Fortinet NSE6_FWB-5.6.0 Practice Exam Questions & Answers

Question 6 of 30

A client is trying to start a session from a page that should normally be accessible only after they have logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

A.

Reply with a "403 Forbidden" HTTP error

B.

Allow the page access, but log the violation

C.

Automatically redirect the client to the login page

D.

Display an access policy message, then allow the client to continue, redirecting them to their requested page

E.

Prompt the client to authenticate

Question 7 of 30

Which is true about HTTPS on FortiWeb? (Choose three.)

A.

For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.

B.

After enabling HSTS, redirects to HTTPS are no longer necessary.

C.

In true transparent mode, the TLS session terminator is a protected web server.

D.

Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.

E.

In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Question 8 of 30

When viewing the attack logs on your FortiWeb, which IP Address is shown for the client when using XFF Header rules?

A.

FortiGate's public IP

B.

FortiGate's local IP

C.

FortiWeb's IP

D.

Client's real IP

Question 9 of 30

Which of the following is true about Local User Accounts?

A.

Must be assigned regardless of any other authentication

B.

Can be used for Single Sign On

C.

Can be used for site publishing

D.

Best suited for large environments with many users

Question 10 of 30

In which operation mode(s) can FortiWeb modify HTTP packets? (Choose two.)

A.

Transparent Inspection

B.

Offline protection

C.

True transparent proxy

D.

Reverse proxy