Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
96 Cards in this Set
- Front
- Back
What do http request and response headers consist of? |
an initial line zero or more header lines a blank line an optional message body |
|
In an http header, what does an inital request line consist of? |
a method name (GET, POST, HEAD) local path of the requested resorce HTTP version being used (HTTP/x.x) |
|
What other name does the initial response line go by? |
status line |
|
what parts does the status line consist of? |
the HTTP version (HTTP/x.x) A response status code(200, 404) English Reason Phrase(OK, Not Found) |
|
HTTP status code: 1xx |
indicates an informational message only |
|
HTTP status code: 2xx |
indicates success of some kind |
|
HTTP status code: 3xx |
redirects the client to another URL |
|
HTTP status code: 4xx |
indicates an error on the client's part |
|
HTTP status code: 5xx |
indicates an error on the server's part |
|
What is the HEAD method and what does it request? |
Similar to GET, except it asks the server to return the response headers only, and not the actual resource |
|
What is the POST method and what does it request? |
Used to send data to the server to be processed in some way |
|
In what 3 ways does the POST method differ from the GET method? |
1. There is a block of data sent with the request. Usually there are extra headers to describe this message body like Content-Type: and Content-Length 2. The request URI is not a resource to retrieve; its usually a program to handle the data you're sending 3. HTTP response is normally program output, not a static file. |
|
What is multi-homed? |
The ability for multiple http server to live on the same host |
|
Multi-homed in http/1.1 requestion what line to be added to the header? |
Host line Get /path/file.html HTTP/1.1 Host: www.host1.com:80 |
|
What is the term for sending several http requests in a series? |
pipelining |
|
What must the client included in the header to close the connection after the corresponding response? |
Connection: close |
|
Persistent connection was made available in what http vesrion? |
HTTP/1.1 |
|
SIP can be described as a protocol to allow what? |
Communicating between different devices on a company network, whether on the LAN, the WAN, or across the Internet |
|
with fpt, which port is the control port and with is the data port? |
Control Port: 21 Data Port: 20 |
|
Valid definition of a cooke? |
A cookie is a piece of text that a web server con store on a user's hark disk. Cookies allow a website to store information on a user's machine and later retrieve it. The pieces of information are stored as a name-value pair |
|
What three parts does a URL consist of? |
1. Network protocol 2. Host name or address 3. File or resource location
protocol :// host / location |
|
What is an iRule? |
A script that youw rite if you want to make use of some of the extended capabilities of the BIG-IP that are unavailable via the CLI and GUI. |
|
Using iRules, you an send traffic not only to pools, but to where? |
individual pool members, ports, or URIs |
|
What does UIE stand for? |
Universal Inspection Engine |
|
The syntax that you use to write iRules is based on what? |
Tool Command Language (Tcl) |
|
iRules are configuration objects, which means they are part of what file? |
bigip.conf, along with your pools, virtual servers, monitors, etc. |
|
TCL is an interpreted scripting language, so why do you not need to instantiate the interpreter every time and iRule is executed? |
Everytime you save your configuration all of your iRules are pre-compiled into byte-code.
