F5 BIG IP – 101 Exam Application delivery fundamentals (Tips and tricks)


Here I come up with one another section of tips and tricks to pass the F5 BIG IP 101 Exam (Application delivery fundamentals) based on my own experience and the blogs I read on the internet :

  1. Most of the paper of 101 is based on networking fundamentals and is not easy like other vendors networking exam.
  2. One really need to understand the TCP/IP concepts. I remember one of the question from my exam asking the first packet number in TCP connection or how the source MAC address will be changed when packets transfers from point A to point B.
  3. Questions are story based where you are provided with a scenario and then you have to answer it.
  4. Since I was from the linux background with not much knowledge about networking, I read Applications delivery network by Philip and Steven and would highly recommend it.
  5. Also the study guide on F5 website is highly recommended. But do not just read this guide, also read in details or follow the links provided in this guide.
  6. The other resource which is helpful is CBT nuggets videos. Watching these videos can help to get speed up with learning BIG IP but they are not sufficient to pass this exam.
  7. During the exam, have a look at the clock. The time may tick away fast unlike other vendor exams where one has plenty of time.

All the very best for your exam and if you are still scared….remember, if you know the basics of networking, you will be through in this exam 🙂

I would love to hear the feedback from you and if you have any new tips for this exam. It would be very nice if you can share the exams topic after appearing in it. This may help other candidates.  🙂

I would not like to create dumps for the exam but just some help to our fellow friends. I will keep updating the below part as and when I will get new feedback from other exam taker.

Update : 02 July 2016 – Here are some more important topics from Jose for the exam.

unsecure sslv3 tls 2 sslv2
flow on osi when sender
ethernet on what layer is 1-2 or 2-3
advantages between virtual and hardware
advantage of active/ standby

Update : 26 July 2016 – Here are some more important topics from David for the exam.

ipv6 correct address
ipv6 eq
mss , where is defined (syn-syn/ack-ack)
ftp active and passive
3 method for authentication (ex. ldap)
ldap syntax
dns syntax
http keep-alive is used for?


Update : 05  Oct 2016 –  Here are some additional questions shared by Michal

  • In what scenario full proxy is required
  • Exibit where u had ( client ->proxy->LB->server ) and question was Why LB is there??  ( and answer was “because its closest to server” , “because it can forward traffic” and 2 more answers which i dont remeber .
  • AAA what for the 3rd A is standing for .
  • Admin have site example.com under address and there is need to implement same site under new IP X X X X but first what you need to do is test it if its working . What will you do :  change something in DNS server , change local file on server +3 more answers .
  • Flow of osi when sender – when client A is sending packet to B how it will look on OSI  – layer from1 to 7 or from 7 to 1 .
  • There was one question about TCP dump output something like that : > >
who will reply next  ( but note that there were flags etc i dont remember now ). So in short, you should be able to read TCP dump output
  • Output from trap snmp : –  -(something like that )
And question what is client what is server .
  • Question where admin used some ip X.X.X.X/28  and something didnt work  answer was easy he used broadcast ip from subnet


Update : 07 Aug 2017 – Here are some tips shared by Smith

  • OSI Model ( which layer do you use in a particular situation)
  • Irules iapps icontrol isessions, about this we have a lot of questions
  • Modules (APM, AFM, LTM, GTM) advantages , and how it work each module
  • mac masquerade
  • Full half proxies in a particular situation( Which would you use)
  • protocol SOAP how it works ( the correct answers was XML, HTTP)
  • subnetting one question
  • ipv6 2 questions (localhost, and correct ipv6)
  • VLANS broadcast domain in a particular situation
  • ARP is used for?
  • Questions about security models (positive and negative)
  • High avabaility
  • HA Active/ stanby advantages
  • encryption
  • MSS
  • ipsec/ssl
  • three way handshake, what is the last packet ? And we have to select FIN
    the process of checksum in tcp
  • FTP active passive
  • smtp
  • LDAP attributes
  • how can analyze and interpretation the packet capture examples
  • Packet forwarding
  • How many minimum connections are there in one ftp session?
    HTTP keepalive (header)

