Exam Details
Exam Code
:NSE6_FWB-6.4Exam Name
:Fortinet NSE 6 - FortiWeb 6.4Certification
:Fortinet CertificationsVendor
:FortinetTotal Questions
:56 Q&AsLast Updated
:Jul 03, 2025
Fortinet Fortinet Certifications NSE6_FWB-6.4 Questions & Answers
-
Question 31:
What must you do with your FortiWeb logs to ensure PCI DSS compliance?
A. Store in an off-site location
B. Erase them every two weeks
C. Enable masking of sensitive data
D. Compress them into a .zip file format
-
Question 32:
Refer to the exhibits.
FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on the configuration shown in the exhibits, which of the following statements is true?
A. FortiGate should forward web traffic to the server pool IP addresses.
B. The configuration is incorrect. FortiWeb should always be located upstream to FortiGate.
C. You must disable the Preserve Client IP setting on FotriGate for this configuration to work.
D. FortiGate should forward web traffic to virtual server IP address.
-
Question 33:
You are using HTTP content routing on FortiWeb. You want requests for web application A to be forwarded to a cluster of web servers, which all host the same web application. You want requests for web application B to be forwarded to a different, single web server.
Which statement about this solution is true?
A. The server policy applies the same protection profile to all of its protected web applications.
B. You must put the single web server in to a server pool, in order to use it with HTTP content routing.
C. You must chain policies so that requests for web application A go to the virtual server for policy A, and requests for web application B go to the virtual server for policy B.
D. Static or policy-based routes are not required.
-
Question 34:
You are deploying FortiWeb 6.4 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are incorrect? (Choose two.)
A. 6
B. 9
C. 3
D. 2
-
Question 35:
You are configuring FortiAnalyzer to store logs from FortiWeb.
Which is true?
A. FortiAnalyzer will store antivirus and DLP archives from FortiWeb.
B. You must enable ADOMs on FortiAnalyzer.
C. To store logs from FortiWeb 6.4, on FortiAnalyzer, you must select "FrotiWeb 6.1".
D. FortiWeb will query FortiAnalyzer for reports, instead of generating them locally.
-
Question 36:
Which of the following is true about Local User Accounts?
A. Must be assigned regardless of any other authentication
B. Can be used for Single Sign On
C. Can be used for site publishing
D. Best suited for large environments with many users
-
Question 37:
When integrating FortiWeb and FortiAnalyzer, why is the selection for FortiWeb Version critical? (Choose two)
A. Defines Log file format
B. Defines communication protocol
C. Defines Database Schema
D. Defines Log storage location
-
Question 38:
You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a cluster of web servers which all host the same web app. Requests for web app B should be forwarded to a different, single web server.
Which is true about the solution?
A. Static or policy-based routes are not required.
B. To achieve HTTP content routing, you must chain policies: the first policy accepts all traffic, and forwards requests for web app A to the virtual server for policy A. It also forwards requests for web app B to the virtual server for policy B. Policy A and Policy B apply their app-specific protection profiles, and then distribute that app's traffic among all members of the server farm.
C. You must put the single web server into a server pool in order to use it with HTTP content routing.
D. The server policy applies the same protection profile to all its protected web apps.
-
Question 39:
Refer to the exhibit.
FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.
What must the administrator do to avoid this problem? (Choose two.)
A. Enable the Use X-Forwarded-For setting on FortiWeb.
B. No Special configuration is required; connectivity will be re-established after the set timeout.
C. Place FortiWeb in front of FortiADC.
D. Enable the Add X-Forwarded-For setting on FortiWeb.
-
Question 40:
When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?
A. If you are a small business or home office
B. If you are an enterprise whose employees use only mobile devices
C. If you are an enterprise whose resources do not need security
D. If you are an enterprise whose computers all trust your active directory or other CA server
Related Exams:
FCP_FGT_AD-7.4
FCP - FortiGate 7.4 AdministratorFCP_WCS_AD-7.4
FCP - AWS Cloud Security 7.4 AdministratorFCSS_EFW_AD-7.4
FCSS - Enterprise Firewall 7.4 AdministratorFCSS_NST_SE-7.4
FCSS - Network Security 7.4 Support EngineerFCSS_SASE_AD-24
FCSS - FortiSASE 24 AdministratorNSE4_FGT-5.6
Fortinet NSE 4 - FortiOS 5.6NSE4_FGT-6.0
Fortinet NSE 4 - FortiOS 6.0NSE4_FGT-6.4
Fortinet NSE 4 - FortiOS 6.4NSE4_FGT-7.0
Fortinet NSE 4 - FortiOS 7.0NSE4_FGT-7.2
Fortinet NSE 4 - FortiOS 7.2
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE6_FWB-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.