While preparing for the exam one of the things that was particularly challenging was finding relevant information, as usual I take copious notes as part of my study process and for the CSE this was no exception given that I had to take the exam 3 times to finally make the grade, this meant that after each failure I continued to add to the notes through my studies. The first set of notes I wrote were based off the blueprint: Section 3 –...

Deployment Models F5 IP Reflection Proxy (via Silverline IP addressing) NAT is used Assymetric traffic option to avoid GRE manipulation Customer does not need to change any IP address Routed BGP used to manipulate traffic to pass through by Silverline GRE tunnel used to send the clean traffic back to the origin network Can be setup for manual activation for DDoS/DoS Silverline Traffic Return Methods (AWS) Direct Connect IP Reflection (NAT) GRE...

Overview SWG builds on outbound APM to provide URL classification to: Increase security with advanced threat detection Increase regulatory compliance with data loss prevention Enforce Corporate AUP with logs that provide forensic level details Increase employee productivity when combines with single sign-on Lower TCO by simplifying on-premise infrastructure Licensed separately from Good/Better/Best bundles in 1/3 year options SWG filtering...

Protection Categories Web attacks: Includes cross-site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force Reputation: When enabled, denies access to IP addresses currently known to be infected with malware or to contact malware distribution points. Phishing: includes IP addresses hosting phishing sites or other kinds of fraud activities, such as click fraud or gaming fraud Requirements License DNS...

BIG-IQ Centralized Management employs RBAC, empowering application and security teams to manage their own applications while helping to maintain consistent policies and procedures across the enterprise SSL monitoring Track and receive alerts on the status of SSL certificates

Enabled using DoS Profiles TPS Based DoS Protection Stress Based (formally known as “Latency Based”) DoS Protection Less prone to false positives DoS Mitigation methods JavaScript Challenges Called Client-Side Integrity Defense CAPTCHA challenges