ExamGecko
Search Search Login
Home Home / Fortinet / NSE6_FWB-6.4

Fortinet NSE6_FWB-6.4 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True transparent proxy mode is best suited for use in which type of environment?
You've configured an authentication rule with delegation enabled on FortiWeb. What happens when a user tries to access the web application?
You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a cluster of web servers which all host the same web app. Requests for web app B should be forwarded to a different, single web server. Which is true about the solution?
In which scenario might you want to use the compression feature on FortiWeb?
Which algorithm is used to build mathematical models for bot detection?
Which is true about HTTPS on FortiWeb? (Choose three.)
When integrating FortiWeb and FortiAnalyzer, why is the selection for FortiWeb Version critical? (Choose two)
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)
The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism. Which two functions does the first layer perform? (Choose two.)
Refer to the exhibit. Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate. What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?

Question 21

Report
Export
Collapse

A client is trying to start a session from a page that would normally be accessible only after the client has logged in.

When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

A.
Display an access policy message, then allow the client to continue
A.
Display an access policy message, then allow the client to continue
Answers
B.
Redirect the client to the login page
B.
Redirect the client to the login page
Answers
C.
Allow the page access, but log the violation
C.
Allow the page access, but log the violation
Answers
D.
Prompt the client to authenticate
D.
Prompt the client to authenticate
Answers
E.
Reply with a 403 Forbidden HTTP error
E.
Reply with a 403 Forbidden HTTP error
Answers
Suggested answer: B, C, E

Question 22

Report
Export
Collapse

Refer to the exhibit.

Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate.

What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?

A.
Change Model Type to Strict
A.
Change Model Type to Strict
Answers
B.
Change Action under Action Settings to Alert
B.
Change Action under Action Settings to Alert
Answers
C.
Disable Dynamically Update Model
C.
Disable Dynamically Update Model
Answers
D.
Enable Bot Confirmation
D.
Enable Bot Confirmation
Answers
Suggested answer: D

Explanation:

Bot Confirmation

If the number of anomalies from a user has reached theAnomaly Count, the system executesBot Confirmationbefore taking actions.

TheBot Confirmationis to confirm if the user is indeed a bot. The system sends RBE (Real Browser Enforcement) JavaScript or CAPTCHA to the client to double check if it's a real bot.

Question 23

Report
Export
Collapse

What can an administrator do if a client has been incorrectly period blocked?

A.
Nothing, it is not possible to override a period block.
A.
Nothing, it is not possible to override a period block.
Answers
B.
Manually release the ID address from the temporary blacklist.
B.
Manually release the ID address from the temporary blacklist.
Answers
C.
Force a new IP address to the client.
C.
Force a new IP address to the client.
Answers
D.
Disconnect the client from the network.
D.
Disconnect the client from the network.
Answers
Suggested answer: B

Explanation:

Block Period

Enter the number of seconds that you want to block the requests. The valid range is 1--3,600 seconds. The default value is 60 seconds.

This option only takes effect when you choosePeriod BlockinAction.

Note: That's a temporary blacklist so you can manually release them from the blacklist.

Question 24

Report
Export
Collapse

Which regex expression is the correct format for redirecting the URL http://www.example.com?

A.
www\.example\.com
A.
www\.example\.com
Answers
B.
www.example.com
B.
www.example.com
Answers
C.
www\example\com
C.
www\example\com
Answers
D.
www/.example/.com
D.
www/.example/.com
Answers
Suggested answer: B

Explanation:

\1://www.company.com/\2/\3

Question 25

Report
Export
Collapse

When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform the browser of the new URL? (Choose two.)

A.
403
A.
403
Answers
B.
302
B.
302
Answers
C.
301
C.
301
Answers
D.
404
D.
404
Answers
Suggested answer: B, C

Question 26

Report
Export
Collapse

True transparent proxy mode is best suited for use in which type of environment?

A.
New networks where infrastructure is not yet defined
A.
New networks where infrastructure is not yet defined
Answers
B.
Flexible environments where you can easily change the IP addressing scheme
B.
Flexible environments where you can easily change the IP addressing scheme
Answers
C.
Small office to home office environments
C.
Small office to home office environments
Answers
D.
Environments where you cannot change the IP addressing scheme
D.
Environments where you cannot change the IP addressing scheme
Answers
Suggested answer: B

Explanation:

'Because blocking is not guaranteed to succeed in offline mode, this mode is best used during the evaluation and planning phase, early in implementation. Reverse proxy is the most popular operating mode. It can rewrite URLs, offload TLS, load balance, and apply NAT. For very large MSSP, true transparent mode has a significant advantage. You can drop it in without changing any schemes of limited IPv4 space--in transparent mode, you don't need to give IP addresses to the network interfaces on FortiWeb.'

Question 27

Report
Export
Collapse

When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?

A.
If you are a small business or home office
A.
If you are a small business or home office
Answers
B.
If you are an enterprise whose employees use only mobile devices
B.
If you are an enterprise whose employees use only mobile devices
Answers
C.
If you are an enterprise whose resources do not need security
C.
If you are an enterprise whose resources do not need security
Answers
D.
If you are an enterprise whose computers all trust your active directory or other CA server
D.
If you are an enterprise whose computers all trust your active directory or other CA server
Answers
Suggested answer: D

Question 28

Report
Export
Collapse

In which scenario might you want to use the compression feature on FortiWeb?

A.
When you are serving many corporate road warriors using 4G tablets and phones
A.
When you are serving many corporate road warriors using 4G tablets and phones
Answers
B.
When you are offering a music streaming service
B.
When you are offering a music streaming service
Answers
C.
When you want to reduce buffering of video streams
C.
When you want to reduce buffering of video streams
Answers
D.
Never, since most traffic today is already highly compressed
D.
Never, since most traffic today is already highly compressed
Answers
Suggested answer: A

Explanation:

https://training.fortinet.com/course/view.php?id=3363

When might you want to use the compression feature on FortiWeb? When you are serving many road warriors who are using 4G tablets and phones

Question 29

Report
Export
Collapse

The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism.

Which two functions does the first layer perform? (Choose two.)

A.
Determines whether an anomaly is a real attack or just a benign anomaly that should be ignored
A.
Determines whether an anomaly is a real attack or just a benign anomaly that should be ignored
Answers
B.
Builds a threat model behind every parameter and HTTP method
B.
Builds a threat model behind every parameter and HTTP method
Answers
C.
Determines if a detected threat is a false-positive or not
C.
Determines if a detected threat is a false-positive or not
Answers
D.
Determines whether traffic is an anomaly, based on observed application traffic over time
D.
Determines whether traffic is an anomaly, based on observed application traffic over time
Answers
Suggested answer: B, D

Explanation:

The first layer uses the Hidden Markov Model (HMM) and monitors access to the application and collects data to build a mathematical model behind every parameter and HTTP method.

Question 30

Report
Export
Collapse

In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)

A.
Offline protection
A.
Offline protection
Answers
B.
Transparent inspection
B.
Transparent inspection
Answers
C.
True transparent proxy
C.
True transparent proxy
Answers
D.
Reverse proxy
D.
Reverse proxy
Answers
Suggested answer: C, D
Total 56 questions
Go to page: of 6
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms