Which three parameters can be specified within the Setup Utility? (Choose three.)
A.
Password of the “root” user
B.
IP address of an NTP server
C.
IP address of an initial Wide-IP
D.
IP address restrictions for ssh access
E.
All necessary administrative IP addresses (including floating addresses)
Password of the “root” user
IP address restrictions for ssh access
All necessary administrative IP addresses (including floating addresses)
Which of the following are correct regarding Wildcard entities? (Choose 2)
A.
Wildcard entities are the basis for positive security logic.
B.
Wildcard entities are the basis for negative security logic.
C.
Wildcard entities require the need to learn only from violations.
D.
Wildcard entities can be applied to file types, URLs, cookies and parameters.
Wildcard entities are the basis for positive security logic.
Wildcard entities can be applied to file types, URLs, cookies and parameters.
Flow login allows for more granular protection of login and logout URLs within web applications.
Which of the following are components of flow login? (Choose 3)
A.
Schema
B.
Login URLs
C.
Login pages
D.
Attack signatures
E.
Access validation
Login URLs
Login pages
Access validation
The BIG-IP ASM System is configured with a virtual server that contains an HTTP class profile
and the protected pool members are associated within the HTTP class profile pool definition. The
status of this virtual server is unknown (Blue). Which of the following conditions will make this
virtual server become available (Green)?
A.
Assign a successful monitor to the virtual server
B.
Assign a successful monitor to the members of the HTTP class profile pool
C.
Associate a fallback host to the virtual server and assign a successful monitor to thefallback
host
D.
Associate a default pool to the virtual server and assign a successful monitor to the
poolmembers
Associate a default pool to the virtual server and assign a successful monitor to the
poolmembers
Which of the following does not pertain to protecting the Requested Resource (URI) element?
A.
File type validation
B.
URL name validation
C.
Domain cookie validation
D.
Attack signature validation
Domain cookie validation
Which of the following protocol protections is not provided by the Protocol Security Manager?
A.
FTP
B.
SSH
C.
HTTP
D.
SMTP
SSH
Which of the following is correct regarding User-defined Attack signatures?
A.
User-defined signatures use an F5-supplied syntax
B.
User-defined signatures may only use regular expressions
C.
Attack signatures may be grouped within system-supplied signatures
D.
User-defined signatures may not be applied globally within the entire policy
User-defined signatures use an F5-supplied syntax
Which of the following methods of protection is not available within the Protocol Security Manager
for HTTP traffic?
A.
Data guard
B.
Attack signatures
C.
Evasion techniques
D.
File type enforcement
Attack signatures
There are many user roles configurable on the BIG-IP ASM System. Which of the following user
roles have access to make changes to ASM policies? (Choose 3)
A.
Guest
B.
Operator
C.
Administrator
D.
Web Application Security Editor
E.
Web Application Security Administrator
Administrator
Web Application Security Editor
Web Application Security Administrator
In the following configuration, a virtual server has the following HTTP class configuration:
HTTP Class 1 = Host pattern www.f5.com HTTP Class 2 = No filters A request arriving for
WWW.F5.COM will be matched by which class (es)?
A.
Class 1
B.
Class 2
C.
Both Class 1 and Class 2
D.
The request will be dropped
Class 2
Learning suggestions in the Policy Building pages allow for which of the following? (Choose 2)
A.
XML-based parameters and associated schema are automatically learned
B.
Blocking response pages can be automatically generated from web site content.
C.
Flow level parameters are displayed when found and can be accepted into the currentpolicy
D.
The administrator may modify whether the BIG-IP ASM System will learn, alarm, or
blockdetected violations.
E.
Maximum acceptable values for length violations are calculated and can be accepted intothe
security policy by the administrator.
Flow level parameters are displayed when found and can be accepted into the currentpolicy
Maximum acceptable values for length violations are calculated and can be accepted intothe
security policy by the administrator.
Which of the following statements are correct regarding positive and negative security models?
(Choose 2)
A.
Positive security model allows all transactions by default.
B.
Negative security model denies all transactions by default.
C.
Negative security model allows all transactions by default and rejects only transactionsthat
contain attacks.
D.
Positive security model denies all transactions by default and uses rules that allow onlythose
transactions that are considered safe and valid.
Negative security model allows all transactions by default and rejects only transactionsthat
contain attacks.
Positive security model denies all transactions by default and uses rules that allow onlythose
transactions that are considered safe and valid.
| Page 15 out of 36 Pages |
| Previous |