Fortinet Fortinet Certifications NSE6_FWB-6.4 Questions & Answers

• Question 11:

  In which scenario might you want to use the compression feature on FortiWeb?

  A. When you are serving many corporate road warriors using 4G tablets and phones

  B. When you are offering a music streaming service

  C. When you want to reduce buffering of video streams

  D. Never, since most traffic today is already highly compressed

  Correct Answer: A

  https://training.fortinet.com/course/view.php?id=3363 When might you want to use the compression feature on FortiWeb? When you are serving many road warriors who are using 4G tablets and phones

• Question 12:

  In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)

  A. Offline protection

  B. Transparent inspection

  C. True transparent proxy

  D. Reverse proxy

  Correct Answer: CD

  Reference: https://help.fortinet.com/fweb/541/Content/FortiWeb/fortiweb-admin/planning_topology.htm

• Question 13:

  Refer to the exhibit.

  

  There is only one administrator account configured on FortiWeb. What must an administrator do to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?

  A. Delete the built-in administrator user and create a new one.

  B. Configure IPv4 Trusted Host # 3 with a specific IP address.

  C. The configuration changes must be made on the upstream device.

  D. Change the Access Profile to Read_Only.

  Correct Answer: B

  Reference: https://docs.fortinet.com/document/fortiweb/6.1.1/administration-guide/397469/preventing-brute-force-logins

• Question 14:

  Which two statements about running a vulnerability scan are true? (Choose two.)

  A. You should run the vulnerability scan during a maintenance window.

  B. You should run the vulnerability scan in a test environment.

  C. Vulnerability scanning increases the load on FortiWeb, so it should be avoided.

  D. You should run the vulnerability scan on a live website to get accurate results.

  Correct Answer: AB

  Should the Vulnerability Scanner allow it, SVMS will set the scan schedule (or schedules) to run in a maintenance window. SVMS will advise Client of the scanner's ability to complete the scan(s) within the maintenance window. Vulnerabilities on live web sites. Instead, duplicate the web site and its database in a test environment.

  Reference: https://www.trustwave.com/media/17427/trustwave_mss_managed-3rd-party-vulnerability-scanning.pdf https://help.fortinet.com/fweb/552/Content/FortiWeb/fortiweb-admin/vulnerability_scans.htm

• Question 15:

  What is one of the key benefits of the FortiGuard IP reputation feature?

  A. It maintains a list of private IP addresses.

  B. It provides a document of IP addresses that are suspect, so that administrators can manually update their blacklists.

  C. It is updated once per year.

  D. It maintains a list of public IPs with a bad reputation for participating in attacks.

  Correct Answer: D

  FortiGuard IP Reputation service assigns a poor reputation, including virus-infected clients and malicious spiders/crawlers. Reference: https://docs.fortinet.com/document/fortiweb/6.1.1/administration-guide/137271/blacklisting-whitelisting-clients

• Question 16:

  When the FortiWeb is configured in Reverse Proxy mode and the FortiGate is configured as an SNAT device, what IP address will the FortiGate's Real Server configuration point at?

  A. Virtual Server IP on the FortiGate

  B. Server's real IP

  C. FortiWeb's real IP

  D. IP Address of the Virtual Server on the FortiWeb

  Correct Answer: A

• Question 17:

  Which operation mode does not require additional configuration in order to allow FTP traffic to your web server?

  A. Offline Protection

  B. Transparent Inspection

  C. True Transparent Proxy

  D. Reverse-Proxy

  Correct Answer: B

• Question 18:

  A client is trying to start a session from a page that should normally be accessible only after they have logged in.

  When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

  A. Reply with a "403 Forbidden" HTTP error

  B. Allow the page access, but log the violation

  C. Automatically redirect the client to the login page

  D. Display an access policy message, then allow the client to continue, redirecting them to their requested page

  E. Prompt the client to authenticate

  Correct Answer: ABC

• Question 19:

  True transparent proxy mode is best suited for use in which type of environment?

  A. New networks where infrastructure is not yet defined

  B. Flexible environments where you can easily change the IP addressing scheme

  C. Small office to home office environments

  D. Environments where you cannot change the IP addressing scheme

  Correct Answer: B

  "Because blocking is not guaranteed to succeed in offline mode, this mode is best used during the evaluation and planning phase, early in implementation. Reverse proxy is the most popular operating mode. It can rewrite URLs, offload TLS, load balance, and apply NAT. For very large MSSP, true transparent mode has a significant advantage. You can drop it in without changing any schemes of limited IPv4 space璱n transparent mode, you don't need to give IP addresses to the network interfaces on FortiWeb."

• Question 20:

  What can an administrator do if a client has been incorrectly period blocked?

  A. Nothing, it is not possible to override a period block.

  B. Manually release the ID address from the temporary blacklist.

  C. Force a new IP address to the client.

  D. Disconnect the client from the network.

  Correct Answer: B

  Block Period Enter the number of seconds that you want to block the requests. The valid range is 1?,600 seconds. The default value is 60 seconds. This option only takes effect when you choose Period Block in Action. Note: That's a temporary blacklist so you can manually release them from the blacklist. Reference: https://docs.fortinet.com/document/fortiweb/6.3.1/administration-guide/600188/configuring-bot-detection-profiles