PracticeStudy GuidesBlogFlashcardsEspañol
All Practice Exams

100+ Free F5-302 Practice Questions

Pass your F5 Certified! Technology Specialist — BIG-IP DNS (Exam 302, formerly GTM) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
~55-65% Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

What was BIG-IP DNS originally called before F5 renamed the module?

A
B
C
D
to track
2026 Statistics

Key Facts: F5-302 Exam

~80

Exam Questions

F5

245/350

Passing Score

F5 (scaled ~70%)

90 min

Exam Duration

F5

$180

Exam Fee

Pearson VUE

2 years

Certification Validity

F5

F5-CA

Prerequisite

Active F5 Certified! BIG-IP Administrator

F5-302 BIG-IP DNS Specialist has ~80 questions in 90 minutes with passing score 245/350 scaled (~70%). Prerequisite: active F5-CA (exam 201). Exam fee $180 at Pearson VUE. Covers GSLB architecture (data centers, servers, links, wide IPs, pools), DNS Express, iQuery sync groups, DNSSEC, DNS profiles/listeners, and troubleshooting.

Sample F5-302 Practice Questions

Try these sample questions to test your F5-302 exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1What was BIG-IP DNS originally called before F5 renamed the module?
A.BIG-IP GTM (Global Traffic Manager)
B.BIG-IP LTM (Local Traffic Manager)
C.BIG-IP ASM (Application Security Manager)
D.BIG-IP APM (Access Policy Manager)
Explanation: BIG-IP DNS was previously known as BIG-IP GTM (Global Traffic Manager). F5 rebranded it to BIG-IP DNS to better reflect its role as a full DNS solution (DNS Express, DNSSEC, caching, firewall) in addition to GSLB. Exam 302 still maps to the legacy GTM Specialist track.
2Which active F5 credential is required as a prerequisite to earn the BIG-IP DNS Specialist (302) certification?
A.F5 Certified! Sales Professional
B.F5 Certified! BIG-IP Administrator (F5-CA, exam 201)
C.F5 Certified! Solution Expert — Cloud (402)
D.F5 Certified! Solution Expert — Security (401)
Explanation: Candidates must hold an active F5 Certified! BIG-IP Administrator (F5-CA), which itself requires passing exam 101 Application Delivery Fundamentals and exam 201 TMOS Administration. Without the active F5-CA, a passing 302 score does not award the certification.
3An architect is sizing BIG-IP DNS for a customer with two active data centers and an aggregate of 50,000 DNS queries per second of authoritative traffic. Which design choice MOST directly improves authoritative response throughput on BIG-IP?
A.Disabling iQuery between sync-group members
B.Enabling DNS Express to serve zones from RAM rather than via BIND
C.Replacing the Topology load-balancing method with Round Robin
D.Increasing the wide-IP TTL to 86400 seconds
Explanation: DNS Express transfers zones (AXFR/IXFR) from authoritative servers and answers queries from in-memory data, bypassing BIND. F5 documents DNS Express as roughly an order of magnitude faster than BIND on BIG-IP and the recommended path for high-volume authoritative DNS.
4In BIG-IP DNS, what role does a 'data center' object play in the GSLB hierarchy?
A.It is the listener that receives DNS queries on port 53
B.It is a logical grouping object containing servers and links that share a physical location
C.It is the iRule attached to a wide IP
D.It is the certificate store used by DNSSEC
Explanation: A data center is a logical container that groups servers (BIG-IP, generic host, NAS, hypervisor) and links that share the same physical location. Data centers feed into pools and wide IPs and are also the basis for topology-based load-balancing decisions.
5Within the BIG-IP DNS configuration model, which statement about a 'wide IP' is correct?
A.A wide IP is a Layer-2 VLAN that spans data centers
B.A wide IP is an FQDN with one or more pools that the system selects to answer DNS queries
C.A wide IP is the iQuery encryption certificate
D.A wide IP is a SNAT pool used for DNS responses
Explanation: A wide IP maps an FQDN (such as www.example.com) to one or more BIG-IP DNS pools. When a DNS query matches the wide IP name, BIG-IP DNS uses pool-level and pool-member load-balancing methods to choose which IP address to return.
6Which three load-balancing methods are configurable on a BIG-IP DNS pool, in execution order, when selecting a pool member?
A.Primary, Secondary, Tertiary
B.Preferred, Alternate, Fallback
C.Static, Dynamic, Persistent
D.Active, Standby, Reserve
Explanation: Each BIG-IP DNS pool defines three load-balancing methods used in order: Preferred (first attempt), Alternate (second attempt; must be a static method), and Fallback (last resort; ignores availability). If Alternate is None, the system skips it and goes straight to Fallback.
7Which restriction applies to the ALTERNATE load-balancing method on a BIG-IP DNS pool?
A.It must be a dynamic method
B.It must be a static method
C.It must match the Preferred method
D.It must be set to None
Explanation: F5 documentation specifies that the alternate load-balancing method on a pool can only be a static method (e.g., Round Robin, Ratio, Global Availability, Static Persist, Topology, Drop Packet, Return to DNS). Dynamic methods such as Completion Rate or RTT are not valid alternate choices.
8If a wide IP's preferred load-balancing method fails to select a pool member because metrics are unavailable, what happens next?
A.BIG-IP DNS returns SERVFAIL immediately
B.BIG-IP DNS uses the alternate load-balancing method
C.BIG-IP DNS forwards the query to BIND
D.BIG-IP DNS drops the packet
Explanation: When the preferred method cannot return a valid resource (often because dynamic metrics are missing), BIG-IP DNS tries the alternate method. If that also fails, it falls through to the fallback method, which ignores availability to ensure a response.
9Which BIG-IP DNS load-balancing method ALWAYS returns a response, even if every pool member is marked offline?
A.Preferred method
B.Alternate method
C.Fallback method
D.Static Persist method
Explanation: The fallback method ignores availability status and is intended as a last-resort response so the resolver always receives an answer. Common choices for fallback include Round Robin, Static Persist, or Return to DNS, depending on operational policy.
10Which TCP port does iQuery use to communicate between BIG-IP DNS systems and between BIG-IP DNS and BIG-IP LTM?
A.TCP 22
B.TCP 443
C.TCP 4353
D.TCP 6514
Explanation: iQuery is F5's encrypted, mutually authenticated SSL channel running over TCP port 4353. It is used by sync-group members to exchange heartbeats and metrics, and by BIG-IP DNS to monitor BIG-IP LTM virtual servers via the bigip monitor.

