A BIG-IP device will be dedicated to functioning as a WAF, requiring only theASMmodule to be provisioned.
What provisioning level will ensure that the system allocatesall CPU, memory, and disk resourcesto this module exclusively?
Correct Answer:
A
Provisioning defines how BIG-IP allocates system resources to modules. The provisioning levels include:
Dedicated– allocatesallCPU, memory, and disk resources to a single module
Nominal– standard resource allocation balanced with other modules Minimal– lowest level, used for basic utility needs None– module disabled Comprehensive / Maximal– not valid TMOS provisioning levels
Why ??Dedicated?? is correct
When a BIG-IP device is intended to runonly ASM(Web Application Firewall), the recommended way to maximize performance is to provision the module atDedicatedlevel.
WithASM: Dedicated: ASM receives theentire hardware capacity No other modules can or should be provisioned This is explicitly recommended when a device is used solely as a WAF platform
Why other options are incorrect
* B. Comprehensive / C. Maximal These arenot valid provisioning modesin BIG-IP. TMOS supports: Nominal, Minimal, Large (module-specific), and Dedicated.
* D. Nominal Shares resources with other modules Does not provide full system performance Not suitable when exclusive resource allocation is required Thus,Dedicatedis the correct provisioning choice.
Which of the following areresource allocation (provisioning) settingsfor BIG-IP modules?
(Choose two.)
Correct Answer:
BC
BIG-IP module provisioning determines howCPU, memory, and disk resourcesare allocated to each licensed module. F5 defines a specific set of supported provisioning levels.
Valid provisioning (resource allocation) settings Nominal
Allocates a standard, balanced amount of system resources to a module. Intended for typical production deployments where multiple modules may be provisioned at the same time.
Dedicated
Allocatesall available system resourcesto a single module. Used when the BIG-IP device is dedicated to running only one module (for example, ASM-only or APM-only deployments). No other modules can be provisioned when one is set to Dedicated. These two options are valid and supported provisioning levels.
Why the other options are incorrect Maximum
This is not a valid BIG-IP provisioning level. BIG-IP does not use ??Maximum?? as a resource allocation setting.
Limited This is also not a supported provisioning level. BIG-IP uses levels such as None, Minimal, Nominal, and Dedicated (module-dependent), not Limited.
The BIG-IP Administrator wants to manage the newly built F5 system through anin-band Self-IP.
The administrator has configured a VLAN and Self-IP and can ping the IP from their workstation, but cannot access the system viaSSHorHTTPS.
What port lock down settings should the BIG-IP Administrator use to allow management access on the Self-IP?
(Choose two.)
Correct Answer:
CD
Self-IPs include a security feature calledPort Lockdown, which restricts which services respond on that Self- IP.
By default, Self-IPs block management access (SSH and HTTPS/TMUI), meaning an administrator cannot manage the device through in-band Self-IPs unless explicitly allowed.
Allow Mgmt / Allow Management
These settings enable only the management services required for administrative access, specifically: SSH (22) HTTPS/TMUI (443)
These options allow secure administration without opening unnecessary ports.
Why these are correct: They provide only the essential access for management. They follow F5 security best practices when using in-band admin access. They donotexpose all services, reducing the attack surface.
Why the other options are incorrect:
* A. Allow Default
Administrator access would still fail.
* B. Allow All Opens all ports on the Self-IP, which isnot secure. Exposes services that should remain restricted.
Therefore,Allow Mgmt / Allow Managementare the correct choices.