Fortinet nse6-fwb-6-1 practice test
Fortinet NSE 6 - FortiWeb 6.1 Exam
Last exam update: Jul 20 ,2024
Question 1
What key factor must be considered when setting brute force rate limiting and blocking?
- A. A single client contacting multiple resources
- B. Multiple clients sharing a single Internet connection
- C. Multiple clients from geographically diverse locations
- D. Multiple clients connecting to multiple resources
Answer:
D
Question 2
Refer to the exhibit.
There is only one administrator account configured on FortiWeb. What must an administrator do to
restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?
- A. Delete the built-in administrator user and create a new one.
- B. Configure IPv4 Trusted Host # 3 with a specific IP address.
- C. The configuration changes must be made on the upstream device.
- D. Change the Access Profile to Read_Only.
Answer:
A
Reference:
https://docs.fortinet.com/document/fortiweb/6.1.1/administration-
guide/397469/preventing-brute-force-logins
Question 3
What role does FortiWeb play in ensuring PCI DSS compliance?
- A. It provides the ability to securely process cash transactions.
- B. It provides the required SQL server protection.
- C. It provides the WAF required by PCI.
- D. It provides credit card processing capabilities.
Answer:
D
Explanation:
FortiWeb protects against attacks that lead to sensitive data exposure such as SQL Injection and other
injection types. Additionally, FortiWeb inspects all web server outgoing traffic for sensitive data such
as Social Security numbers, credit card numbers and other predefined or custom based sensitive
data.
Reference:
https://www.gordion.de/fileadmin/user_upload/SG-PCI-Compliance.pdf
Question 4
What must you do with your FortiWeb logs to ensure PCI DSS compliance?
- A. Store in an off-site location
- B. Erase them every two weeks
- C. Enable masking of sensitive data
- D. Compress them into a .zip file format
Answer:
C
Reference:
https://docplayer.net/8466775-Fortiweb-web-application-firewall-ensuring-compliance-for-pci-dss-requirement-6-6-solution-guide.html
Question 5
Which two statements about the anti-defacement feature on FortiWeb are true? (Choose two.)
- A. Anti-defacement can redirect users to a backup web server, if it detects a change.
- B. Anti-defacement downloads a copy of your website to RAM, in order to restore a clean image, if it detects defacement.
- C. FortiWeb will only check to see if there are changes on the web server; it will not download the whole file each time.
- D. Anti-defacement does not make a backup copy of your databases.
Answer:
C, D
Explanation:
Anti-defacement backs up web pages only,notdatabases.
If it detects any file changes, theFortiWebappliance will download a new backup revision.
Reference:
https://help.fortinet.com/fweb/551/Content/FortiWeb/fortiweb-
admin/anti_defacement.htm
Question 6
Review the following configuration:
What is the expected result of this configuration setting?
- A. When machine learning (ML) is in its collecting phase, FortiWeb will accept an unlimited number of samples from the same source IP address.
- B. When machine learning (ML) is in its running phase, FortiWeb will accept an unlimited number of samples from the same source IP address.
- C. When machine learning (ML) is in its collecting phase, FortiWeb will not accept any samples from any source IP addresses.
- D. When machine learning (ML) is in its running phase, FortiWeb will accept a set number of samples from the same source IP address.
Answer:
A
Question 7
True transparent proxy mode is best suited for use in which type of environment?
- A. New networks where infrastructure is not yet defined
- B. Flexible environments where you can easily change the IP addressing scheme
- C. Small office to home office environments
- D. Environments where you cannot change the IP addressing scheme
Answer:
D
Explanation:
Does not require changes to the IP address scheme of the network. Requests are destined for a web
server and not theFortiWebappliance. This operation mode supports the same feature set as True
Transparent Proxy mode.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.0/administration-
guide/211763/planning-the-network-topology
Question 8
When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform
the browser of the new URL? (Choose two.)
- A. 403
- B. 302
- C. 301
- D. 404
Answer:
B, C
Reference:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302
Question 9
Which regex expression is the correct format for redirecting the URL
http://www.example.com
?
- A. www\.example\.com B. www.example.com
- C. www\example\com
- D. www/.example/.com
Answer:
B
Explanation:
\1://www.company.com/\2/\3
Reference:
https://learn.akamai.com/en-us/webhelp/edge-redirector/edge-redirector-guide/GUID-0C22DFC2-DCC4-42AF-BDB2-9537FBEE03FD.html
Question 10
What can an administrator do if a client has been incorrectly period blocked?
- A. Nothing, it is not possible to override a period block.
- B. Manually release the ID address from the temporary blacklist.
- C. Force a new IP address to the client.
- D. Disconnect the client from the network.
Answer:
B
Explanation:
Block Period
Enter the number of seconds that you want to block the requests. The valid range is 13,600
seconds. The default value is 60 seconds.
This option only takes effect when you choosePeriod BlockinAction.
Note: Thats a temporary blacklist so you can manually release them from the blacklist.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.1/administration-
guide/600188/configuring-bot-detection-profiles
Question 11
Refer to the exhibit.
Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with
the settings shown in the exhibit. The FortiWeb administrator has already verified that the current
model is accurate.
What can the administrator do to fix this problem, making sure that real bots are not allowed
through FortiWeb?
- A. Change Model Type to Strict
- B. Change Action under Action Settings to Alert
- C. Disable Dynamically Update Model
- D. Enable Bot Confirmation
Answer:
D
Explanation:
Bot Confirmation
If the number of anomalies from a user has reached theAnomaly Count, the system executesBot
Confirmationbefore taking actions.
TheBot Confirmationis to confirm if the user is indeed a bot. The system sends RBE (Real Browser
Enforcement) JavaScript or CAPTCHA to the client to double check if it's a real bot.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.1/administration-
guide/600188/configuring-bot-detection-profiles
Question 12
A client is trying to start a session from a page that would normally be accessible only after the client
has logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)
- A. Display an access policy message, then allow the client to continue
- B. Redirect the client to the login page
- C. Allow the page access, but log the violation
- D. Prompt the client to authenticate
- E. Reply with a 403 Forbidden HTTP error
Answer:
B, C, E
Reference:
https://help.fortinet.com/fweb/607/Content/FortiWeb/fortiweb-
admin/specify_urls_to_initiate.htm
Question 13
Which algorithm is used to build mathematical models for bot detection?
- A. HCM
- B. SVN
- C. SVM
- D. HMM
Answer:
C
Explanation:
FortiWeb uses SVM (Support Vector Machine) algorithm to build up the bot detection model
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.7/administration-
guide/193258/machine-learning
Question 14
Refer to the exhibit.
FortiWeb is configured to block traffic from Japan to your web application server. However, in the
logs, the administrator is seeing traffic allowed from one particular IP address which is geo-located in
Japan.
What can the administrator do to solve this problem? (Choose two.)
- A. Manually update the geo-location IP addresses for Japan.
- B. If the IP address is configured as a geo reputation exception, remove it.
- C. Configure the IP address as a blacklisted IP address.
- D. If the IP address is configured as an IP reputation exception, remove it.
Answer:
A, C
Explanation:
IP reputation leverages many techniques for accurate, early, and frequently updated identification of
compromised and malicious clients so you can block attackersbeforethey target your servers.
IP blacklisting is a method used to filter out illegitimate ormalicious IP addresses from accessing
your networks. Blacklists are lists containing ranges of or individual IP addresses that you want to
block.
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.5/administration-
guide/137271/blacklisting-whitelisting-clients
https://www.imperva.com/learn/application-security/ip-blacklist/
Question 15
Refer to the exhibit.
Based on the configuration, what would happen if this FortiWeb were to lose power? (Choose two.)
- A. Traffic that passes between port5 and port6 will be inspected.
- B. Traffic will be interrupted between port3 and port4.
- C. All traffic will be interrupted.
- D. Traffic will pass between port5 and port6 uninspected.
Answer:
B, D
Reference:
https://docs.fortinet.com/document/fortiweb/6.3.10/administration-guide/33485/fail-
to-wire-for-power-loss-reboots