402 Study notes

Foundational Cloud Concepts

Compare and contrast the various cloud business models and technologies

Infrastructure as a Service (IaaS): IaaS delivers computing infrastructure as a service. Instead of purchasing hardware and other infrastructure components, customers use some form of virtualization to access outsourced resources. Because consumption is on an on-demand basis, costs directly reflect the amount of use.

Platform as a Service (PaaS): PaaS delivers computing and development platforms (for example, Microsoft .NET, Java EE, Google applications) as a service, giving users the ability to deploy and develop applications without significant hardware and software expense or management time. Since the deployment platform is very specific, like .NET, there might be limitations of the types of applications that might be supported. For instance, Google App Engine only supports applications written using Python while Heroku supports Ruby on Rails application development.

Software as a Service (SaaS): By delivering applications as a service, SaaS offers customers pre-packaged/pre-built applications through a standard web browser. With SaaS, customers can avoid the installation and management of software on their own computers and further benefit from centralized, automatic software updates as well as lower costs. Customers don’t need to dedicate valuable resources to software deployment or management.

Apply concepts related to cloud Identity Access Management technologies

Describe the terminology, modules, and technical requirements related to

application bursting and mobility


Apply concepts related to application bursting and mobility

Cloud Infrastructure Design

Describe the F5 licensing and support characteristics for cloud deployments

Evaluate variables relevant to the design of a cloud solution that meets business requirement

Enumerate the available permutations and combinations of F5 virtualization U/A technologies

Recognize the constraints imposed by various SDN technologies on F5 components

Relate technical requirements to F5 platforms and virtualization technologies

Evaluate variables relevant to architeching solutions using single and multi-tier F5 products in various cloud environments

Evaluate the variables relevant to the design of green-field data centers and application delivery architectures to function as a cloud service provider

Apply key concepts related to the design on-demand provisioning of application services

Evaluate variables relevant to the design of on-demand provisioning of application services

Cloud Migration

Evaluate variables relevant to the creation and validation of a Cloud migration plan for applications

Apply key concepts required for the implementation of a Cloud migration plan for applications

Evaluate variables relevant to the implementation of a cloud migration plan for applications

Apply key concepts required to leverage technologies to integrate with various SDN environments

Evaluate variables rlevant to the leveraging of technologies to integrate with various SDN environments

Cloud Deployment

Analyze cloud service provider instance sizing and location as it relates to BIG-IP requirements

Apply the key concepts required to deploy F5 instances on a cloud infrastructure

Cloud Orchestration and Automation

Apply the N/E/S/W-bound API model in order to orchestrate service creation

Apply the key concepts required to automate and orchestrate using F5 RESTful APIs

Evaluate the variables relevant to automation and orchestration using F5 RESTful APIs

Apply the key concepts required to design a cloud bursting solution

Evaluate the variables relevant to design a cloud bursting solution

Determine how to utilize cloud deployment templates to create on demand provisioning of application services

Evaluate cloud deployment templates for the creation of on-demand provisioning of application services

Apply the key concepts required to create a workflow for dynamic provisioning of an F5 instance

Apply the key concepts required to create a workflow for dynamic provisioning of an F5 instance

BIG-IP Cloud Edition

Cloud edition is composed of tightly integrated BIG-IQ Centralized Management and BIG-IP Per-App VEs to deliver advanced app services and lifecycle management—including autoscale, self-service management for app owners, and per-app analytics—in VMware private cloud and AWS or Microsoft Azure public cloud environments.

Dedicated per-app services are available for:

BIG-IP Local Traffic Manager: Delivers intelligent traffic management, as well as SSL offload and application optimization, for the best end-user experience.

F5 Advanced Web Application Firewall: Provides the industry’s most advanced WAF to protect all your applications against automated web attacks, credential theft, and L7 DDoS.




perpetual licensing.

EXAM Notes

How long is the 402 exam?

The 402 exam is 105 minutes long.

How many items are on the 402 exam?

The 402 exam has 60 scored items and 5 unscored/pilot items.

