option
Questions
ayuda
daypo
CREATE TEST
search.php

ERASED TEST, YOU MAY BE INTERESTED ON FCP - FortiWeb 7.4 Administrator - FCP_FWB_AD-7.4 122Q

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
FCP - FortiWeb 7.4 Administrator - FCP_FWB_AD-7.4 122Q

Description:
Questions for Exam FCP_FWB_AD-7.4 122 questions

Author:
tereusmatheus
Other tests from this author

Creation Date: 05/11/2024

Category: Literature

Number of questions: 122
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
NO.1 An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods. What FortiWeb feature should you configure? Enable ''Shared IP'' and configure the separate rate limits for requests from NATted source IPs. Configure FortiWeb to use ''X-Forwarded-For:'' headers to find each client's private network IP, and to block attacks using that Enable SYN cookies. Configure a server policy that matches requests from shared Internet connections.
NO.2 When configuring threat mitigation features for a web application, what is the primary purpose of rate limiting? Preventing brute force attacks Identifying malicious IP addresses Encrypting sensitive data Optimizing web server performance.
NO.3 When user tracking is configured, how does FortiWeb identify which users to track? FortiWeb tracks only users identified by FortiWeb admin. FortiWeb tracks only users logged in during an attack. FortiWeb tracks admin users. FortiWeb tracks only users that have logged in successfully.
NO.4 Refer to the exhibits. FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on the configuration shown in the exhibits, which of the following statements is true? FortiGate should forward web traffic to the server pool IP addresses. The configuration is incorrect. FortiWeb should always be located upstream to FortiGate. You must disable the Preserve Client IP setting on FotriGate for this configuration to work. FortiGate should forward web traffic to virtual server IP address.
NO.5 What is a recommended step in troubleshooting threat detection and mitigation issues in a web application? Reviewing logs and alerts for unusual patterns Disabling all security features temporarily Allowing unrestricted access to the application temporarily Ignoring false positives in the security logs.
NO.6 When configuring Auto TX Power control on an AP radio, which two statements best describe how the radio responds? (Choose two.) When the AP detects any other wireless signal stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit. When the AP detects PF Interference from an unknown source such as a cordless phone with a signal stronger that -70 dBm, it will increase its transmission power until it reaches the maximum configured TX power limit. When the AP detects any wireless client signal weaker than -70 dBm, it will reduce its transmission power until it reaches the maximum configured TX power limit. When the AP detects any interference from a trusted neighboring AP stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.
NO.7 When configuring access control methods for web application users, which options should be considered for tracking and auditing user actions? (Select all that apply) Session logs Authentication logs Web server logs Error logs.
NO.8 Which of the following is true about Local User Accounts? Can be used for site publishing Can be used for Single Sign On Best suited for large environments with many users Must be assigned regardless of any other authentication.
NO.9 Which technology is commonly used for machine learning-based threat detection in web applications? Blockchain Artificial Intelligence (AI) Internet of Things (IoT) Virtual Private Network (VPN).
NO.10 What is the purpose of using Web Application Firewalls (WAFs) in the context of web application security? (Select all that apply) Preventing SQL injection attacks Protecting against DDoS attacks Enforcing secure authentication Optimizing website performance.
NO.11 Refer to the exhibit. FortiADC is performing load balancing operations and directing traffic directly to the IP addresses of the web servers. Which operating mode should the two FortiWeb devices use to pass traffic to the web servers? Routing mode Reverse proxy True transparent proxy Bypass mode.
NO.12 When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority? If you are an enterprise whose employees use only mobile devices If you are a small business or home office if you are an enterprise whose resources do not need security If you are an enterprise whose computers all trust your active directory or other CA server.
NO.13 Which operation mode does not require additional configuration in order to allow FTP traffic to your web server? Offline Protection Transparent Inspection True Transparent Proxy Reverse-Proxy.
NO.14 How can you troubleshoot encryption-related issues in a web application? (Select all that apply) Checking SSL certificate expiration Reviewing SSL/TLS handshake logs Disabling all encryption protocols Testing SSL connections from different devices.
NO.15 Which operation mode requires additional configuration in order to allow FTP traffic into your web server? True transparent proxy Transparent inspection Reverse proxy Offline protection.
