What are two possible impacts of a DoS attack on your web server? (Choose two.)
Answer : B, C
The web application is unable to accept any more connections because of network socket exhaustion: A Denial of Service (DoS) attack often floods the web server with an overwhelming number of requests, leading to network socket exhaustion. This can prevent the server from accepting new legitimate connections, effectively disrupting service.
The web application server is unable to accept new client sessions due to memory exhaustion: DoS attacks can consume a significant amount of server memory, causing memory exhaustion. This results in the web application being unable to accept new client sessions or handle requests properly.
What is the difference between an API gateway protection schema and a machine learning (ML) API protection schema?
Answer : C
In FortiWeb's API protection mechanisms, there are distinctions between the traditional API gateway protection schema and the machine learning (ML) based API protection schema:
Data Type Support: The API gateway protection schema has the capability to support various data types beyond just strings, allowing for more comprehensive validation and enforcement of API schemas.
Schema Adaptability: The ML-based API protection schema is designed to automatically learn and adapt to changes in the API structure without requiring manual intervention from administrators. This dynamic learning process enables FortiWeb to identify and protect against anomalies and potential threats in real-time.
Refer to the exhibit.
FortiADC is applying SNAT to all inbound traffic going to the servers.
When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. This setup is breaking all connectivity and genuine clients are not able to access the servers.
What can the administrator do to avoid this problem? (Choose two.)
Answer : C, D
Place FortiWeb in front of FortiADC: This configuration change places FortiWeb between the client and FortiADC, so that FortiWeb can directly inspect and protect the incoming traffic before FortiADC applies SNAT (Source Network Address Translation). By placing FortiWeb in front, it will have access to the real client IP addresses, and it will be able to properly identify and handle attack traffic without blocking legitimate client traffic.
Enable and configure the Use X-Forwarded-For setting on FortiWeb: This setting allows FortiWeb to extract the original client IP address from the X-Forwarded-For header in the HTTP request, which is inserted by FortiADC when performing SNAT. With this setting enabled, FortiWeb will be able to block traffic based on the original client IP address rather than the SNATed IP address (192.0.2.1), preserving the accuracy of the security measures.
Which high availability mode is commonly used to integrate with a traffic distributer like FortiADC?
Answer : C
In Fortinet's high availability (HA) configurations, integrating FortiWeb with a traffic distributor like FortiADC is best achieved using the Active-Active HA mode. This mode allows multiple FortiWeb appliances to operate simultaneously, distributing traffic loads and enhancing both performance and redundancy.
FortiWeb supports several HA modes:
Active-Passive: One appliance actively handles all traffic, while the other remains on standby, ready to take over if the active unit fails.
Active-Active: Multiple appliances actively process traffic concurrently, sharing the load and providing redundancy.
High Volume Active-Active: An enhanced version of Active-Active, designed for environments with exceptionally high traffic volumes.
When integrating with a traffic distributor like FortiADC, the Active-Active mode is particularly advantageous. FortiADC can intelligently distribute incoming traffic across multiple active FortiWeb appliances, optimizing resource utilization and ensuring high availability. This setup not only balances the load but also provides fault tolerance; if one appliance becomes unavailable, FortiADC can redirect traffic to the remaining active units without service interruption.
This collaborative approach between FortiWeb and FortiADC ensures that web applications remain secure, performant, and resilient against failures.
Which Layer 7 routing method does FortiWeb support?
Answer : D
FortiWeb is a Web Application Firewall (WAF) designed to protect web applications from various threats. Among its features, FortiWeb supports Layer 7 routing methods, which operate based on the content of the HTTP/HTTPS traffic.
HTTP Content Routing refers to the capability of directing incoming web traffic to specific backend servers based on characteristics found within the HTTP requests, such as URL paths, headers, or other content. This allows for more granular and efficient distribution of traffic, ensuring that requests are handled by the appropriate servers based on their content.
Analysis of Options:
A . URL policy routing: While this term suggests routing decisions based on URL policies, it is not a standard term used in FortiWeb's documentation. FortiWeb's content routing encompasses URL-based decisions, making this option less precise.
B . OSPF (Open Shortest Path First): This is a Layer 3 routing protocol used for IP routing within an Autonomous System. It operates at the network layer and is not related to Layer 7 routing methods.
C . BGP (Border Gateway Protocol): Another Layer 3 routing protocol, BGP is used for routing between Autonomous Systems on the internet. It does not pertain to Layer 7 or application-layer routing.
D . HTTP content routing: This aligns with FortiWeb's capabilities to make routing decisions based on the content of HTTP requests, such as URL paths, headers, or other application-layer data. This is a Layer 7 routing method supported by FortiWeb.
Therefore, the correct answer is D. HTTP content routing.
These references confirm that FortiWeb supports HTTP content routing as a Layer 7 routing method.
Refer to the exhibit.
What is true about this FortiWeb device? (Choose two.)
Answer : B
It was upgraded to a different version after initial installation: The device has multiple partitions with different firmware versions (6.4.0 and 6.4.1), indicating that it was upgraded after the initial installation from version 6.4.0 to 6.4.1.
An attacker attempts to send an SQL injection attack containing the known attack string 'root'; -- through an API call.
Which FortiWeb inspection feature will be able to detect this attack the quickest?
Answer : B
The quickest detection for an SQL injection attack like the one described ('root'; --) would be through known signatures. FortiWeb utilizes signature-based detection to match incoming traffic against predefined attack patterns. Since SQL injection attacks are commonly known and have specific patterns (such as 'root'; --), known signatures would immediately recognize and flag this type of attack.