About the F5-302 Exam

F5 Certified! Technology Specialist — BIG-IP DNS (Exam 302, formerly GTM) validates the ability to deliver scalable, intelligent DNS and Global Server Load Balancing (GSLB) infrastructure across multiple data centers using BIG-IP DNS. It covers wide IPs, pools, servers, links, data centers, sync groups, iQuery, the three-tier load balancing model (preferred/alternate/fallback), topology and persistence load balancing, DNS Express, DNS caching/resolver, DNS profiles, listeners, DNSSEC (KSK/ZSK, RRSIG, NSEC/NSEC3), zone transfers (TSIG), DNS firewall, DoS protection, and operations/troubleshooting.

Questions

80 scored questions

Time Limit

90 minutes

Passing Score

245/350 (~70%)

Exam Fee

$180 (F5 / Pearson VUE)

F5-302 Exam Content Outline

25%

Design and Architect

Identify customer requirements/constraints, evaluate existing DNS environments, determine GSLB deployment strategies (active/active vs active/standby data centers), capacity and performance requirements, choose appropriate load balancing methods, plan DNSSEC and DNS security architecture, plan sync group layout

30%

Implement

Configure data centers, servers, links, virtual servers, pools, wide IPs, listeners, DNS profiles, DNS Express zones, DNS caches/resolvers, DNSSEC keys (KSK/ZSK) and zones, topology records, persistence, monitors, sync groups, iQuery, TSIG, zone transfers, route domains for DNS

25%

Test and Troubleshoot

Use dig, nslookup, tcpdump, ltm/gtm logs, qkview, BIG-IP DNS analytics; diagnose wide-IP/pool selection, monitor failures, iQuery/sync issues, DNSSEC validation failures, DNS Express transfer issues, listener/profile mismatches, topology/persistence behavior

20%

Operations and Support

Configuration backup/restore (UCS, SCF), software upgrades and rollback, monitoring strategies, certificate/key lifecycle (KSK/ZSK rollover), running maintenance, capacity planning, audit/change control, BIG-IP DNS analytics and statistics

How to Pass the F5-302 Exam

What You Need to Know

  • Passing score: 245/350 (~70%)
  • Exam length: 80 questions
  • Time limit: 90 minutes
  • Exam fee: $180

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

F5-302 Study Tips from Top Performers

1Master the three-tier wide-IP/pool load balancing model: preferred → alternate → fallback (alternate must be static)
2Memorize all GSLB load balancing methods: Round Robin, Ratio, Global Availability, Topology, Static Persist, Dynamic Ratio, Least Connections, VS Capacity, Packet Rate, CPU, Hops, RTT, Completion Rate, Kilobytes/sec, QoS, Drop Packet, Return to DNS
3Understand iQuery: TCP port 4353, mutual SSL authentication, used for sync group communication and BIG-IP LTM monitoring (the bigip monitor)
4Know DNS Express: pulls authoritative zones via AXFR/IXFR, answers from RAM, ~10x faster than BIND on BIG-IP
5Study DNSSEC objects: KSK (signs DNSKEY), ZSK (signs zone records via RRSIG), NSEC vs NSEC3 (NSEC3 prevents zone walking)
6Understand the DNS profile chain: DNS Express → DNS Cache → BIND on BIG-IP → screening (DNS firewall, DoS) → unhandled query actions
7Practice topology records: longest-match wins, source = LDNS, destination = wide-IP/pool/region, weights and order matter
8Lab it: build two BIG-IP DNS VEs, two LTMs, set up data centers, servers (server type bigip), wide IPs, sync group, run dig and tcpdump

Frequently Asked Questions

What is the F5-302 BIG-IP DNS Specialist exam?

F5-302 is the F5 Certified! Technology Specialist exam for BIG-IP DNS (formerly Global Traffic Manager, GTM). It validates the ability to design, implement, and troubleshoot intelligent DNS and Global Server Load Balancing (GSLB) infrastructure across multiple data centers using BIG-IP DNS, including wide IPs, pools, sync groups, DNS Express, DNSSEC, DNS profiles, and DNS security features.

How many questions are on the F5-302 exam?

Exam 302 has approximately 80 questions (70 scored, 10 unscored pilot items) to be completed in 90 minutes. Passing score is 245 out of 350 scaled (~70%). Questions test real-world BIG-IP DNS scenarios — design choices, configuration steps, troubleshooting outputs — rather than rote recall.

What are the F5-302 prerequisites?

You must hold an active F5 Certified! BIG-IP Administrator (F5-CA) credential, which requires passing exam 101 Application Delivery Fundamentals and exam 201 TMOS Administration. Without an active F5-CA, your 302 score will not be awarded the certification even if you pass.

How much does the F5-302 exam cost?

The F5 302 BIG-IP DNS Specialist exam fee is $180 USD at Pearson VUE test centers (in-person only — F5 Specialist exams are not delivered online). F5 occasionally offers vouchers through training partners and F5 University courses.

How long is the F5-302 certification valid?

F5 certifications, including the BIG-IP DNS Specialist, are valid for 2 years. To recertify you must pass the current version of the 302 exam or a higher-level F5 exam (e.g. 401 Security or 402 Cloud) before expiration.

What jobs can I get with F5-302 certification?

F5-302 targets DNS/GSLB engineers, application delivery engineers, and senior network engineers running BIG-IP DNS in multi-site deployments. Typical roles: GSLB Engineer, DNS Engineer, Application Delivery Specialist, Senior Network Engineer, and Cloud Network Engineer at telcos, banks, large enterprises, content providers, and MSPs.