Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE6_FWB-6.4 - Fortinet NSE 6 - FortiWeb 6.4

Fortinet NSE6_FWB-6.4 Premium Access     Download Demo    
Page: 1 / 2
Total 56 questions

Refer to the exhibit.

FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.

What must the administrator do to avoid this problem? (Choose two.)

A.

Enable the Use X-Forwarded-For setting on FortiWeb.

B.

No Special configuration is required; connectivity will be re-established after the set timeout.

C.

Place FortiWeb in front of FortiADC.

D.

Enable the Add X-Forwarded-For setting on FortiWeb.

Under which circumstances does FortiWeb use its own certificates? (Choose Two)

A.

Secondary HTTPS connection to server where FortiWeb acts as a client

B.

HTTPS to clients

C.

HTTPS access to GUI

D.

HTTPS to FortiGate

You are deploying FortiWeb 6.4 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are incorrect? (Choose two.)

A.

6

B.

9

C.

3

D.

2

True transparent proxy mode is best suited for use in which type of environment?

A.

New networks where infrastructure is not yet defined

B.

Flexible environments where you can easily change the IP addressing scheme

C.

Small office to home office environments

D.

Environments where you cannot change the IP addressing scheme

Refer to the exhibit.

Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate.

What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?

A.

Change Model Type to Strict

B.

Change Action under Action Settings to Alert

C.

Disable Dynamically Update Model

D.

Enable Bot Confirmation

What can an administrator do if a client has been incorrectly period blocked?

A.

Nothing, it is not possible to override a period block.

B.

Manually release the ID address from the temporary blacklist.

C.

Force a new IP address to the client.

D.

Disconnect the client from the network.

Which of the following would be a reason for implementing rewrites?

A.

Page has been moved to a new URL

B.

Page has been moved to a new IP address

C.

Replace vulnerable functions.

D.

Send connection to secure channel

Which would be a reason to implement HTTP rewriting?

A.

The original page has moved to a new URL

B.

To replace a vulnerable function in the requested URL

C.

To send the request to secure channel

D.

The original page has moved to a new IP address

In which operation mode(s) can FortiWeb modify HTTP packets? (Choose two.)

A.

Transparent Inspection

B.

Offline protection

C.

True transparent proxy

D.

Reverse proxy

Refer to the exhibits.

FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on the configuration shown in the exhibits, which of the following statements is true?

A.

FortiGate should forward web traffic to the server pool IP addresses.

B.

The configuration is incorrect. FortiWeb should always be located upstream to FortiGate.

C.

You must disable the Preserve Client IP setting on FotriGate for this configuration to work.

D.

FortiGate should forward web traffic to virtual server IP address.