Single choice

1) Which is true regarding Sub Virtual Services?

Each Sub Virtual Service has a unique dedicated IP Address

All Sub Virtual Services must use the same health checks as the parent Virtual Service

Sub Virtual Services use the IP address of the parent Virtual Service

Sub Virtual services do not support content rules

Score: 1.43

Single choice
2) By adding what resource, will allow a Kemp LoadMaster for scaling over 64,000 connections?

Sub Virtual Services

Subnet Originating Requests

Alternate Source Addresses added to a virtual service IP

Content Rules

Score: 1.43

Single choice
3) When would you use the Subnet Originating Request configuration option?

In a one-arm topology

In a two-arm topology

In one-arm and two-arm topologies

Only when using Layer 7 persistence methods

Score: 1.43

Multiple Choice
4) What are the main networking requirements for successfully creating a LoadMaster HA pair?

Layer 2 connection

Multicast

Latency must be low

High bandwidth

Score: 1.43
Single choice
5) Which statement is true when using non-local real servers?

Cannot be used with NIC bonding

Must use Direct Server Return

Transparency must be turned off

All of the above

Score: 0.00
Correct answer(s):
Cannot be used with NIC bonding

Must use Direct Server Return

Transparency must be turned off

All of the above

Single choice
6) Kemp 360 Central is what type of platform?

Centralised Management and Monitoring

Proactive monitoring and alert notification service (Agent based with proactive support
engagements).

3rd party log analytics service

AI and Automation service

Score: 1.43

Single choice
7) For HTTPS traffic to be manipulated or interrogated, which option needs to be enabled on the
LoadMaster?

Content Switching

Edge Security Pack

SSL Offloading

Web Application Firewall

Score: 1.43

Single choice
8) What is the difference between transparent and non-transparent virtual services?
 Transparent virtual services require the use of cookie persistence while non-transparent virtual
services can only be used with Layer 4 persistence methods

Transparent virtual services require the subnet originating request option while non-transparent
virtual services do not

Transparent virtual services pass along client source IP address to real servers while non-
transparent virtual services pass along the source IP address of the LoadMaster

Transparent virtual services can only be used with weighted round robin scheduling while non-
transparent virtual services can be used with all scheduling methods

Score: 0.00
Correct answer(s):
Transparent virtual services require the use of cookie persistence while non-transparent
virtual services can only be used with Layer 4 persistence methods

Transparent virtual services require the subnet originating request option while non-
transparent virtual services do not

Transparent virtual services pass along client source IP address to real servers while non-
transparent virtual services pass along the source IP address of the LoadMaster

Transparent virtual services can only be used with weighted round robin scheduling while
non-transparent virtual services can be used with all scheduling methods

Single choice
9) When deploying a new Kemp LoadMaster - each virtual machine requires an amount of resources
as a baseline recommendation. Which is the minimum baseline?

2vCPU, 1Gb RAM and 250Gb Storage

2vCPU, 2Gb RAM and 16Gb Storage

2vCPU, 16Gb RAM and 100Gb Storage

2vCPU, 1Gb RAM and 1Tb Storage

Score: 1.43

Single choice
10) What is the longest that you can configure persistence timeout?

7 days

7 minutes

7 weeks

7 hours
 Score: 1.43

Single choice
11) How many layers are there in the OSI Model?

Score: 1.43

Multiple Choice
12) Which ESP Log files are available on the Kemp LoadMaster? Check all that apply!

Connection Log

Security Log

User Log

Audit Log

Score: 0.00

Multiple Choice
13) Which statements are true regarding L7 Connection Drain Time? Check all that apply!

New connections will be allowed to connect until the time expires

Persistence will be honored until the time expires

Drain time should be long enough for users to finish sessions

Scheduling methods will be unaffected until drain time expires

Score: 0.00

Multiple Choice
14) What are the characteristics of Direct Server Return (DSR)? Check all that apply!

All traffic from real server must be routed back through LoadMaster

Real Server uses Virtual Service IP address when responding to client

Configuration changes needed on every real server

Layer 4 only

Supports Layer 4 or Layer 7

Single choice
15) LoadMaster NIC bonding only supports Active / Backup configuration?

True

False

Score: 1.43

Single choice
16) Which application acceleration option provides more bandwidth on the Client Side of the
LoadMaster?

Caching

IPS

ESP

Compression

Score: 0.00
Correct answer(s):
Caching

IPS

ESP

Compression

Single choice
17) With which scheduling method will the load balancer evenly rotate through all available servers
when deciding how to distribute traffic?

