F5
101 · Question #159
101 Question #159: Real Exam Question with Answer & Explanation
The correct answer is B: File type violations will be triggered and learning will be available based on these violations.. With a wildcard file type entity and tightening enabled, requests are allowed through but violations are still raised and used to generate learning suggestions for policy tightening.
Question
When we have a * wildcard entity configured in the File Type section with tightening enabled, the following may occur when requests are passed through the policy. Which is the most accurate statement?
Options
- AFile type violations will not be triggered.
- BFile type violations will be triggered and learning will be available based on these violations.
- CFile type entities will automatically be added to the policy (policy will tighten).
- DFile type violations will not be triggered and the entity learning section will be populated with file
Explanation
With a wildcard file type entity and tightening enabled, requests are allowed through but violations are still raised and used to generate learning suggestions for policy tightening.
Common mistakes.
- A. Violations are still triggered with a wildcard and tightening enabled because the tightening mechanism relies on violations to identify file types that are candidates for explicit policy inclusion.
- C. File type entities are not automatically added to the policy; an administrator must review and manually accept learning suggestions before any entity is added.
- D. Violations are actively triggered when tightening is enabled - the wildcard prevents blocking but does not suppress violation logging or learning population.
Concept tested. ASM wildcard entity tightening and file type learning
Reference. https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-asm-implementations/about-learning.html
Community Discussion
No community discussion yet for this question.