Anda di halaman 1dari 52

Exam Express EE0-511

Exam Express EE0-511 F5 BIG-IP V9 Local traffic Management

Practice Test
Version 1.0

Exam Express EE0-511: Practice Exam QUESTION NO: 1 Monitors can be assigned to which three resources? (Choose three.) A. SNATs B. pool members C. Pools D. iRules E. NATs F. Nodes G. virtual servers Answer: B,C,F

Answer: B,E

Which user-type has access to change member states, but not to add or delete objects from the configuration? A. Operators B. Guests C. Administrators D. Power Users Answer: A

QUESTION NO: 4

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

QUESTION NO: 3

tua

lTe

A. Pool association B. Send string C. Server name D. Pool member association E. Timeout value

sts

.co

When defining a monitor based on the HTTP template, which two options can be specified? (Choose two.)

QUESTION NO: 2

Exam Express EE0-511: Practice Exam Given the rule below, which two statements are true? (Choose two.) rule ExampleRule { when HTTP_REQUEST { if { [HTTP::uri] contains "f5" } { pool pool1 } else { pool pool2 } } } A. The following request would be sent to pool2 http://www.f5.com/f5training/index.html B. The following request would be sent to pool1 http://www.f5.com/ffivetraining/index.html C. The following request would be sent to pool1 http://www.f5.com/f5training/index.html D. The following request would be sent to pool1 http://www.f5.com/f5/training/index.html E. The following request would be sent to pool1 http://www.f5.com/training/index.html Answer: C,D

QUESTION NO: 5

When initially configuring the BIG-IP System using the config tool, which three parameters can be set? (Choose three.) A. the IP address of the management port B. the netmask of the management port C. the default route for the management port D. the port lockdown of the management port E. the host name of the management port Answer: A,B,C

QUESTION NO: 6

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

Exam Express EE0-511: Practice Exam If a client's browser does not accept cookies, what occurs when the client connects to a virtual server using cookie persistence? A. The connection request is sent to the backup pool member. B. The connection request is refused and the client is sent a "server not available" message. C. The connection request is load-balanced to an available pool member. D. The connection request is not processed. Answer: C

QUESTION NO: 7 Which three statements concerning virtual servers are true? (Choose three.) A. Virtual servers support session persistence. B. Virtual servers can translate the virtual server address to a chosen pool member's address when processing traffic. C. Virtual servers can decrypt and re-encrypt SSL packets. D. Virtual servers can decrypt and re-encrypted SSH packets. Answer: A,B,C

QUESTION NO: 8

A. load-balancing method B. monitor(s) C. rule(s) D. pool(s) E. node address(es) Answer: C,D

QUESTION NO: 9 The current status of a given pool is ffline?(red). Which condition could explain that state? Assume the descriptions below include all monitors assigned for each scenario. A. Neither the pool nor it's members or nodes has any monitor assigned. B. A system-wide monitor has tested all nodes successfully, but the pool's members have no specific monitor assigned to them. "Pass Any Exam. Any Time." - www.actualtests.com 4

Ac

tua

Which two can be a part of a virtual server's definition? (Choose two.)

lTe

sts

.co

Exam Express EE0-511: Practice Exam C. The pool has a monitor assigned to it, and some of the pool's members have failed the monitor's test. D. The pool has a monitor assigned to it, and all of the pool's members have failed the monitor's test. Answer: D

QUESTION NO: 10 What is the purpose of floating self-IP addresses? A. to define an address that gives network devices greater flexibility in choosing a path to forward traffic B. to define an address that grants administrative access to either system at any time C. to define an address that allows either system to initiate communication at any time D. to define an address that allows network devices to route traffic via a single IP address Answer: D

QUESTION NO: 11 Where is persistence mirroring configured?

Answer: C

QUESTION NO: 12 Which two can be a part of a pool's definition? (Choose two.) A. persistence type B. profile(s) C. monitor(s) D. load-balancing method E. rule(s) Answer: C,D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. It is a part of the virtual server definition. B. It is a part of the pool definition. C. It is a part of the persistence profile definition. D. It is not configured; it is a default feature.

lTe

sts

.co

Exam Express EE0-511: Practice Exam

QUESTION NO: 13 Click the Exhibit button. A virtual server is defined per the charts. The last five client connections were to members C, D, A, B, B. Given the conditions shown in the exhibit, if a client with IP address 205.12.45.52 opens a connection to the virtual server, which member will be used for the connection? Exhibit: 511-b-10.jpg A. 10.10.20.5:80 B. 10.10.20.4:80 C. 10.10.20.2:80 D. 10.10.20.3:80 E. 10.10.20.1:80 Answer: B

QUESTION NO: 14

Which two F5 switch platforms always have both a compact flash and a hard drive? (Choose two.) A. 5100 B. 6400 C. 1500 D. 3400 E. 2400 F. 1000 Answer: B,D

QUESTION NO: 15 Which two profile types would be required with a virtual server so that cookie persistence is enabled? (Choose two.) A. WWW B. TCP "Pass Any Exam. Any Time." - www.actualtests.com 6

Ac

tua

lTe

sts

.co

Exam Express EE0-511: Practice Exam C. HTTP D. UDP E. source address persistence Answer: B,C

QUESTION NO: 16 Which three methods are available for remote authentication of users allowed to administer a BIGIP system through the Configuration Utility? (Choose three.) A. OCSP B. Radius C. LDAP D. VASCO E. Active Directory Answer: B,C,E

QUESTION NO: 17 How is MAC masquerading configured?

Answer: D

QUESTION NO: 18 Which three files/data items are included in a BIG-IP backup file? (Choose three.) A. the BIG-IP license B. the BIG-IP administrative addresses C. the BIG-IP log files D. the BIG-IP host name "Pass Any Exam. Any Time." - www.actualtests.com 7

Ac

A. Override the manufacturer's address for each floating self-IP address for which you want this feature enabled. B. Override the manufacturer's address for each self-IP address for which you want this feature enabled. C. Override the manufacturer's address for each VLAN on the active system. Synchronize the systems to ensure both BIG-IPs have the same setting. D. Override the manufacturer's address for each VLAN for which you want this feature enabled.

tua

lTe

sts

.co

Exam Express EE0-511: Practice Exam Answer: A,B,D

QUESTION NO: 19 Which statement is true concerning iRules? A. iRules use a proprietary syntax language. B. iRules must contain at least one conditional statement. C. iRules must contain at least one event declaration. D. iRules must contain at least one pool assignment statement. Answer: C

QUESTION NO: 20 Which statement is true concerning iRule events?

You need to terminate client SSL traffic at the BIG-IP and also to persist client traffic to the same pool member based on a BIG-IP supplied cookie. Which four are profiles that would normally be included in the virtual server's definition? (Choose four.) A. ClientSSL B. HTTPS C. ServerSSL D. HTTP E. TCP F. Cookie-Based Persistence Answer: A,D,E,F

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

QUESTION NO: 21

tua

Answer: B

lTe

A. All iRule events are appropriate at any point in the client-server communication. B. All client traffic, regardless the service or application, has processes that could be used to trigger iRule events. C. If an iRule references an event that doesn't occur during the client's communication, the client's connection will be terminated prematurely. D. All iRule events relate to HTTP processes.

sts

.co

Exam Express EE0-511: Practice Exam QUESTION NO: 22 Click the Exhibit button. A virtual server is defined per the charts. The last five client connections were to members C, D, A, B, B. Given the conditions shown in the exhibit, if a client with IP address 205.12.45.52 opens a connection to the virtual server, which member will be used for the connection? Exhibit: 511-a-11.jpg A. 10.10.20.3:80 B. 10.10.20.5:80 C. 10.10.20.4:80 D. 10.10.20.1:80 E. 10.10.20.2:80 Answer: E

