Fortinet NSE 5 - FortiWeb 8.0 Administrator NSE5_FWB_AD-8.0 Exam Questions

Page: 1 / 14
Total 36 questions
Question 1

Refer to the exhibit.

A FortiWeb administrator is trying to enable policy-based traffic logging on FortiWeb but doesn't see the traffic log option available in the server policy settings.

What is the most likely reason this option is not visible?



Answer : C

Traffic logging is more storage-intensive than normal event or attack logging, so FortiWeb does not always expose policy traffic-log selection by default. The Study Guide states that traffic logs must be enabled from the CLI before they can be selected in a server policy. This matches the exhibit: the administrator is in the server policy wizard but cannot see the traffic log option. FortiAnalyzer or FortiSIEM can receive logs, but they do not make the policy option appear. Deployment mode is also not the determining factor here. FortiAppSec Cloud licensing is unrelated. The correct cause is that global traffic logging must first be enabled manually through the CLI, after which policy-based traffic logging can be selected.

================


Question 2

A large enterprise has an existing web infrastructure with complex routing rules and static IP address assignments. The network administrators cannot modify the current IP address scheme, but they need FortiWeb to inspect and block threats like SQL injection and cross-site scripting (XSS) without changing the client-server communication flow.

In this situation, which FortiWeb operation mode is the most suitable?



Answer : C

True transparent proxy mode is the correct fit when the organization cannot change the current IP addressing or client-server communication flow. In this mode, FortiWeb is deployed transparently in the traffic path, usually using a Layer 2 bridge or v-zone, so clients still send traffic to the original web server IP address rather than to a FortiWeb virtual server IP. Unlike transparent inspection, true transparent proxy mode can more reliably block malicious traffic inline before forwarding it to the server. Reverse proxy mode normally requires clients or upstream devices to send traffic to FortiWeb's virtual server address. WCCP requires redirection design changes. Decryption mirror mode is mainly passive inspection and is not the best answer for inline blocking.

================


Question 3

Which URL should you rewrite to reduce security risk?



Answer : D

The URL https://www.example.com/25.3.6/Browse/MediaData exposes internal application structure and what appears to be a version number. Revealing version information, framework paths, or internal directory names gives attackers useful reconnaissance data. Attackers can correlate exposed versions with known vulnerabilities and target the application more precisely. FortiWeb URL rewriting can reduce this risk by hiding or transforming sensitive internal URLs before users or scanners see them. The other URLs are normal-looking public paths or common application resources. A WordPress RSS feed may or may not be appropriate depending on business requirements, but it does not clearly expose internal versioned routing in the same way. The risky URL is the one containing 25.3.6/Browse/MediaData.

================


Question 4

A FortiWeb administrator is deciding between using SAML SSO or HTML authentication. They want to minimize the number of credential prompts users receive across multiple Fortinet services.

Which statement accurately describes which option is best, and why?



Answer : A

SAML SSO is the correct choice when the goal is to reduce repeated credential prompts across multiple services. SAML uses a federated identity model, where users authenticate through an identity provider and then use assertions to access service providers without repeatedly entering credentials. This is exactly the value of single sign-on. HTML form authentication is more local and application-specific; it can authenticate users to a protected site, but it does not provide the same cross-service identity federation. Option B overstates SAML as a policy-blocking mechanism. Option C may be simpler but does not meet the SSO requirement. Option D incorrectly describes HTML form authentication as token-based remote-service access.

================


Question 5

A FortiWeb administrator wants to create a machine learning (ML)-based bot detection system.

Which three actions must the administrator take to build and activate this ML model? (Choose three.)



Answer : A, D, E

FortiWeb machine learning protection depends on observed application traffic. The administrator must first collect traffic samples so FortiWeb can learn normal behavior and create a useful baseline. After sample collection, FortiWeb uses the collected data to build the detection model. Once the model is built, it must be enabled or run in the live environment so FortiWeb can evaluate production requests and detect abnormal or bot-like behavior. Manual verification on test data only is not enough to activate the model for real traffic. Bayesian analysis is not the FortiWeb configuration step shown for this process; the platform handles model logic internally. The practical workflow is collection, model building, and live enforcement or detection.

================


Question 6

Refer to the exhibit.

What does the exhibit show?



Answer : D

The exhibit is written in structured OpenAPI/YAML-style format. It includes fields such as info, version, title, servers, paths, HTTP method get, operationId, responses, content type application/json, and a schema definition. That is not HTML and it is not a live API response. It is also not CLI output from FortiWeb. FortiWeb OpenAPI validation uses OpenAPI description files in YAML or JSON to define API structure, endpoints, parameters, and expected data types. FortiWeb then uses that uploaded schema as a baseline to validate API requests and block requests that do not conform. So the exhibit is best identified as an API schema file


Question 7

Refer to the exhibit.

You are configuring SSL offloading on FortiWeb to protect a public-facing application. Clients connect using HTTPS, while FortiWeb forwards requests to the back-end server using HTTP.

You are reviewing certificate deployment and need to decide where to install the private key for the certificate used in client connections.

In this SSL offloading setup, which device is responsible for using the private key associated with the web server certificate?



Answer : A

In SSL offloading, FortiWeb is the TLS endpoint for client connections. The client negotiates HTTPS with FortiWeb, not directly with the back-end web server. Therefore, FortiWeb must have the website certificate and associated private key so it can complete the TLS handshake, decrypt inbound HTTPS traffic, inspect the HTTP content, and then forward the request to the server using HTTP or a separate back-end connection. Option B is wrong because TLS termination requires the private key. Option C describes SSL inspection or direct server termination, not offloading. Option D is wrong because clients verify the certificate but do not possess or use the server's private key. FortiWeb owns the private-key function in this design.


Page:    1 / 14   
Total 36 questions