Free F5 Networks F5CAB1 Exam Dumps June 2026

A newly deployed BIG-IP Virtual Edition (VE) in VMware requires initial configuration of its management-ip address so it can be accessed over the network. F5 provides several valid mechanisms during initial console access:

A . Running the config utility

The config script is available on new BIG-IP installations and VE deployments.

It launches a guided text-based wizard allowing configuration of:

Management IP

Netmask

Default route

This is a standard and recommended method during first-time setup.

B . Using TMSH with create sys management-ip

Administrators can enter TMSH directly from the console and run:

create sys management-ip <ip>/<mask>

The management-ip object resides under sys, not under ltm or any other module.

This is the correct tmsh method for defining the management interface address.

Why the other options are incorrect:

C . create ltm management-ip

There is no such object under /ltm.

LTM handles traffic objects (virtual servers, pools), not system management interfaces.

D . Running the setup command

The setup command is used for general system configuration but does not configure the management-ip.

It is not the supported method for initial management IP assignment on VE deployments.

Therefore, the valid methods are running the config utility and using the sys management-ip command within TMSH.

BIG-IP controls access to the web-based Configuration Utility (TMUI) through the /sys httpd allow list. This parameter specifies which client IPs or subnets may initiate HTTP/HTTPS connections to the management interface.

To restrict TMUI access to only the 10.0.0.0/24 subnet:

The correct method is to modify the HTTPD allow list so that it contains only this subnet.

This requires replacing the entire current list with the new subnet using:

modify /sys httpd allow replace-all-with {10.0.0.0/24}

This ensures that only clients within 10.0.0.0/24 can reach the Configuration Utility.

Why the other options are incorrect:

Options A and C create network ACL objects under /net acl, which apply to data-plane traffic, not management-plane TMUI access. TMUI access is not controlled by LTM ACLs but by the HTTPD allow directive.

Option B is incorrect syntax and references /ltm httpd, which is not the proper object; the correct hierarchy is /sys httpd.

Thus, only modifying the /sys httpd allow list achieves the required restriction.

The HTTPD allow list controls which IP addresses or subnets may access the Configuration Utility (TMUI) on the BIG-IP system. The Administrator already has two subnets allowed and needs to add a single host IP to the existing list.

The object /sys httpd allow supports actions such as add, delete, and replace-all-with.

Because the goal is to add one more entry without removing the existing permitted subnets, the correct command is:

modify /sys httpd allow add { 172.28.32.22 }

This appends the new host to the existing list while preserving the previously configured networks.

Why the other options are incorrect:

Option A (replace-all-with) would overwrite the entire allow list, removing existing permitted subnets---unacceptable.

Option B (delete) would remove the existing networks and not add the required host.

Therefore, the correct administrative action is to add the jump host's IP.

The Port Lockdown feature controls which services a Self-IP will respond to.

Setting a Self-IP to Allow None means:

The Self-IP will not accept any traffic except the very limited, hard-coded HA ports such as TCP 4353 used for device trust and configuration sync.

All other HA ports, including those needed for network failover and other HA mechanisms, are blocked.

When essential HA services cannot communicate, each device assumes its peer is down.

This results in:

HA failover misbehavior

Both devices thinking the other is offline

Potential active-active condition, which is not intended and can cause traffic disruption

Thus, Allow None can break HA functionality unless the Self-IP is not used for HA links.