certifyhere f50-536 exam - big-ip asm v10.x (f50-536)

Download Certifyhere F50-536 Exam - BIG-IP ASM v10.x (F50-536)

Post on 16-Mar-2016




3 download

Embed Size (px)


Certifyhere offers F5 Networks F50-536 questions and answers for your BIG-IP ASM v10.x (F50-536) exam preparation. Download F50-536 free sample to check the quality.


  • F5_Networks F50-536F50-536 : BIG-IP ASM v10.x (F50-536)

    10 Q&A

    Version 3.0


  • Leading the way in IT testing and certification tools, www.CertifyHere.com

    - 2 -

    Important Note, Please Read Carefully

    Other CertifyHere productsA) Offline Testing engineUse the offline Testing engine product topractice the questions in an exam environment.

    Build a foundation of knowledge which will be useful also after passing the exam.

    Latest VersionWe are constantly reviewing our products. New material is added and old material isrevised. Free updates are available for 90 days after the purchase. You should check yourmember zone at CertifyHere and update 3-4 days before the scheduled exam date.

    Here is the procedure to get the latest version:

    1.Go towww.CertifyHere.com2.Click on Log in3.The latest versions of all purchased products are downloadable from here. Just click thelinks.For most updates,it is enough just to print the new questions at the end of the newversion, not the whole document.

    FeedbackIf you spot a possible improvement then please let us know. We always interested inimproving product quality.Feedback should be send to feedback@CertifyHere.com. You should include thefollowing: Exam number, version, page number, question number, and your login Email.

    Our experts will answer your mail promptly.

    CopyrightEach iPAD file is a green exe file. if we find out that a particular iPAD Viewer file isbeing distributed by you, CertifyHere reserves the right to take legal action against youaccording to the International Copyright Laws.

    ExplanationsThis product does not include explanations at the moment. If you are interested inproviding explanations for this exam, please contact feedback@CertifyHere.com.

  • Leading the way in IT testing and certification tools, www.CertifyHere.com

    - 3 -

    www.CertifyHere.com Q: 1 Which of the following are correct regarding Wildcardentities? (Choose 2)

    A. Wildcard entities are the basis for positive security logic.

    B. Wildcard entities are the basis for negative security logic.

    C. Wildcard entities require the need to learn only from violations.

    D. Wildcard entities can be applied to file types, URLs, cookies and parameters.

    Answer: A, D

    www.CertifyHere.com Q: 2 Flow login allows for more granular protection of loginand logout URLs within web applications.Which of the following are components of flow login? (Choose 3)

    A. Schema

    B. Login URLs

    C. Login pages

    D. Attack signatures

    E. Access validation

    Answer: B, C, E

  • Leading the way in IT testing and certification tools, www.CertifyHere.com

    - 4 -

    www.CertifyHere.com Q: 3 The BIG-IP ASM System is configured with a virtualserver that contains an HTTP class profile and the protected pool members areassociated within the HTTP class profile pool definition. The status of this virtualserver is unknown (Blue).Which of the following conditions will make this virtual server become available(Green)?

    A. Assign a successful monitor to the virtual server

    B. Assign a successful monitor to the members of the HTTP class profile pool

    C. Associate a fallback host to the virtual server and assign a successful monitor to thefallback host

    D. Associate a default pool to the virtual server and assign a successful monitor to thepool members

    Answer: D

    www.CertifyHere.com Q: 4 Which of the following does not pertain to protectingthe Requested Resource (URI) element?

    A. File type validation

    B. URL name validation

    C. Domain cookie validation

    D. Attack signature validation

    Answer: C

    www.CertifyHere.com Q: 5 Which of the following protocol protections is notprovided by the Protocol Security Manager?

  • Leading the way in IT testing and certification tools, www.CertifyHere.com

    - 5 -

    A. FTP

    B. SSH

    C. HTTP

    D. SMTP

    Answer: B

    www.CertifyHere.com Q: 6 Which of the following is correct regardingUser-defined Attack signatures?

    A. User-defined signatures use an F5-supplied syntax

    B. User-defined signatures may only use regular expressions

    C. Attack signatures may be grouped within system-supplied signatures

    D. User-defined signatures may not be applied globally within the entire policy

    Answer: A

    www.CertifyHere.com Q: 7 Which of the following methods of protection is notavailable within the Protocol Security Manager for HTTP traffic?

    A. Data guard

    B. Attack signatures

    C. Evasion techniques

    D. File type enforcement

  • Leading the way in IT testing and certification tools, www.CertifyHere.com

    - 6 -

    Answer: B

    www.CertifyHere.com Q: 8 There are many user roles configurable on the BIG-IPASM System. Which of the following user roles have access to make changes toASM policies? (Choose 3)

    A. Guest

    B. Operator

    C. Administrator

    D. Web Application Security Editor

    E. Web Application Security Administrator

    Answer: C, D, E

    www.CertifyHere.com Q: 9 In the following configuration, a virtual server has thefollowing HTTP class configuration:HTTP Class 1 = Host pattern www.f5.comHTTP Class 2 = No filtersA request arriving for WWW.F5.COM will be matched by which class(es)?

    A. Class 1

    B. Class 2

    C. Both Class 1 and Class 2

    D. The request will be dropped

  • Leading the way in IT testing and certification tools, www.CertifyHere.com

    - 7 -

    Answer: B

    www.CertifyHere.com Q: 10 Learning suggestions in the Policy Building pagesallow for which of the following? (Choose 2)

    A. XML-based parameters and associated schema are automatically learned.

    B. Blocking response pages can be automatically generated from web site content.

    C. Flow level parameters are displayed when found and can be accepted into the currentpolicy.

    D. The administrator may modify whether the BIG-IP ASM System will learn, alarm, orblock detected violations.

    E. Maximum acceptable values for length violations are calculated and can be acceptedinto the security policy by the administrator.

    Answer: C, E