Help F5 Transform the BIG-IP Administrator Certification
Many of you received a copy of the BIG-IP Administrator Certification beta exam email announcement earlier this week. We hope you can carve out some time to participate in the beta exams. For anyone who missed this F5 Certified message sent to candidates earlier this week, you can check it out below. If you’re seeing this for the first time, it probably means you’re not a part of the F5 Certified community yet. Now is an ideal time to join! The How do I enroll in the F5 Certified Professionals program? article will guide you through the process. And finally, for those of you who wrote and reviewed items for the new BIG-IP Administrator exams— THANK YOU! You did an incredible job. Thanks to your contributions, we can confidently say that the certifications our candidates attain are in line with the high standards and integrity on which our certification program was established. Please let me know if you have any questions or if you would like to volunteer for additional certification exam development activities. We always need SMEs! Cheers! Heidi The F5 Certification team is excited to announce some exciting changes in our program and invite you to help us transform it by participating in the BIG-IP Administrator beta exams. When considering what changes needed to be made, we asked our candidate community, “What could we do to increase the value of being F5 Certified for you?” Your feedback was clear. You value the F5 BIG-IP Administrator certification, but you want updated, more relevant exams. You want the exams to be easier to take while still providing the same quality items that legitimately test the knowledge, skills and abilities of those who achieve certification. You want the same level of quality and integrity in the program with more options to maintain your certifications. We listened, and are excited to share what has changed, and provide you with a glimpse into what will be changing in the future, in the F5 Certified Program Updates article. Here is how you can help us with a vital step in the transformation. Before we can publish the final version of the new BIG-IP Administrator certification exams, we need you to take the beta versions of these exams. Here are the necessary steps and helpful information in the FAQ: F5 Certified Administrator, BIG-IP BETA exams article, to get you started. Existing candidates, login to the new Education Services Portal. If you are new to the program, login using your F5 SSO credentials to complete registration. For detailed login instructions, see How to Log Into the Education Services Portal article. ALL candidates are eligible to take the BIG-IP Administrator beta exams. Even if you have achieved a higher level of F5 certification, you can participate! We want your input. Schedule the BIG-IP Administrator beta exams by following the instructions in the How to Schedule a Beta Exam article. The beta exams are live today through February 28, 2025. Each beta exam is 60-minutes with up to 60 items. The beta exams are delivered exclusively online at Certiverse. The cost is $20 USD for each exam with promo code F5CABBETA There are five beta exams: BIG-IP Administration Install, Initial Configuration, and Upgrade (F5CAB1-B) BIG-IP Administration Data Plane Concepts (F5CAB2-B) BIG-IP Administration Data Plane Configuration (F5CAB3-B) BIG-IP Administration Control Plane Administration (F5CAB4-B) BIG-IP Administration Support and Troubleshooting (F5CAB5-B) To prepare for all five of the beta exams, refer to the Certified Administrator, BIG-IP Certification blueprint. The beta exams will be scored AFTER the beta period closes. Candidates who have passed all five exams, will achieve Certified Administrator, BIG-IP Certification. For more information about these beta exams, see the FAQ: F5 Certified Administrator, BIG-IP BETA exams article. Complete all five of the beta exams and provide us with the data and feedback necessary to create the final version of the BIG-IP Administrator exams. Thank you for being a valued member of the F5 Certified Community! Please email us at support@mail.education.com with any questions or feedback.studying for APM beta exam, question on first two objectives
anyone else around studying for the beta APM (304) exam? as with the previous ones im using the blueprint as the basis for my studying. this time i even have the course study guide, though it was a bit disappointing, mainly focusing on configuring and not on theory. but as before the blueprint throws some interesting curve balls. starting with the first objective: Objective 1.01 - Explain how APM mitigates common attack vectors and methodologies (e.g., cookie hijacking [front and back], DoS attack) i searched every resource i could find, but nowhere these terms are even mentioned in combination with APM. am i overlooking some document somewhere? it reads like this is just taken from some product promotion document :) if there isnt some document, what other common attack vectors and methodologies can you think of? based on some research i came up with these attacks: brute forcing (username / password) insufficient authentication* insufficient session expiration* badly written authentication code / input validation as for mitigation: cookie hijacking (front and back) - use secure / httponly flag, use correct domain and path DoS attack - use the default BIG-IP options, use iRule (less sure about this one, but dont see how to APM itself does anything against a DoS attack, or does defend your backend systems from one of course) brute forcing (password / username) - per default the APM module protects you, with iRules you can make it more robust insufficient authentication - per default the APM module protects what is behind it insufficient session expiration - you can configure expiration and log off URI badly written authentication code / input validation - by default APM provides a well checked and proven authentication framework the second objective feels like a double of the first Objective 1.02 - Identify which APM tool(s) should be used to mitigate a specific authentication attack or does anyone have a different idea here? stuff like this always bothers me with these blue prints, using totally different terms then anywhere else like "APM tool" and talking about matters like authentication attack without explaining what exactly. the same goes with the first objective, talking about these attack vectors and methodologies like everyone knows what they are. objective 1.02 has an interesting sub section also Compare authentication methods again, which authentication method? are we talking like password, token, certificate or bio-metric here or more like HTTP-basic, HTTP-digest and form based ... this annoys me. DISCLAIMER: im not trying to get answers to actual exam questions here, im just looking for general information based on the blue prints. some useful links: http://cwe.mitre.org/documents/sources/WASCThreatClassificationTaxonomyGraphic.pdf http://ict.govt.nz/guidance-and-resources/standards-compliance/authentication-standards/guidance-multi-factor-authentication/4-authentication-attac/ http://pic.dhe.ibm.com/infocenter/sprotect/v2r8m0/topic/com.ibm.ips.doc/concepts/wap_authentication.htm
