nerdexam
F5

101 · Question #458

Why is BIG-IP ASM ideally suited to protect against layer 7 attacks, including HTTP and HTTPS/SSL traffic, when compared to an intrusion prevention system (IPS)?

The correct answer is D. An IPS can only look at overall traffic patterns; it doesn't understand what applications are in the. BIG-IP ASM is a full Web Application Firewall with deep application-layer context, whereas an IPS relies on traffic pattern matching and lacks the ability to understand the specific applications and their business logic being protected.

Section 4: Security Basics

Question

Why is BIG-IP ASM ideally suited to protect against layer 7 attacks, including HTTP and HTTPS/SSL traffic, when compared to an intrusion prevention system (IPS)?

Options

  • AAn intrusion prevention system (IPS) is based on Packet Filtering.
  • BAn IPS doesn't have the visibility into HTTPS traffic. it doesn't understand what applications are in
  • CAn IPS only focus on operating system attacks; it doesn't understand what application are in the
  • DAn IPS can only look at overall traffic patterns; it doesn't understand what applications are in the

How the community answered

(44 responses)
  • A
    14% (6)
  • B
    2% (1)
  • C
    7% (3)
  • D
    77% (34)

Why each option

BIG-IP ASM is a full Web Application Firewall with deep application-layer context, whereas an IPS relies on traffic pattern matching and lacks the ability to understand the specific applications and their business logic being protected.

AAn intrusion prevention system (IPS) is based on Packet Filtering.

Packet filtering describes traditional stateless firewalls, not IPS devices - IPS uses deep packet inspection and signature correlation, making this an inaccurate technical characterization.

BAn IPS doesn't have the visibility into HTTPS traffic. it doesn't understand what applications are in

Modern IPS appliances can perform SSL decryption to inspect HTTPS traffic, so lack of HTTPS visibility is not a reliable or universal differentiator between IPS and WAF capabilities.

CAn IPS only focus on operating system attacks; it doesn't understand what application are in the

IPS is not limited to operating system attacks - it detects a broad range of network, protocol, and some application threats, so characterizing it as OS-only is factually incorrect.

DAn IPS can only look at overall traffic patterns; it doesn't understand what applications are in theCorrect

An IPS inspects traffic using signature and anomaly-based pattern matching at the network and transport layers, giving it visibility into overall traffic behavior but not into the specific application being served, its parameters, sessions, or expected workflows. BIG-IP ASM understands HTTP and HTTPS at the application level - including URL structures, parameters, cookies, and response content - allowing it to detect and block attacks that blend into legitimate application traffic, which a pattern-focused IPS would miss.

Concept tested: BIG-IP ASM WAF application-layer awareness vs IPS

Source: https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-getting-started-guide/about-big-ip-asm.html

Topics

#BIG-IP ASM#layer 7 attacks#IPS comparison#application visibility

Community Discussion

No community discussion yet for this question.

Full 101 Practice