nerdexam
Exams101Questions#407
F5

101 · Question #407

101 Question #407: Real Exam Question with Answer & Explanation

The correct answer is C: Token injection. ASM uses signatures, URL character set limiting, and parameter character set limiting to protect against XSS. Token injection is a CSRF protection mechanism, not an XSS protection method.

Question

Which is NOT an ASM protection method for cross site scripting?

Options

  • ASignatures
  • BURl character set limiting
  • CToken injection
  • DParameter character set limiting

Explanation

ASM uses signatures, URL character set limiting, and parameter character set limiting to protect against XSS. Token injection is a CSRF protection mechanism, not an XSS protection method.

Common mistakes.

  • A. Signatures are a core ASM XSS protection method that match incoming requests against known XSS attack patterns to detect and block them.
  • B. URL character set limiting restricts which characters are permitted in URLs, preventing XSS payloads from being smuggled through URL parameters.
  • D. Parameter character set limiting enforces allowed character sets on request parameters, blocking XSS injection attempts embedded in form fields or query strings.

Concept tested. ASM cross-site scripting protection methods

Reference. https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-asm-implementations/protecting-against-cross-site-scripting.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice