Fortinet nse6-fwb-6-1 practice test
Fortinet NSE 6 - FortiWeb 6.1 Exam
Last exam update: Nov 22 ,2023
Question 1
You are using HTTP content routing on FortiWeb. You want requests for web application A to be
forwarded to a cluster of web servers, which all host the same web application. You want requests
for web application B to be forwarded to a different, single web server.
Which statement about this solution is true?
- A. The server policy applies the same protection profile to all of its protected web applications.
- B. You must put the single web server in to a server pool, in order to use it with HTTP content routing.
- C. You must chain policies so that requests for web application A go to the virtual server for policy A, and requests for web application B go to the virtual server for policy B.
- D. Static or policy-based routes are not required.
Answer:
D
Question 2
How does FortiWeb protect against defacement attacks?
- A. It keeps a complete backup of all files and the database.
- B. It keeps hashes of files and periodically compares them to the server.
- C. It keeps full copies of all files and directories.
- D. It keeps a live duplicate of the database.
Answer:
B
Explanation:
The anti-defacement feature examines a web sites files for changes at specified time intervals. If it
detects a change that could indicate a defacement attack, theFortiWebappliancecan notify you and
quickly react by automatically restoring the web site contents to the previous backup.
Reference:
https://help.fortinet.com/fweb/551/Content/FortiWeb/fortiweb-
admin/anti_defacement.htm
Question 3
What is one of the key benefits of the FortiGuard IP reputation feature?
- A. It maintains a list of private IP addresses.
- B. It provides a document of IP addresses that are suspect, so that administrators can manually update their blacklists.
- C. It is updated once per year.
- D. It maintains a list of public IPs with a bad reputation for participating in attacks.
Answer:
D
Explanation:
FortiGuard IP Reputation service assigns a poor reputation, including virus-infected clients and
malicious spiders/crawlers.
Reference:
https://docs.fortinet.com/document/fortiweb/6.1.1/administration-
guide/137271/blacklisting-whitelisting-clients
Question 4
Which three statements about HTTPS on FortiWeb are true? (Choose three.)
- A. In true transparent mode, the TLS session terminator is a protected web server.
- B. After enabling HSTS, redirects to HTTPS are never needed.
- C. For SNI, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
- D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to offer only TLS 1.2.
- E. In transparent inspection mode, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
Answer:
A, C, E
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.0/administration-
guide/742465/supported-cipher-suites-protocol-versions
Question 5
When viewing the attack logs on FortiWeb, which client IP address is shown when you are using XFF
header rules?
- A. FortiGate public IP
- B. FortiWeb IP
- C. FortiGate local IP
- D. Client real IP
Answer:
D
Explanation:
When an XFF header reaches Alteon from a client, Alteon removes all the content from the header
and injects the client IP address. Alteon then forwards the header to the server.
Reference:
https://support.radware.com/app/answers/answer_view/a_id/20925/~/modifying-the-
client-ip-address-in-the-xff-header-using-httpmod
Question 6
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)
- A. Offline protection
- B. Transparent inspection
- C. True transparent proxy
- D. Reverse proxy
Answer:
A, C
Explanation:
FortiWebappliances operating in offline protection mode or either of the transparent modes
Reference:
https://help.fortinet.com/fweb/541/Content/FortiWeb/fortiweb-
admin/planning_topology.htm
Question 7
The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism.
Which two functions does the first layer perform? (Choose two.)
- A. Determines whether an anomaly is a real attack or just a benign anomaly that should be ignored
- B. Builds a threat model behind every parameter and HTTP method
- C. Determines if a detected threat is a false-positive or not
- D. Determines whether traffic is an anomaly, based on observed application traffic over time
Answer:
B, D
Explanation:
The first layer uses the Hidden Markov Model (HMM) and monitors access to the application and
collects data to build a mathematical model behind every parameter and HTTP method.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.0/administration-
guide/193258/machine-learning
Question 8
In which scenario might you want to use the compression feature on FortiWeb?
- A. When you are serving many corporate road warriors using 4G tablets and phones
- B. When you are offering a music streaming service
- C. When you want to reduce buffering of video streams
- D. Never, since most traffic today is already highly compressed
Answer:
D
Explanation:
FortiWebmight expend resources compressing responses that have already been compressed by the
server.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.7/administration-
guide/650285/compression
Question 9
When is it possible to use a self-signed certificate, rather than one purchased from a commercial
certificate authority?
- A. If you are a small business or home office
- B. If you are an enterprise whose employees use only mobile devices
- C. If you are an enterprise whose resources do not need security
- D. If you are an enterprise whose computers all trust your active directory or other CA server
Answer:
C
Explanation:
This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates. The reason
why theyre considered different from traditional certificate-authority signed certificates is that
theyre created, issued, and signed by the company or developer who is responsible for the website
or software being signed. This is why self-signed certificates are considered unsafe for public-facing
websites and applications.
Reference:
https://sectigostore.com/page/what-is-a-self-signed-certificate/
Question 10
Refer to the exhibits.
FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on
the configuration shown in the exhibits, which of the following statements is true?
- A. FortiGate should forward web traffic to the server pool IP addresses.
- B. The configuration is incorrect. FortiWeb should always be located upstream to FortiGate.
- C. You must disable the Preserve Client IP setting on FotriGate for this configuration to work.
- D. FortiGate should forward web traffic to virtual server IP address.
Answer:
D
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ebe2ce28-
5c66-11eb-b9ad-00505692583a/FortiWeb_6.3.10_Administration_Guide.pdf
Question 11
What key factor must be considered when setting brute force rate limiting and blocking?
- A. A single client contacting multiple resources
- B. Multiple clients sharing a single Internet connection
- C. Multiple clients from geographically diverse locations
- D. Multiple clients connecting to multiple resources
Answer:
D
Question 12
Refer to the exhibit.
There is only one administrator account configured on FortiWeb. What must an administrator do to
restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?
- A. Delete the built-in administrator user and create a new one.
- B. Configure IPv4 Trusted Host # 3 with a specific IP address.
- C. The configuration changes must be made on the upstream device.
- D. Change the Access Profile to Read_Only.
Answer:
A
Reference:
https://docs.fortinet.com/document/fortiweb/6.1.1/administration-
guide/397469/preventing-brute-force-logins
Question 13
What role does FortiWeb play in ensuring PCI DSS compliance?
- A. It provides the ability to securely process cash transactions.
- B. It provides the required SQL server protection.
- C. It provides the WAF required by PCI.
- D. It provides credit card processing capabilities.
Answer:
D
Explanation:
FortiWeb protects against attacks that lead to sensitive data exposure such as SQL Injection and other
injection types. Additionally, FortiWeb inspects all web server outgoing traffic for sensitive data such
as Social Security numbers, credit card numbers and other predefined or custom based sensitive
data.
Reference:
https://www.gordion.de/fileadmin/user_upload/SG-PCI-Compliance.pdf
Question 14
What must you do with your FortiWeb logs to ensure PCI DSS compliance?
- A. Store in an off-site location
- B. Erase them every two weeks
- C. Enable masking of sensitive data
- D. Compress them into a .zip file format
Answer:
C
Reference:
https://docplayer.net/8466775-Fortiweb-web-application-firewall-ensuring-compliance-for-pci-dss-requirement-6-6-solution-guide.html
Question 15
Which two statements about the anti-defacement feature on FortiWeb are true? (Choose two.)
- A. Anti-defacement can redirect users to a backup web server, if it detects a change.
- B. Anti-defacement downloads a copy of your website to RAM, in order to restore a clean image, if it detects defacement.
- C. FortiWeb will only check to see if there are changes on the web server; it will not download the whole file each time.
- D. Anti-defacement does not make a backup copy of your databases.
Answer:
C, D
Explanation:
Anti-defacement backs up web pages only,notdatabases.
If it detects any file changes, theFortiWebappliance will download a new backup revision.
Reference:
https://help.fortinet.com/fweb/551/Content/FortiWeb/fortiweb-
admin/anti_defacement.htm