101 · Question #258

101 Question #258: Real Exam Question with Answer & Explanation

The correct answer is A: RFC violations. RFC violations represent absolute failures of the HTTP protocol specification and can never be treated as legitimate traffic, so Traffic Learning cannot learn to permit them.

Question

Which of the following violations cannot be learned by Traffic Learning?

Options

ARFC violations
BFile type length violations
CAttack signature violations
DMeta character violations on a specific parameter.

Explanation

RFC violations represent absolute failures of the HTTP protocol specification and can never be treated as legitimate traffic, so Traffic Learning cannot learn to permit them.

Common mistakes.

B. File type length violations can be learned because Traffic Learning can observe that a legitimate file type regularly appears with a longer URL and suggest raising the allowed length limit.
C. Attack signature violations can be learned when Traffic Learning identifies a signature firing as a false positive on a specific parameter and suggests disabling that signature for the affected entity.
D. Meta character violations on a specific parameter can be learned because Traffic Learning can detect that a parameter legitimately contains special characters and suggest adding those characters to the parameter's allowed meta character set.

Concept tested. BIG-IP ASM Traffic Learning RFC violation exclusion

Reference. https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations/using-learning-to-build-a-security-policy.html

Community Discussion

No community discussion yet for this question.

Full 101 Practice