Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Q267-Q291] Latest 303 Exam with Accurate BIG-IP ASM Specialist PDF Questions [Sep 04, 2021]

[Q267-Q291] Latest 303 Exam with Accurate BIG-IP ASM Specialist PDF Questions [Sep 04, 2021]

Share

[Sep 04, 2021] Latest 303 Exam with Accurate BIG-IP ASM Specialist PDF Questions

Practice To 303 - TestSimulate Remarkable Practice On your BIG-IP ASM Specialist Exam

NEW QUESTION 267
An LTMSpecialist must reconfigure a BIG-IP LTM system that load balances traffic to web application servers. The application developer inform the LTM Specialist that TLS must be used to communicate with the application servers.
Which additional profile isrequired as part of virtual server configuration?

  • A. SPDV profile
  • B. Rewrite profile
  • C. Server SSL
  • D. Client SSL

Answer: C

 

NEW QUESTION 268
An application is configured on an LTM device:
Virtual server: 10.0.0.1:80 (VLAN vlan301)
SNAT IP: 10.0.0.1
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302) Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only client traffic specifically for this virtual server?

  • A. tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap
  • B. tcpdump -ni vlan302 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w
    /var/tmp/trace.cap
  • C. tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap
  • D. tcpdump -ni vlan301 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w
    /var/tmp/trace.cap
  • E. tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap

Answer: E

 

NEW QUESTION 269
-- Exhibit -

-- Exhibit --
Refer to the exhibit.
An LTM Specialist is troubleshooting an issue with an application configured on an LTM device. The application works properly when accessed directly via the servers; however, it does not work when accessed via the LTM device. The virtual server, 192.168.1.211:443, is configured to SNAT using the address
192.168.1.144 and references a pool with the member 192.168.10.80:443. The virtual server has no Client or Server SSL profiles associated.
Which configuration change will allow the application to function through the virtual server?

  • A. Change pool member port to 8443.
  • B. Add Client and Server SSL profiles to the virtual server.
  • C. Change virtual server port to 8443.
  • D. Add SSL off-loading to the pool member.

Answer: A

 

NEW QUESTION 270
An LTM Specialist must create a new virtual server for HTTP access. The LTM Specialist creates a forwarding virtual server to reach the resource.
What is a potential result of this action?

  • A. Other service ports could be allowed
  • B. Packet filter allowances are also required
  • C. HTTP traffic is NOT allowed
  • D. IP conflict result

Answer: C

 

NEW QUESTION 271
An LTM Specialistis configuring a new virtual server on an LTM device and assigning a SNAT pool that is already is use another virtual server. Both virtual servers use the same pool members to load balance traffic. A maximum of 35,000 users needs to be able to access each virtual server ta any time. The network architecture does NOT allow the backend servers to use the LTM device as a default gateway.
What is the minimum number of SNAT addresses required in the SNAT pool to meet the needs of the virtual servers?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C

Explanation:
Explanation
Both vs share the same snat pool, and both use the same pool member. Then the concurrent number of snatpool will be added. For each VS, there is a maximum of 35,000 users, and those two VSs have a maximum of 70,000 users. The stem did not mention how many connections each user would have concurrently.
Calculated with a minimum of 1 connection, then 70,000 connections would be concurrent. One IP can support 65,535 connection. Therefore, at least 2 or more snaptips are required

 

NEW QUESTION 272
An LTM Specialist needs to enable TCP connection re-use for a non-HTTP application. The application uses a simple request response protocol where each request and response iscontained within a single packet.
Which configuration option should the LTM Specialist adjust?

  • A. assign aOneConnect profile
  • B. increase the connection limit for pool members
  • C. increase the idle Timeout in a custom TCP profile
  • D. use a Performance (Layer 4) Virtual Server

Answer: A

 

NEW QUESTION 273
The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect.
The virtual server is configured with the default OneConnect profile.
The ACL is defined on the web server as:
Permit: 192.168.136.0/24
Deny: 192.168.116.0/24
The packet capture is taken of two individual client flows to a virtual server with IP address 192.168.136.100.
Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:
Clientside:
09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192 <mss
1460,nop,wscale 2,nop,nop,sackOK>
09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack
869998902 win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425
09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678 Serverside:
09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380 <mss
1460,nop,wscale 0,sackOK,eol>
09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack
685865803 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380
09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380
09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108 Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100:
Clientside:
09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192
<mss 1460,nop,wscale 2,nop,nop,sackOK>
09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack
3320618939 win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425
09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425
09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678 Serverside:
09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904
09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142 Why was the second client flow permitted by the web server?

  • A. SNAT automap was enabled on the virtual server.
  • B. A source address persistence profile is assigned to the virtual server.
  • C. The idle TCP session from the first client was re-used.
  • D. A global SNAT is defined.

Answer: C

 

NEW QUESTION 274
A web server administrator informs the BIG-IP Administrator that web servers are overloaded Starting next month, the BIG-IP device will terminate SSL to reduce web server load. The BIG-IP device is ready using client SSL client profile and Rules on HTTP level. What actions should the BIG-IP Administrators to achieve the desired configuration?

  • A. Remove the client SSL profile and configure the Pool Members to US HTTP
  • B. Remove the chart SSL profile and change the Virtual Server to accept HTTP
  • C. Remove the server SSL profile and change the Virtual Server to accept HTTP traffic
  • D. Remove the server SSL profile and configure the Pool Members to use HTTP

Answer: D

 

NEW QUESTION 275
An LTM Specialist is configuring a client profile to offload processing a new application Company policy requires that clients can resume session for up to 30 minutes, but must renegotiate a new session after that.
Which setting should the LTM Specialist change to satisfy this requirement?

  • A. Renegotiation period
  • B. Cachesize
  • C. Renegotiate Max Record Delay
  • D. Cache timeout

Answer: D

Explanation:
Explanation
Question stem requires that you can resume SSL session within 30 minutes, then you need to define the ssl cache time in 30 minutes

 

NEW QUESTION 276
An LTM Specialist needs to terminate client SSL traffic and based on the cookie presented by client.
Which set of profiles should the LTM Specialist use?

  • A. HTTPS, Server SSL, SSL Cookie Profile
  • B. HTTP, Client SSL, Cookie Persistence Profile,
  • C. HTTP, Server SSL, SSL Cookie Profile
  • D. HTTPS, Client SSL, Cookie Persistence Profile

Answer: B

 

NEW QUESTION 277
An LTM device provides load balancing to a web application? The LTM device has two dual-core processors and a licensed SSL Transactions Per Second (TPS) limit of 500 CMP is enabled.
TLS connections are used between client systems and virtual servers on the LTM device, as well as from the LTM device to servers used as part of LTM pool.
TLS enabled virtual servers utilize certificates based on 2048-bit keys During a peak period. 2560 new TLStransactions per second are attempted to the web application via the LTM device.
What will happen in this scenario?

  • A. Nothing: 2560 TLS transactions per second is within the SSI TPS license limit.
  • B. 2060 new TLS transactions will be silently discarded due to the SSL TPS license limit
  • C. Nothing: TLS transactions per second are NOT affected by an SSL TPS license limit
  • D. 560 new TLS transactions will be silently discarded due to the SSL TPS license limit

Answer: D

 

NEW QUESTION 278
An LTM device is deployed in a one-armed topology. The virtual server, clients, and web servers are connected on the LTM device internal VLAN. A client tries to connect to the virtual server and is unable to establish a connection. A packet capture from the LTM device internal VLAN shows that the HTTP request is being forwarded to the web server.
From which two additional locations should protocol analyzer data be collected? (Choose two.)

  • A. any network interface of the Internet firewall
  • B. external VLAN interface of LTM device
  • C. network interface of client machine
  • D. internal VLAN interface of LTM device
  • E. network interface of web server

Answer: C,E

 

NEW QUESTION 279
An LTM Specialist has noticed in the audit log that there are numerous attempts to loginto the Admin account.
Theses attempts are sourced from a suspicious IP address range to the Configuration Utility of the LTM device.
How should the LTM Specialist block these attempts?

  • A. add the suspicious source IP addresses to the httpd deny list via tmsh
  • B. add the suspicious source IP addresses to the httpd deny list via Configuration Utility
  • C. add the permitted source IP addresses to the allow list viaConfiguration Utility
  • D. add the permitted source IP addresses to the httpd allow list viatmsh

Answer: D

 

NEW QUESTION 280
-- Exhibit -


-- Exhibit --
Refer to the exhibits.
A customer requests to offload SSL for an internal website. The front page of the website loads correctly; however, selecting links on the page fails.
How should the LTM Specialist fix the issue?

  • A. Create a new SNAT pool.
    Add internal network IPs to the SNAT pool.
    Add the SNAT pool to the VS.
  • B. Create a new HTTP profile.
    Enable redirect rewrite.
    Add the new HTTP profile to the VS.
  • C. Create a new Server SSL profile.
    Enable Proxy SSL.
    Add the Server SSL profile to the VS.
  • D. Create a new HTTP profile.
    Enable Insert X-Forwarded-For.
    Add the new HTTP profile to the VS.

Answer: B

 

NEW QUESTION 281
Consider the monitor configuration displayed below.

What is the status of a pool member that responds with ''200 OK''?

  • A. disabled
  • B. available
  • C. down
  • D. unknown

Answer: C

 

NEW QUESTION 282
An unwanted IP addresstries to connect to the configuration utility via Self IP An LTM Specialist needs to block the attempts based on the IP address.
How should the ITM Specialist block the attempts without affecting other users?

  • A. Port lockdown
  • B. SSH IP allow list
  • C. Devicetrust
  • D. Packet filter

Answer: D

 

NEW QUESTION 283
An LTM Specialist upgrades the switchinginfrastructure and the backend servers on the LAN segments.
The LTM Specialist notices a 20% memory usage increase on the BIG-IP device while handling the same number of concurrent connections.
A comparison of statistics pre-upgrade and post-upgrade showsa significant reduction on the following:
-RTT between the BIG-IP device and the backend servers
-Packet drops in the switch
Time to First Byte (TTFB)
The LTM Specialist is concerned with the scalability of the number of concurrent connections with the newmemory usage.
Which setting should be changed to reduce the memory usage on the BIG-IP device?

  • A. Increase the receive window of the client-side TCP profile
  • B. Increase the proxy buffer high setting on the server-side TCP profile
  • C. Reduce the proxy buffer high setting on the server-side TCP profile
  • D. Reduce the idle of the client-side TCP profile

Answer: C

Explanation:
Explanation
After adjusting the architecture, the network quality becomes better. With the connection unchanged the memory usage increase by 20%. Itmeans that the sending speed of the server is higher than the receiving speed of the client. F5 caches more content on the memory and causes the memory usage to....

 

NEW QUESTION 284
Refer to the exhibit.

Which TMSH command generated this output?

  • A. tmsh list /sys sync-status
  • B. tmsh list /cm sync-status
  • C. tmsh show /sys sync-status
  • D. tmsh show /cm sync status

Answer: D

 

NEW QUESTION 285
RADIUS authentication has been configured on the LTM device. The default remote user access requirements are as shown:
* Read only access tothe configuration Utility
* Access to TMOS shell
Which two items need to be configured in this situation? (Choose two)

  • A. Console access is Advanced Shell
  • B. In Console access is TMSH
  • C. Default remote user role is Operator
  • D. Default remote user role is Manager
  • E. Console access is Read Only
  • F. Default remote user role is Guest

Answer: B

 

NEW QUESTION 286
The BIG-IP Administrator configures an HTTP monitor with a specific receive string. The status is marked
'down'.
Which tool should the administrator use to identify the problem?

  • A. Ping
  • B. tcpdump
  • C. Health
  • D. ifconfig

Answer: B

 

NEW QUESTION 287
-- Exhibit -

-- Exhibit --
Refer to the exhibit.
An LTM Specialist is troubleshooting a virtual server. Both the virtual server and the pool are showing blue squares for their statuses, and new clients report receiving "The connection was reset" through their browsers.
Connections directly to the pool member are successful.
What is the issue?

  • A. The node is marked as disabled.
  • B. The virtual server is disabled on all VLANs.
  • C. The pool member is disabled.
  • D. The HTTP profile has incorrect settings.

Answer: A

 

NEW QUESTION 288
An organization's development team creates an application to put behind the F5LTM device. The application can be quite load intensive at first, and then evens out over time. The team's load balancing method needs to select a pool after taking into account the pool member's response over the time to avoid landing on a busy pool member.
Which of the following load balancing methods meets this requirement?

  • A. Predictive (member)
  • B. Observed (member)
  • C. Dynamic (node)
  • D. Fastest (application)

Answer: A

 

NEW QUESTION 289
Refer to the exhibit

A connection is being established to IP 1.1.1.1 on port 8080.
Which virtual server will handle the connection?

  • A. host_ 8080_VS
  • B. host_vs
  • C. fwd_8080_vs
  • D. fwdvs

Answer: B

 

NEW QUESTION 290
Given:
Filesystem Size Used Avail Use% Mounted on
/dev/md11 248M 248M 0 100% /
/dev/md13 3.0G 76M 2.8G 3% /config
/dev/md12 1.7G 1.1G 476M 71% /usr
/dev/md14 3.0G 214M 2.6G 8% /var
/dev/md0 30G 2.2G 26G 8% /shared
/dev/md1 6.9G 288M 6.3G 5% /var/log
none 3.9G 452K 3.9G 1% /dev/shm
none 3.9G 19M 3.9G 1% /var/tmstat
none 3.9G 1.2M 3.9G 1% /var/run
prompt 4.0M 12K 4.0M 1% /var/prompt
/dev/md15 12G 8.3G 3.1G 74% /var/lib/mysql
Which command is used to produce this output?

  • A. vmstat
  • B. ps
  • C. df
  • D. du
  • E. lsof

Answer: C

 

NEW QUESTION 291
......

Exam Questions and Answers for  303 Study Guide Questions and Answers!: https://www.testsimulate.com/303-study-materials.html

Related Blogs

more
Go To 303 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.