Fortinet NSE6_FWB-5.6.0 Exam Questions

Question 6 of 30

Which is true about HTTPS on FortiWeb? (Choose three.)

For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.

After enabling HSTS, redirects to HTTPS are no longer necessary.

In true transparent mode, the TLS session terminator is a protected web server.

Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.

In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Correct Answer: A, C, E

Question 7 of 30

When viewing the attack logs on your FortiWeb, which IP Address is shown for the client when using XFF Header rules?

FortiGate's public IP

FortiGate's local IP

FortiWeb's IP

Client's real IP

Correct Answer: D

Question 8 of 30

Which of the following is true about Local User Accounts?

Must be assigned regardless of any other authentication

Can be used for Single Sign On

Can be used for site publishing

Best suited for large environments with many users

Correct Answer: A

Question 9 of 30

In which operation mode(s) can FortiWeb modify HTTP packets? (Choose two.)

Transparent Inspection

Offline protection

True transparent proxy

Reverse proxy

Correct Answer: D

Question 10 of 30

What other consideration must you take into account when configuring Defacement protection?

Use FortiWeb to block SQL Injections and keep regular backups of the Database

Also incorporate a FortiADC into your network

None. FortiWeb completely secures the site against defacement attacks

Configure the FortiGate to perform Anti-Defacement as well

Correct Answer: D