NO.16 How does caching contribute to improved application delivery performance? (Select all that apply) Reducing server load by serving cached content Accelerating content delivery to end-users Enhancing data security by encrypting cached content Automatically blocking malicious requests.
NO.17 What key factor must be considered when setting brute force rate limiting and blocking? A single client contacting multiple resources Multiple clients sharing a single Internet connection Multiple clients from geographically diverse locations Multiple clients connecting to multiple resources.
NO.18 Refer to the exhibits. A wireless network has been installed in a small office building and is being used by a business to connect its wireless clients. The network is used for multiple purposes, including corporate access, guest access, and connecting point-of-sale and loT devices. Users connecting to the guest network located in the reception area are reporting slow performance. The network administrator is reviewing the information shown in the exhibits as part of the ongoing investigation of the problem. They show the profile used for the AP and the controller RF analysis output together with a screenshot of the GUI showing a summary of the AP and its neighboring APs. To improve performance for the users connecting to the guest network in this area, which configuration change is most likely to improve performance? Increase the transmission power of the AP radios Enable frequency handoff on the AP to band steer clients Reduce the number of wireless networks being broadcast by the AP Install another AP in the reception area to improve available bandwidth.
NO.19 Refer to the exhibit. Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate. What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb? Change Model Type to Strict Change Action under Action Settings to Alert Disable Dynamically Update Model Enable Bot Confirmation.
NO.20 Which two configurations are compatible for Wireless Single Sign-On (WSSO)? (Choose two.) A VAP configured for captive portal authentication A VAP configured for WPA2 or 3 Enterprise A VAP configured to authenticate locally on FortiGate A VAP configured to authenticate using a radius server.
NO.21 How does proper API protection contribute to compliance with data privacy regulations such as GDPR? Ensuring secure handling and transmission of user data Implementing complex encryption algorithms Enhancing server performance Allowing unrestricted access to APIs.
NO.22 What is the primary purpose of a Content Security Policy (CSP) in web application security? (Select all that apply) Preventing cross-site scripting (XSS) attacks Enforcing strong password policies Mitigating SQL injection attacks Controlling the sources of content that a web page can load.
NO.23 When configuring API protection, what security measure is commonly used to verify the identity of clients making API requests? Session cookies OAuth 2.0 tokens IP whitelisting HTTP referrer headers.
NO.24 Which HTTP response code is commonly used to indicate a permanent redirection in application delivery? 200 OK 301 Moved Permanently 404 Not Found 500 Internal Server Error.
NO.25 Which of the following is a common challenge when implementing bot mitigation techniques? Incompatibility with web browsers Difficulty in distinguishing between legitimate and malicious bots Increased server response times Lack of support for mobile devices.
NO.26 What is the primary purpose of configuring content compression in application delivery? (Select all that apply) Reducing bandwidth consumption Enhancing security by encrypting content Accelerating content loading for users Preventing unauthorized access to web pages.
NO.27 Which action must you take with your FortiWeb logs to ensure Payment Card Industry Data Security Standard (PCI DSS) compliance? Keep all log files for at least one year. Store logs, unencrypted, in an off-site location for regulators to access. Erase all logs every two weeks. Encrypt all log and configuration files on an offline server.
NO.28 Which two statements about background rogue scanning are correct? (Choose two.) A dedicated radio configured for background scanning can support the connection of wireless clients When detecting rogue APs, a dedicated radio configured for background scanning can suppress the rogue AP Background rogue scanning requires DARRP to be enabled on the AP instance A dedicated radio configured for background scanning can detect rogue devices on all other.
NO.29 Which of the following is a key component of web application security that helps protect against common threats like SQL injection and cross-site scripting (XSS)? CAPTCHA Intrusion Detection System (IDS) Web Application Firewall (WAF) Content Delivery Network (CDN).
NO.30 Which two FortiWeb operation modes support machine learning? (Choose two.) Transparent proxy Offline protection True transparent proxy Reverse proxy.
NO.31 Which is true about HTTPS on FortiWeb? (Choose three.) Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2. In true transparent mode, the TLS session terminator is a protected web server. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
NO.31 Which is true about HTTPS on FortiWeb? (Choose three.) Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2. In true transparent mode, the TLS session terminator is a protected web server. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
NO.32 Refer to the exhibit. If rule 1 matches http://bwapp.fortinet.demo, rule 2 matches http://dvwa.fortinet.demo, and the default web protection profile is the inline protection profile, which protection profile will be applied to a connection to http://petstore.fortinet.demo? bwapp policy1 dwva Inline protection profile.
NO.33 In which operation mode does FortiWeb offer both the ability to offload SSL as well as reencrypt SSL? Reverse proxy Offline protection Transparent inspection True transparent proxy.
NO.34 When viewing the attack logs on FortiWeb, which client IP address is shown when you are using XFF header rules? FortiGate public IP FortiWeb IP FortiGate local IP Client real IP.
NO.35 Under which circumstance would you not use compression on FortiWeb? When the file is too big for the FortiWeb buffer. When the server is too heavily tasked. When the available bandwidth is low. When the client Internet connections are slow.
NO.36 You've configured an authentication rule with delegation enabled on FortiWeb. What happens when a user tries to access the web application? FortiWeb replies with a HTTP challenge of behalf of the server, the if the user authenticates successfully, FortiWeb allows the request and also includes credentials in the request that it forwards to the web app FrotiWeb redirects users to a FortiAuthenticator page, then if the user authenticates successfully, FortiGate signals to FortiWeb to allow access to the web app FortiWeb forwards the HTTP challenge from the server to the client, then monitors the reply, allowing access if the user authenticates successfully ForitWeb redirects the user to the web app's authentication page.
NO.37 What is a drawback of TLS 1.3? It requires powerful hardware for processing. It can break transparent inspection. It can have a slower connection initiation. It has a worse encryption algorithm.
NO.38 Which of the following is a common threat mitigation technique to protect against SQL injection attacks? Input validation and sanitization Data encryption at rest Cross-site scripting (XSS) prevention Server load balancing.
NO.39 In which two ways does FortiWeb handle traffic that does not match any defined policies? (Choose two.) In reverse-proxy mode, the traffic is denied. In true transparent mode, ip-forward should be enabled to deny the traffic. In offline protection mode, the traffic is dropped with a TCP reset. In transparent mode, the traffic is passed through.
NO.40 Which FortiWeb component allows for the inspection and filtering of web traffic based on predefined security policies? Application Delivery Controller (ADC) Secure Sockets Layer (SSL) Offloading Web Application Firewall (WAF) Content Delivery Network (CDN).
NO.41 How does your FortiWeb configuration differ if the FortiWeb is upstream of the SNAT device instead of downstream of the SNAT device? FortiWeb must be set for Transparent Mode You must enable "Add" X-Forwarded-For: instead of the "Use" X-Forwarded-For: option. You must enable the "Use" X-Forwarded-For: option. No special configuration required.
NO.42 How does bot detection and mitigation contribute to web application security? Identifying and blocking malicious automated activities Encrypting user data during login Optimizing database queries Authenticating API requests.
NO.43 Which algorithm is used to build mathematical models for bot detection? HCM SVN SVM HMM.
NO.44 The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism. Which two functions does the first layer perform? (Choose two.) Determines whether an anomaly is a real attack or just a benign anomaly that should be ignored Builds a threat model behind every parameter and HTTP method Determines if a detected threat is a false-positive or not Determines whether traffic is an anomaly, based on observed application traffic over time.
NO.45 What can an administrator do if a client has been incorrectly period blocked? Nothing, it is not possible to override a period block. Manually release the ID address from the temporary blacklist. Force a new IP address to the client. Disconnect the client from the network.
NO.46 Which of the following is a critical system setting that should be configured during FortiWeb deployment? Email notifications Default web filtering policies DNS server settings System time synchronization.
NO.47 What is the primary purpose of configuring threat mitigation features in web application security? Enhancing application performance Protecting against malicious activities and attacks Optimizing database management Improving user interface design.
NO.48 Which FortiWeb configuration element is used to define rules for allowing or blocking specific types of traffic? Protected hostname Firewall policy Security profile High Availability (HA).
NO.49 In web application security, what does API protection primarily involve? Safeguarding APIs from unauthorized access and abuse Encrypting HTML content Blocking SQL injection attacks Monitoring server performance.
NO.50 When the FortiWeb is configured in Reverse Proxy mode and the FortiGate is configured as an SNAT device, what IP address will the FortiGate's Real Server configuration point at? IP Address of the Virtual Server on the FortiWeb Virtual Server IP on the FortiGate Server's real IP FortiWeb's real IP.
NO.51 What is one of the key benefits of the FortiGuard IP reputation feature? It maintains a list of private IP addresses. It provides a document of IP addresses that are suspect, so that administrators can manually update their blacklists. It is updated once per year. It maintains a list of public IPs with a bad reputation for participating in attacks.
NO.52 Which two statements about running a vulnerability scan are true? (Choose two.) You should run the vulnerability scan during a maintenance window. You should run the vulnerability scan in a test environment. Vulnerability scanning increases the load on FortiWeb, so it should be avoided. You should run the vulnerability scan on a live website to get accurate results.
NO.53 When enabling security fabric on the FortiGate interface to manage FortiAPs, which two types of communication channels are established between FortiGate and FortiAPs? (Choose two.) Control channels Security channels FortLink channels Data channels.
NO.54 Which of the following is a common attack vector that API protection aims to mitigate? Distributed Denial of Service (DDoS) attacks Cross-site scripting (XSS) attacks SQL injection attacks Unauthorized access to APIs.
NO.55 You are configuring FortiAnalyzer to store logs from FortiWeb. Which is true? To store logs from FortiWeb 6.4, on FortiAnalyzer, you must select "FrotiWeb 6.1". You must enable ADOMs on FortiAnalyzer. FortiAnalyzer will store antivirus and DLP archives from FortiWeb. FortiWeb will query FortiAnalyzer for reports, instead of generating them locally.
NO.56 Which of the following steps is essential for troubleshooting deployment and system-related issues in FortiWeb? Clearing browser cache Disabling firewall policies Collecting logs and diagnostic information Increasing server pool capacity.
NO.57 In which scenario might you want to use the compression feature on FortiWeb? When you are serving many corporate road warriors using 4G tablets and phones When you are offering a music streaming service When you want to reduce buffering of video streams Never, since most traffic today is already highly compressed.
NO.58 A client is trying to start a session from a page that should normally be accessible only after they have logged in. When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.) Allow the page access, but log the violation Prompt the client to authenticate Reply with a "403 Forbidden" HTTP error Automatically redirect the client to the login page Display an access policy message, then allow the client to continue, redirecting them to their requested page.
NO.59 Which would be a reason to implement HTTP rewriting? The original page has moved to a new URL To replace a vulnerable function in the requested URL To send the request to secure channel The original page has moved to a new IP address.
NO.60 What is a key consideration when configuring bot detection and mitigation for a web application? Identifying legitimate user traffic Increasing server response time Allowing unrestricted access to APIs Implementing weaker authentication mechanisms.
NO.61 What other consideration must you take into account when configuring Defacement protection? Use FortiWeb to block SQL Injections and keep regular backups of the Database Configure the FortiGate to perform Anti-Defacement as well None. FortiWeb completely secures the site against defacement attacks Also incorporate a FortiADC into your network.
NO.62 Where in the controller interface can you find a wireless client's upstream and downstream link rates? On the AP CLI, using the cw_diag ksta command On the controller CLI, using the diag wireless-controller wlac -d sta command On the AP CLI, using the cw_diag -d sta command On the controller CLI, using the WiFi Client monitor.
NO.63 You are deploying FortiWeb 5.6.0 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are incorrect? (Choose two.) 6 9 3 2.
NO.64 When configuring machine learning for web application security, what is the primary role of machine learning algorithms? Identifying patterns and anomalies in web traffic Encrypting sensitive data during transmission Filtering unwanted spam emails Authenticating user credentials.
NO.65 When integrating FortiWeb and FortiAnalyzer, why is the selection for FortiWeb Version critical? (Choose two) Defines Log file format Defines communication protocol Defines Database Schema Defines Log storage location.
NO.66 Refer to the exhibit. Based on the configuration, what would happen if this FortiWeb were to lose power? (Choose two.) Traffic that passes between port5 and port6 will be inspected. Traffic will be interrupted between port3 and port4. All traffic will be interrupted. Traffic will pass between port5 and port6 uninspected.
NO.67 Under what circumstances would you want to use the temporary uncompress feature of FortiWeb? In the case of compression being done on the web server, to inspect the content of the compressed file. In the case of compression being done on the FortiWeb, to inspect the content of the compressed file In the case of the file being an .MP4 video In the case of the file being a .MP3 music file.
