nerdexam
F5

101 · Question #511

An administrator needs to protect a web application from cross-site scripting (CSS) exploits. Which F5 protocol provide this functionality?

The correct answer is A. ASM. F5 ASM (Application Security Manager) is the module that provides WAF capabilities, including protection against XSS attacks. The other F5 modules serve different purposes unrelated to application-layer attack mitigation.

Section 4: Security Basics

Question

An administrator needs to protect a web application from cross-site scripting (CSS) exploits. Which F5 protocol provide this functionality?

Options

  • AASM
  • BAPM
  • CAFM
  • DGTM

How the community answered

(25 responses)
  • A
    88% (22)
  • B
    8% (2)
  • C
    4% (1)

Why each option

F5 ASM (Application Security Manager) is the module that provides WAF capabilities, including protection against XSS attacks. The other F5 modules serve different purposes unrelated to application-layer attack mitigation.

AASMCorrect

ASM (Application Security Manager) is F5's Web Application Firewall module. It inspects HTTP/HTTPS traffic at the application layer and can detect and block cross-site scripting payloads using attack signatures and positive/negative security policies, making it the correct choice for XSS protection.

BAPM

APM (Access Policy Manager) handles identity-based access control, SSO, and VPN - it does not perform application attack inspection.

CAFM

AFM (Advanced Firewall Manager) is a network-layer firewall for traffic filtering at Layers 3-4, not an application-layer WAF.

DGTM

GTM (Global Traffic Manager) is a DNS-based global load balancing solution and has no application security inspection functionality.

Concept tested: F5 ASM WAF cross-site scripting protection

Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-asm-implementations.html

Topics

#ASM#cross-site scripting#WAF#application security

Community Discussion

No community discussion yet for this question.

Full 101 Practice