Which of the following is correct regarding User-defined Attack signatures?
A. User-defined signatures use an F5-supplied syntax
B. User-defined signatures may only use regular expressions
C. Attack signatures may be grouped within system-supplied signatures
D. User-defined signatures may not be applied globally within the entire policy
In the following configuration, a virtual server has the following HTTP class configuration:
HTTP Class 1 = Host pattern www.f5.com
HTTP Class 2 = No filters
A request arriving for WWW.F5.COM will be matched by which class(es)?
A. Class 1
B. Class 2
C. Both Class 1 and Class 2
D. The request will be dropped
Logging profiles are assigned to?
A. HTTP class
B. Security policies
C. Web applications
D. Attack signatures
Which of the following methods of protection operates on server responses?
A. Dynamic parameter protection
B. Response code validation and response scrubbing
C. Response code validation and HTTP method validation
D. HTTP RFC compliancy check and meta-character enforcement
A request is sent to the BIG-IP ASM System that generates a Length error violation. Which of the following length types provides a valid learning suggestion? (Choose 3)
A. URL
B. Cookie
C. Response
D. POST data
E. Query string
When configuring the BIG-IP ASM System in redundant pairs, which of the following are synchronized? (Choose 2)
A. License file
B. Security policies
C. Web applications
D. Request information
E. Traffic learning information
Sensitive parameters is a feature used to hide sensitive information from being displayed in which of the following?
A. Client request
B. Server response
C. GUI and logs of BIG-IP ASM System
D. Configuration file of BIG-IP ASM System
Tightening is a feature of which type of entity?
A. Explicit URLs
B. Attack signatures
C. Flow login URLs
D. Wildcard parameters
Which of the following methods of protection are used by the BIG-IP ASM System to mitigate buffer overflow attacks?
A. HTTP RFC compliancy checks
B. Length restrictions and attack signatures
C. Length restrictions and site cookie compliancy checks
D. Meta-character enforcement and HTTP RFC compliancy check
Which of the following storage type combinations are configurable in an ASM logging profile?
A. Local and Syslog
B. Local and Remote
C. Remote and Syslog
D. Remote and Reporting Server