nerdexam
F5

101 · Question #407

Which is NOT an ASM protection method for cross site scripting?

The correct answer is C. Token injection. ASM uses signatures, URL character set limiting, and parameter character set limiting to protect against XSS. Token injection is a CSRF protection mechanism, not an XSS protection method.

Section 4: Security Basics

Question

Which is NOT an ASM protection method for cross site scripting?

Options

  • ASignatures
  • BURl character set limiting
  • CToken injection
  • DParameter character set limiting

How the community answered

(54 responses)
  • A
    2% (1)
  • B
    6% (3)
  • C
    91% (49)
  • D
    2% (1)

Why each option

ASM uses signatures, URL character set limiting, and parameter character set limiting to protect against XSS. Token injection is a CSRF protection mechanism, not an XSS protection method.

ASignatures

Signatures are a core ASM XSS protection method that match incoming requests against known XSS attack patterns to detect and block them.

BURl character set limiting

URL character set limiting restricts which characters are permitted in URLs, preventing XSS payloads from being smuggled through URL parameters.

CToken injectionCorrect

Token injection in ASM is a protection mechanism for Cross-Site Request Forgery (CSRF), not Cross-Site Scripting (XSS). It works by embedding unique tokens in web forms to validate request origin, which addresses CSRF threats rather than XSS injection attacks. Because it targets a different vulnerability class entirely, it is not categorized as an XSS protection method.

DParameter character set limiting

Parameter character set limiting enforces allowed character sets on request parameters, blocking XSS injection attempts embedded in form fields or query strings.

Concept tested: ASM cross-site scripting protection methods

Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-asm-implementations/protecting-against-cross-site-scripting.html

Topics

#ASM#XSS#cross-site scripting#attack signatures

Community Discussion

No community discussion yet for this question.

Full 101 Practice