Byte-code is mostly compiled and has the bast majority of the interpreter tasks already performed, so that TMM can directly interpret the remaining object. |
|
What must be done before an iRule is actually effective? |
it must be applied to a virtual server before it can affect any traffic |
|
Events are one of the ways in which iRules have been made to be what? |
Network aware, as a language |
|
When would it be ideal to use and iRule? |
when you're looking to add some form of functionality to your application or app deployment, at the network layer. |
|
What is an iApp? |
A user-customizable framework for deploying applications |
|
What three components make up an iApp? |
Templates Application Services Analytics |
|
9 benefits of using an iApp? |
User-customizable |
|
What is the definition of iControl? |
The first open API that enables applications to work in convert with the underlying network based on true software integration |
|
What protocol does iControl use to ensure open communications between dissimilar systems? |
SOAP/XML |
|
What are two other more common names for a reverse proxy? |
Load Balancer Cache |
|
Reverse proxies are generally HTTP focus, but more recently can be seen used for what other protocols? (3) |
RTSP (streaming audio) file transfers (FTP) Any application protocol over UDP or TCP |
|
How many connections does a full proxy maintain |
2 seperate connections -- 1. between itself and the client 2. between itself and the server |
|
A full proxy maintains how many session tables? |
2 session tables 1. client side 2. server side |
|
What is a packet-based design? |
A network device located in the middle of a stream of communications, but is not an endpoint for those communications. |
|
Difference between packet-based design and proxy-based design? |
a proxy-based design fully understands the protols, and is itself an endpoint and an originator for the protocols |
|
A full proxy can have its own ...blank... because it is a communication endpoint? |
TCP connection behavior, such as buffering, retransmits, and TCP options |
|
When running BIG-IP systems as a single device, HA refers to what? |
Cores services being up and running on that devices, and VLANs being able to send and receive traffic |
|
When running a BIG-IP system as a unit of a redundant system configuration, HA refers to what? |
Core system services being up and running on one of the two BIG-IP systems, and a connection being available between the BIG-IP system and a pool of routers, and VLANs on the system being able to send and receive traffic |
|
What are the two possible modes of HA? |
active/stand-by active/active |
|
When you configure hard-wires failover, you enable failover by using what? |
A failover cable to physically connect the two redundant units |
|
When you conifigure a network failover, you enable failover by configuring your redundant system to use what? |
The network to determine the statuc of the active unit. |
|
The facilitaate coordination of the failover process, each unit has what? |
A unit ID |
|
What is the process where you replicate one unit's main configuration file on the peer unit? |
Configuration Synchronization, or ConfigSync |
|
For active-active systems, you must configure what? What alone is not sufficient? |
You must configure network failover...hard-wared failover alone is not sufficient |
|
What would you use to assign unit ID 1 to the floating self IP addresses pertaining to vertual servers A and B? |
use the configuration utitility |
|
What is a static self IP address? |
an IP address that you assign to a BIG-IP system VLAN. |
|
F5 recommends that you set up what on each unit of a redundant system? |
That you create an additional VLAN on each unit to be used specifically for failover communication. |
|
What is the ability of a BIG-IP system to moniotr certain aspects of the system or network, detect interruptions, and consequently take some action, such as rebooting or initiating failover to the peer unit? |
Fail-Safe |
|
It is essential that each unit shares, or synchronizes its current configuration data with its peer unit in what deployment? |
When you have a Redundant System Configuration |
|
With respect to configuration synchronization, you can use the Configuration |
1. View or specify the peer IP address to user for sync. 2. Enable or disable encryption of config data prior to sync. 3. Enable or disable the global display of sync status. 4. Specify sync direction |
|
What are two examples of load balancing algoritms? |
Round-Robin Ratio |
|
|
Least Connections Fastest |
|
How does least connections algorithm work? |
Looks at current connection counts at Layer 4 to the server and chooses the server with the least connections |
|
How does 'fastest' algorithm work? |
Looks at the outstanding Layer 7 request and choses the server with the lowest amount |
|
What are persistent connections? |
Connections that are kept open and reused. Most commonly implemented form of persisten connections is HTTP, with database connections a close second |
|
What is persistence? |
It is related to the ability of the load-balancer or other traffic management solution to maintain a virtual connection between a client and a specific server |
|
Positive Security moves away from "blocked" to a more what? |
Allow what I know methodology |
|
Negative security moves towards what sort of policy? |
Block what I know is bad, or deny access based on what has previously identified as content to be blocked. |
|
A digital signature is basically a way to ensure that an electronic deocument is what? |
Authentic? |
|
What is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode? |
Encryption |
|
What is the process of verifying that information is coming from the trusted source? |
Authentication |
|
What does SAML stand for? |
Security Assertion Markup Language |
|
What is SAML used for? |
Used for exchanging user authentication, entitlement, and attribute information. It is a derifative of XML. |
|
Are are the two types of hardwar platforms that F5 builds? |
Application delivery switches and chassis |
|
A chassis gives the customer what? |
The ability to purchase additional blades that can be inserted into the chassis when nedded.