QUESTION NO: 23

You have a pool of servers that need to be tested. All of the servers but one should be tested every 10 seconds, but one is slower and should only be tested every 20 seconds. How can this be done? A. It cannot be done. All of the members of a pool must be tested at the same frequency. B. It cannot be done. All monitors test every five seconds. C. It can be done, but will require assigning monitors to each pool member. D. It can be done by assigning one monitor to the pool and a different monitor to the slower server. Answer: D

QUESTION NO: 24 Assume the bigd daemon fails on the active system. Which three are possible results? (Choose three.) A. The active system will fail-over and the standby system will go into active mode. B. The active system will continue in active mode but gather member and node state information from the standby system. C. The active system will restart the bigd daemon and continue in active mode. "Pass Any Exam. Any Time." - www.actualtests.com 9

Ac

tua

lTe

sts

.co

Exam Express EE0-511: Practice Exam D. The active system will reboot and the standby system will go into active mode. E. The active system will restart the tmm daemon and continue in active mode. Answer: A,C,D

QUESTION NO: 25 Click the Exhibit button. A virtual server is defined using a source-address based persistence profile. The last five connections were A, B, C, A, C. Given the conditions shown in the exhibit, if a client with IP address 195.64.45.52 opens a connection to the virtual server, which member will be used for the connection? Exhibit: 511-b-23.jpg A. 10.10.20.5:80 B. 10.10.20.1:80 C. 10.10.20.4:80 D. 10.10.20.2:80 E. 10.10.20.3:80 Answer: E

QUESTION NO: 26 Click the Exhibit button.

A virtual server is defined using a source-address based persistence profile. The last five connections were A, B, C, A, C. Given the conditions shown in the exhibit, if a client with IP address 205.12.45.52 opens a connection to the virtual server, which member will be used for the connection? Exhibit: 511-a-24.jpg A. 10.10.20.5:80 B. 10.10.20.4:80 C. 10.10.20.1:80 D. 10.10.20.3:80

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

10

Exam Express EE0-511: Practice Exam E. 10.10.20.2:80 Answer: B

QUESTION NO: 27 Which statement is true concerning communication between a redundant pair of BIG-IP devices? A. Data for both connection and persistence mirroring are shared through the same TCP connection. B. Regardless of the configuration, some data is communicated between the systems at regular intervals. C. Communication between the systems cannot be effected by port lockdown settings. D. Connection mirroring data is shared through the serial fail-over cable unless network fail-over is enabled.

Answer: C

QUESTION NO: 29 When network fail-over is enabled, what is the interaction with the fail-over cable? A. The fail-over cable voltage always takes precedence over network fail-over. B. The fail-over cable status is ignored. Fail-over is determined by the network status only. C. Either a network failure or loss of voltage across the fail-over cable will cause a fail-over. D. A network failure will not cause a fail-over as long as there is a voltage across the fail-over cable. Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. Larger groups of clients would persist to the same pool members. B. More clients would match existing persistence records. C. A greater number of persistence records would probably be created. D. There would be no direct changes.

lTe

What is the expected result if the source address persistence mask is changed from 255.255.0.0 to 255.255.255.0?

sts

QUESTION NO: 28

.co

Answer: A

11

Exam Express EE0-511: Practice Exam

QUESTION NO: 30 How is persistence configured? A. Persistence is a profile type; an appropriate profile is created and associated with virtual server. B. Persistence is a global setting; once enabled, load-balancing choices are superceded by the persistence method that is specified. C. Persistence is an option within each pool's definition. D. Persistence is an option for each pool member. When a pool is defined, each member's definition includes the option for persistence. Answer: A

QUESTION NO: 31

A site is load-balancing traffic via a pool of routers. Which statement is true concerning BIG-IP's monitor's ability to verify whether the routers are functioning properly or not? A. BIG-IP monitors can only check servers, they cannot test routers. B. Many BIG-IP monitors can be used to check the router's "near" interface, but there is no way to test any "far" interface. C. BIG-IP monitors can test through a router to a specified destination. Responses from this destination indicate the router is functioning. D. Monitors can directly query the router's interfaces via HTTP probes to determine whether the interfaces are functioning.

QUESTION NO: 32 You have created a custom profile named TEST2. The parent profile of TEST2 is named TEST1. If additional changes are made to TEST1, what is the effect on TEST2? A. When TEST1 is changed, the administrator is prompted and can choose whether to propagate changes to TEST2. B. Changes to TEST1 cannot affect TEST2 once TEST2 is saved. C. Some of the changes to TEST1 may propagate to TEST2. D. All changes to TEST1 are propagated to TEST2. Answer: C "Pass Any Exam. Any Time." - www.actualtests.com 12

Ac

Answer: C

tua

lTe

sts

.co

Exam Express EE0-511: Practice Exam

QUESTION NO: 33 A site needs to terminate client HTTPS traffic at the BIG-IP and forward that traffic unencrypted. Which two are profile types that would normally be associated with such a virtual server? (Choose two.) A. ClientSSL B. TCP C. HTTPS D. ServerSSL E. HTTP F. UDP

QUESTION NO: 34

Answer: B

QUESTION NO: 35

Which three are events that can be used to trigger iRule data processing? (Choose three.) A. SERVER_SELECTED B. HTTP_REDIRECT C. HTTP_REQUEST D. CLIENT_ACCEPTED E. SERVER_REJECTED Answer: A,C,D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. MAC masquerade addresses B. virtual server addresses C. VLAN fail-safe settings D. host names E. all self-IP addresses

lTe

sts

Which parameters are set to the same value when a pair of BIG-IP devices are synchronized?

.co

Answer: A,B

13

Exam Express EE0-511: Practice Exam QUESTION NO: 36 Which is an advantage of terminating SSL communication at the BIG-IP rather than the ultimate web server? A. Terminating SSL at the BIG-IP eliminates the need to use SSL acceleration hardware anywhere in the network. B. Terminating SSL at the BIG-IP can eliminate SSL processing at the web servers that reduces their load. C. Terminating SSL at the BIG-IP eliminates the need to purchase SSL certificates from a certificate authority. D. Terminating SSL at the BIG-IP eliminates all un-encrypted traffic from the network that enhances security. Answer: B

QUESTION NO: 37

Answer: C,D

QUESTION NO: 38 Assuming there are open connections through an active system's NAT and a fail-over occurs, by default, what happens to the connections? A. All open connections are lost, but new connections are initiated by the newly active BIG-IP, resulting in minimal client downtime. B. All open connections will be lost. C. All open connections will be maintained. D. Long-lived connections such as Telnet and FTP will be maintained while short-lived connections such as HTTP will be lost. "Pass Any Exam. Any Time." - www.actualtests.com 14

Ac

tua

A. If the destination of the traffic matches a virtual server, the traffic will be forwarded, but it cannot be load-balanced since a SNAT has not been configured. B. If the destination of the traffic does not match a virtual server, the traffic will be forwarded based on routing tables. C. If the destination of the traffic matches a virtual server, the traffic will be processed per the virtual servers definition. D. If the destination of the traffic does not match a virtual server, the traffic will be discarded.

lTe

sts

Assume a BIG-IP has no NATs or SNATs configured. Which two scenarios are possible when client traffic arrives on a BIG-IP? (Choose two.)

.co

Exam Express EE0-511: Practice Exam E. The "Mirror" option must be chosen on the NAT and the setting synchronized prior to the connection establishment. Answer: C

QUESTION NO: 39 Assume a virtual server is configured with a client-side SSL profile. What would the result be if the virtual server's destination port were not 443? A. SSL termination could not be performed if the virtual server's port was not port 443. B. Virtual servers with a ClientSSL profile are always configured with a destination port of 443. C. As long as client traffic was directed to the alternate port, the virtual server would work as intended. D. Since the virtual server is associated with a ClientSSL profile, it will always process traffic sent to port 443. Answer: C

QUESTION NO: 40

Answer: A,B,D

QUESTION NO: 41 When configuring a pool member's monitor, which three association options are available? (Choose three.) A. assign a monitor to the specific member B. inherit the node's monitor C. inherit the pool's monitor D. do not assign any monitor to the specific member E. configure a default monitor "Pass Any Exam. Any Time." - www.actualtests.com 15

Ac

A. connection limits B. health monitors C. load-balancing mode D. ratio values E. priority values

tua

lTe

Which three properties can be assigned to nodes? (Choose three.)

sts

.co

Exam Express EE0-511: Practice Exam Answer: A,C,D

QUESTION NO: 42 Where is connection mirroring configured? A. It is not configured; it is default behavior. B. It is an optional feature of each pool. C. It is an optional action within an iRule. D. It is an optional feature of each virtual server. Answer: D

QUESTION NO: 43

Which VLANs must be enabled for a SNAT to perform as desired (translating only desired packets)? A. The SNAT must be enabled for the VLANs where desired packets arrive on the BIG-IP. B. The SNAT must be enabled for the VLANs where desired packets arrive and leave the BIG-IP. C. The SNAT must be enabled for all VLANs. D. The SNAT must be enabled for the VLANs where desired packets leave the BIG-IP. Answer: A

QUESTION NO: 45

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

QUESTION NO: 44

tua

Answer: D

lTe

A. an address on the current system used to initiate mirroring and network fail-over heartbeat messages B. an address used by the current system to listen for fail-over messages from the partner BIG-IP C. the address used by the current system to send messages to monitoring stations D. an address of the other system in a redundant pair configuration

sts

.co

When using the setup utility to configure a redundant pair, you are asked to provide a "Failover Peer IP". Which address is this?

16

Exam Express EE0-511: Practice Exam A site has six members in a pool. All of the servers have been designed, built, and configured with the same applications. It is known that each client's interactions vary significantly and can affect the performance of the servers. If traffic should be sent to all members on a regular basis, which load-balancing method is effective if the goal is to maintain a relatively even load across all servers? A. Round Robin B. Priority C. Ratio Member D. Observed Answer: D

QUESTION NO: 46 Which two statements are true concerning communication between a redundant pair of BIG-IP devices? (Choose two.) A. Connection mirroring data is shared via a TCP connection using port 1028. B. Synchronization occurs via a TCP connection using ports 683 and 684. C. Connection mirroring data is shared through the serial fail-over cable unless network fail-over is enabled. D. Persistence mirroring data is shared via a TCP connection using port 1028. Answer: A,D

QUESTION NO: 47

Which statement accurately describes the relation between the two load-balancing modes specified as "member" and "node"? A. There is no difference; the two terms are referenced for backward compatibility purposes. B. Load-balancing options referencing "nodes" are available only when the pool members are defined for the "any" port. C. When the load-balancing choice references "node", the address' parameters are used to make the load-balancing choice rather than the member's parameters. D. When the load-balancing choice references "node", priority group activation is unavailable. Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

17

Exam Express EE0-511: Practice Exam QUESTION NO: 48 Assuming other fail-over settings are at their default state, what would occur if the fail-over cable were to be disconnected for two seconds and then reconnected? A. As long as network communication is not lost, no change will occur. B. When the cable is disconnected, both systems will become active. When the voltage is restored, unit two will revert to standby mode. C. Nothing. Fail-over due to loss of voltage will not occur if the voltage is lost for less than six seconds. D. When the cable is disconnected, both systems will become active. When the voltage is restored, both systems will maintain active mode. Answer: B

QUESTION NO: 49 What is the purpose of MAC masquerading?

Answer: B

QUESTION NO: 50

A site would like to ensure that a given web server's default page is being served correctly prior to sending it client traffic. Which monitor template would be the simplest to use? A. FTP B. SNMP C. HTTP D. WWW E. ICMP Answer: C

QUESTION NO: 51

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

A. to minimize ARP entries on routers B. to minimize connection loss due to ARP cache refresh delays C. to prevent ARP cache errors D. to allow both BIG-IP devices to always use the same MAC address

sts

.co

18

Exam Express EE0-511: Practice Exam Click the Exhibit button. A virtual server is defined using a source-address based persistence profile. The last five connections were A, B, C, A, C. Given the conditions shown in the exhibit, if a client with IP address 205.12.45.52 opens a connection to the virtual server, which member will be used for the connection? Exhibit: 511-a-28.jpg A. 10.10.20.3:80 B. 10.10.20.2:80 C. 10.10.20.5:80 D. 10.10.20.4:80 E. 10.10.20.1:80 Answer: D

Answer: B

QUESTION NO: 53 A site needs a virtual server that will use an iRule to parse traffic based on HTTP header values. Which two profile types would normally be associated with such a virtual server? (Choose two.) A. FTP B. FastL4 C. TCP D. UDP

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

A. The process should always be run from the standby system. B. The two /config/bigip.conf configuration files are synchronized (made identical) each time the process is run. C. The process should always be run from the system with the latest configuration. D. Multiple files, including /config/bigip.conf and /config/bigip_base.conf, are synchronized (made identical) each time the process is run.

tua

lTe

Which statement is true about the synchronization process, as performed by the Configuration Utility or by typing b config sync all?

sts

QUESTION NO: 52

.co

19

Exam Express EE0-511: Practice Exam E. HTTP F. HTTPS Answer: C,E

QUESTION NO: 54 Which two statements describe differences between the active and standby systems? (Choose two.) A. Configuration changes can only be made on the active system. B. Monitors are performed only by the active system. C. Virtual server addresses are hosted only by the active system. D. Floating self-IP addresses are hosted only by the active system. E. Fail-over triggers only cause changes on the active system.

Click the Exhibit button.

A virtual server is defined using a source-address based persistence profile. The last five connections were A, B, C, A, C. Given the conditions shown in the exhibit, if a client with IP address 205.12.45.52 opens a connection to the virtual server, which member will be used for the connection? Exhibit: 511-b-24.jpg A. 10.10.20.3:80 B. 10.10.20.5:80 C. 10.10.20.4:80 D. 10.10.20.1:80 E. 10.10.20.2:80 Answer: C

QUESTION NO: 56 What is the difference between a node and a pool member? "Pass Any Exam. Any Time." - www.actualtests.com 20

Ac

tua

lTe

sts

QUESTION NO: 55

.co

Answer: C,D

Exam Express EE0-511: Practice Exam A. A pool member is defined as an IP address:port combination and a node is defined as an IP address only. B. A node is defined as an IP address:port combination and a pool member is defined as an IP address only. C. There is no difference between a node and a pool member. D. Both are an IP address:port combination, but a node's port is never specified (any port). Answer: A

QUESTION NO: 57 Given that VLAN Fail-Safe is enabled on the external VLAN and the network that the active BIGIP's external VLAN is connected to has failed, which statement is always true about the results? A. The active system will reboot and the standby system will go into active mode. B. The active system will note the failure in the HA table and may reboot. C. The active system will restart the traffic management module to eliminate the possibility that BIG-IP is the cause for the network failure. D. The active system will fail-over and the standby system will go into active mode. Answer: B

QUESTION NO: 58

A. UDP B. FTP C. HTTPS D. ClientSSL E. ServerSSL Answer: D,E

QUESTION NO: 59 Which two must be sent to the license server to generate a new license? (Choose two.) A. the system's registration key "Pass Any Exam. Any Time." - www.actualtests.com 21

Ac

tua

You need to terminate client SSL traffic at the BIG-IP and re-encrypt it after using an iRule to choose a pool to process the data. Which two are profile types that would normally be associated with such a virtual server? (Choose two.)

