nerdexam
Exams101Questions#145
F5

101 · Question #145

101 Question #145: Real Exam Question with Answer & Explanation

The correct answer is B: Attack signatures. The Protocol Security Manager (PSM) in BIG-IP ASM handles HTTP protocol-level protections, but attack signatures are managed separately by the main ASM signature engine, not the PSM.

Question

Which of the following methods of protection is not available within the Protocol Security Manager for HTTP traffic?

Options

  • AData guard
  • BAttack signatures
  • CEvasion techniques
  • DFile type enforcement

Explanation

The Protocol Security Manager (PSM) in BIG-IP ASM handles HTTP protocol-level protections, but attack signatures are managed separately by the main ASM signature engine, not the PSM.

Common mistakes.

  • A. Data guard is a valid PSM protection that prevents sensitive data such as credit card numbers or Social Security numbers from being returned in HTTP responses.
  • C. Evasion technique detection is a PSM feature that identifies attempts to bypass inspection through methods like directory traversal or URL encoding obfuscation.
  • D. File type enforcement is available in the PSM and allows administrators to restrict which file extensions are permitted in HTTP requests.

Concept tested. BIG-IP ASM Protocol Security Manager HTTP protections

Reference. https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-asm-implementations/implementing-protocol-security.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice