1) if i choose enforcement readiness to 7 days, then after 7 days will the enforcement mode change from transparent to blocking automatically ? or does it just mean the system starts suggesting the entities and attack signatures are to be enforced or not ?
it wont block until you update policy as block mode, the period just suggest entities and attack signatures.
2)For SSO authentication , is there any protection that can be given from ASM ?
i dont think any specific thing on ASM,mostly it should be via APM
3)Has any deployed ASM for open text based CMS ?
not sure
4) For NTLM authentication used on application, what are the protection that can be done on ASM ?
normally, start with default ASM signatures and based on event logs keep update all you files,parameters,ips etc to blcok...