lTe

sts

.co

Exam Express EE0-511: Practice Exam B. the system's dossier C. the system's host name D. the system's base license E. the system's purchase order number Answer: A,B

QUESTION NO: 60 When defining a monitor based on the ICMP template, which option can be specified? A. Server name B. Timeout value C. Pool member association D. Pool association E. Send string Answer: B

QUESTION NO: 61

Answer: D

QUESTION NO: 62 Which two statements are true about NATs? (Choose two.) A. NATs support UDP, TCP, and ICMP traffic. B. NATs provide a one-to-one mapping between IP addresses. C. NAT addresses can be identical to virtual server IP addresses. D. NATs provide a many-to-one mapping between IP addresses. Answer: A,B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

A. askf5 B. bigtop C. tcpdump D. qkview

lTe

Which tool captures a BIG-IP's configuration and logs?

sts

.co

22

Exam Express EE0-511: Practice Exam QUESTION NO: 63 A site is load-balancing to a pool of web servers. Which statement is true concerning BIG-IP's monitor's ability to verify whether the web servers are functioning properly or not? A. Web server monitors always verify the contents of the index.html page. B. Web server monitors can test the content on any page on the server. C. Web server monitors can test whether the server's address is reachable, but cannot test a page's content. D. Web server monitors can test the content of static web pages, but cannot query pages that would require the web server to dynamically find content. Answer: B

Answer: C

Which statement is true concerning iRules? A. iRules use a proprietary syntax language. B. iRules must contain at least one conditional statement. C. iRules must contain at least one pool assignment statement. D. iRules must contain at least one event declaration. Answer: D

QUESTION NO: 66 Which statement is true concerning cookie persistence?

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

QUESTION NO: 65

tua

lTe

A. Client performance is enhanced when clients are sent to the same server over and over again. B. Persistence features allow clients to bypass security features and therefore decrease client response time. C. Some applications behave better when clients return to the same server rather than any server in the pool. D. Persistence is only important when load-balancing HTTP applications.

sts

.co

Why is persistence an important feature of a load-balancing product?

QUESTION NO: 64

23

Exam Express EE0-511: Practice Exam A. If a client's browser accepts cookies, cookie persistence will always cause a cookie to be written on the client system. B. Cookie persistence allows persistence even if the data are encrypted from client to pool member. C. Cookie persistence uses a cookie that stores the virtual server, pool name, and member IP address in clear text. D. Cookie persistence allows persistence independent of IP addresses. Answer: D

QUESTION NO: 67 Assume a virtual server is configured with a client-side SSL profile. What would the result be if the virtual server's destination port were not 443? A. Virtual servers with a ClientSSL profile are always configured with a destination port of 443. B. Since the virtual server is associated with a ClientSSL profile, it will always process traffic sent to port 443. C. As long as client traffic was directed to the alternate port, the virtual server would work as intended. D. SSL termination could not be performed if the virtual server's port was not port 443. Answer: C

QUESTION NO: 68

Which action might take place when a failover trigger is detected by the active system? A. The active device will either restart an offending process, fail-over, or reboot. B. The standby device also detects the failure and assumes the active role. C. The standby device will begin processing virtual servers that have failed, but the active device will continue servicing the functional virtual servers. D. The active device will wait for all connections to terminate and then fail-over. Answer: A

QUESTION NO: 69 Assume a client's traffic is being processed only by a NAT; no SNAT or virtual server processing takes place. Also assume that the NAT definition specifies a NAT address and an origin address while all other settings are left at their defaults. If the client were to initiate traffic to the NAT address, what changes, if any, would take place when the BIG-IP processes such packets? "Pass Any Exam. Any Time." - www.actualtests.com 24

Ac

tua

lTe

sts

.co

Exam Express EE0-511: Practice Exam A. The client address would not change, but the server address would be translated to the origin's addresses. B. The client address would not change, but the server address would be translated to the chosen pool member's address. C. The server's address would not change, but the client's address would be translated to the NAT's address. D. The client address would not change, but the server address would be translated to the NAT's address. Answer: A

QUESTION NO: 70 How is the load-balancing mode specified? A. within the pool definition B. within the node definition C. within the virtual server definition D. within the pool member definition Answer: A

QUESTION NO: 71

A. Never. Each virtual server has a maximum of one profile. B. Unlimited. Profiles can work together in any combination to ensure that all traffic types are supported in a given virtual server. C. Often. Profiles work on different layers and combining profiles is common. D. Rarely. One combination, using both the TCP and HTTP profile does occur, but it is the exception. Answer: C

QUESTION NO: 72 A BIG-IP has two SNATs, a pool of DNS servers and a virtual server configured to load-balance UDP traffic to the DNS servers. One SNAT's address is 64.100.130.10; this SNAT is defined for all addresses. The second SNAT's address is 64.100.130.20; this SNAT is defined for three specific addresses, 172.16.3.54, "Pass Any Exam. Any Time." - www.actualtests.com 25

Ac

tua

When can a single virtual server be associated with multiple profiles?

lTe

sts

.co

Exam Express EE0-511: Practice Exam 172.16.3.55, and 172.16.3.56. The virtual server's destination is 64.100.130.30:53. The SNATs and virtual server have default VLAN associations. If a client with IP address 172.16.3.55 initiates a request to the virtual server, what is the source IP address of the packet as it reaches the chosen DNS server? A. 64.100.130.30 B. 172.16.3.55 C. 64.100.130.10 D. 64.100.130.20 Answer: D

QUESTION NO: 73 Assuming there are open connections through an active system's virtual servers and a fail-over occurs, by default, what happens to the connections? A. Long-lived connections such as Telnet and FTP are maintained, but short-lived connections such as HTTP are lost. B. All open connections are maintained. C. All open connections are lost. D. When persistence mirroring is enabled, open connections are maintained even if a fail-over occurs. E. All open connections are lost, but new connections are initiated by the newly active BIG-IP, resulting in minimal client downtime. Answer: C

QUESTION NO: 74

What is the default IP address on a BIG-IP's management port? A. 192.168.1.245/24 B. 192.168.245.245/24 C. 192.168.245.245/16 D. 192.168.1.245/16 Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

26

Exam Express EE0-511: Practice Exam QUESTION NO: 75 Which statement is true concerning iRule context? A. The iRule event declaration determines the context. B. The context must be explicitly declared. C. The iRule command determines the context. D. The results of the iRule's conditional statement determines the context. Answer: A

QUESTION NO: 76 Which three methods can be used for initial access to a BIG-IP system? (Choose three.) A. HTTP access to the management port B. serial console access C. HTTPS access to the management port D. HTTPS access to any of the switch ports E. SSH access to the management port F. HTTP access to any of the switch ports G. SSH access to any of the switch ports Answer: B,C,E

QUESTION NO: 77

A. bandwidth utilization B. switchboard packet processing ability C. pool member packet processing ability D. VLAN communication ability E. CPU utilization percentage Answer: B,C,D

QUESTION NO: 78 A monitor has been defined using the HTTP monitor template. The send and receive string were customized, but all other settings were left at their defaults. Which resources can the monitor be "Pass Any Exam. Any Time." - www.actualtests.com 27

Ac

Which three processes or systems can be monitored and used as fail-over triggers in a redundant pair configuration? (Choose three.)

tua

lTe

sts

.co

Exam Express EE0-511: Practice Exam assigned to? A. only specific pool members B. any virtual server C. any node D. any pool Answer: D

QUESTION NO: 79 Which statement is true concerning SSL termination? A. When any virtual server uses a ClientSSL profile, all SSL traffic sent to the BIG-IP is decrypted before it is forwarded to servers. B. Decrypting traffic at the BIG-IP allows the use of iRules for traffic management, but increases the server load. C. A virtual server that has both ClientSSL and ServerSSL profiles can still support cookie persistence. D. When the ClientSSL and ServerSSL options are combined, SSL processing is reduced on the servers.

Which two properties can be assigned to a pool? (Choose two.) A. load-balancing mode B. connection limits C. priority values D. ratio values E. health monitors Answer: A,E

QUESTION NO: 81 Which three statements describe a characteristic of profiles? (Choose three.) A. A profile can be a child of one profile and a parent of another.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

QUESTION NO: 80

lTe

Answer: C

sts

.co

28

Exam Express EE0-511: Practice Exam B. While most virtual servers have at least one profile associated with them, it is not required. C. Default profiles cannot be created or deleted. D. All changes to parent profiles are propagated to their child profiles. E. Custom profiles are always based on a parent profile. Answer: A,C,E

QUESTION NO: 82 Which three statements are true about SNATs? (Choose three.) A. SNAT addresses can be identical to virtual server IP addresses. B. SNATs provide bi-directional traffic initiation. C. SNATs support UDP, TCP, and ICMP traffic. D. SNATs provide a many-to-one mapping between IP addresses.

The current status of a given pool member is nknown? Which condition could explain that state? A. The member has a monitor assigned to it and the monitor did not succeed during the most recent timeout period. B. The member has no monitor assigned to it. C. The member has a monitor assigned to it and the most recent monitor was successful. D. The member's node has a monitor assigned to it and the monitor did not succeed during the most recent timeout period. Answer: B

QUESTION NO: 84 Why is the context of an event significant in iRule processing? A. The context determines the values of commands that vary between client and server. B. The context determines which events are available for iRule processing. C. The context determines which pools are available for load-balancing. D. While the context explicitly defines the values of commands, there is no ambiguity when the context is not known.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

QUESTION NO: 83

.co

Answer: A,C,D

29

Exam Express EE0-511: Practice Exam Answer: A

QUESTION NO: 85 Which two statements are true concerning differences between BIG-IP platforms? (Choose two.) A. All F5 switch ports are tri-speed; 10, 100 or 1000 Mbps. B. The 1500 and 3400 are in a 1U chassis while the 6400 is in a 2U chassis. C. All BIG-IP platforms use both an ASIC and CPU(s) to process traffic. D. The 1500, 3400 and 6400 have greater SSL capabilities after the initial SSL handshake than the 1000, 2400, and 5100. E. The 1500 hosts more ports than the 3400. Answer: B,D

QUESTION NO: 86

QUESTION NO: 87 Which tool captures data packets being processed by a BIG-IP? A. bigtop B. qkview C. tcpdump D. askf5 Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

Answer: A

tua

A. Whether or not network fail-over is enabled, the standby system will stay in standby mode. B. If network fail-over is enabled, the standby system will go into active mode but only until the network recovers. C. If network fail-over is enabled, the standby system will assume the active mode. D. Whether or not network fail-over is enabled, the standby system will assume the active mode.

lTe

sts

Assuming that systems are synchronized, which action could take place if the fail-over cable is connected correctly and working properly, but the systems cannot communicate over the network due to external network problems?

.co

30

Exam Express EE0-511: Practice Exam QUESTION NO: 88 Which two methods can be used to determine which BIG-IP is currently active? (Choose two.) A. The status (Active/Standby) is embedded in the command prompt. B. The bigtop command displays the status. C. The ifconfig -a command displays the floating addresses on the active system. D. Only the active system's configuration screens are active. Answer: A,B

QUESTION NO: 89 Given the rule below, which two statements are true? (Choose two.) rule ExampleRule { when HTTP_REQUEST { if { [HTTP::uri] contains "f5" } { pool pool1 } else { pool pool2 } } }

A. The following request would be sent to pool1 http://www.f5.com/f5/training/index.html B. The following request would be sent to pool1 http://www.f5.com/ffivetraining/index.html C. The following request would be sent to pool1 http://www.f5.com/training/index.html D. The following request would be sent to pool1 http://www.f5.com/f5training/index.html E. The following request would be sent to pool2 http://www.f5.com/f5training/index.html Answer: A,D

QUESTION NO: 90

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

31

Exam Express EE0-511: Practice Exam What is the expected result if the source address persistence mask is changed from 255.255.255.0 to 255.255.0.0? A. Larger groups of clients would persist to the same pool members. B. There would be no direct changes. C. Fewer clients would match existing persistence records. D. A greater number of persistence records would probably be created. Answer: A

QUESTION NO: 91 Which cookie persistence method requires the least configuration changes on the web servers to be implemented correctly? A. hash B. rewrite C. passive D. insert Answer: D

QUESTION NO: 92

A. Changes to TEST1 cannot affect TEST2 once TEST2 is saved. B. Some of the changes to TEST1 may propagate to TEST2. C. All changes to TEST1 are propagated to TEST2. D. When TEST1 is changed, the administrator is prompted and can choose whether to propagate changes to TEST2. Answer: B

QUESTION NO: 93 A site has six members in a pool. Three of the servers are new and have more memory and a faster processor than the others. Assuming all other factors are equal and traffic should be sent to all members, which two load-balancing methods are appropriate? (Choose two.)

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

You have created a custom profile named TEST2. The parent profile of TEST2 is named TEST1. If additional changes are made to TEST1, what is the effect on TEST2?

lTe

sts

.co

32

Exam Express EE0-511: Practice Exam A. Observed B. Ratio Member C. Priority D. Round Robin Answer: A,B

QUESTION NO: 94 Which three methods are available for remote authentication of users allowed to administer a BIGIP system through the Configuration Utility? (Choose three.) A. LDAP B. VASCO C. Active Directory D. OCSP E. Radius Answer: A,C,E

QUESTION NO: 95

A site would like to ensure that a given server's IP address is reachable prior to sending it client traffic. Which monitor template would be the simplest to use? A. TCP B. PING C. ICMP D. HTTP E. SNMP Answer: C

QUESTION NO: 96 A load-balancing virtual server has been associated with a pool with multiple members. Assuming all other settings are left at their defaults, which statement is always true concerning traffic processed by the virtual server? A. The server IP address is unchanged whether the traffic is between the BIG-IP and client or the BIG-IP and server. "Pass Any Exam. Any Time." - www.actualtests.com 33

Ac

tua

lTe

sts

.co

Exam Express EE0-511: Practice Exam B. The client IP address is unchanged whether the traffic is between the BIG-IP and client or the BIG-IP and server. C. The TCP ports used in the client to BIG-IP connection are the same as the TCP ports in the BIG-IP to server connection. D. The IP addresses used in the client to BIG-IP connection are the same as the IP addresses in the BIG-IP to server connection. Answer: B

QUESTION NO: 97 A BIG-IP has two SNATs, a pool of DNS servers and a virtual server configured to load-balance UDP traffic to the DNS servers. One SNAT's address is 64.100.130.10; this SNAT is defined for all addresses. The second SNAT's address is 64.100.130.20; this SNAT is defined for three specific addresses, 172.16.3.54, 172.16.3.55, and 172.16.3.56. The virtual server's destination is 64.100.130.30:53. The SNATs and virtual server have default VLAN associations. If a client with IP address 172.16.3.60 initiates a request to the virtual server, what is the source IP address of the packet as it reaches the chosen DNS server? A. 64.100.130.10 B. 64.100.130.20 C. 172.16.3.60 D. 64.100.130.30 Answer: A

QUESTION NO: 98

Which statement is true regarding fail-over? A. By default, hardware fail-over detects voltage across the fail-over cable and monitors traffic across the internal VLAN. B. Hardware fail-over can be used in conjunction with network failover. C. If the hardware fail-over cable is disconnected, both BIG-IP devices will always assume the active role. D. Hardware fail-over is disabled by default. Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

