What key factor must be considered when setting brute force rate limiting and blocking?
D
Refer to the exhibit.
There is only one administrator account configured on FortiWeb. What must an administrator do to
restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?
A
Reference:
https://docs.fortinet.com/document/fortiweb/6.1.1/administration-
guide/397469/preventing-brute-force-logins
What role does FortiWeb play in ensuring PCI DSS compliance?
D
Explanation:
FortiWeb protects against attacks that lead to sensitive data exposure such as SQL Injection and other
injection types. Additionally, FortiWeb inspects all web server outgoing traffic for sensitive data such
as Social Security numbers, credit card numbers and other predefined or custom based sensitive
data.
Reference:
https://www.gordion.de/fileadmin/user_upload/SG-PCI-Compliance.pdf
What must you do with your FortiWeb logs to ensure PCI DSS compliance?
C
Reference:
https://docplayer.net/8466775-Fortiweb-web-application-firewall-ensuring-compliance-for-pci-dss-requirement-6-6-solution-guide.html
Which two statements about the anti-defacement feature on FortiWeb are true? (Choose two.)
C, D
Explanation:
Anti-defacement backs up web pages only,notdatabases.
If it detects any file changes, theFortiWebappliance will download a new backup revision.
Reference:
https://help.fortinet.com/fweb/551/Content/FortiWeb/fortiweb-
admin/anti_defacement.htm
Review the following configuration:
What is the expected result of this configuration setting?
A
True transparent proxy mode is best suited for use in which type of environment?
D
Explanation:
Does not require changes to the IP address scheme of the network. Requests are destined for a web
server and not theFortiWebappliance. This operation mode supports the same feature set as True
Transparent Proxy mode.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.0/administration-
guide/211763/planning-the-network-topology
When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform
the browser of the new URL? (Choose two.)
B, C
Reference:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302
Which regex expression is the correct format for redirecting the URL
http://www.example.com
?
B
Explanation:
\1://www.company.com/\2/\3
Reference:
https://learn.akamai.com/en-us/webhelp/edge-redirector/edge-redirector-guide/GUID-0C22DFC2-DCC4-42AF-BDB2-9537FBEE03FD.html
What can an administrator do if a client has been incorrectly period blocked?
B
Explanation:
Block Period
Enter the number of seconds that you want to block the requests. The valid range is 13,600
seconds. The default value is 60 seconds.
This option only takes effect when you choosePeriod BlockinAction.
Note: Thats a temporary blacklist so you can manually release them from the blacklist.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.1/administration-
guide/600188/configuring-bot-detection-profiles
Refer to the exhibit.
Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with
the settings shown in the exhibit. The FortiWeb administrator has already verified that the current
model is accurate.
What can the administrator do to fix this problem, making sure that real bots are not allowed
through FortiWeb?
D
Explanation:
Bot Confirmation
If the number of anomalies from a user has reached theAnomaly Count, the system executesBot
Confirmationbefore taking actions.
TheBot Confirmationis to confirm if the user is indeed a bot. The system sends RBE (Real Browser
Enforcement) JavaScript or CAPTCHA to the client to double check if it's a real bot.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.1/administration-
guide/600188/configuring-bot-detection-profiles
A client is trying to start a session from a page that would normally be accessible only after the client
has logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)
B, C, E
Reference:
https://help.fortinet.com/fweb/607/Content/FortiWeb/fortiweb-
admin/specify_urls_to_initiate.htm
Which algorithm is used to build mathematical models for bot detection?
C
Explanation:
FortiWeb uses SVM (Support Vector Machine) algorithm to build up the bot detection model
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.7/administration-
guide/193258/machine-learning
Refer to the exhibit.
FortiWeb is configured to block traffic from Japan to your web application server. However, in the
logs, the administrator is seeing traffic allowed from one particular IP address which is geo-located in
Japan.
What can the administrator do to solve this problem? (Choose two.)
A, C
Explanation:
IP reputation leverages many techniques for accurate, early, and frequently updated identification of
compromised and malicious clients so you can block attackersbeforethey target your servers.
IP blacklisting is a method used to filter out illegitimate ormalicious IP addresses from accessing
your networks. Blacklists are lists containing ranges of or individual IP addresses that you want to
block.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.5/administration-
guide/137271/blacklisting-whitelisting-clients
https://www.imperva.com/learn/application-security/ip-blacklist/
Refer to the exhibit.
Based on the configuration, what would happen if this FortiWeb were to lose power? (Choose two.)
B, D
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.10/administration-guide/33485/fail-
to-wire-for-power-loss-reboots