Fortinet FCP_FWB_AD-7.4 FCP - FortiWeb 7.4 Administrator Exam Practice Test

Answer : B

In Active-Passive high availability (HA) mode, the active unit is responsible for handling traffic while the passive unit remains idle, ready to take over in case of a failure. When a failover occurs, the active unit sends out gratuitous ARP messages to notify neighboring devices about the change in the active unit's IP address. This ensures that the network devices update their ARP tables and can forward traffic to the new active unit.

Answer : C

In FortiWeb's API protection mechanisms, there are distinctions between the traditional API gateway protection schema and the machine learning (ML) based API protection schema:

Data Type Support: The API gateway protection schema has the capability to support various data types beyond just strings, allowing for more comprehensive validation and enforcement of API schemas.

Schema Adaptability: The ML-based API protection schema is designed to automatically learn and adapt to changes in the API structure without requiring manual intervention from administrators. This dynamic learning process enables FortiWeb to identify and protect against anomalies and potential threats in real-time.

Answer : B

Cross-Site Scripting (XSS) is a type of web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This can lead to session hijacking, credential theft, or redirection to malicious sites. XSS attacks typically exploit vulnerabilities in web applications that fail to properly sanitize user input.

Here's an analysis of the given options:

A . SELECT username FROM accounts WHERE username='admin';-- ' AND password='password';

This is an example of SQL Injection (SQLi) rather than XSS. It manipulates SQL queries to bypass authentication, not execute JavaScript in a user's browser.

B .

This is a classic XSS attack.

It uses an tag with a non-existent src attribute.

The onerror event triggers when the image fails to load, executing alert(document.cookie);, which can expose session cookies.

This method is commonly used for stealing cookies or executing arbitrary scripts.

C . SELECT username FROM accounts WHERE username='XSS' ' AND password='alert('http://badurl.com')';

This is neither a valid SQL injection nor a valid XSS attack.

The syntax suggests an incorrect SQL query rather than JavaScript execution in a browser.

D . <IMG SRC='xss.png'>

This is not a valid XSS attack unless there is an additional event handler like onload, onerror, or onmouseover executing JavaScript.

By itself, it just loads an image and does not execute any malicious script.

Thus, Option B is the correct answer as it represents a real-world XSS attack technique.

OWASP XSS Guide: https://owasp.org/www-community/attacks/xss/

Fortinet XSS Protection Documentation: https://docs.fortinet.com/

Answer : A

When FortiWeb is deployed upstream of a device performing source network address translation (SNAT) or load balancing, the original client IP address may be lost. To preserve the original client IP address, you must enable and configure the Preserve Client IP setting on FortiWeb. This allows FortiWeb to retain and pass the client's original IP address to the backend servers for accurate logging and processing.

Answer : A

Bot ML models analyze multiple connections over time instead of analyzing each connection as a single unit: This is the key distinction. Bot ML models focus on analyzing patterns over a period of time, looking at behavioral patterns across multiple requests or connections from the same source to identify potential bot activity. Unlike traditional anomaly detection or API models that may focus on single connections or individual transactions, bot detection typically examines aggregated behavior to identify patterns indicative of bots, such as high-frequency requests or unusual traffic flows.

Answer : D

The Attack ID of 20000010 refers to a brute force login attempt, which typically indicates that the client IP (192.168.1.11) is sending suspicious or malicious traffic to the FortiWeb. FortiWeb detected and blocked this suspicious activity, which is why the page is shown as blocked.

Answer : D

FortiWeb is a Web Application Firewall (WAF) designed to protect web applications from various threats. Among its features, FortiWeb supports Layer 7 routing methods, which operate based on the content of the HTTP/HTTPS traffic.

HTTP Content Routing refers to the capability of directing incoming web traffic to specific backend servers based on characteristics found within the HTTP requests, such as URL paths, headers, or other content. This allows for more granular and efficient distribution of traffic, ensuring that requests are handled by the appropriate servers based on their content.

Analysis of Options:

A . URL policy routing: While this term suggests routing decisions based on URL policies, it is not a standard term used in FortiWeb's documentation. FortiWeb's content routing encompasses URL-based decisions, making this option less precise.

B . OSPF (Open Shortest Path First): This is a Layer 3 routing protocol used for IP routing within an Autonomous System. It operates at the network layer and is not related to Layer 7 routing methods.

C . BGP (Border Gateway Protocol): Another Layer 3 routing protocol, BGP is used for routing between Autonomous Systems on the internet. It does not pertain to Layer 7 or application-layer routing.

D . HTTP content routing: This aligns with FortiWeb's capabilities to make routing decisions based on the content of HTTP requests, such as URL paths, headers, or other application-layer data. This is a Layer 7 routing method supported by FortiWeb.

Therefore, the correct answer is D. HTTP content routing.

FortiWeb 7.2.6 Administration Guide: 'FortiWeb provides advanced Layer 7 load balancing and authentication offload services.' cloud.orange-business.com

FortiWeb Data Sheet: 'FortiWeb provides advanced Layer 7 load balancing and authentication offload services.' Exclusive Networks

FortiWeb on OCB-FE - Installation and Deployment Guide: 'FortiWeb provides advanced Layer 7 load balancing and authentication offload services.' cloud.orange-business.com

These references confirm that FortiWeb supports HTTP content routing as a Layer 7 routing method.