Use this quick start guide to collect all the information about F5 BIG-IP APM Specialist (304) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the 304 F5 BIG-IP APM Specialist exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual F5 BIG-IP APM certification exam.
The F5 BIG-IP APM Specialist certification is mainly targeted to those candidates who want to build their career in Specialist domain. The F5 Certified Technology Specialist - BIG-IP Access Policy Manager (F5-CTS APM) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of F5 BIG-IP APM.
F5 BIG-IP APM Specialist Exam Summary:
| Exam Name | F5 Certified Technology Specialist - BIG-IP Access Policy Manager (F5-CTS APM) |
| Exam Code | 304 |
| Exam Price | $180 (USD) |
| Duration | 90 mins |
| Number of Questions | 80 |
| Passing Score | 245 / 350 |
| Books / Training | F5 Training Programs |
| Schedule Exam | Pearson VUE |
| Sample Questions | F5 BIG-IP APM Specialist Sample Questions |
| Practice Exam | F5 304 Certification Practice Exam |
F5 304 Exam Syllabus Topics:
| Topic | Details |
|---|---|
AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING (AAA), SINGLE SIGN-ON (SSO), FEDERATED AUTHORIZATION, MOBILE DEVICE MANAGEMENT (MDM) |
|
| Explain how to configure different types of AAA methods |
- Configure AAA objects - Microsoft Active Directory, LDAP, Radius, RSA SecurID, TACACS, (Kerberos/NTLM, Client Cert auth), end-point management system profile |
| Demonstrate knowledge of the network requirements for each authentication service type | - Demonstrate ability to test and validate connectivity to each authentication service (adtest output, ldapsearch output) |
| Explain how to configure SSO objects |
- Determine specific SSO object requirements (e.g. Kerberos SPN requirements) - Determine when to choose one type of SSO over another |
| Explain how to configure SAML as an SP and/or IdP | - Integrate BIG-IP APM Service Provider (SP) with external vendor IdP (e.g. PING, Okta, SaaS, etc.) Configure Single Logout (SLO) |
NETWORK AND APPLICATION ACCESS |
|
| Explain how to configure SSL VPN manually or using a wizard |
- Determine which option is appropriate to use: Network access, Portal access, Web Application access (APM/LTM Mode) - Choose appropriate Webtop type: Full, Network Access, Portal Access |
| Explain how to configure Network Access Profiles |
- Configure profile settings (e.g. Connectivity profile options, Edge Client Options and updates, SNAT) - Configure App Optimization |
| Explain how to configure portal access |
- Determine the appropriate level of patching - Evaluate global ACL order - Configure Resource Items |
| Explain how to configure application access |
- Configure Remote Desktop access (e.g. Launching applications, Custom Parameters) - Deploy Citrix Bundle - Configure App Tunnels |
| Explain how to configure Web Access Management (LTM-APM Mode) |
- Configure pool and virtual server - Determine when to use Web Access Management |
VISUAL POLICY EDITOR |
|
| Explain how to configure authentication and logon objects in VPE |
- Configure an auth and/or query object (e.g. Determine group membership, Configure required attributes) - Add appropriate logon page type |
| Explain how to configure resource/custom variables |
- Set up SSO credential mapping - Assign Webtops dynamically - Configure variable assignment |
| Explain how to configure VPE flow with multiple branches and objects |
- Determine policy ending types (allow, deny, redirect) - Use a message box to display a variable in a VPE - Assign custom session variables |
| Explain how to configure and apply macros |
- Use a macro to combine multiple VPE objects - Demonstrate an understanding of differences in creating a macro versus an access policy |
DEPLOY AND MAINTAIN iAPPS |
|
| Determine when to use an iApp |
- Import and deploy supported iApp templates - Determine the min/max BIG-IP module versions supported by a specific iApp template - Determine which BIG-IP modules are required to deploy a specific iApp template |
| Apply procedural concepts to maintain iApps |
- Reconfigure a deployed iApp to update objects - Identify iApp used to deploy an object |
| Determine appropriate applications for enabling/disabling strict updates |
- Make manual changes to a deployed application service - Demonstrate an understanding of the impact of disabling strict updates |
ADMINISTRATING AND TROUBLESHOOTING BIG-IP APM |
|
| Apply procedural concepts to manage and maintain access profiles |
- Determine proper use of profile scope (e.g. profile, virtual server, global) - Tune policy settings (e.g. multiple concurrent users, limit active sessions per IP address) |
| Perform basic customizations of the U/I |
- Apply corporate branding (i.e. adding a logo, footer, logon form) - Add additional languages for browser localization |
| Demonstrate an understanding of how High Availability applies to BIG-IP APM (with respect to end users, policy sync, device fail-over) |
- Demonstrate an understanding of the limitation of two units per HA pair and traffic group - Configure Access Policy Sync (e.g. Configuring local objects vs global, validate access policy sync) |
| Explain provisioning/licensing for BIG-IP APM |
- Update an existing license for BIG-IP APM - Consider CCU utilization for different types of access policy deployments |
| Apply procedural concepts to gather relevant data |
- Gather data from relevant BIG-IP tools (e.g. session reports, session variables, tcpdump, ssldump, sessiondump, APM log) - Add debug logic to APM iRules - Configure Debug logging |
| Determine root cause |
- Compare expected vs actual behaviors based on problem description - Analyze and correlate all collected data (client/BIG-IP/serverside) to understand where a failure occurred - Determine cause of EPSEC failures |
SECURITY |
|
| Explain how BIG-IP APM mitigates common attack vectors and methodologies |
- Demonstrate an understanding of how the BIG-IP solution mitigates common security risks (e.g., cookiehijacking, DoS attacks) - Determine which features of the BIG-IP device mitigate common DoS attacks - Deploy GeoIP and IP intelligence in the VPE to protect resources |
| Determine which BIG-IP APM features should be used to mitigate a specific authentication attack |
- Configure logging - Configure objects needed to deploy MFA - Configure SNMP traps |
| Apply procedural concepts to manage user sessions |
- Identify user session details - Demonstrate an understanding of BIG-IP APM session cookies |
| Identify use cases of Secure Web Gateway (SWG) |
- Compare transparent vs explicit proxy deployments - Determine the purpose of SWG |
| Describe access policy timeouts as related to security | - Describe the differences between inactivity timeout, access policy timeout, and maximum session timeout |
| Explain how to configure and manage ACLs |
- Explain how ACLs are deployed by default when creating a policy - Explain when a layer 4 or layer 7 ACL would be needed |
| Demonstrate an understanding of network security requirements for application access | - Demonstrate an understanding of TCP/UDP ports required for application services |
| Apply procedural concepts to implement EPSEC |
- Configure client-side checks (e.g. anti-virus, firewall, registry) - Update and install EPSEC software |
To ensure success in F5 BIG-IP APM certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for F5 BIG-IP APM Specialist (304) exam.