Fortinet NSE6_FWB-6.4 Exam Practice Test Instant Access

Question 1

The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism.

Which two functions does the first layer perform? (Choose two.)

ADetermines whether an anomaly is a real attack or just a benign anomaly that should be ignored

BBuilds a threat model behind every parameter and HTTP method

CDetermines if a detected threat is a false-positive or not

DDetermines whether traffic is an anomaly, based on observed application traffic over time

Answer : B, D

The first layer uses the Hidden Markov Model (HMM) and monitors access to the application and collects data to build a mathematical model behind every parameter and HTTP method.

Question 2

Which would be a reason to implement HTTP rewriting?

AThe original page has moved to a new URL

BTo replace a vulnerable function in the requested URL

CTo send the request to secure channel

DThe original page has moved to a new IP address

Answer : B

Create a new URL rewriting rule.

Question 3

A client is trying to start a session from a page that would normally be accessible only after the client has logged in.

When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

ADisplay an access policy message, then allow the client to continue

BRedirect the client to the login page

CAllow the page access, but log the violation

DPrompt the client to authenticate

EReply with a 403 Forbidden HTTP error

Answer : B, C, E

Question 4

Which algorithm is used to build mathematical models for bot detection?

AHCM

BSVN

CSVM

DHMM

Answer : C

FortiWeb uses SVM (Support Vector Machine) algorithm to build up the bot detection model

Question 5

How does FortiWeb protect against defacement attacks?

AIt keeps a complete backup of all files and the database.

BIt keeps hashes of files and periodically compares them to the server.

CIt keeps full copies of all files and directories.

DIt keeps a live duplicate of the database.

Answer : B

The anti-defacement feature examines a web site's files for changes at specified time intervals. If it detects a change that could indicate a defacement attack, theFortiWebappliancecan notify you and quickly react by automatically restoring the web site contents to the previous backup.

Question 6

Which two statements about running a vulnerability scan are true? (Choose two.)

AYou should run the vulnerability scan during a maintenance window.

BYou should run the vulnerability scan in a test environment.

CVulnerability scanning increases the load on FortiWeb, so it should be avoided.

DYou should run the vulnerability scan on a live website to get accurate results.

Answer : A, B

Should the Vulnerability Scanner allow it, SVMS will set the scan schedule (or schedules) to run in a maintenance window. SVMS will advise Client of the scanner's ability to complete the scan(s) within the maintenance window.

Vulnerabilities on live web sites. Instead, duplicate the web site and its database in a test environment.

https://help.fortinet.com/fweb/552/Content/FortiWeb/fortiweb-admin/vulnerability_scans.htm

Question 7

What can an administrator do if a client has been incorrectly period blocked?

ANothing, it is not possible to override a period block.

BManually release the ID address from the temporary blacklist.

CForce a new IP address to the client.

DDisconnect the client from the network.

Answer : B

Block Period

Enter the number of seconds that you want to block the requests. The valid range is 1--3,600 seconds. The default value is 60 seconds.

This option only takes effect when you choosePeriod BlockinAction.

Note: That's a temporary blacklist so you can manually release them from the blacklist.

Fortinet NSE6_FWB-6.4 Fortinet NSE 6 - FortiWeb 6.4 Exam Practice Test