nerdexam
F5

101 · Question #258

Which of the following violations cannot be learned by Traffic Learning?

The correct answer is A. RFC violations. RFC violations represent absolute failures of the HTTP protocol specification and can never be treated as legitimate traffic, so Traffic Learning cannot learn to permit them.

Section 4: Security Basics

Question

Which of the following violations cannot be learned by Traffic Learning?

Options

  • ARFC violations
  • BFile type length violations
  • CAttack signature violations
  • DMeta character violations on a specific parameter.

How the community answered

(43 responses)
  • A
    79% (34)
  • B
    12% (5)
  • C
    2% (1)
  • D
    7% (3)

Why each option

RFC violations represent absolute failures of the HTTP protocol specification and can never be treated as legitimate traffic, so Traffic Learning cannot learn to permit them.

ARFC violationsCorrect

RFC violations indicate that a request fundamentally breaks the HTTP protocol standard - for example, a malformed request line or illegal header format. Because these violations are never valid by definition, Traffic Learning has no mechanism to suggest accepting them; the system is designed to learn legitimate application patterns, and RFC-violating requests fall entirely outside that scope.

BFile type length violations

File type length violations can be learned because Traffic Learning can observe that a legitimate file type regularly appears with a longer URL and suggest raising the allowed length limit.

CAttack signature violations

Attack signature violations can be learned when Traffic Learning identifies a signature firing as a false positive on a specific parameter and suggests disabling that signature for the affected entity.

DMeta character violations on a specific parameter.

Meta character violations on a specific parameter can be learned because Traffic Learning can detect that a parameter legitimately contains special characters and suggest adding those characters to the parameter's allowed meta character set.

Concept tested: BIG-IP ASM Traffic Learning RFC violation exclusion

Source: https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations/using-learning-to-build-a-security-policy.html

Topics

#Traffic Learning#RFC violations#ASM learning engine#security policy

Community Discussion

No community discussion yet for this question.

Full 101 Practice