Allowed URL, Parameters and files in ASM

1. The point of Allowed URL, Parameters and files is to block disallowed (unwanted) before getting them to the application.
2. From Guide:

Understanding tightening

You can perform tightening on wildcard entities (file types, URLs, parameters, and cookies) to learn explicit entities. When you enable tightening for a wildcard entity, and the system receives a request that contains an entity that matches the wildcard entity, the system generates a learning suggestion for the found entity. You can then review the new entities, and decide which are legitimate entities for the web application.

Tightening gives you the option of developing a more specific policy, a policy that is more accurate and in alignment with the traffic. Such a policy can provide better security, but requires more tuning to make sure all the specific entities that you add are accurately configured.