34

Exam Express EE0-515

EE0-515 FirePass v6 exam

Practice Test
Version 3.0

Exam Express EE0-515: Practice Exam QUESTION NO: 1 User1's logon has access and the share path is <\\Server\User1>. Which two FirePass Windows Files favorites would link the user to User1's share? (Choose two.) A. Logged into Windows as "User1", logged intoFirePass as "User2", FirePass link \\Server\%winlogin%. B. Logged into Windows as "User2", logged intoFirePass as "User1", FirePass link \\Server\%winlogin%. C. Logged into Windows as "User1", logged intoFirePass as "User2", FirePass link \\Server\%username%. D. Logged into Windows as "User2", logged intoFirePass as "User1", FirePass link <\\Server\%username%>. E. Logged into Windows as "User2", logged intoFirePass as "User2", FirePass link \\Server\User1 and when prompted enter User1's Windows login and password. Answer: D,E

QUESTION NO: 2

Which two statements are true about Resource and Master Groups? (Choose two.) A. Master Groups contain authentication parameters. B. Resource Groups contain authentication parameters. C. Master Groups contain both authentication parameters and links to features. D. Both Resource and Mastergroups are a required part of a FirePass configuration. Answer: A,D

QUESTION NO: 3

Which two statements are true about initial access to the FirePass 1200 Controller? (Choose two.) A. The Admin has limited access through a serial terminal using "maintenance" at the console login. B. The Admin has Unix command line access through a serial terminal using root / default as the userid and password. C. The Admin has web configuration access to https://192.168.1.99/admin/ using admin / admin as the userid and password. D. The Admin has web configuration access to https://192.168.1.245/admin/ using admin / admin as the userid and password. E. The Admin has Unix command line access through a keyboard and monitor using root / default as the userid and password. "Pass Any Exam. Any Time." - www.actualtests.com 2

Ac

tua

lTe

sts

.co

Exam Express EE0-515: Practice Exam Answer: A,C

QUESTION NO: 4 Which statement is true about the NAPT option when a Network Access connection to FirePass is used? A. When enabled, NAPT translates theFirePass virtual address to the application Server Address. B. The NAPT option is used when connecting to the Portal Access feature and translates the client source address to the FirePass Address. C. The NAPT option is used when connecting to the Network Access feature and translates the client source address to the FirePass Address. D. The NAPT option is used when connecting to the Application Access feature and translates the client source address to the FirePass Address. Answer: C

QUESTION NO: 5

Which two statements are true about Clustering on FirePass? (Choose two.) A. The configuration is synched from the Slave to the Master automatically. B. The configuration is synched from the Master to the Slave automatically. C. The configuration is synched from the Slave to the Master manually by an Administrator. D. The configuration is synched from the Master to the Slave manually by an Administrator. E. If using failover pairs, the Standby Slave gets its configuration directly from the Master box. F. If using failover pairs, the Standby Slave gets its configuration from its Active failover partner. Answer: B,F

QUESTION NO: 6 Which statement is true about configuring the IP Address Pool? A. Only one IP Address pool may be configured on theFirePass Controller. B. Different user groups may be configured to use different IP Address pools. C. IP Address Pools are used for both Network Access and Application Access. D. The IP Address range for the pool may include one or more of the configured FirePass interface addresses. Answer: B "Pass Any Exam. Any Time." - www.actualtests.com 3

Ac

tua

lTe

sts

.co

Exam Express EE0-515: Practice Exam

QUESTION NO: 7 Which statement is true regarding Portal Access: Access Control Lists? A. ACL's can be applied to the Master Group and Favorites. B. ACL's can prevent favorites from being viewable from theWebtop. C. ACL's require that an Active X component be downloaded and installed automatically when the user clicks on a favorite. D. Un-checking "show administrator defined favorites only" on the Master Group settings page will allow the user to browse to any URL regardless of the configured ACL's. Answer: A

QUESTION NO: 8

From which three sources can users be directly imported into FirePass? (Choose three.) A. CSV file B. remote Radius Server C. remote VASCO Server D. remote LDAP Server directory E. remote Active Directory Server F. localFirePass Server Master Password file Answer: A,D,E

QUESTION NO: 9

At logon time, dynamic group mapping associates users with which groups? A. One Master Group and zero or more Resource Groups B. One Master Group and at least one or more Resources Groups C. One or more Master Groups and zero or more Resource Groups D. One or more Master Groups and at least one or more Resource Groups Answer: A

QUESTION NO: 10 "Pass Any Exam. Any Time." - www.actualtests.com 4

Ac

tua

lTe

sts

.co

Exam Express EE0-515: Practice Exam Which type of connection to application servers CANNOT be accomplished by the FirePass Application Access feature set? A. ssh access to Unix host B. telnet access toUnix host C. telnet access to mainframe host D. serial terminal access toUnix host E. Terminal Server access to Windows Terminal Server Answer: D

QUESTION NO: 11 Which two sequences include the "required" steps, in the correct order, for configuring Failover on the FirePass Controller? (Choose two.) 1.restart First (Primary) 2.restart Second (Secondary) 3.enable Failover option on First 4.enable Failover option on Second 5.configure virtual IP Address on First 6. configure virtual IP Address on Second A. 3, 1, 5, 4, 2, 6 B. 3, 1, 4, 2, 5, 6 C. 3, 1, 5, 1, 4, 2, 6, 2 D. 3, 1, 4, 2, 5, 1, 6, 2 E. 5, 1, 3, 1, 6, 2, 4, 2 F. 5, 1, 6, 2, 3, 1, 4, 2 Answer: C,D

A FirePass snapshot can be accomplished in which way? A. A snapshot may be saved to a local PC using the web configuration Admin console. B. A snapshot may be saved to the local PC using the command line "maintenance" script. C. A snapshot may be saved to theFirePass hard-drive using the web configuration Admin console. D. A snapshot may be saved to theFirePass hard-drive using the command line "maintenance" script. Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

QUESTION NO: 12

tua

lTe

sts

.co

Exam Express EE0-515: Practice Exam QUESTION NO: 13 Which two statements are true about FirePass Portal Access connections? (Choose two.) A. For Mobile Email connections, the FirePass Server converts Mail Server protocols to html before presenting to the client. B. For Mobile Email connections, the FirePass Server downloads an ActiveX control that converts native Mail Server data to html. C. For Windows File connections, the FirePass Server converts native Windows Server file data to html before presenting to the client. D. For Windows File connections, the FirePass Server downloads a Java control that converts native Windows Server file data to html. Answer: A,C

QUESTION NO: 14

Which is a valid way to tell whether the Admin is connected to the Master as opposed to the Slave Node in a cluster of FirePass Controllers? A. Admin console /Clustering option is absent. B. Admin console /Clustering option is present. C. Admin console / Portal Access option is present. D. Admin console / Network Access option is present. Answer: C

Which is a valid method to limit FirePass configuration access to the GUI Admin Console? A. Limit to SSH. B. Limit by IP Subnet. C. Limit by MAC Address. D. Limit to client operating system. Answer: B

QUESTION NO: 16 A new FirePass V6 setup environment has the following default settings: One Resource Group is statically mapped to one Master Group with two Dynamic AppTunnel Favorites configured. One for "Pass Any Exam. Any Time." - www.actualtests.com 6

Ac

QUESTION NO: 15

tua

lTe

sts

.co

Exam Express EE0-515: Practice Exam the putty application to access 172.16.20.2 and a second for telnet to 172.16.20.3. For the whole Resource Group there is an Allow List entry for the 172.16.0.0/16 network. In this situation, if the AppTunnels are open, which two statements are true? (Choose two.) A. As the default action for the Master Group is Deny, no access is possible. B. Users of that Master Group have access to the whole 172.16./16 network. C. Configuration of a Resource Group Allow List and a specific Favorite Allow List is not possible. D. Users of all Master Groups with that Resource Group mapped have access to 172.16.20.2:22 and 172.16.20.3:23. Answer: B,D

QUESTION NO: 17

Which statement is true about the Failover Synchronization process on FirePass? A. The configuration is synched from Active to Standby automatically. B. The configuration is synched from Standby to Active automatically. C. The Synchronization process can be configured using a virtual IP Address. D. The configuration is synched from Active to Standby manually by an Administrator. E. The configuration is synched from Standby to Active manually by an Administrator. Answer: A

QUESTION NO: 19 FirePass controller Admins CANNOT be configured to control which of the following? A. The whole box.