Round Robin

Least Connection

Fixed Weighted

Source IP Hash

Score: 1.43

Single choice
18) Which GEO scheduling method would be used in an active/passive (DR) scenario?

Location Based

Round Robin

Fixed Weighting

Proximity

Score: 1.43

Single choice
19) Which configuration option makes the load balancer present the Server Side interface IP address to
real servers instead of the VIP address?

Transparency

Two-Arm topology

One-Arm topology

Subnet Originating Request (SOR)

Score: 1.43

Single choice
20) If the need for header modification is required for a workload, which load balancing method should
be used?

Layer 4

Layer 7

Both Layer 4 or Layer 7 can be used

Score: 1.43

Single choice
21) What characteristic of Kemp templates is false?

Simplifies deployment

Includes configuration of health checks

Exportable

Access to templates require Enterprise Plus license subscription

Score: 1.43
Single choice
22) Accessing the Virtual LoadMaster to deploy the initial network settings - this is usually done via?

Telnet

Console

WUI access

Screen and Keyboard

Score: 0.00
Correct answer(s):
Telnet

Console

WUI access

Screen and Keyboard

Single choice
23) Which Kemp feature will allow for a header field to be modified?

Subnet Originating Request

Content Rules

AFP

ESP

Score: 1.43

Single choice
24) Select all statements that are true regarding Layer 7 load balancing!

With Layer 7 load balancing, connections can be transparent or non-transparent

With Layer 7 load balancing the client IP is never exposed to the real server

With Layer 7 load balancing, less persistence methods are available than with Layer 4

With Layer 7 load balancing, only Source IP persistence is possible

Score: 1.43

Single choice
25) At which layer of the OSI model does Layer 4 load balancing operate?

Application
 Session

Transport

Presentation

Score: 1.43

Single choice
26) Which is not a function of DNSSEC?

Sign DNS requests

Provide Origin of authentication of DNS data

Encrypts DNS requests

Authenticated denial of existence

Score: 1.43

Single choice
27) What is the difference between TCP and HTTP/HTTPS real server health checks?

TCP checks verify that UDP ports are closed on Real Servers and HTTP/HTTPS checks
ensure that SSL encryption is enabled

TCP checks verify that Real Servers are responding to pings and HTTP/HTTPS checks ensure
that commands to create new web pages are being accepted

TCP checks verify that Real Servers are sending responses through the correct gateway and
HTTP/HTTPS checks ensure that translation from encrypted protocols to non-encrypted
protocols is working properly

TCP checks verify that Real Servers are listening on a specified port and HTTP/HTTPS checks
ensure that the proper web server response code is sent back

Score: 1.43

Multiple Choice
28) Layer 4 load balancing uses transparency - which conditions typically occur as a result of using
transparency? Check all that apply!

Source IP of the client is seen by the real server

Virtual Service IP is seen by the real server

Real Server must use the firewall as it's default gateway

Real Server must use the LoadMaster as it's default gateway

Single choice
29) When calculating SSL TPS, a client request is typically measured as?

1 SSL TPS for offload or 2 SSL TPS for offload and re-encryption

2 SSL TPS and 10MB/s for the bandwidth requirements per client connection

2 SSL TPS and 20MB/s for the bandwidth requirements per client connection

2 SSL TPS for offloading only

Score: 1.43

Single choice
30) What tools would be best used to confirm the Virtual Service is listening on a specific port?

Log Files

TCP Trace

Ping

Telnet

Score: 1.43

Single choice
31) Which feature of the Kemp LoadMaster will not change the IP address the real server sees?

Subnet Originating Requests

Alternate Source Address

Content Rules

Transparency

Score: 1.43

Single choice
32) What does session persistence do?

Ensures that responses from the same server are always sent through the same gateway

Ensures that connections from the same client are always directed to the same server

Ensures that HTTP connections stay open long enough for server responses to be sent

Ensures that SSL handshakes complete in a timely fashion

Single choice
33) If you encounter routing issues with a transparent virtual service what are the best troubleshooting
steps to try?

Disable transparency or, if transparency is required change the real server default gateway to
be the LoadMaster

Change the virtual service from Layer 4 to Layer 7

Enable transparency

Change persistence to Source IP and scheduling to adaptive

Score: 1.43

Single choice
34) Which HA component keeps LoadMaster up-to-date with changes made to Virtual Service?

