101 · Question #511
An administrator needs to protect a web application from cross-site scripting (CSS) exploits. Which F5 protocol provide this functionality?
The correct answer is A. ASM. F5 ASM (Application Security Manager) is the module that provides WAF capabilities, including protection against XSS attacks. The other F5 modules serve different purposes unrelated to application-layer attack mitigation.
Question
An administrator needs to protect a web application from cross-site scripting (CSS) exploits. Which F5 protocol provide this functionality?
Options
- AASM
- BAPM
- CAFM
- DGTM
How the community answered
(25 responses)- A88% (22)
- B8% (2)
- C4% (1)
Why each option
F5 ASM (Application Security Manager) is the module that provides WAF capabilities, including protection against XSS attacks. The other F5 modules serve different purposes unrelated to application-layer attack mitigation.
ASM (Application Security Manager) is F5's Web Application Firewall module. It inspects HTTP/HTTPS traffic at the application layer and can detect and block cross-site scripting payloads using attack signatures and positive/negative security policies, making it the correct choice for XSS protection.
APM (Access Policy Manager) handles identity-based access control, SSO, and VPN - it does not perform application attack inspection.
AFM (Advanced Firewall Manager) is a network-layer firewall for traffic filtering at Layers 3-4, not an application-layer WAF.
GTM (Global Traffic Manager) is a DNS-based global load balancing solution and has no application security inspection functionality.
Concept tested: F5 ASM WAF cross-site scripting protection
Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-asm-implementations.html
Topics
Community Discussion
No community discussion yet for this question.