NO.68 Review the following configuration: config waf machine-learning-policy edit 1 set sample-limit-by-ip 0 next end IT Certification Guaranteed, The Easy Way! 20 What is the expected result of this configuration setting? When machine learning (ML) is in its running phase, FortiWeb will accept a set number of samples from the same source IP address. When machine learning (ML) is in its collecting phase, FortiWeb will not accept any samples from any source IP addresses. When machine learning (ML) is in its collecting phase, FortiWeb will accept an unlimited number of samples from the same source IP address. When machine learning (ML) is in its running phase, FortiWeb will accept an unlimited number of samples from the same source IP address.
NO.69 In order for FortiWeb to provide the best possible protection for servers, how should you deploy it? In-line, without FortiGate, deployed in true transparent mode. In-line, in front of FortiGate, deployed in offline protection mode. In a one-arm topology, deployed in transparent mode. In-line, behind FortiGate, deployed in reverse proxy mode.
NO.70 What is the purpose of a CAPTCHA in web application security? Authenticating users Encrypting data in transit Preventing automated form submissions by bots Securing API endpoints.
NO.71 What is the primary goal of bot detection and mitigation in web application security? Accelerating web application performance Ensuring user privacy Identifying and blocking malicious bots Enhancing user authentication.
NO.72 When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform the browser of the new URL? (Choose two.) 404 301 403 302.
NO.73 Under which circumstances does FortiWeb use its own certificates? (Choose Two) HTTPS to clients HTTPS access to GUI HTTPS to FortiGate Secondary HTTPS connection to server where FortiWeb acts as a client.
NO.74 Which of the following are common SSL/TLS encryption-related issues that can be encountered during web application deployment? (Select all that apply) Expired SSL certificates Mixed content warnings Weak encryption ciphers Insecure session management.
NO.75 You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a cluster of web servers which all host the same web app. Requests for web app B should be forwarded to a different, single web server. Which is true about the solution? The server policy applies the same protection profile to all its protected web apps. Static or policy-based routes are not required. To achieve HTTP content routing, you must chain policies: the first policy accepts all traffic, and forwards requests for web app A to the virtual server for policy A. It also forwards requests for web app B to the virtual server for policy B. Policy A and Policy B apply their app-specific protection profiles, and then distribute that app's traffic among all members of the server farm. You must put the single web server into a server pool in order to use it with HTTP content routing.
NO.76 When configuring URL rewriting, what is the primary purpose of using regular expressions (regex)? (Select all that apply) Matching and transforming specific URL patterns Encrypting sensitive data in URLs Blocking access to all URLs Simplifying URLs for SEO purposes.
NO.77 What is the primary purpose of URL rewriting in application delivery? (Select all that apply) Enhancing security by obfuscating URLs Improving search engine optimization (SEO) Simplifying and optimizing URLs for users Preventing access to specific web pages.
NO.78 Which statement about local user accounts is true? They are best suited for large environments with many users. They cannot be used for site publishing. They must be assigned, regardless of any other authentication. They can be used for SSO.
NO.79 What is the primary function of configuring FortiWeb HA (High Availability)? Load balancing traffic Ensuring system redundancy and failover Blocking malicious IPs Managing server pools.
NO.80 FortiWeb offers the same load balancing algorithms as FortiGate. Which two Layer 7 switch methods does FortiWeb also offer? (Choose two.) HTTP session-based round robin HTTP user-based round robin HTTP content routes Round robin.
NO.82 In which two ways does FortiWeb handle traffic that does not match any defined policies? (Choose two.) In reverse-proxy mode, the traffic is denied. In transparent mode, the traffic is passed through. In true transparent mode, ip-forward should be enabled to deny the traffic. In offline protection mode, the traffic is dropped with a TCP reset.
NO.83 Which of the following are common reasons for configuring HTTP redirection in application delivery? (Select all that apply) Load balancing traffic Enforcing HTTPS for secure communication Redirecting users to a different website Blocking specific IP addresses.
NO.84 What is the primary benefit of using a content delivery network (CDN) in application delivery? Improved server security Centralized content management Enhanced content distribution and availability Simplified URL rewriting.
