F5 Networks BIG-IP Administration Control Plane Administration F5CAB4 Exam Questions

Answer : D

On a BIG-IP system, NTP (Network Time Protocol) configuration is part of the system-level configuration settings. In the Configuration Utility, NTP servers are configured under the System configuration hierarchy.

The correct navigation path is:

System > Configuration > Device > NTP

This location allows the administrator to:

Add, modify, or remove NTP servers

Ensure accurate system time synchronization

Maintain proper time alignment required for features such as ConfigSync, HA failover, logging, and certificate validation

Why the other options are incorrect:

A . System > Platform is used for hardware-related settings.

B . System > Preferences manages UI and user preferences.

C . System > Services controls system daemons and services, not time configuration.

Therefore, the correct answer is D. System > Configuration.

Answer : D

In F5 TMOS, administrative roles and user permissions are partition-specific. The User Manager role allows an account to manage other user accounts, but this authority is restricted to the administrative partitions to which the User Manager has been granted access.

Partition Awareness: If User1 (the User Manager) attempts to modify User2 and fails, while the full Administrator succeeds, it indicates that User2 resides in a partition where User1 does not have management rights.

Principle of Least Privilege: This principle dictates that a user should be given only the minimum level of access necessary to perform their job functions.

Procedural Solution: Granting 'Administrator' privileges (Option B) would violate least privilege by giving User1 full control over all system settings and all partitions. Moving users between partitions (Options A and C) might disrupt the organizational security structure. The correct and most secure administrative action is to modify the partition access for User1 to include the partition where User2 is located. This enables User1 to manage User2's properties while maintaining their restricted role as a User Manager.

Answer : C

Management of the device's identity and primary out-of-band connectivity is a central Control Plane responsibility.

Platform Settings: The System > Platform section of the Configuration Utility is used to manage global hardware and system parameters, including the hostname, management IP address, and time zone.

Management vs. Data Plane: It is critical to distinguish between the management interface and TMM data interfaces. While data plane IPs (Self IPs) are configured under Network > Self IPs, the dedicated management port settings are grouped with other platform-level configurations.

Access Control: This area is also used to manage administrative security, such as restricting SSH or HTTPS access to specific management subnets or IP addresses.

Impact of Change: Changing the management IP will immediately disconnect any active GUI or SSH sessions using the current management IP. The administrator must reconnect using the newly assigned address.

Answer : D

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Adminis44tration documents: In a45n Active/Standby HA pair, application traffic only flows through the Active device. If an administrator makes a change on the Standby device (which has no traffic), they must synchronize the configuration to the Active device to test it. The procedural step is to log into the Active device and 'pull' the configuration from the Standby device (or push from Standby) so the Active device can process traffic using the new iRule

Answer : D

Comprehensive and Detailed Explanation From BIG-IP Administration Control Plane Admi13nistration documents:

To accurately report the current status of specific web applications hosted on the same server (node), the Control Plane must use a monitor that operates at the application layer.

Application-Specific Monitoring: While a node (the IP address) might be up and responding to ICMP (ping) or TCP handshakes, a specific web service or path on that server could be failing.

Custom Send Strings: An HTTP monitor allows the administrator to define a 'Send String' to request a specific page or URI related to the application in that pool .

Receive Strings: The 'Receive String' identifies a unique value that the application must return to be considered 'Available' .

Granular Status Reporting: By deploying these monitors at the pool level, the Control Plane can mark a pool member 'Offline' for one application pool if the receive string is missing, while keeping it 'Available' in another pool where the service is still healthy.

Answer : D

The 'Management Port' is distinct from TMM data ports. Configuration for global platform-level settings, including administrative access restrictions (IP Allow lists for SSH and HTTPS) for the management port, is found under System > Platform. This is a critical Control Plane hardening step to prevent unauthorized remote access

Here is the next batch of 10 questions from your document that are 100% related to BIG-IP

Answer : B

Managing the license is a primary Control Plane task required to activate software modules and features on a BIG-IP device.

License Management Utility: All actions related to the device license, including initial activation, renewal, and adding add-on keys, are performed under the System > License section of the Configuration Utility.

Procedural Requirements: Licensing often requires the generation of a 'dossier,' which is a unique encrypted string used by the F5 License Server to generate the final license file.

Impact on Services: Updating or re-activating a license generally requires a restart of system services (such as the tmm daemon), which will temporarily disrupt traffic processing unless performed on a standby unit in a high availability pair.

Add-on Licenses: If an administrator needs to increase the capacity of a specific module (like increasing the SSL TPS limit or adding a new module like ASM), the new registration keys are entered through this same interface using the 'Re-activate' button.