NSE6_FWB-6.0 Online Practice Questions and Answers

A client is trying to start a session from a page that should normally be accessible only after they have

logged in.

When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

A. Reply with a "403 Forbidden" HTTP error

B. Allow the page access, but log the violation

C. Automatically redirect the client to the login page

D. Display an access policy message, then allow the client to continue, redirecting them to their requested page

E. Prompt the client to authenticate

When viewing the attack logs on your FortiWeb, which IP Address is shown for the client when using XFF Header rules?

A. FortiGate's public IP

B. FortiGate's local IP

C. FortiWeb's IP

D. Client's real IP

What other consideration must you take into account when configuring Defacement protection A. Use FortiWeb to block SQL Injections and keep regular backups of the Database

B. Also incorporate a FortiADC into your network

C. None. FortiWeb completely secures the site against defacement attacks

D. Configure the FortiGate to perform Anti-Defacement as well

You are deploying FortiWeb 6.0 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are incorrect? (Choose two.)

A. 6

B. 9

C. 3

D. 2

In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies?

A. Non-matching traffic is allowed

B. non-Matching traffic is held in buffer

C. Non-matching traffic is Denied

D. Non-matching traffic is rerouted to FortiGate

You've configured an authentication rule with delegation enabled on FortiWeb. What happens when a user tries to access the web application?

A. FrotiWeb redirects users to a FortiAuthenticator page, then if the user authenticates successfully, FortiGate signals to FortiWeb to allow access to the web app

B. ForitWeb redirects the user to the web app's authentication page

C. FortiWeb forwards the HTTP challenge from the server to the client, then monitors the reply, allowing access if the user authenticates successfully

D. FortiWeb replies with a HTTP challenge of behalf of the server, the if the user authenticates successfully, FortiWeb allows the request and also includes credentials in the request that it forwards to the web app

What role does FortiWeb play in ensuring PCI DSS compliance?

A. PCI specifically requires a WAF

B. Provides credit card processing capabilities

C. Provide ability to securely process cash transactions

D. Provides load balancing between multiple web servers

Which implementation is best suited for a deployment that must meet compliance criteria?

A. SSL Inspection with FortiWeb in Transparency mode

B. SSL Offloading with FortiWeb in reverse proxy mode

C. SSL Inspection with FrotiWeb in Reverse Proxy mode

D. SSL Offloading with FortiWeb in Transparency Mode

What capability can FortiWeb add to your Web App that your Web App may or may not already have?

A. Automatic backup and recovery

B. High Availability

C. HTTP/HTML Form Authentication

D. SSL Inspection

What benefit does Auto Learning provide?

A. Automatically identifies and blocks suspicious IPs

B. FortiWeb scans all traffic without taking action and makes recommendations on rules

C. Automatically builds rules sets

D. Automatically blocks all detected threats