Update : 11 Sep 2017 – Here are some tips shared by Baccari

*loopback @ in IPv6
*vCMP used in which f5 platforme (all f5 device or same f5 device or …)
*emailing protocol : SMTP / POPv3
*what is the first sequence number in 3-way-handshk
*protocol that minimize latency over reliability —> udp
*ldap syntax —> DN: CN=exemple, OU=exemple2, DC=exemple3 …
*Means of DN in ldap query : –> simple path name
*which provide AAA —> APM
*Model of security can implement rapidly —> negative
*model F5 work at layer 3 and 4 —> AFM
*How reciever verify non-repuduation : —> public-key
*mac masqurade provide: —> minimize arp communication and drop packet
*.com :—> top level
*MSS value in : SYN/ACK
*Third A in AAA —>
*Protect application from sql injection :—> ASM
*when sender data folow :—-> apllication to physi
*advandge of Active -Active % active – standby
*choose which protocol is link state
*when use full proxy (4-6 question about this)
*tcpdump of SNMP —-> source @ is client , dest @ is server
*Which address in data link layer redirect data —-> MAC
*Protocol that resolve IPv6 @ to IP @ :—-> NDP
*where admin used some ip X.X.X.X/28 and something didnt work answer was easy he used broadcast ip from subnet
* Which method used to verify if server support POST method —> trace
*YOU NEED TO KNOW THE CODE IN HTTP RESPONSE ( there is 2 or 3 questions i remember 302 and 401)
* Other questions about tcpdump who send ACK
*Module provide AAA —> APM
*Advandge of VE % hardware

Update: 09 Oct 2017 -Here are some tips shared by  nalaakanono

  • how was the tcp sequence number generated?
    * what is the initial tcp sack in tcp 3 way handshake?
    * SSL offloading advantages?
    * persistence methods? (5 questions)
    * in which scenario does full proxy tcp connection required? (5 questions)

Update 02 Jan 2018 – below are some additional tips from Tanu
* which SSL/TLS version is secure
* Ethernet is on which layer – physical+Data
* http 301 error
* Auto sync failover

Update 21 Feb 2018 –  Below are some questions added by F5er.

1-how client test of a specific method is supported — the answer is OPTION
2-exhibit with tcp dump and the questions who should send the sync\ack — the answer is the Client source address in the second line of the dump.
3-Admin discovered new security vulnerability how can he rapidly fix it? choices “icontrol-isession-iRule-iApp”
4-How to restirect http mthod (irule-http profile-ssl profile)
5-SAML provide what function in AAA i don’t remeber the choices but the answer was ” usage measure & authentication )
6-user sends big amount of data to a server but during the process the server sent tcp window size what is the reason choices were somethinf like ( server can’t handle more data, server rest the session and two other chouces but you should choose just one )
7-what could benfit more from compression (http ,peer-to-peer, video,media)
8-traffic passes though the loadblancer from the client to server but the return traffic pass bypass the LB directly from server to client, what proxy archticure is impelemnteed ( full stack proxy, packt-by-packet proxy and other option )
9-what is responsab;e for flow-controll and error correction in Data-link layer (MAC,LLC,…..and other options)
10-what can add more application security layer to SMTP and FTP (LTM,GTM,APM,AFM)
11-traffic is processed by two units and each units is ready to handle all the traffic of the other failed, what type of high availability is implemented (Active-active,active-standby…..other option)
12-new virtual server is implemented and needed to be tested and the old virtual server is still in use, how it should be tested “or something like that” choices were (add ip address to the FQDN, add entery to client host file )
13-a deployment that is fast to get and deploy answer is virtual server
14-what is minimum objects required for loadbalnce(ip address- desstination server address- helath monitor-presistance profile )


Update 11 Apr 2018 : Below tips are from Krish :

Exam questions are Tricky, so recommend you to have good understanding of Layer Technologies.
3. Observed a lot of full-proxy TCP(more than 4 Q’s) scenario questions. So, check what is Full Proxy TCP? How it works?
4. Not observed any True/False questions like the other sites are posting as example questions(Not sure if they were in F5101V1).
Note: I did not see any much importance for practical knowledge. so don’t worry if you do not have good hands-on for this Exam.

-I strictly Finished the Study Guide and revised it a couple more times.
-Last week before Exam, I studied in depth on Topics suggested in this blog.
-Finally, just checked the topics I was not clear with like LACP,LDAP syntax, Mac masquerade, DNS top-host levels etc.
Used: http://veritablenetworks.blogspot.com/2012/11/f5-application-delivery-fundamentals.html