Preparing For The F5 BIGIP ASM 303 Certification Exam!
I have passed this exam twice, and there isn’t really a good guide on how one goes about doing that so thought of writing down some points for anyone who comes looking.
You will need the following to effectively prep and learn to work with ASM.
A licensed BIGIP VM device with the PHP auction test site or the DVL – damn vulnerable Linux as a pool member. This is the most important part as building a few policies and getting familiar with the process is a must.
The youtube field enablement series on ASM is a very good place, to begin with, some light ASM introduction – it doesn’t contain much but gives you are big picture foundation to start building from and introduces you to all the main ASM concepts. It also uses some animated slides to explain how ASM learns sizes, file types, and so on.
This devcentral series then builds on that and it also works as a good introduction to build on.
The ASM student study guide – this is a giant document but only so because of the screenshots it contains about configuring ASM policies. This is the official f5 study guide given out at ASM training, you really need to ask around and find yourself a copy.
The ASM implementation guide – This does a good job of explaining the theoretical concepts and also contains the config steps but without the screenshots.
The ASM official practice test – this is the official f5 practice test, this can be booked here, use your with your F5 cert-id login and many believe that you can beat F5 exams by only studying these. Most people prefer making screenshots of the questions and working through them in detail.
ASM Work Experience
Your requirement to do labs is directly proportional to the real-life work-ex you have with this or any other f5 product. ASM policies are messy and require months of fine-tuning to work correctly. You need to understand the way they learn and block traffic, generate logs, and behave with different traffic types. This is crucial for troubleshooting ASM false positives.
If your experience with ASM is limited then you need the student study guide that much more and you will need to painstakingly go through almost all the labs in it, review the traffic learning logs, then the traffic logs, and so on.
Configuration and Troubleshooting
The ASM tests both these skills. While the student study guide teaches you the config part, you need to repeatedly develop the skills to review the traffic learning logs, and the requests logs to troubleshoot ASM issues effectively.
Reading some posts from the DevCentral ASM tag and maybe recreating some of the issues and working through them might be a good start at getting some real-life examples of where you need to start while troubleshooting.
Review the GUI well
The ASM GUI is full of options controlling various aspects of the system, the exam wants you to understand the GUI very well.
Especially some important parts which you will use regularly on a day-to-day basis.
Policy Building, Learning, Blocking
This page is huge with a ton of settings and you must understand how the learn, alarm, and block flags affect the policy and the type of logs they create on the system. The exam in fact wants you to anticipate the type of logs they might create and what you might expect to find in the log files.
Policy Types and Templates
The table here explains the different policy types, review them and also review these from the F5 GUI. If time permits, you should deploy these policies and be well aware of the different settings and options they enable/disable by default.
To be continued…
There are some further things to cover like HTTP, logging types, and so on, I’ll need to organize my thoughts and will post them soon…