nerdexam
F5

101 · Question #262

Which of the following are methods BIG-IP ASM utilizes to mitigate web scraping vulnerabilities? (Choose 2)

The correct answer is A. Monitors mouse and keyboard events D. Verifies the client supports JavaScript and cookies. BIG-IP ASM mitigates web scraping by analyzing human behavioral signals like mouse and keyboard events and by verifying that the client can execute JavaScript and handle cookies.

Section 4: Security Basics

Question

Which of the following are methods BIG-IP ASM utilizes to mitigate web scraping vulnerabilities? (Choose 2)

Options

  • AMonitors mouse and keyboard events
  • BDetects excessive failures to authenticate
  • CInjects JavaScript code on the server side
  • DVerifies the client supports JavaScript and cookies

How the community answered

(16 responses)
  • A
    88% (14)
  • B
    6% (1)
  • C
    6% (1)

Why each option

BIG-IP ASM mitigates web scraping by analyzing human behavioral signals like mouse and keyboard events and by verifying that the client can execute JavaScript and handle cookies.

AMonitors mouse and keyboard eventsCorrect

BIG-IP ASM bot defense monitors mouse movement and keyboard event patterns because automated scrapers lack genuine human interaction behavior, allowing ASM to distinguish bots from real users.

BDetects excessive failures to authenticate

Detecting excessive authentication failures is a brute force and credential stuffing protection mechanism, not a web scraping mitigation technique.

CInjects JavaScript code on the server side

BIG-IP ASM injects JavaScript on the client side within the HTTP response to the browser, not on the server side - server-side injection is not a mechanism ASM uses for scraping detection.

DVerifies the client supports JavaScript and cookiesCorrect

ASM injects a JavaScript challenge into responses and verifies that the client browser can execute it and return a valid cookie, a test that most scraping tools and headless crawlers fail.

Concept tested: BIG-IP ASM web scraping mitigation methods

Source: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-asm-bot-defense-configuration/about-bot-defense-profiles.html

Topics

#ASM web scraping#bot detection#JavaScript injection#cookie validation

Community Discussion

No community discussion yet for this question.

Full 101 Practice