100+ Free F5-301A Practice Questions

Pass your F5 Certified! Technology Specialist - BIG-IP LTM (Exam 301A: Architect, Set-up & Deploy) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

A standard virtual server on BIG-IP LTM is configured without SNAT. Backend pool members reside on a different VLAN than the virtual server, and the LTM is NOT the default gateway for the pool members. What is the most likely result?

Traffic is load balanced normally

Return traffic from pool members bypasses the LTM and clients see asymmetric or broken connections

The virtual server fails to come up

The LTM auto-enables SNAT Automap

to track

2026 Statistics

Key Facts: F5-301A Exam

245/350

Passing Score

Exam Questions

90 minutes

80-120 hrs

Study Time

Recommended

$180

Exam Fee

2 years

Certification Valid

F5-CA (201)

Prerequisite

F5 301A is the Architect, Set-up & Deploy specialist exam in the BIG-IP LTM Specialist track. The exam has 80 questions in 90 minutes, requires a 245/350 (~70%) passing score, and costs $180 USD. Candidates must hold an active F5-CA (201) credential. The blueprint covers two domains: architect/deploy applications (SNAT, profiles, virtual servers, iRules, monitors, persistence, SSL) and set-up/administer/secure LTM devices (VLANs, self-IPs, trunks, sync-failover HA, route domains, partitions). 301A pairs with 301B (Maintain & Troubleshoot) to complete the LTM Specialist certification. Delivered at Pearson VUE test centers.

Sample F5-301A Practice Questions

Try these sample questions to test your F5-301A exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1A standard virtual server on BIG-IP LTM is configured without SNAT. Backend pool members reside on a different VLAN than the virtual server, and the LTM is NOT the default gateway for the pool members. What is the most likely result?

A.Traffic is load balanced normally

B.Return traffic from pool members bypasses the LTM and clients see asymmetric or broken connections

C.The virtual server fails to come up

D.The LTM auto-enables SNAT Automap

Explanation: When pool members are on a different subnet and the LTM is not their default gateway, return traffic takes a different path back to the client, bypassing the LTM. The client sees responses from the pool member's real IP rather than the virtual server's IP, breaking the TCP session. The fix is to enable SNAT (Automap or a SNAT pool) or make the LTM the pool member's default gateway.

2Which SNAT option causes the BIG-IP to translate the client source address to a self-IP on the egress VLAN toward the pool member?

A.SNAT None

B.SNAT Automap

C.Source Address Translation: SNAT Pool

D.Source Address Translation: Source Port Preserved

Explanation: SNAT Automap automatically selects an appropriate self-IP (preferring a floating self-IP over a non-floating one) on the egress VLAN as the translated source. This is the simplest SNAT option and is commonly used when the LTM is not the pool members' default gateway.

3An application has 80,000 concurrent connections per second from a single source. Which SNAT design is MOST appropriate to avoid port exhaustion?

A.SNAT Automap with one floating self-IP

B.A SNAT pool with multiple translation addresses

C.SNAT None and let the LTM be the gateway

D.Disable connection mirroring

Explanation: A single SNAT address provides roughly 64,000 source ports per destination tuple. With high concurrency you can exhaust the ephemeral port range on a single translation address, causing connection failures. A SNAT pool with multiple translation addresses multiplies the available port space and is the recommended design for very high-connection-count applications.

4What is the minimum profile combination required for a standard HTTPS virtual server that terminates SSL at the BIG-IP and inspects HTTP headers?

A.TCP, HTTP, Client SSL

B.TCP, HTTP, Client SSL, Server SSL

C.TCP only

D.FastL4 and Client SSL

Explanation: For SSL termination at the BIG-IP with HTTP inspection, the minimum profiles are a TCP profile, an HTTP profile, and a Client SSL profile. A Server SSL profile is only required for SSL re-encryption (SSL bridging) to the backend. FastL4 cannot be combined with HTTP or Client SSL profiles.

5A virtual server is configured with type Performance (Layer 4). Which profile combination is supported on this virtual server type?

A.TCP and HTTP

B.FastL4

C.TCP, HTTP, and Client SSL

D.UDP and HTTP

Explanation: A Performance (Layer 4) virtual server uses the FastL4 profile, which provides accelerated Layer 4 forwarding (often hardware-assisted on appliances). It does not support Layer 7 profiles such as HTTP, Client SSL, or OneConnect. Use a Standard virtual server when you need L7 features.

6Which load-balancing method sends new connections to the pool member with the fewest active connections, weighted by the member's configured ratio?

A.Round Robin

B.Ratio (member)

C.Least Connections (member)

D.Dynamic Ratio (node)

Explanation: Least Connections (member) tracks active connections per pool member and sends each new connection to the member with the lowest count. The (member) variant counts only connections through that pool, while (node) counts across all pools. It is best suited for long-lived connections of similar resource cost.

7Which load-balancing method is generally MOST appropriate when pool members have similar capacity and connections are short-lived (HTTP requests)?

A.Round Robin

B.Least Sessions

C.Predictive (member)

D.Dynamic Ratio

Explanation: For short-lived, equal-cost connections (typical HTTP), Round Robin distributes load evenly with minimal overhead. Least Connections shows little benefit when connection lifetime is short. Predictive and Dynamic Ratio require monitor-driven performance feedback that is often unnecessary for homogeneous web pools.

