nerdexam
F5

101 · Question #144

Which of the following is correct regarding Userdefined Attack signatures?

The correct answer is A. Userdefined signatures use an F5supplied syntax. User-defined attack signatures in BIG-IP ASM are authored using the same F5-proprietary signature syntax used for system-supplied signatures, giving administrators a consistent authoring model.

Section 2: F5 Solutions and Technology

Question

Which of the following is correct regarding Userdefined Attack signatures?

Options

  • AUserdefined signatures use an F5supplied syntax
  • BUserdefined signatures may only use regular expressions
  • CAttack signatures may be grouped within systemsupplied signatures
  • DUserdefined signatures may not be applied globally within the entire policy

How the community answered

(19 responses)
  • A
    95% (18)
  • C
    5% (1)

Why each option

User-defined attack signatures in BIG-IP ASM are authored using the same F5-proprietary signature syntax used for system-supplied signatures, giving administrators a consistent authoring model.

AUserdefined signatures use an F5supplied syntaxCorrect

F5 provides a defined signature syntax (including keywords such as content, uricontent, pcre, and normalization flags) that governs both system-supplied and user-defined signatures. Administrators must use this F5-supplied syntax when creating custom signatures, ensuring compatibility with the ASM signature engine.

BUserdefined signatures may only use regular expressions

User-defined signatures support both the F5 keyword-based syntax and PCRE regular expressions - they are not limited to regular expressions only.

CAttack signatures may be grouped within systemsupplied signatures

User-defined signatures cannot be added to or grouped within F5 system-supplied signature sets; they are maintained in separate user-defined signature sets.

DUserdefined signatures may not be applied globally within the entire policy

User-defined signatures can be applied globally across an entire policy, just like system-supplied signatures, when the policy is configured to enforce them at that scope.

Concept tested: BIG-IP ASM user-defined attack signature syntax and scope

Source: https://techdocs.f5.com/en-us/bigip-asm-implementations/configuring-attack-signatures.html

Topics

#attack signatures#user-defined signatures#signature syntax#ASM policy

Community Discussion

No community discussion yet for this question.

Full 101 Practice