F5 Management Access - TMOS 201

Question 1

What is the default ip for BIG-IP hardware?

Answer 1

192.168.1.245/24

Question 2

What is the default ip for VIPRION?

Answer 2

192.168.1.246/24

Question 3

What are the default credentials for HTTPS (configuration utlity)?

Answer 3

admin/admin

Question 4

What are the default SSH credentials

Answer 4

root/default

Question 5

What is port lockdown?

Answer 5

The port lockdown feature allows you to secure the BIG-IP system from unwanted connection attempts by controlling the level of access to each self IP address defined on the system.

Question 6

What are the port lockdown options?

Answer 6

1) Default
2) Allow none
3) Allow all
4) Custom
5) Custom (with default)

Question 7

What is the default port lockdown setting?

Answer 7

Allow none

Question 8

What is the recommended port lockdown setting for failover on an HA self-ip?

Answer 8

Custom, UDP, port 1026

Question 9

What is the default management ip for Big-IP virtual edition?

Answer 9

None, as it is set as a DHCP client and will be assigned one by the DHCP server.

Question 10

Where do you configure the management ip via the configuration utility?

Answer 10

System > Platform

Question 11

What are the commands to configure the management ip via TMSH?

Answer 11

1) create /sys management-ip [ip address/netmask]
2) create /sys management-route default gateway <gateway></gateway>

Question 12

True or false: access to the management ip is either through management interface or data interface.

Answer 12

True

Question 13

By default, is access to the management interface from all ip addresses?

Answer 13

Yes

Question 14

Where do you configure management ssh access in the configuration utility?

Answer 14

System > Platform

Question 15

True or false: port lockdown is configured per self-ip address.

Answer 15

True

Question 16

What is the iQuery port?

Answer 16

TCP 4353

Question 17

What are packet filters?

Answer 17

A network security feature that accepts or rejects traffic based on rules. Can be applied to management or data traffic.

Question 18

Are packet filters enabled by default?

Answer 18

No

Question 19

Where are packet filters configured in the configuration utility?

Answer 19

Network > Packet Filters

Question 20

What are the four packet filter options?

Answer 20

1) Accept - accept packet and stop processing other rules.
2) Discard - drop packets and stop processing other rules.
3) Reject - drop packets, stop processing rules, and send a reject packet to the sender.
4) Continue - accept the packet and continue process other rules. Logging can be enabled.

Question 21

What are options for the packet filter configuration?

Answer 21

1) Order
2) Action
3) Logging
4) Protocol
5) Source Host / Network
6) Destination Host / Network
7) Destination Port

Question 22

What is the BigIP listener order of precedence?

Answer 22

1) Packet filters (if filter established connection is enabled)
2) Connection table
3) Packet filter
4) Virtual server
5) SNAT / NAT