NO.85 In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies? Non-matching traffic is allowed non-Matching traffic is held in buffer Non-matching traffic is Denied Non-matching traffic is rerouted to FortiGate.
NO.86 What capability can FortiWeb add to your Web App that your Web App may or may not already have? SSL Inspection Automatic backup and recovery HTTP/HTML Form Authentication High Availability.
NO.87 Which encryption algorithm is commonly used to secure data transmission over HTTPS connections? (Select all that apply) AES (Advanced Encryption Standard) RSA (Rivest-Shamir-Adleman) DES (Data Encryption Standard) SHA-1 (Secure Hash Algorithm 1).
NO.88 Which factor is the best indicator of wireless client connection quality? Downstream link rate, the connection rate for the AP to the client The receive signal strength (RSS) of the client at the AP Upstream link rate, the connection rate for the client to the AP The channel utilization of the channel the client is using.
NO.89 Refer to the exhibit. FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers. What must the administrator do to avoid this problem? (Choose two.) Enable the Use X-Forwarded-For setting on FortiWeb. No Special configuration is required; connectivity will be re-established after the set timeout. Place FortiWeb in front of FortiADC. Enable the Add X-Forwarded-For setting on FortiWeb.
NO.90 Which compliance standards often require encryption and secure authentication for web applications? (Select all that apply) GDPR (General Data Protection Regulation) HIPAA (Health Insurance Portability and Accountability Act) PCI DSS (Payment Card Industry Data Security Standard) ISO 9001 (Quality Management System).
NO.91 What must you do with your FortiWeb logs to ensure PCI DSS compliance? Compress them into a .zip file format Enable masking of sensitive data Store in an off-site location Erase them every two weeks.
NO.92 What is a key consideration when identifying FortiWeb deployment requirements? Hardware specifications Number of firewall policies Internet speed Local user authentication.
NO.93 In application delivery, what should be considered when configuring caching policies for dynamic content? (Select all that apply) Cache expiration time User authentication status Server response headers Browser type.
NO.94 Review the following FortiWeb CLI command: diagnose network sniffer port3 none 6 When you use this command, what is the result? It displays six packets before ending. It displays the MACaddress of packets. It shows the interface name in the output. It shows only TCP packets.
NO.95 What is an advantage of utilizing machine learning for web application security compared to rule- based approaches? Adaptability to evolving attack patterns Faster response time to threats Simplicity in configuration and management Lower computational resource utilization.
NO.96 What must you configure on FortiWeb to prevent cross-origin resource sharing (CORS) attacks? Blocklist client IP addresses. Configure a CORS parameter in DNS. Configure an allowed origin domain. Disable CORS in the web protection profile.
NO.97 What role does FortiWeb play in ensuring PCI DSS compliance? PCI specifically requires a WAF Provides credit card processing capabilities Provide ability to securely process cash transactions Provides load balancing between multiple web servers.
NO.98 In FortiWeb, which component is responsible for handling incoming traffic and applying security policies? FortiGate Server pool Web Application Firewall (WAF) FortiManager.
NO.99 Part of the location service registration process is to link FortiAPs in FortiPresence. Which two management services can configure the discovered AP registration information from the FortiPresence cloud? (Choose two.) AP Manager FortiAP Cloud FortiSwitch FortiGate.
NO.100 Which regex expression is the correct format for redirecting the URL http://www.example.com? www\.example\.com www.example.com www\example\com www/.example/.com.
NO.101 What should you consider when troubleshooting threat detection and mitigation-related issues in a web application? (Select all that apply) Reviewing web server logs Analyzing firewall policies Disabling security features temporarily Collecting and analyzing traffic data.
NO.102 When configuring a wireless network for dynamic VLAN allocation, which three IETF attributes must be supplied by the radius server? (Choose three.) 81 Tunnel-Private-Group-ID 65 Tunnel-Medium-Type 83 Tunnel-Preference 58 Egress-VLAN-Name 64 Tunnel-Type.
NO.103 During FortiWeb deployment, which feature can be used to protect against Distributed Denial of Service (DDoS) attacks? Server pools Intrusion Prevention System (IPS) Load balancing Rate limiting.
NO.104 When configuring protected hostnames in FortiWeb, what is their primary purpose? Identifying internal network resources Redirecting traffic to a specific URL Blocking outgoing traffic Defining NAT policies.
NO.105 What is a common technique to mitigate Cross-Site Scripting (XSS) attacks in web applications? Input validation and escaping Encryption of user passwords Captcha verification for login forms SSL/TLS encryption.
NO.106 Refer to the exhibit. How does FortiWeb generate this support vector machine (SVM) model? It is constantly updated through observed traffic after the ML model has been built by FortiWeb. It uses data received during the collection phase of the machine learning (ML) process. It downloads information periodically from FortiGuard. It uses the XML file imported by the administrator.
NO.107 In the context of web application security, what is the primary role of a Content Security Policy (CSP)? Preventing SQL injection attacks Controlling the sources of content that a web page can load Detecting malicious JavaScript code Encrypting data at rest.
NO.108 When configuring HTTP content routing, which factors should be considered for routing decisions? (Select all that apply) Source IP address HTTP request method Destination port number User-agent header.
NO.109 How can you mitigate attacks on authentication processes in a web application? (Select all that apply) Implement multi-factor authentication (MFA) Use secure password hashing algorithms Disable all authentication mechanisms Implement account lockout policies.
NO.110 When configuring access control for a web application, which methods can be used to enforce security? (Select all that apply) Role-based access control (RBAC) Two-factor authentication (2FA) Captcha verification IP whitelisting.
NO.111 How can you troubleshoot application delivery-related issues effectively? (Select all that apply) Reviewing server logs for errors Clearing the cache on the client side Testing from multiple geographic locations Disabling all security features temporarily.
NO.112 Examine the following code snippet: servers: - url: 'http://petstore.swagger.io/v1' paths: /pets: get: summary: List all pets operationId: listPets tags: - pets parameters: - name: limit in: query description: How many items to return at one time (max 100) required: true schema: $ref: '#/components/schemas/ref' What is this a snippet from? An HTTP request restriction file An API schema file An XML schema file An API machine learning (ML) configuration file.
NO.113 What are two advantages of using the URL rewriting and redirecting feature on FortiWeb? (Choose two.) It enhances security by redirecting all requests to a private IP address. It reduces the number of requests, which reduces the risk of man-in-the-middle attacks. It prevents the disclosure of underlying technology to clients. It reduces server load by reducing the number of clients being served by a single web server.
NO.114 What are the advantages of SSL inspection and SSL offloading in a web application firewall? (Select all that apply) Improved web application performance Enhanced visibility into encrypted traffic Protection against encrypted threats Reduced latency for SSL connections.
NO.115 What benefit does Auto Learning provide? A. Automatically builds rules sets FortiWeb scans all traffic without taking action and makes recommendations on rules Automatically identifies and blocks suspicious IPs Automatically blocks all detected threats.
NO.116 Which three statements about HTTPS on FortiWeb are true? (Choose three.) For TLS inspection, you must upload the server certificate and key to FortiWeb. In transparent inspection mode, FortiWeb supports the same cipher suites as reverse proxy mode. In reverse proxy mode, FortiWeb can re-encrypt connections to the protected web servers. You can choose which SSL/TLS protocol versions are supported by FortiWeb when clients connect to a virtual server.
NO.117 Which administrative access method must be enabled on a FortiGate interface to allow APs to connect and function? Security Fabric SSH HTTPS Forti Telemetry.
NO.118 Which implementation is best suited for a deployment that must meet compliance criteria? SSL Offloading with FortiWeb in reverse proxy mode SSL Inspection with FortiWeb in Transparency mode SSL Offloading with FortiWeb in Transparency Mode SSL Inspection with FrotiWeb in Reverse Proxy mode.
NO.119 What is the purpose of configuring server pools in FortiWeb? Load balancing traffic Blocking malicious IPs Managing user authentication Monitoring system health.
NO.120 Which command allows you to temporarily terminate a process that is consuming excessive amounts of resources? execute sys kill <processes id> diagnose sys kill <process id> execute sys terminate <process id> diagnose sys terminate <process id>.
NO.121 In which operation mode must you direct all HTTP requests to the web server and not a virtual IP? Routed proxy Reverse proxy Virtual proxy True transparent proxy.
NO.122 Which of the following FortiWeb features is part of the mitigation tools against OWASP A4 threats? Sensitive info masking Session Management Poison Cookie detection Brute Force blocking.
Report abuse