-IP best practices for configuration synchronization and ensures changes are propagated correctly without overwriting newer configurations.



A BIG-IP Administrator suspects that one of the BIG-IP device power supplies is experiencing power outages.

Which log file should the BIG-IP Administrator check to verify the suspicion? (Choose one answer)

  1. /var/log/daemon.log
  2. /var/log/kern.log
  3. /var/log/ltm
  4. /var/log/audit

Answer(s): C

Explanation:

According to official F5 documentation (K52015891 ­ Troubleshooting BIG-IP power supply issues), hardware-related alerts for power supplies, fans, and chassis components are logged in /var/log/ltm.

When a BIG-IP device experiences a power supply issue--such as failure, intermittent outages, or fan-related faults--the system generates alerts through internal platform monitoring services. These alerts are written to the /var/log/ltm file and often appear with messages similar to:

Chassis power supply 2 has experienced an issue. Status is as follows: FAN=bad; STATUS=bad.

This makes /var/log/ltm the authoritative log file for identifying and verifying power supply and chassis-related problems on BIG-IP systems.

The other log files are not appropriate for this purpose:

/var/log/daemon.log contains general daemon messages but is not the primary source for chassis hardware alerts.

/var/log/kern.log logs kernel-level events, not platform power status.

/var/log/audit records administrative actions and configuration changes.

Conclusion:
Per F5-supported guidance, when suspecting power supply outages or chassis hardware issues, the BIG-IP Administrator should always check /var/log/ltm first.



Refer to the exhibit.



The image shows the status of a virtual server named application_vs in the BIG-IP Configuration Utility.

What is the cause of the status shown? (Choose two answers)

  1. Pool member(s) administratively disabled
  2. Pool member(s) forced offline
  3. Node(s) administratively disabled
  4. Virtual Server administratively disabled

Answer(s): A,C

Explanation:

The exhibit shows the virtual server application_vs with a status indicating it is offline but enabled. In BIG-IP terminology, this status means the virtual server itself is administratively enabled, but it is unable to pass traffic because no usable pool members are available.

Two common and documented causes for this condition are:

Pool member(s) administratively disabled (Option A):
When all pool members are administratively disabled, BIG-IP removes them from load-balancing decisions. Even though the virtual server remains enabled, it has no available pool members to send traffic to, resulting in an offline status.

Node(s) administratively disabled (Option C):
Pool members inherit the status of their parent nodes. If a node is administratively disabled, all associated pool members are also marked unavailable. This condition causes the virtual server to show as offline, even though the virtual server configuration itself is correct.

The other options are incorrect:

Forced offline pool members (Option B) result in a different operational intent and are explicitly set for maintenance scenarios.

Virtual server administratively disabled (Option D) would show the virtual server as disabled, not enabled/offline.

This behavior is consistent with BIG-IP traffic management logic and is commonly verified by reviewing pool and node availability states when diagnosing virtual server availability issues.



Which menu should you use on the BIG-IP Configuration Utility to generate a QKView support file? (Choose one answer)

  1. System > Configuration
  2. System > Archive
  3. System > Support
  4. System > Logs

Answer(s): C

Explanation:

Comprehensive and Detailed 150 to 250 Words Explanation From BIG-IP Administration, Support, and Troubleshooting Documents:

A QKView file is the primary diagnostic support bundle used by F5 Support to troubleshoot BIG-IP system issues. It contains comprehensive system information, including running configuration, licensing details, module provisioning, hardware status, software versions, log files, statistics, and the output of numerous diagnostic commands. Generating a QKView is a standard and recommended first step when investigating performance problems, configuration issues, or when opening a support case with F5.

In the BIG-IP Configuration Utility (GUI), the correct and supported location to generate a QKView is System > Support. This menu is specifically designed for support and troubleshooting operations. From this section, administrators can generate a QKView file, monitor its creation progress,

download it locally, or upload it directly to F5 iHealth for automated analysis. This workflow is clearly documented in BIG-IP Administration and Support guides and aligns with F5 best practices.

The other menu options are not appropriate:

System > Configuration is used for system-wide settings such as DNS, NTP, and device identity.

System > Archive is used to create UCS backup files, which are configuration backups, not diagnostic bundles.

System > Logs is used only for viewing system logs, not generating support files.

Therefore, System > Support is the correct and only valid answer.



A BIG-IP Administrator observes the following messages in the /var/log/ltm log:

warning tmm[pid]: 011e0002: sweeper_segment_cb_any: Aggressive mode /Common/default- eviction-policy activated (0) (global memory) (345209/690176 pages)

warning tmm[pid]: 011e0003: Aggressive mode sweeper /Common/default-eviction-policy (0) (global memory) 1 connections killed warning tmm[pid]: 011e0003: Aggressive mode sweeper /Common/default-eviction-policy (0) (global memory) 1 connections killed warning tmm[pid]: 011e0003: Aggressive mode sweeper /Common/default-eviction-policy (0) (global memory) 1 connections killed

What is happening when the BIG-IP Administrator sees the messages displayed above? (Choose two answers)

  1. The global eviction policy is triggered due to TMM memory exhaustion
  2. The BIG-IP system starts reaping connections; all the connections will be dropped
  3. The BIG-IP system starts reaping connections; some connections will be dropped
  4. The global eviction policy is triggered due to swap memory being used too high

Answer(s): A,C

Explanation:

Comprehensive and Detailed 150 to 250 Words Explanation From BIG-IP Administration, Support, and Troubleshooting Documents:

These log messages indicate that the BIG-IP system's Traffic Management Microkernel (TMM) has entered aggressive eviction mode due to high global memory utilization.
When TMM memory consumption reaches critical thresholds, BIG-IP activates the default eviction policy to protect system stability and prevent a full traffic processing failure. This condition directly corresponds to Option A, where the global eviction policy is triggered because TMM memory resources are nearing exhaustion.

Once aggressive mode is activated, BIG-IP begins using the connection sweeper mechanism, which selectively terminates existing connections to free memory. The repeated log entries stating "1 connections killed" confirm that the system is reaping some connections, not all connections. This behavior matches Option C. The eviction process is incremental and controlled, targeting idle, low- priority, or least-recently-used connections first to minimize impact on active traffic.

Option B is incorrect because BIG-IP does not drop all connections during aggressive mode; it only removes enough connections to relieve memory pressure. Option D is also incorrect because TMM eviction is based on TMM global memory usage, not swap memory utilization. TMM does not rely on swap space in the same way the host Linux system does.

These messages are a critical warning sign that the system is under memory stress and may require traffic optimization, connection limits, or hardware scaling.



Viewing Page 2 of 7



Share your comments for F5 F5CAB5 exam with other users:

Andy 12/6/2023 5:56:00 AM

very valid questions
Anonymous


Mamo 8/12/2023 7:46:00 AM

will these question help me to clear pl-300 exam?
UNITED STATES


Marial Manyang 7/26/2023 10:13:00 AM

please provide me with these dumps questions. thanks
Anonymous


Amel Mhamdi 12/16/2022 10:10:00 AM

in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
FRANCE


Angel 8/30/2023 10:58:00 PM

i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable
UNITED STATES


SH 5/16/2023 1:43:00 PM

these questions are not valid , they dont come for the exam now
UNITED STATES


sudhagar 9/6/2023 3:02:00 PM

question looks valid
UNITED STATES


Van 11/24/2023 4:02:00 AM

good for practice
Anonymous


Divya 8/2/2023 6:54:00 AM

need more q&a to go ahead
Anonymous


Rakesh 10/6/2023 3:06:00 AM

question 59 - a newly-created role is not assigned to any user, nor granted to any other role. answer is b https://docs.snowflake.com/en/user-guide/security-access-control-overview
Anonymous


Nik 11/10/2023 4:57:00 AM

just passed my exam today. i saw all of these questions in my text today. so i can confirm this is a valid dump.
HONG KONG


Deep 6/12/2023 7:22:00 AM

needed dumps
INDIA


tumz 1/16/2024 10:30:00 AM

very helpful
UNITED STATES


NRI 8/27/2023 10:05:00 AM

will post once the exam is finished
UNITED STATES


kent 11/3/2023 10:45:00 AM

relevant questions
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


Cath 10/10/2023 10:09:00 AM

q.112 - correct answer is c - the event registry is a module that provides event definitions. answer a - not correct as it is the definition of event log
VIET NAM


Shiji 10/15/2023 1:31:00 PM

good and useful.
INDIA


Ade 6/25/2023 1:14:00 PM

good questions
Anonymous


Praveen P 11/8/2023 5:18:00 AM

good content
UNITED STATES


Anastasiia 12/28/2023 9:06:00 AM

totally not correct answers. 21. you have one gcp account running in your default region and zone and another account running in a non-default region and zone. you want to start a new compute engine instance in these two google cloud platform accounts using the command line interface. what should you do? correct: create two configurations using gcloud config configurations create [name]. run gcloud config configurations activate [name] to switch between accounts when running the commands to start the compute engine instances.
Anonymous


Priyanka 7/24/2023 2:26:00 AM

kindly upload the dumps
Anonymous


Nabeel 7/25/2023 4:11:00 PM

still learning
Anonymous


gure 7/26/2023 5:10:00 PM

excellent way to learn
UNITED STATES


ciken 8/24/2023 2:55:00 PM

help so much
Anonymous


Biswa 11/20/2023 9:28:00 AM

understand sql col.
Anonymous


Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous


Rose 7/24/2023 2:16:00 PM

this is nice.
Anonymous


anon 10/15/2023 12:21:00 PM

q55- the ridac workflow can be modified using flow designer, correct answer is d not a
UNITED STATES


NanoTek3 6/13/2022 10:44:00 PM

by far this is the most accurate exam dumps i have ever purchased. all questions are in the exam. i saw almost 90% of the questions word by word.
UNITED STATES


eriy 11/9/2023 5:12:00 AM

i cleared the az-104 exam by scoring 930/1000 on the exam. it was all possible due to this platform as it provides premium quality service. thank you!
UNITED STATES


Muhammad Rawish Siddiqui 12/8/2023 8:12:00 PM

question # 232: accessibility, privacy, and innovation are not data quality dimensions.
SAUDI ARABIA


Venkat 12/27/2023 9:04:00 AM

looks wrong answer for 443 question, please check and update
Anonymous


Varun 10/29/2023 9:11:00 PM

great question
Anonymous