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

QUESTION NO: 18

lTe

Answer: B

sts

A. client SSL Certificate B. client network connection speed C. client running Virus scan software D. client selecting Protected Workspace E. configuring the "Don't Use" option in User Experience

.co

Which CANNOT be used to determine a user's access to FirePass features?

Exam Express EE0-515: Practice Exam B. Only one Master group. C. Only one Resource group. D. Select features within theFirePass controller. E. User revocation on an Active Directory authentication server. Answer: E

QUESTION NO: 20 When are the EndPoint Security checks performed on the client machine that determine whether a client has access to certain resources or not? A. after user logon B. prior to every user logon C. prior to the first user logon, but not for subsequent logons from the same browser session D. after user logon but before selecting a Portal Access connection withEndPoint protection enabled E. after user logon but before selecting a Network Access connection withEndPoint protection enabled Answer: B

QUESTION NO: 21

A. clients running Linux B. clients running Windows C. clients running MAC OS9 D. clients running MAC OSX E. any WAP cell phone with browser access Answer: A,B,D

QUESTION NO: 22 Which two statements are true about Static AppTunnels? (Choose two.) A. OneAppTunnel connection can be configured to connect the client to two different Application Servers. B. An AppTunnel connection and Legacy Host connection can be configured to connect to the same IP Address. "Pass Any Exam. Any Time." - www.actualtests.com 8

Ac

tua

Network Access connections can be made to which three types of clients? (Choose three.)

lTe

sts

.co

Exam Express EE0-515: Practice Exam C. An AppTunnel connection and Legacy Host connection cannot be configured to connect to the same Host Server. D. Code is downloaded to the client and this code listens for connections to the clients 127 loop back adaptor address. E. An AppTunnel connection and Mobile Email connection cannot be configured to connect to the same Windows Exchange Server. Answer: B,D

QUESTION NO: 23 Which two statements are true concerning Network Access Policy Checking? (Choose two.) A. Policy checks can prevent network routing changes to the client. B. Policy checks can prevent system registry changes to the client. C. Policy checks can disconnect Network Access from a client when routing tables are altered. D. Policy checks can be applied to Network Access resources and Application Tunnel resources. E. Policy checks can terminate Network Access connections if selected processes are stopped or started on the client. Answer: C,E

QUESTION NO: 24

Answer: A

QUESTION NO: 25 Which statement is FALSE about FirePass Portal Access connections and the Web Applications trace? A. The Web Applications trace output is a zip file. B. After being formatted, the Web Applications trace output can be viewed using a browser. C. The Web Applications trace output shows only server side html in order to see the html the server is sending to the client. "Pass Any Exam. Any Time." - www.actualtests.com 9

Ac

A. Administrator logons can be authenticated externally toFirePass. B. FirePass Full Access Administrator can access the FirePass user webtop. C. FirePass Administrator Realm accounts can change Full Access account passwords. D. FirePass Administrators with the sufficient rights can change any FirePass user's password.

tua

Which statement is true about FirePass Administrators accounts?

lTe

sts

.co

Exam Express EE0-515: Practice Exam D. The Web Applications trace output shows both client side and server side html in order to see how FirePass is translating html links before sending to the client. Answer: C

QUESTION NO: 26 Which two statements are true about EndPoint security Protected Configuration? (Choose two.) A. A Protected Configuration can be defined in Master group settings. B. A Protected Configuration can be defined in Resource group settings. C. Particular Network IP subnets can be defined to protect resources in a Protected Configuration. D. A resource can be protected by two different checks defined in two different pre-logon sequences. E. A Process check can be defined in Protected Configuration for resource protection without a process check definition in pre-logon sequence. Answer: B,C

QUESTION NO: 27

Answer: B

QUESTION NO: 28 Which three ways can users be authenticated to FirePass? (Choose three.) A. Remote LDAP Server B. LocalFirePass LDAP Server C. RemoteFirePass LDAP Server D. Remote Active Directory Server "Pass Any Exam. Any Time." - www.actualtests.com 10

Ac

A. A backup file is automatically saved to theFirePass hard-drive each night by default. B. A backup file may be saved to a local PC using the web configuration Admin console. C. A backup file may be saved to the local PC using the command line "maintenance" script. D. A backup file may be saved to theFirePass hard-drive using the web configuration Admin console. E. A backup file may be saved to theFirePass hard-drive using the command line "maintenance" script.

tua

lTe

A backup or restore of the FirePass configuration can be accomplished in which way?

sts

.co

Exam Express EE0-515: Practice Exam E. LocalFirePass Internal Database F. LocalFirePass Master Password File Answer: A,D,E

QUESTION NO: 29 Which three are valid options for EndPoint security checks? (Choose three.) A. file present B. processes present C. client MAC address D. client network access speed E. McAfee Antivirus running certain version of Scan Engine Answer: A,B,E

QUESTION NO: 30 Which statement is true about Signup templates?

Answer: C

QUESTION NO: 31 Which statement is true concerning the Split Tunnel option for a Network Access connection? A. When enabled, all client network traffic is split out and setup in an encrypted tunnel session with theFirePass server. B. When enabled, only traffic from the client destined to a particular IP Address range is forwarded to theFirePass server. C. When enabled, all client network traffic is load balanced across two encrypted tunnel sessions with theFirePass server. "Pass Any Exam. Any Time." - www.actualtests.com 11

Ac

A. Signup templates only apply to externally maintained user groups that are authenticated by the external server. B. Signup templates only apply to externally maintained user groups that are authenticated by theFirePass server. C. Signup templates only apply to user groups maintained locally onFirePass but authenticated by an external server. D. Signup templates only apply to user groups maintained locally onFirePass and authenticated by the FirePass server.

tua

lTe

sts

.co

Exam Express EE0-515: Practice Exam D. When enabled, traffic from theFirePass server to a particular Application Server is split out and set up in an encrypted tunnel session. E. When enabled, priority traffic is sent through a higher speed tunnel connection to theFirePass server and secondary traffic is sent on a second lower speed tunnel connection. Answer: B

QUESTION NO: 32 Which three statements correctly reflect the number of concurrent users in the different FirePass hardware models? (Choose three.) A. A standaloneFirePass 1200 can support a maximum of 100 users. B. A standaloneFirePass 1200 can support a maximum of 250 users. C. A standaloneFirePass 4100 can support a maximum of 2000 users. D. A standaloneFirePass 4100 can support a maximum of 5000 users. E. Using theFirePass clustering feature, a cluster of FirePass 1200's can support 2500 users. F. Using theFirePass clustering feature, a cluster of FirePass 4100's can support 10,000 users.

