Free Preparation Discussions
MENU
F5 Networks F5CAB1 Exam Questions
- Topic 1: BIG IP Administration Data Plane Concepts: This section of the exam measures skills of Network Administrators and covers how BIG IP handles application traffic on the data plane. It includes understanding flow of traffic, key data path components, basic concepts of load balancing, and how security and performance features affect user traffic.
- Topic 2: BIG IP Administration Data Plane Configuration: This section of the exam measures skills of System Administrators and covers configuring BIG IP objects that control data plane behavior. It focuses on setting up virtual servers, pools, nodes, monitors, and profiles so that applications are delivered reliably and efficiently according to design requirements.
- Topic 3: BIG IP Administration Control Plane Administration: This section of the exam measures skills of System Administrators and covers managing the control plane where BIG IP is configured and administered. It includes working with user accounts, roles, device settings, configuration management, and using the graphical interface and command line for daily administrative tasks.
- Topic 4: BIG IP Administration Support and Troubleshooting: This section of the exam measures skills of Network Administrators and covers identifying and resolving common issues that affect BIG IP operation. It focuses on using logs, statistics, diagnostic tools, and basic troubleshooting methods to restore normal traffic flow and maintain stable application delivery.
- Topic 5: BIG IP Administration Install Initial Configuration and Upgrade: This section of the exam measures skills of System Administrators and covers the lifecycle tasks for deploying and maintaining a BIG IP system. It includes installing the platform, performing initial setup, applying licenses, configuring basic networking, and planning and executing software upgrades and hotfixes.
Free F5 Networks F5CAB1 Exam Actual Questions
Note: Premium Questions for F5CAB1 were last updated On Feb. 27, 2026 (see below)
Which configuration file can a BIG-IP administrator use to verify the provisioned modules?
Provisioning settings define which modules are enabled and how system resources are allocated to them.
These provisioning declarations are stored in:
/config/bigip.conf
This file contains:
Full module provisioning statements
TMSH-equivalent provisioning configurations such as:
sys provision ltm { level nominal }
sys provision asm { level nominal }
It is the primary system configuration file that stores all active provisioning details.
Why the other answers are incorrect
A . /config/bigip.license
Shows licensed modules, not provisioned modules.
B . /config/bigip_base.conf
Stores base networking (VLANs, Self-IPs, routes), not provisioning.
D . config.ucs
A backup archive, not a live configuration file.
Thus, the correct file to review active module provisioning is /config/bigip.conf.
How can the BIG-IP Administrator tell when an unlicensed module has been provisioned?
The BIG-IP system has built-in licensing enforcement.
If an administrator provisions a module that the device is not licensed to run, the system will still allow the provisioning action to occur initially, but the system detects the mismatch and displays an alert.
What actually happens:
The GUI places a warning banner in the upper-left corner labeled something similar to:
''Provisioning Warning''
This appears immediately after provisioning a module that is not included in the active license.
The system remains in an ''inconsistent state'' until the module is disabled again or the license is updated.
This is the visual cue BIG-IP uses to indicate that a module was provisioned without valid licensing.
Why the other options are incorrect:
A . ''A BIG-IP does not allow unlicensed modules to be provisioned.''
Not true. BIG-IP does allow provisioning, but warns afterward.
B . ''A warning will appear when provisioning an unlicensed module.''
The warning does not appear during the provisioning step itself.
It appears after provisioning, in the main GUI, as a system banner.
An F5 VE has been deployed into a VMware environment via an OVF file.
An administrator wants to configure the management IP address so the VE can be accessed for further setup.
Which two are valid methods for configuring the management-ip address? (Choose two.)
A newly deployed BIG-IP Virtual Edition (VE) in VMware requires initial configuration of its management-ip address so it can be accessed over the network. F5 provides several valid mechanisms during initial console access:
A . Running the config utility
The config script is available on new BIG-IP installations and VE deployments.
It launches a guided text-based wizard allowing configuration of:
Management IP
Netmask
Default route
This is a standard and recommended method during first-time setup.
B . Using TMSH with create sys management-ip
Administrators can enter TMSH directly from the console and run:
create sys management-ip <ip>/<mask>
The management-ip object resides under sys, not under ltm or any other module.
This is the correct tmsh method for defining the management interface address.
Why the other options are incorrect:
C . create ltm management-ip
There is no such object under /ltm.
LTM handles traffic objects (virtual servers, pools), not system management interfaces.
D . Running the setup command
The setup command is used for general system configuration but does not configure the management-ip.
It is not the supported method for initial management IP assignment on VE deployments.
Therefore, the valid methods are running the config utility and using the sys management-ip command within TMSH.
Which one of the following is a port and protocol combination allowed by the Allow Default setting for Port Lockdown?
Port Lockdown controls which ports and protocols a Self IP will respond to.
The Allow Default setting permits only a predefined set of BIG-IP internal and required service ports.
The Allow Default list includes:
TCP 443 HTTPS (Management/TMUI access via Self-IP)
TCP 4353 CMI (device sync)
TCP/UDP ports related to HA communication
Other essential internal F5 ports
Why TCP 443 is correct:
It is one of the officially allowed ports under Allow Default.
It enables HTTPS/TMUI access through a Self IP.
Why the other options are incorrect:
A . TCP 80 (HTTP)
Not allowed under Allow Default
HTTP via Self-IP is blocked unless placed under Allow Custom
B . UDP 8443
Not an F5 default service
Not part of the Allow Default ports
The BIG-IP Administrator uses Secure Copy Protocol (SCP) to upload a TMOS image to the /shared/images/ directory in preparation for a TMOS upgrade.
After the upload is completed, what will the system do before the image is shown in the GUI under:
System Software Management Image List?
When a TMOS image (.iso file) is uploaded into the /shared/images/ directory, the BIG-IP performs an internal validation step before the ISO appears in the GUI.
1. The system verifies the internal checksum
BIG-IP automatically reads the embedded checksum inside the ISO file
Verifies integrity of the uploaded image
Confirms the file is not corrupted or incomplete
Ensures the image is a valid F5 TMOS software image
Only after this checksum verification succeeds does the image appear under:
System Software Management Image List
Why the other options are incorrect:
A . The system performs a reboot into a new partition
Uploading an ISO file never triggers a reboot.
C . The system copies the image to /var/local/images/
All valid TMOS images remain in /shared/images/.
No copying occurs.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Kate
5 days agoPhil
12 days agoZack
20 days agoGlen
27 days agoAdela
1 month agoLuann
1 month agoStefany
2 months agoJosphine
2 months agoJeanice
2 months agoAlease
2 months agoCeola
3 months agoChuck
3 months agoLorean
3 months agoMozell
3 months agoLacey
4 months ago