101 · Question #145
Which of the following methods of protection is not available within the Protocol Security Manager for HTTP traffic?
The correct answer is B. Attack signatures. The Protocol Security Manager (PSM) in BIG-IP ASM handles HTTP protocol-level protections, but attack signatures are managed separately by the main ASM signature engine, not the PSM.
Question
Which of the following methods of protection is not available within the Protocol Security Manager for HTTP traffic?
Options
- AData guard
- BAttack signatures
- CEvasion techniques
- DFile type enforcement
How the community answered
(41 responses)- A5% (2)
- B90% (37)
- C2% (1)
- D2% (1)
Why each option
The Protocol Security Manager (PSM) in BIG-IP ASM handles HTTP protocol-level protections, but attack signatures are managed separately by the main ASM signature engine, not the PSM.
Data guard is a valid PSM protection that prevents sensitive data such as credit card numbers or Social Security numbers from being returned in HTTP responses.
Attack signatures are a core ASM feature managed through the signature database and policy configuration, separate from the Protocol Security Manager. The PSM focuses on protocol compliance and enforcement mechanisms like evasion technique detection, data leakage prevention, and file type validation - not signature-based attack detection.
Evasion technique detection is a PSM feature that identifies attempts to bypass inspection through methods like directory traversal or URL encoding obfuscation.
File type enforcement is available in the PSM and allows administrators to restrict which file extensions are permitted in HTTP requests.
Concept tested: BIG-IP ASM Protocol Security Manager HTTP protections
Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-asm-implementations/implementing-protocol-security.html
Topics
Community Discussion
No community discussion yet for this question.