• Some of the items contain exhibits. We strongly encourage viewing the entire exhibit.

• Some of the items contain case studies. The case studies are static and do not change

from one item to the next. We strongly encourage reading the entire case study.

What is the 402 exam passing score?

The 402 exam passing score is approximately 55%

What F5 certifications will be refreshed by passing the 402 exam?

• F5 Certified! Administrator, BIG-IP

• F5 Certified! Technology Specialist, BIG-IP LTM

• F5 Certified! Technology Specialist, BIG-IP DNS

What format is the 402 exam?

• The 402 exam is multiple choice.

• The exam contains exhibits and case studies.

• 1st failure: Exam hold for 15 days.

• 2nd failure: Exam hold for 30 days.

• 3rd failure: Exam hold for 45 days

• 4th failure: Exam hold for one (1) year.

auto scale cft


--------------------- SORT NOTES------------------------------

Exam Tips:

1- (Must) licensing models and its related (Throughput, Resources Capacity).

2- (Must) Licensing and Cost you have to know how to reduce the cost when choosing the licensing model.

3- Focus on F5 with AWS CSP, forget about Azure, Google, i mean the HA setup on AWS and how the Autoscaling works on AWS.

3- understand the REST API in general and its related components, and how it works with F5 BIGIP and sometimes with BIG-IQ

3- Understand the Authentication/Authorization on REST API.


Authorization to invoke Declarative Onboarding includes authorization to GET declarations stored in Declarative Onboarding.

Declarative Onboarding does not require its own credentials, however you must have administrator credentials for the BIG-IP that is running Declarative Onboarding.

Because Declarative Onboarding is an iControl LX extension, you can authenticate by including one of the following header values in your HTTP requests.

Basic Auth¶

To use Basic authentication, add a new request header: Authorization: Basic {Base64encoded value of username:password}. (If using a RESTful API client like Postman, in the Authorization tab, type the user name and password for a BIG-IP user account with Administrator permissions, which automatically adds the encoded header.)

Token Auth¶

To use Token Authentication, add a new request header: X-F5-Auth-Token: {tokenValue}

By default, the token has an expiration time of 1200 seconds

4- Read about (iAPP LX, iCONTROL LX, iWorkflow).

iApps LX

iApps® LX is built on top of the iControl® LX framework and enables application management and deployment of functionality within a BIG-IP® system and with any external managed device that you can send an API request to. Examples of external API systems are a customer’s OpenStack interface, an LDAP active directory server or any cloud connector. iApps LX can also be used to create a wizard for different Big-IP configurations, such as a routing decision table to configure routing rules. With iApps LX, you can create a custom UI with strong authentication.

iApps LX is built on a REST API framework, allowing bi-directional communication and commands.

iApps LX uses JavaScript, making its creation and deployment of template configurations (within and beyond the BIG-IP) seamless. iApps LX is implemented by creating and deploying block instances, which can be done from REST API commands (see Creating an iApps LX block instance using REST APIs) or from the BIG-IP GUI (see Creating an iApps LX block instance from the BIG-IP GUI).

An iApps LX block instance is created from a JSON template, which can be created or imported as part of an iApps LX RPM package.

As iApps LX is built on the iControl LX framework, it relies on creating extensions using nodejs to extend REST APIs.

F5 iRules LX - Introduction /DEMO


iControl LX Extension Overview

The iControl® LX extension allows you to use Node.js to extend the REST API on any BIG-IP device or iWorkflow platform. You can write an iControl LX extension to implement your REST API using JavaScript to represent the URI resources (nouns) that you can then invoke in a RESTful manner. The REST verb handlers can then perform appropriate actions local to the F5 devices or across the distributed data center. An iControl LX extension is an extensibility point attached to a specific URI, enabling customer-provided JavaScript/Node.js code to run in the context of the BIG-IP/iWorkflow control plane extending the REST API with additional services. You can extend existing F5 REST APIs as well as convert your own services into multiple extensions that are run on F5’s control plane.

