Fortinet NSE6_FWB-6.4 Exam Questions Instant Access

Question 1

A client is trying to start a session from a page that would normally be accessible only after the client has logged in.

When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

ADisplay an access policy message, then allow the client to continue

BRedirect the client to the login page

CAllow the page access, but log the violation

DPrompt the client to authenticate

EReply with a 403 Forbidden HTTP error

Answer : B, C, E

Question 2

Which regex expression is the correct format for redirecting the URL http://www.example.com?

Awww\.example\.com

Bwww.example.com

Cwww\example\com

Dwww/.example/.com

Answer : B

\1://www.company.com/\2/\3

Question 3

Under what circumstances would you want to use the temporary uncompress feature of FortiWeb?

AIn the case of compression being done on the FortiWeb, to inspect the content of the compressed file

BIn the case of the file being a .MP3 music file

CIn the case of compression being done on the web server, to inspect the content of the compressed file.

DIn the case of the file being an .MP4 video

Answer : C

Question 4

When viewing the attack logs on FortiWeb, which client IP address is shown when you are using XFF header rules?

AFortiGate public IP

BFortiWeb IP

CFortiGate local IP

DClient real IP

Answer : D

When an XFF header reaches Alteon from a client, Alteon removes all the content from the header and injects the client IP address. Alteon then forwards the header to the server.

Question 5

Refer to the exhibit.

FortiWeb is configured to block traffic from Japan to your web application server. However, in the logs, the administrator is seeing traffic allowed from one particular IP address which is geo-located in Japan.

What can the administrator do to solve this problem? (Choose two.)

AManually update the geo-location IP addresses for Japan.

BIf the IP address is configured as a geo reputation exception, remove it.

CConfigure the IP address as a blacklisted IP address.

DIf the IP address is configured as an IP reputation exception, remove it.

Answer : B, C

Question 6

Refer to the exhibit.

Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate.

What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?

AChange Model Type to Strict

BChange Action under Action Settings to Alert

CDisable Dynamically Update Model

DEnable Bot Confirmation

Answer : D

Bot Confirmation

If the number of anomalies from a user has reached theAnomaly Count, the system executesBot Confirmationbefore taking actions.

TheBot Confirmationis to confirm if the user is indeed a bot. The system sends RBE (Real Browser Enforcement) JavaScript or CAPTCHA to the client to double check if it's a real bot.

Question 7

Refer to the exhibit.

There is only one administrator account configured on FortiWeb. What must an administrator do to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?

ADelete the built-in administrator user and create a new one.

BConfigure IPv4 Trusted Host # 3 with a specific IP address.

CThe configuration changes must be made on the upstream device.

DChange the Access Profile to Read_Only.

Answer : B

Fortinet NSE 6 - FortiWeb 6.4 NSE6_FWB-6.4 Exam Questions