NSE6_FWB-6.4 Exam Details

  • Exam Code
    :NSE6_FWB-6.4
  • Exam Name
    :Fortinet NSE 6 - FortiWeb 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :56 Q&As
  • Last Updated
    :Jul 13, 2026

Fortinet NSE6_FWB-6.4 Online Questions & Answers

  • Question 1:

    Which operation mode does not require additional configuration in order to allow FTP traffic to your web server?

    A. Offline Protection
    B. Transparent Inspection
    C. True Transparent Proxy
    D. Reverse-Proxy

  • Question 2:

    FortiWeb offers the same load balancing algorithms as FortiGate.

    Which two Layer 7 switch methods does FortiWeb also offer? (Choose two.)

    A. Round robin
    B. HTTP session-based round robin
    C. HTTP user-based round robin
    D. HTTP content routes

  • Question 3:

    Refer to the exhibit.

    There is only one administrator account configured on FortiWeb. What must an administrator do to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?

    A. Delete the built-in administrator user and create a new one.
    B. Configure IPv4 Trusted Host # 3 with a specific IP address.
    C. The configuration changes must be made on the upstream device.
    D. Change the Access Profile to Read_Only.

  • Question 4:

    What role does FortiWeb play in ensuring PCI DSS compliance?

    A. It provides the ability to securely process cash transactions.
    B. It provides the required SQL server protection.
    C. It provides the WAF required by PCI.
    D. It provides credit card processing capabilities.

  • Question 5:

    An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods.

    What FortiWeb feature should you configure?

    A. Enable "Shared IP" and configure the separate rate limits for requests from NATted source IPs.
    B. Configure FortiWeb to use "X-Forwarded-For:" headers to find each client's private network IP, and to block attacks using that.
    C. Enable SYN cookies.
    D. Configure a server policy that matches requests from shared Internet connections.

  • Question 6:

    Refer to the exhibit.

    FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.

    What must the administrator do to avoid this problem? (Choose two.)

    A. Enable the Use X-Forwarded-For setting on FortiWeb.
    B. No Special configuration is required; connectivity will be re-established after the set timeout.
    C. Place FortiWeb in front of FortiADC.
    D. Enable the Add X-Forwarded-For setting on FortiWeb.

  • Question 7:

    Refer to the exhibit.

    Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate.

    What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?

    A. Change Model Type to Strict
    B. Change Action under Action Settings to Alert
    C. Disable Dynamically Update Model
    D. Enable Bot Confirmation

  • Question 8:

    When generating a protection configuration from an auto learning report what critical step must you do before generating the final protection configuration?

    A. Restart the FortiWeb to clear the caches
    B. Drill down in the report to correct any false positives.
    C. Activate the report to create t profile
    D. Take the FortiWeb offline to apply the profile

  • Question 9:

    Refer to the exhibit.

    FortiWeb is configured to block traffic from Japan to your web application server. However, in the logs, the administrator is seeing traffic allowed from one particular IP address which is geo-located in Japan. What can the administrator do to solve this problem? (Choose two.)

    A. Manually update the geo-location IP addresses for Japan.
    B. If the IP address is configured as a geo reputation exception, remove it.
    C. Configure the IP address as a blacklisted IP address.
    D. If the IP address is configured as an IP reputation exception, remove it.

  • Question 10:

    You are configuring FortiAnalyzer to store logs from FortiWeb.

    Which is true?

    A. FortiAnalyzer will store antivirus and DLP archives from FortiWeb.
    B. You must enable ADOMs on FortiAnalyzer.
    C. To store logs from FortiWeb 6.4, on FortiAnalyzer, you must select "FrotiWeb 6.1".
    D. FortiWeb will query FortiAnalyzer for reports, instead of generating them locally.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE6_FWB-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.