8A web application stores session state in server memory and does not share session data between servers. Which persistence method is MOST appropriate when clients may share a single source IP (NAT)?

A.Source Address Affinity persistence

B.Cookie persistence

C.SSL session ID persistence

D.Destination Address Affinity persistence

Explanation: When many clients share a source IP behind a NAT (corporate proxy, mobile carrier), source-address persistence sends them all to the same server, defeating load balancing. Cookie persistence operates per browser session and works correctly regardless of source-IP sharing. It requires HTTP processing on the virtual server.

9What is the default cookie persistence method in BIG-IP LTM?

A.Cookie Hash

B.Cookie Insert

C.Cookie Rewrite

D.Cookie Passive

Explanation: Cookie Insert is the default cookie persistence method. The BIG-IP inserts an HTTP cookie containing the encoded pool member identity into responses; on subsequent requests it reads the cookie to direct the client to the same member. Cookie Rewrite, Hash, and Passive are alternative methods used in specific scenarios.

10Which persistence method should be used when an application uses SSL but no HTTP layer (such as a custom binary protocol over TLS) and you need clients to return to the same pool member?

A.Cookie persistence

B.Source Address persistence

C.SSL session ID persistence

D.Universal persistence keyed on HTTP header

Explanation: SSL session ID persistence keys on the client's TLS session ID and works for any SSL-encrypted protocol regardless of upper-layer content. Cookie persistence requires HTTP. Source-address persistence breaks behind NAT. Universal persistence keyed on HTTP requires HTTP processing.

About the F5-301A Exam

The 301A is the first specialist exam in the F5 Certified! Technology Specialist - BIG-IP LTM track. It validates the candidate's ability to architect, set up, and deploy applications on BIG-IP LTM, including SNAT decisions, profile selection, virtual server design, iRules, application-specific monitors, persistence, SSL offload, sync-failover HA, and core network setup. The F5-CA (201) credential is a prerequisite.

Questions

80 scored questions

Time Limit

90 minutes

Passing Score

245/350 (~70%)

Exam Fee

$180 (F5 / Pearson VUE)

F5-301A Exam Content Outline

60%

Architect and Deploy Applications

SNAT, virtual server types, profiles, iRules, iApps, monitors, persistence, SSL offload, load-balancing methods

40%

Set-up, Administer, and Secure LTM Devices

VLANs, self-IPs, trunks, routes, sync-failover device groups, traffic groups, partitions, route domains, certificates, logging

How to Pass the F5-301A Exam

What You Need to Know

Passing score: 245/350 (~70%)
Exam length: 80 questions
Time limit: 90 minutes
Exam fee: $180

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

F5-301A Study Tips from Top Performers

1Build a BIG-IP VE lab and practice creating virtual servers, pools, monitors, and SNAT pools by hand

2Master the four SNAT modes (None, Automap, SNAT pool, Source Address Translation) and when each is required

3Know the minimum profile set for HTTP, HTTPS, TCP, UDP, and FastL4 virtual servers

4Study persistence types (cookie, source-address, SSL session ID, universal, hash) and which apps need each

5Understand sync-failover device groups, traffic groups, floating self-IPs, and the failover order

6Use our AI tutor to walk through iRule events (CLIENT_ACCEPTED, HTTP_REQUEST, LB_SELECTED, etc.) and common commands

Frequently Asked Questions

What is the F5 301A exam?

The F5 301A is the Architect, Set-up & Deploy exam in the F5 Certified! Technology Specialist - BIG-IP LTM track. It validates skills in designing scalable, highly available BIG-IP LTM configurations including SNAT, virtual servers, profiles, monitors, persistence, SSL, and sync-failover HA. The exam has 80 questions in 90 minutes with a 245/350 (~70%) passing score, costs $180, and is delivered through Pearson VUE.

What are the prerequisites for F5 301A?

Candidates must hold an active F5 Certified Administrator (F5-CA) credential, earned by passing both the 101 Application Delivery Fundamentals exam and the 201 TMOS Administration exam. Without an active F5-CA, the 301A score will not count toward certification even if you pass the test.

How hard is the F5 301A exam?

301A is considered an advanced exam. The blueprint emphasizes architect-level decisions: which SNAT mode to deploy, minimum profiles required for an application, when to offload SSL or compression to the LTM, and how to design persistence and monitors for specific applications. Hands-on lab time on a BIG-IP VE is essential. Plan 80-120 hours of study over 8-12 weeks.

What jobs use F5 LTM Specialist certification?

The F5 LTM Specialist credential is valued for roles including: Application Delivery Engineer ($95-140K), Network Engineer with F5 focus ($85-125K), F5 Consultant ($110-160K), Senior Network Architect ($120-170K), and Cloud Networking Engineer ($100-145K). F5 BIG-IP is widely deployed in financial services, healthcare, federal, and large enterprise environments.

What is the difference between F5 301A and 301B?

301A (Architect, Set-up & Deploy) tests your ability to design and build LTM configurations. 301B (Maintain & Troubleshoot) tests your ability to operate, monitor, and troubleshoot existing LTM deployments using TMSH, tcpdump, qkview, and iRules debugging. Both exams must be passed to earn the F5 Certified! Technology Specialist - BIG-IP LTM credential.