QUESTION NO: 33

Which of the following CANNOT be accomplished on a FirePass controller? A. FirePass can generate client SSL certificates. B. FirePass can generate server SSL certificates. C. FirePass can deny access based on an invalid client machine certificate. D. FirePass can import a server SSL certificate purchased from a Certificate Authority. E. FirePass can allow access to users logging in from devices that do not have valid client side certificates, but deny selected resources. Answer: C

QUESTION NO: 34 Which three of the following are valid troubleshooting options for the FirePass controller? (Choose three.) A. Capture a dataset from the GUI Admin console. B. Capturenetstat and ifconfig commands from the GUI Admin console. "Pass Any Exam. Any Time." - www.actualtests.com 12

Ac

tua

lTe

sts

Answer: A,C,F

.co

Exam Express EE0-515: Practice Exam C. Capture a network packet dump (tcpdump) from the GUI Admin console. D. Capture network diagnostics from the command line maintenance script. E. Capture a network packet dump (tcpdump) from the command line maintenance script. Answer: A,C,D

QUESTION NO: 35 If a working Active / Standby pair of FirePass Controllers has been configured correctly for Failover, which observation by itself would allow the Admin to tell which FirePass box is is the Active member of the pair? A. https://<FirePass virtual IP Address>/admin/ / Welcome screen says "In Failover Active Mode". B. https://<FirePass physical IP Address>/admin/ / Welcome screen says "In Failover Active Mode". C. https://<FirePass virtual IP Address>/admin/ / Current Settings screen option Current Failover Status set to "Active". D. https://<FirePass physical IP Address>/admin/ / Current Settings screen option Current Failover Status set to "Active". Answer: B

QUESTION NO: 36

A. If the file c:\logon.txt exists, and the process calc.exe is not running, the client will be presented with a logon screen B. If the filec:\logon.txt exists, and the process calc.exe is not running, the client will be logged into the FirePass controller "Pass Any Exam. Any Time." - www.actualtests.com 13

Ac

tua

Based on the pre-logon sequence in the exhibit, which two statements are true? (Choose two.)

lTe

sts

.co

Exam Express EE0-515: Practice Exam C. If the filec:\logon.txt does not exist, and the process calc.exe is running, the client will be presented with a logon screen D. If the filec:\logon.txt does not exist, and the process calc.exe is not running, the client will be presented with a logon screen E. If the filec:\logon.txt does not exist, and the process calc.exe is running, the client will be logged into the FirePass controller F. If the filec:\logon.txt does not exist, and the process calc.exe is not running, the client will be logged into the FirePass controller Answer: A,C

QUESTION NO: 37 Which CANNOT be used to limit logon access to FirePass? A. client SSL Certificate B. client source IP Address C. client Ethernet MAC Address D. client running Virus scan software E. client selecting Protected Workspace Answer: C

QUESTION NO: 38

Which two statements are true concerning Network Access Packet Filtering? (Choose two.) A. When packet filtering is enabled, a default rule of Deny All is created to run after all Global rules. B. When packet filtering is enabled, a default rule of Accept All is created to run after all Global rules. C. Global packet filter rules will be applied first. If a Global rule matches the packet and has an action of Continue, then the Resource Group filter rules will be applied. D. Resource packet filter rules will be applied first. If a Resource rule matches the packet and has an action of Continue, then the Global Group filter rules will be applied. Answer: A,C

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

sts

.co

14

Exam Express EE0-515: Practice Exam QUESTION NO: 39 If a user's machine does NOT have the matching Client SSL Certificate installed, which two statements are true? (Choose two.) A. The user's password is disabled. B. The user's login access can be denied C. The user's access speed can be limited. D. The user's access toFirePass features can be limited. Answer: B,D

QUESTION NO: 40

Which three statements are true about Network Access versus Portal Access? (Choose three.) A. The FirePass Admin can limit application resources the client can reach for a Portal Access connection. B. The FirePass Admin can limit application resources the client can reach for a Network Access connection. C. Portal Access connections utilize moreFirePass system resources than Network Access because of the conversion of user screens to html. D. Network Access connections utilize moreFirePass system resources than Portal Access because of the download of code to client machines. E. Portal Access connections utilize moreFirePass system resources than Network Access because of the download of code to client machines. Answer: A,B,C

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

QUESTION NO: 41

lTe

Answer: A

sts

A. All resources are protected by at least one pre-logon check B. Different resources can be protected by different pre-logon checks C. Resources can be required to pass more than one pre-logon check D. Within one pre-logon sequence some checks can be used to protect resources and other checks can restrict access to the logon screen

.co

Which statement is FALSE about an EndPoint security Protected Configuration?

15

Exam Express EE0-515: Practice Exam QUESTION NO: 42 Which statement is true for users in a group when the "Show administrator-defined favorites only" option is enabled? A. They cannot configure their own user favorites. B. They only see links setup by theFirePass Admin and can access other sites with sufficient privileges. C. They see links setup by theFirePass Admin and links to web servers on the same network as FirePass. D. They only see links setup by theFirePass Admin but can access other sites by typing in the web-site address. Answer: A

QUESTION NO: 43

Which of the following CANNOT be used to grant or deny access using the pre-logon sequence? A. Username and password B. The presence of a specific file C. Operating system of the client computer. D. Time of day the user is attempting to logon E. Day of the week the user is attempting to logon Answer: A

Which two statements are true concerning the Network Access SSL VPN tunnel connection? (Choose two.) A. The user cannot un-install the Network Access client software. B. For Windows clients, Network Access installs a network adaptor. C. For Windows clients, a set of ActiveX controls is installed on the client machine. D. For all clients, a Java client must be installed on the client machine prior to Network Access client download. Answer: B,C

QUESTION NO: 45 "Pass Any Exam. Any Time." - www.actualtests.com 16

Ac

QUESTION NO: 44

tua

lTe

sts

.co

Exam Express EE0-515: Practice Exam Which of the following is NOT a valid EndPoint security check? A. Operating system type B. Norton Antivirus present C. Windows client registry entry present D. Unix client process present or process absent E. Windows client process present or process absent Answer: D

QUESTION NO: 46 Which statement regarding Portal Access is FALSE? A. Virus Scanning can be enabled on a Windows file transfer using Portal Access. B. Supported Portal Access options include Windows Files, Web Applications and Windows Terminal Server. C. The FirePass controller has safeguards against buffer overflow attacks, SQL injection attacks or cross site scripting. D. FirePass Portal Access connections are compatible with Microsoft Outlook Web Access, Microsoft SharePoint, and IBM Lotus Domino Web Access.

A. TN3270 access to mainframe B. TN3270ssh access to mainframe C. TN5250 access to IBM AS/400 systems (Systemi) D. Java client download for VT100ssh access to Unix Host E. full featured ActiveX client download for VT100ssh access to Unix Host Answer: A,C,D

QUESTION NO: 48 Which two statements are true about the options available from the FirePass command line "maintenance" script? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 17

Ac

Which three types of applications are supported by the Application Access Legacy Host feature on FirePass? (Choose three.)

tua

QUESTION NO: 47

lTe

Answer: B

sts

.co

Exam Express EE0-515: Practice Exam A. It can be used to shutdown and restart theFirePass Controller. B. It can be used to reset theFirePass Controller to factory defaults. C. It can be used to add Administratoruserids to the FirePass Controller. D. It can be used to reset any user's password for theFirePass Controller. Answer: A,B

QUESTION NO: 49 Dynamic group mapping does NOT work with which of the following? A. LDAP B. Landing URI C. Active Directory D. Client Certificate E. Internal Database Answer: E

QUESTION NO: 50

A. The steps include setting the license for theFirePass server. B. The steps include settingssh access to the FirePass server. C. The steps include setting theSuperUser userid and password for the FirePass server. D. The steps include setting a basic IP configuration including 1FirePass NIC IP Address, a Gateway and a DNS server. E. The steps include setting a basic IP configuration including 3FirePass NIC IP Addresses, a Gateway and a DNS server. Answer: C,D

"Pass Any Exam. Any Time." - www.actualtests.com

Ac

tua

lTe

Which two statements are true about the FirePass 1200 Controller Quick Setup Wizard? (Choose two.)

sts

.co

18