Fortinet NSE6_FWB-6.4 Exam Practice Test Instant Access

Question 1

How does FortiWeb protect against defacement attacks?

AIt keeps a complete backup of all files and the database.

BIt keeps hashes of files and periodically compares them to the server.

CIt keeps full copies of all files and directories.

DIt keeps a live duplicate of the database.

Answer : B

The anti-defacement feature examines a web site's files for changes at specified time intervals. If it detects a change that could indicate a defacement attack, theFortiWebappliancecan notify you and quickly react by automatically restoring the web site contents to the previous backup.

Question 2

In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies?

ANon-matching traffic is allowed

Bnon-Matching traffic is held in buffer

CNon-matching traffic is Denied

DNon-matching traffic is rerouted to FortiGate

Answer : C

Question 3

Which two statements about running a vulnerability scan are true? (Choose two.)

AYou should run the vulnerability scan during a maintenance window.

BYou should run the vulnerability scan in a test environment.

CVulnerability scanning increases the load on FortiWeb, so it should be avoided.

DYou should run the vulnerability scan on a live website to get accurate results.

Answer : A, B

Should the Vulnerability Scanner allow it, SVMS will set the scan schedule (or schedules) to run in a maintenance window. SVMS will advise Client of the scanner's ability to complete the scan(s) within the maintenance window.

Vulnerabilities on live web sites. Instead, duplicate the web site and its database in a test environment.

https://help.fortinet.com/fweb/552/Content/FortiWeb/fortiweb-admin/vulnerability_scans.htm

Question 4

You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a cluster of web servers which all host the same web app. Requests for web app B should be forwarded to a different, single web server.

Which is true about the solution?

AStatic or policy-based routes are not required.

BTo achieve HTTP content routing, you must chain policies: the first policy accepts all traffic, and forwards requests for web app A to the virtual server for policy A. It also forwards requests for web app B to the virtual server for policy B. Policy A and Policy B apply their app-specific protection profiles, and then distribute that app's traffic among all members of the server farm.

CYou must put the single web server into a server pool in order to use it with HTTP content routing.

DThe server policy applies the same protection profile to all its protected web apps.

Answer : B

Question 5

Under which circumstances does FortiWeb use its own certificates? (Choose Two)

ASecondary HTTPS connection to server where FortiWeb acts as a client

BHTTPS to clients

CHTTPS access to GUI

DHTTPS to FortiGate

Answer : A, C

Question 6

You are deploying FortiWeb 6.4 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are incorrect? (Choose two.)

Answer : A, C

Question 7

Refer to the exhibits.

FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on the configuration shown in the exhibits, which of the following statements is true?

AFortiGate should forward web traffic to the server pool IP addresses.

BThe configuration is incorrect. FortiWeb should always be located upstream to FortiGate.

CYou must disable the Preserve Client IP setting on FotriGate for this configuration to work.

DFortiGate should forward web traffic to virtual server IP address.

Answer : D

Fortinet NSE6_FWB-6.4 Fortinet NSE 6 - FortiWeb 6.4 Exam Practice Test