3.04

Decide the appropriate method for determining the success of attack mitigation

• • Choose an appropriate user defined attack signature to respond to particular traffic

3.03

Determine the appropriate mitigation for a given attack or vulnerability

• • Take appropriate action on reported security violations by end users and application developers
• • Modify ASM policy to adapt to attacks

3.02

Given an ASM report, identify trends in support of security objectives

• • Understand and describe each major violation category and how ASM detects common exploits
• • Generate reporting for the ASM system and review the contents of the reports (anomaly statistics, charts, requests, PCI compliance status)

3.01

Interpret log entries and identify opportunities to refine the policy

• • Examine traffic violations, determine if any attack traffic was permitted through the ASM and modify the policy to remove false positives
• • Locate and interpret reported security violations by end users and application developers

2.05

Define the ASM policy management functions

• • Identify the status of the policy
• • Define the violation types that exist in ASM
• • Describe how to merge and differentiate between policies

2.04

Determine how a policy should be adjusted based upon available data

• • Tune an ASM policy for better performance, including use of wildcards to improve efficiency

2.03

Evaluate whether rules are being implemented effectively and appropriately to mitigate violations

• • Evaluate the implications of changes in the policy to the security and vulnerabilities of the application

2.02

Explain the process to integrate natively supported third party vulnerability scan output and generic formats with ASM

• • Refine appropriate policy structure for policy elements (URLs, parameters, file types, headers, sessions and logins, content profiles, CSRF protection, anomaly protection)
• • Explain how to manage policies using import, export, merge, and revert