Which three stages are part of creating a machine learning (ML) bot detection algorithm? (Choose three.)
Answer : A, C, D
Model building: In this stage, you design and develop the ML model, which involves selecting appropriate algorithms and features to detect bot activity.
Model verification: This is where you test and evaluate the model's performance to ensure it can accurately detect bots without false positives or negatives.
Sample collecting: Gathering relevant data samples (e.g., bot and non-bot traffic) to train the machine learning model is crucial to ensure it can learn from various scenarios.
Which high availability mode is commonly used to integrate with a traffic distributer like FortiADC?
Answer : C
In Fortinet's high availability (HA) configurations, integrating FortiWeb with a traffic distributor like FortiADC is best achieved using the Active-Active HA mode. This mode allows multiple FortiWeb appliances to operate simultaneously, distributing traffic loads and enhancing both performance and redundancy.
FortiWeb supports several HA modes:
Active-Passive: One appliance actively handles all traffic, while the other remains on standby, ready to take over if the active unit fails.
Active-Active: Multiple appliances actively process traffic concurrently, sharing the load and providing redundancy.
High Volume Active-Active: An enhanced version of Active-Active, designed for environments with exceptionally high traffic volumes.
When integrating with a traffic distributor like FortiADC, the Active-Active mode is particularly advantageous. FortiADC can intelligently distribute incoming traffic across multiple active FortiWeb appliances, optimizing resource utilization and ensuring high availability. This setup not only balances the load but also provides fault tolerance; if one appliance becomes unavailable, FortiADC can redirect traffic to the remaining active units without service interruption.
This collaborative approach between FortiWeb and FortiADC ensures that web applications remain secure, performant, and resilient against failures.
Refer to the exhibit.
FortiADC is applying SNAT to all inbound traffic going to the servers.
When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. This setup is breaking all connectivity and genuine clients are not able to access the servers.
What can the administrator do to avoid this problem? (Choose two.)
Answer : C, D
Place FortiWeb in front of FortiADC: This configuration change places FortiWeb between the client and FortiADC, so that FortiWeb can directly inspect and protect the incoming traffic before FortiADC applies SNAT (Source Network Address Translation). By placing FortiWeb in front, it will have access to the real client IP addresses, and it will be able to properly identify and handle attack traffic without blocking legitimate client traffic.
Enable and configure the Use X-Forwarded-For setting on FortiWeb: This setting allows FortiWeb to extract the original client IP address from the X-Forwarded-For header in the HTTP request, which is inserted by FortiADC when performing SNAT. With this setting enabled, FortiWeb will be able to block traffic based on the original client IP address rather than the SNATed IP address (192.0.2.1), preserving the accuracy of the security measures.
What are two possible impacts of a DoS attack on your web server? (Choose two.)
Answer : B, C
The web application is unable to accept any more connections because of network socket exhaustion: A Denial of Service (DoS) attack often floods the web server with an overwhelming number of requests, leading to network socket exhaustion. This can prevent the server from accepting new legitimate connections, effectively disrupting service.
The web application server is unable to accept new client sessions due to memory exhaustion: DoS attacks can consume a significant amount of server memory, causing memory exhaustion. This results in the web application being unable to accept new client sessions or handle requests properly.
Which three security features must you configure on FortiWeb to protect API connections? (Choose three.)
Answer : B, C, E
Machine learning (ML)-based API protection: ML-based API protection helps detect and mitigate abnormal behavior in API traffic, such as bot attacks or abuse, by learning and adapting to normal traffic patterns.
API schema validation: API schema validation ensures that the API requests conform to the defined schema (e.g., checking the structure, fields, and types in the API calls). This helps prevent attacks like XML or JSON injection by ensuring only valid requests are processed.
API user key enforcement: Enforcing API user key authentication requires clients to provide valid API keys, ensuring only authorized users can access the API. This is crucial for controlling access to the API.
Refer to the exhibit.
What are two additional configuration elements that you must be configure for this API gateway? (Choose two.)
Answer : A, B
When configuring an API Gateway on a FortiWeb appliance, it's essential to include specific elements to ensure proper functionality and security. Two critical configuration elements are:
Defining Rate Limits: Implementing rate limits is crucial to control the number of requests a client can make to the API within a specified timeframe. This helps prevent abuse, such as denial-of-service attacks, by limiting excessive requests from clients.
Defining URL Prefixes: Specifying URL prefixes allows the FortiWeb appliance to identify and manage API requests accurately. By defining these prefixes, the appliance can route and process API calls correctly, ensuring that only legitimate traffic reaches the backend services.
These configurations align with Fortinet's best practices for setting up an API Gateway policy. While the exact steps may vary depending on the FortiWeb firmware version, the general process involves navigating to the Web Application Firewall section, selecting the API Gateway Policy tab, and configuring the necessary parameters, including rate limits and URL prefixes.
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)
Answer : B, D
Virtual proxy: In virtual proxy mode, FortiWeb acts as an intermediary between clients and the server, and it can modify HTTP packets. It performs various security checks, such as inspecting and filtering HTTP traffic before forwarding it to the web server.
Reverse proxy: In reverse proxy mode, FortiWeb sits between the client and the server, handling incoming requests from clients, modifying or inspecting HTTP packets as needed, and forwarding them to the backend servers.