Application delivery switch has a fixed number of network ports and performance. |
|
What is the world's first on-demand ADC? |
VIPRION |
|
BIG-IP 1600 |
1. Allows one additonal module beyond BIG-IP LTM 2. Capable of running BIG-IP protocol Security Manager, Global Traffic Manager, WAN Optimization Module, Access Policy Manager |
|
BIG-IP 3600 |
1. Allows one additonal module beyond BIG-IP LTM 2. Capable of running BIG-IP protocol Security Manager, Global Traffic Manager, WAN Optimization Module, Access Policy Manager, WebAccelerator, Application Security Manager |
|
BIG-IP 3900 |
1. Allows two additonal module beyond BIG-IP LTM 2. Capable of running BIG-IP protocol Security Manager, Global Traffic Manager, WAN Optimization Module, Access Policy Manager, WebAccelerator, Application Security Manager |
|
The Unified Application Delivery series includes what models? |
6900, 8900, 8950, 11050 |
|
What is the Unified Application Delivery series build for? |
High throughput and multiple modules 6 to 12 gigabyters per second of throughput on Layer 7 |
|
What is the BIG-IP Virtual Edition? |
1. Allows customers to run BIG-IP products as a virtual machine 2. Provides more flexibility to customer 3. ADC deployment can vary with the application |
|
What are the four types of licenses for BIG-IP LTM VE? |
1. Trial 2. Lab edition 3. Production 200 mega-byte throughput 3. Producction 1 gigabytle throughput |
|
HTTP pipelining is what? |
Opening a connection to the server and then sending multiple requests to the server without waiting for a response. |
|
What is the problem with pipelining? |
The server doesn't actually treat the requests any differently. HTTP 1.1 specification requires that a "server MUST send its responses to those requests in the same order that the requests were received" |
|
what is a Certificate Chain? |
A list of certificates used to authenticate an entity. |
|
SSO |
Single Sign-On Authentication
The ability to reduce the number of ids and passwords teh user had to remember. |
|
What is SAML used for? |
It is an XML-based framework for exchanging user authentication, entitlement, and attrubute information.
Its purpose is to enable Single Sign-On for web applications across various domains. |
|
Browser cookies are not transferred between what? |
DNS domains |
|
IPSEC is limited because it was not built with what in mind? |
a highly-mobile workforce. Typically used for site-to-site connections. |
|
When compared to IPSec, SSL VPNs are typically what? |
Less constly to manage eleminate concerns related to open-by-default tunnels offer more fexible experience for employees and business partners using untrasted end point envinments |
|
By operating at the application layer, SSL VPN can provide what? |
Highly granular policy and access control required for secure remote access |
|
Because SSL is par of any Web browser, SSL VPN solutions provide what? |
Client-less and web-delivered thin client access that significantly increases the number of points from which employees, partners and customers can access network data. |
|
BIG-IP VE can be used with what? |
LTM APM |
|
To overcome packet loss, the acceleration device can implement what? |
Selective TCP Ackknowledgements (SACK) and advanced congestion control algorithms to prevent TCP from reducing throughput. |
|
One way a BIG-IP recuding service side TCP connections? |
it aggregates, or pools, TCP server-side connections by combining many separate transactions, potentially from many users, through fewer TCP connections. |
|
HTTP compression is done on acceleration devices for what two reasons? |
-Offload compression overhead from web servers -Enable the acceleration device to perform other optimization that improves performance |
|
Caching |
Storing the data close to users and re-using the data during subsequent requests |
|
3 forms of caching |
1. Web application instructs a browser to cache an object marked as static for a specific time period 2. Deploy acceleration device in a data center to offload requests for web application content from the servers 3. Symmetric acceleration device caches and serves content to users at the remote site. |
|
2 Caching limitations |
1. Client side acceleration device must implement access control to prevent unauthorized access to an object. 2. Client-side device may serve older, stale version of content. |