nerdexam
F5

101 · Question #167

Which of the following statements are incorrect regarding protection of web services? (Choose 2)

The correct answer is A. The BIG-IP ASM System checks to ensure web services use cookies. B. The BIG-IP ASM System parses XML requests and XML responses.. BIG-IP ASM does not enforce cookie usage for web services, and its XML protection scope for web services focuses on request parsing rather than response parsing.

Section 2: F5 Solutions and Technology

Question

Which of the following statements are incorrect regarding protection of web services? (Choose 2)

Options

  • AThe BIG-IP ASM System checks to ensure web services use cookies.
  • BThe BIG-IP ASM System parses XML requests and XML responses.
  • CThe BIG-IP ASM System checks to ensure XML documents are well formed.
  • DThe BIG-IP ASM System uses attack signatures to enforce negative security logic.
  • EThe BIG-IP ASM System checks for XML syntax, schema validation, and WSDL validation.

How the community answered

(31 responses)
  • A
    77% (24)
  • C
    10% (3)
  • D
    3% (1)
  • E
    10% (3)

Why each option

BIG-IP ASM does not enforce cookie usage for web services, and its XML protection scope for web services focuses on request parsing rather than response parsing.

AThe BIG-IP ASM System checks to ensure web services use cookies.Correct

Web services (SOAP/REST) communicate statelessly and do not rely on HTTP cookies, so ASM does not check or enforce cookie usage as part of its web service protection - this statement is technically incorrect.

BThe BIG-IP ASM System parses XML requests and XML responses.Correct

BIG-IP ASM parses XML in inbound requests for web service protection; it does not perform XML parsing on XML responses as part of its core web services security enforcement, making this statement incorrect.

CThe BIG-IP ASM System checks to ensure XML documents are well formed.

ASM does verify that XML documents are well-formed as part of its XML validation features, making this a correct statement and therefore not one of the incorrect ones.

DThe BIG-IP ASM System uses attack signatures to enforce negative security logic.

ASM uses attack signatures to apply negative security logic against known web service attack patterns such as SQL injection inside XML payloads, which is a correct statement.

EThe BIG-IP ASM System checks for XML syntax, schema validation, and WSDL validation.

ASM performs XML syntax checking, XML schema validation against imported XSD files, and WSDL validation, all of which are correct capabilities and not incorrect statements.

Concept tested: BIG-IP ASM web services XML protection scope and limitations

Source: https://techdocs.f5.com/kb/en-us/products/big-ip-asm/manuals/product/asm-implementations-13-1-0/13.html

Topics

#web services protection#XML security#WSDL#attack signatures

Community Discussion

No community discussion yet for this question.

Full 101 Practice