Fortinet nse6-fwb-6-1 practice test

Fortinet NSE 6 - FortiWeb 6.1 Exam


Question 1

You are using HTTP content routing on FortiWeb. You want requests for web application A to be
forwarded to a cluster of web servers, which all host the same web application. You want requests
for web application B to be forwarded to a different, single web server.
Which statement about this solution is true?

  • A. The server policy applies the same protection profile to all of its protected web applications.
  • B. You must put the single web server in to a server pool, in order to use it with HTTP content routing.
  • C. You must chain policies so that requests for web application A go to the virtual server for policy A, and requests for web application B go to the virtual server for policy B.
  • D. Static or policy-based routes are not required.
Answer:

D

Discussions
0 / 600

Question 2

How does FortiWeb protect against defacement attacks?

  • A. It keeps a complete backup of all files and the database.
  • B. It keeps hashes of files and periodically compares them to the server.
  • C. It keeps full copies of all files and directories.
  • D. It keeps a live duplicate of the database.
Answer:

B

Explanation:
The anti-defacement feature examines a web sites files for changes at specified time intervals. If it
detects a change that could indicate a defacement attack, theFortiWebappliancecan notify you and
quickly react by automatically restoring the web site contents to the previous backup.
Reference:
https://help.fortinet.com/fweb/551/Content/FortiWeb/fortiweb-
admin/anti_defacement.htm

Discussions
0 / 600

Question 3

What is one of the key benefits of the FortiGuard IP reputation feature?

  • A. It maintains a list of private IP addresses.
  • B. It provides a document of IP addresses that are suspect, so that administrators can manually update their blacklists.
  • C. It is updated once per year.
  • D. It maintains a list of public IPs with a bad reputation for participating in attacks.
Answer:

D

Explanation:
FortiGuard IP Reputation service assigns a poor reputation, including virus-infected clients and
malicious spiders/crawlers.
Reference:
https://docs.fortinet.com/document/fortiweb/6.1.1/administration-
guide/137271/blacklisting-whitelisting-clients

Discussions
0 / 600

Question 4

Which three statements about HTTPS on FortiWeb are true? (Choose three.)

  • A. In true transparent mode, the TLS session terminator is a protected web server.
  • B. After enabling HSTS, redirects to HTTPS are never needed.
  • C. For SNI, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
  • D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to offer only TLS 1.2.
  • E. In transparent inspection mode, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
Answer:

A, C, E

Reference:
https://docs.fortinet.com/document/fortiweb/6.3.0/administration-
guide/742465/supported-cipher-suites-protocol-versions

Discussions
0 / 600

Question 5

When viewing the attack logs on FortiWeb, which client IP address is shown when you are using XFF
header rules?

  • A. FortiGate public IP
  • B. FortiWeb IP
  • C. FortiGate local IP
  • D. Client real IP
Answer:

D

Explanation:
When an XFF header reaches Alteon from a client, Alteon removes all the content from the header
and injects the client IP address. Alteon then forwards the header to the server.
Reference:
https://support.radware.com/app/answers/answer_view/a_id/20925/~/modifying-the-
client-ip-address-in-the-xff-header-using-httpmod

Discussions
0 / 600

Question 6

In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)

  • A. Offline protection
  • B. Transparent inspection
  • C. True transparent proxy
  • D. Reverse proxy
Answer:

A, C

Explanation:
FortiWebappliances operating in offline protection mode or either of the transparent modes
Reference:
https://help.fortinet.com/fweb/541/Content/FortiWeb/fortiweb-
admin/planning_topology.htm

Discussions
0 / 600

Question 7

The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism.
Which two functions does the first layer perform? (Choose two.)

  • A. Determines whether an anomaly is a real attack or just a benign anomaly that should be ignored
  • B. Builds a threat model behind every parameter and HTTP method
  • C. Determines if a detected threat is a false-positive or not
  • D. Determines whether traffic is an anomaly, based on observed application traffic over time
Answer:

B, D

Explanation:
The first layer uses the Hidden Markov Model (HMM) and monitors access to the application and
collects data to build a mathematical model behind every parameter and HTTP method.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.0/administration-
guide/193258/machine-learning

Discussions
0 / 600

Question 8

In which scenario might you want to use the compression feature on FortiWeb?

  • A. When you are serving many corporate road warriors using 4G tablets and phones
  • B. When you are offering a music streaming service
  • C. When you want to reduce buffering of video streams
  • D. Never, since most traffic today is already highly compressed
Answer:

D

Explanation:
FortiWebmight expend resources compressing responses that have already been compressed by the
server.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.7/administration-
guide/650285/compression

Discussions
0 / 600

Question 9

When is it possible to use a self-signed certificate, rather than one purchased from a commercial
certificate authority?

  • A. If you are a small business or home office
  • B. If you are an enterprise whose employees use only mobile devices
  • C. If you are an enterprise whose resources do not need security
  • D. If you are an enterprise whose computers all trust your active directory or other CA server
Answer:

C

Explanation:
This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates. The reason
why theyre considered different from traditional certificate-authority signed certificates is that
theyre created, issued, and signed by the company or developer who is responsible for the website
or software being signed. This is why self-signed certificates are considered unsafe for public-facing
websites and applications.
Reference:
https://sectigostore.com/page/what-is-a-self-signed-certificate/

Discussions
0 / 600

Question 10

Refer to the exhibits.


FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on
the configuration shown in the exhibits, which of the following statements is true?

  • A. FortiGate should forward web traffic to the server pool IP addresses.
  • B. The configuration is incorrect. FortiWeb should always be located upstream to FortiGate.
  • C. You must disable the Preserve Client IP setting on FotriGate for this configuration to work.
  • D. FortiGate should forward web traffic to virtual server IP address.
Answer:

D

Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ebe2ce28-
5c66-11eb-b9ad-00505692583a/FortiWeb_6.3.10_Administration_Guide.pdf

Discussions
0 / 600
To page 2