nerdexam
F5

303 · Question #235

303 Question #235: Real Exam Question with Answer & Explanation

Sign in or unlock 303 to reveal the answer and full explanation for question #235. The question stem and answer options stay visible for context.

Question

The LTM device is configured to provide load balancing to a set of web servers that implement access control lists (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect. The virtual server is configured with the default OneConnect profile. The ACL is defined on the web server as: Permit: 192.168.136.0/24 Deny: 192.168.116.0/24 The packet capture is taken of two individual client flows to a virtual server with IP address 192.168.136.100. Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100: Clientside: 09:35:11.073623 IP 192.168.136.1.55684 > 192.168.136.100.80: S 869998901:869998901(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> 09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S 2273668949:2273668949(0) ack 869998902 win 4380 <mss 1460,nop,wscale 0,sackOK,eol> 09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1 win 16425 09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425 09:35:11.081029 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299 win 4678 Serverside: 09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S 685865802:685865802(0) win 4380 <mss 1460,nop,wscale 0,sackOK,eol> 09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S 4193259095:4193259095(0) ack 685865803 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6> 09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1 win 4380 09:35:11.081955 IP 192.168.136.1.55684 > 192.168.116.128.80: P 1:299(298) ack 1 win 4380 09:35:11.083765 IP 192.168.116.128.80 > 192.168.136.1.55684: . ack 299 win 108 Client B - Src IP 192.168.116.1 - Virtual Server 192.168.136.100: Clientside: 09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S 3320618938:3320618938(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> 09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S 3878120666:3878120666(0) ack 3320618939 win 4380 <mss 1460,nop,wscale 0,sackOK,eol> 09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1 win 16425 09:36:11.245830 IP 192.168.116.1.55769 > 192.168.136.100.80: P 1:299(298) ack 1 win 16425 09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299 win 4678 Serverside: 09:36:11.245940 IP 192.168.136.1.55684 > 192.168.116.128.80: P 599:897(298) ack 4525 win 8904 09:36:11.247847 IP 192.168.116.128.80 > 192.168.136.1.55684: P 4525:5001(476) ack 897 win 142 Why was the second client flow permitted by the web server?

Options

  • AA global SNAT is defined.
  • BSNAT automap was enabled on the virtual server.
  • CThe idle TCP session from the first client was re-used.
  • DA source address persistence profile is assigned to the virtual server.

Unlock 303 to see the answer

You've previewed enough free 303 questions. Unlock 303 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock 303 - $49.99 / 30 daysSign in
Full 303 Practice
The LTM device is configured to provide load balancing to a set of... | 303 Q#235 Answer | NerdExam