BIG-IP and iWorkflow provide a service named restnoded. This service runs as a node.js daemon that enables you to write your extension’s source files using the JavaScript language. The restnoded service is also compliant with iControl REST to enable you to create extensions that use iControl REST end-points. The restnoded service is integrated into the BIG-IP and iWorkflow logging infrastructure and can output logging statements to /var/log/restnoded/restnoded.log.

5- understanding the DNS load-balancing algorithms over the WIP, its a little bit tricky because the questions was asking about dynamic utilization and all LB over WIP are static.

6- How to deals with Burst on Cloud and also choosing the suitable licensing model.


8- Failover on the cloud (How, Where)

9- And finally some long exhibits you have to find best way not read them but to answer the questions related to them.

should check this very helpful article


When failover methods use API calls, the results are dependent upon the cloud provider processing that request, how fast, and in what fashion (bulk, sequentially). We use the F5 Cloud Failover Extension (CFE) for BIG-IP failover with the API method. I suggest you head over to the CFE page and take a look!

Key Findings:

Google API failover times depend on number of forwarding rules

Azure API extremely slow to disassociate/associate IPs to NICs (remapping)

Azure API fast when updating routes (UDR, user defined routes)

AWS seems reliable with API regarding IP moves and routes


Restapitutorial (https://www.restapitutorial.com/lessons/httpmethods.html)

HTTP Methods for RESTful Services

HTTP methods tutorial on how to use them for RESTful API or Web Service.

last thing what is meant by N/E/S/W bound API, which direction is related to which action

This may help


Tip of the Day: Demystifying Software Defined Networking Terms - The Cloud Compass: SDN Data Flows

what the difrente in "BYOL, PAYG and VLS " license?



-F5 Cloud Licensing Program: as other stated, this is the number 1 must to know topic, almost 20 out of 65

questions are licensing related, you have to understand the good/better/best license model (which BIG IP

module you can provision, etc....), as well as BYOL, PAYG and VLS models.



-Understanding of IaaS, PaaS, SaaS cloud models.


-Differences between cloud models (hybrid, public, private, etc...)


-Understanding of AWS services related to F5: I suggest you to have a basic understanding at least of the following: EC2, S3, CloudWatch, ELB, CloudFormation.

-Understanding of how autoscaling works on AWS and how to use F5 in an autoscaling group.


-Azure ARM templates: check out the F5 ARM Template for Azure on GitHub, 1NIC, 3NIC etc...




-F5 CloudFormation templates for AWS: check them out.



-Highly suggest you to deploy at least one VE for both AWS/Azure, you need to understand how first access

works (on both AWS and Azure).



-F5 VE sizing: check out the various instances where you can deploy VE on both Azure/AWS, how many

cores are needed to provision every combination of BIGIP modules (LTM+AFM, LTM+APM+ASM, etc....).

https://support.f5.com/csp/article/K14810 - good article


-N/E/S/W-bound API model: know which directions is related to which action.



-Curl and SSH: there are questions strictly related to CURL and SSH syntax, guess you use them on a daily

basis but give it a little refresh.




-F5 API: know the syntax of F5 REST API and I mean the classic ones /mgmt/tm/etc... no mentioning of AS3

at all (I guess it didn't even exist when the exam came out). And know the differences between the various

methods (PUT, POST, PATCH).




-Knowledge about the Viprion Platform: understand how vcmp works, how to deploy guests and sizing as





-knowledge about Authentication protocols: know how to configure SAML with APM and understand

how SAML and OAuth works.





+ good number of scenario-based questions like what’s the best solution here, how to reduce costs there


Hi guys, I have passed 402 yesterday. There's so many questions related to F5 deployment and how is F5 networking in cloud environment (public, private, hybrid), vCMP, F5 cloud licensing (payg, byol, vls) and its application. Including the good, better, bundle...


All I have to say about the exam is you need to know about difference between Virtual Edition, vcmp, route domain differences and license types (good-better-best). And you must have deployed and used f5 at least a few times in the cloud.

During the preparation process, I reviwed F5 cloud documents and AWS installations.