nerdexam
F5

101 · Question #259

What is the purpose of the IP addresses listed in the Trusted IP section when using Policy Builder?

The correct answer is C. Incoming requests with these IP addresses will automatically be accepted into the security. Trusted IPs in Policy Builder identify traffic sources whose requests are automatically accepted into the security policy, typically used for internal or QA traffic to accelerate accurate policy building.

Section 4: Security Basics

Question

What is the purpose of the IP addresses listed in the Trusted IP section when using Policy Builder?

Options

  • AIncoming requests with these IP addresses will never get blocked by BIG-IP ASM.
  • BIncoming requests with these IP addresses will not be taken into account as part of the learning
  • CIncoming requests with these IP addresses will automatically be accepted into the security
  • DIncoming requests with these IP addresses will be used by Policy Builder to create an alternate

How the community answered

(57 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    93% (53)
  • D
    4% (2)

Why each option

Trusted IPs in Policy Builder identify traffic sources whose requests are automatically accepted into the security policy, typically used for internal or QA traffic to accelerate accurate policy building.

AIncoming requests with these IP addresses will never get blocked by BIG-IP ASM.

Trusted IPs influence Policy Builder's learning behavior, not enforcement - a request from a trusted IP can still be blocked if it violates an already-configured policy rule.

BIncoming requests with these IP addresses will not be taken into account as part of the learning

Trusted IP traffic is specifically included in learning, not excluded - the feature exists precisely so that this traffic is used as a trusted learning source.

CIncoming requests with these IP addresses will automatically be accepted into the securityCorrect

When Policy Builder receives requests from an IP address listed in the Trusted IP section, it bypasses the normal suggestion and approval workflow and directly accepts those requests into the security policy as legitimate. This is intended for trusted internal sources - such as QA servers or developers - whose traffic reliably represents valid application behavior and can be used to build the policy immediately without meeting learning thresholds.

DIncoming requests with these IP addresses will be used by Policy Builder to create an alternate

Policy Builder builds a single unified security policy; trusted IPs do not trigger creation of an alternate or separate policy for that traffic.

Concept tested: BIG-IP ASM Policy Builder Trusted IP learning behavior

Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-asm-implementations/automatically-building-a-security-policy.html

Topics

#Policy Builder#trusted IP#ASM learning#security policy

Community Discussion

No community discussion yet for this question.

Full 101 Practice