The second part of the f5 303 exam is all about scenarios for building and maintaining a security policy. Be prepared to answer questions that are very much in the grey zone. Most of the questions in part two expect you to have read the marketing blurb about ASM and forgetting a little about the many different facets of web app security and app complexity in a real life scenario. Here’s an example: You are doing an implementation for an F5 customer and have one week to build a security policy, what is the right way to do it?
F5 303 Study Guide – Part 1
In recent years, we’ve seen a lot of attacks on web applications, compromising a lot of data including PII, PHI and username/password combinations, which become feeds for phishing and other attacks. Check out the article I put together on what is a waf and why should I have one to look into some specifics, but I think today its not a question of will we be attacked with a web presence, to when have we been attacked, and were they successful?
I recently decided to start going through the F5 certification series. I’ve taken 101 Application Delivery Fundamentals, 201 TMOS administration, and 303 ASM Technology Specialist exams. I’m now one of about 3000 F5 certified engineers world wide – and I’m pretty happy about that. I’m in the category that holding certifications doesn’t prove one way or another whether you’re able to develop and maintain a system in the real world, but it does prove though that you’re willing to go the extra mile to take the exam and prove a level of knowledge and grasp of the topics. We all know the further you get away from the school and college times of having to take an exam every other week, the harder it gets to actually sit down and take a test!