Sync

Multicast

CARP

Score: 1.43

Multiple Choice
35) Kemp Server Load Balancing uses? Check all that apply!

Reverse Proxy for publishing applications

Application Health Checks

Forward Proxy

DNS Load Balancing

Score: 1.43

Single choice
36) Which HA component allows the LoadMaster to seamlessly pick up in the event of failovers?

CARP

Unicast

Sync
 Score: 1.43

Multiple Choice
37) Which statements are true regarding Server NAT?

Requires a Loopback interface to be configured on real server

When using server NAT, transparency must be turned on

Turned on by default

Outbound traffic from real servers appear to come from LoadMaster IP address

Score: 0.00
Correct answer(s):
Requires a Loopback interface to be configured on real server

When using server NAT, transparency must be turned on

Turned on by default

Outbound traffic from real servers appear to come from LoadMaster IP address

Single choice
38) When troubleshooting HA sync issues which TCP port should be traced?

53

6973

5010

500

Score: 1.43

Single choice
39) In what Virtual Service section would you modify Scheduling Options?

Advanced Properties

Basic Properties

Standard Options

ESP Options

Score: 1.43

Single choice
40) Which is not a type of client authentication in Edge Security Pack (ESP)?

SAML

NTLM

Forms Based

Kerberos Constrained Delegation (KCD)

Score: 1.43

Multiple Choice
41) Kemp's Edge Security Pack provides... Check all that apply!

Full Proxy

SSO and 2FA

Forms Based Authentication

Security Group Validation

Score: 1.43

Single choice
42) At which layer of the OSI model does Layer 7 load balancing operate?

Session

Transport

Presentation

Application

Score: 1.43

Single choice
43) In what Virtual Service section would you enable Content Switching?

Advanced Properties

Basic Properties

Standard Options

ESP Options

Score: 1.43

Multiple Choice
44) What features are available when using Intrusion Prevention? Check all that apply!

Create own rules

Uses SNORT Rules

Rules are automatically updated daily

Uses ModSecurity

Score: 0.00
Correct answer(s):
Create own rules

Uses SNORT Rules

Rules are automatically updated daily

Uses ModSecurity

Single choice
45) What's the difference between a 1-arm and 2-arm topology?

In a 1-arm topology, virtual service and real servers are on the same network and in a 2-arm
topology, virtual service and real servers are on different networks

In a 1-arm topology, virtual service and real servers are on the different network and in a 2-arm
topology, virtual service and real servers are on the same network

In a 1-arm topology, all traffic is routed through the same default gateway when sending
responses to clients and in a 2-arm topology multiple default gateways are used when sending
responses to clients

In a 1-arm topology, only Super HTTP persistence can be used and in a 2-arm topology all
persistence methods can be used

Score: 1.43

Multiple Choice
46) Select all of the statements that are true

All applications require persistence

Not all applications require persistence

Microsoft and VMware applications always require persistence

Web applications with shopping carts typically require persistence

Layer 7 applications never require persistence

Score: 1.43
Multiple Choice
47) What are the benefits of using SSL Offloading? Check all that apply!

Easier to manage certificates

More secure than SSL Re-encryption

Needed for pre-authentication

Removes the need for real servers to decrypt traffic

Score: 1.43

Single choice
48) Which is not a type of server authentication in Edge Security Pack (ESP)?

Kerberos Constrained Delegation

Basic

Forms

Certificate

Score: 0.00
Correct answer(s):
Kerberos Constrained Delegation

Basic

Forms

Certificate

Multiple Choice
49) Which GEO scheduling methods would be used in an active/active scenario? Check all that apply!

Location Based

Round Robin

Fixed Weighting

Proximity Based

Score: 1.43

Single choice
50) What is one main caveat of using Source IP-based persistence?

It's more CPU-intensive than other persistence methods

Uneven traffic distribution is possible in NAT'd environments where all clients will have the
same IP address

It will not work in IPv6 environments

Score: 1.43

Single choice
51) What is the minimum recommended number of LoadMasters in a Cluster?

16

Score: 0.00
Correct answer(s):
3

16

Single choice
52) What is a common cause of persistence issues?

Persistence timeout being set too long

Using a persistence method that doesn't work with transparency

Having multiple virtual services on the same load balancer with different persistence methods

Persistence timeout being set too short

Score: 0.00
Correct answer(s):
Persistence timeout being set too long

Using a persistence method that doesn't work with transparency

Having multiple virtual services on the same load balancer with different persistence
methods

Persistence timeout being set too short