Patacon Web - 6.4

Question: 1 Which two statements about running a vulnerability scan are true? (Choose two.). You should run the vulnerability scan during a maintenance window. You should run the vulnerability scan in a test environment. Vulnerability scanning increases the load on FortiWeb, so it should be avoided. You should run the vulnerability scan on a live website to get accurate results.

Question: 2 FortiWeb offers the same load balancing algorithms as FortiGate. Which two Layer 7 switch methods does FortiWeb also offer? (Choose two.). Round robin. HTTP session-based round robin. HTTP user-based round robin. HTTP content routes.

Question: 3 Which would be a reason to implement HTTP rewriting?. The original page has moved to a new URL. To replace a vulnerable function in the requested URL. To send the request to secure channel. The original page has moved to a new IP address.

Question: 4 Refer to the exhibit. FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers. What must the administrator do to avoid this problem? (Choose two.). Enable the Use X-Forwarded-For setting on FortiWeb. No Special configuration is required; connectivity will be re-established after the set timeout. Place FortiWeb in front of FortiADC. Enable the Add X-Forwarded-For setting on FortiWeb.

Question: 5 Which statement about local user accounts is true?. They are best suited for large environments with many users. They cannot be used for site publishing. They must be assigned, regardless of any other authentication. They can be used for SSO.

Question: 6 Refer to the exhibit. Based on the configuration, what would happen if this FortiWeb were to lose power? (Choose two.). Traffic that passes between port5 and port6 will be inspected. Traffic will be interrupted between port3 and port4. All traffic will be interrupted. Traffic will pass between port5 and port6 uninspected.

Question: 7 Refer to the exhibit. FortiWeb is configured to block traffic from Japan to your web application server. However, in the logs, the administrator is seeing traffic allowed from one particular IP address which is geo-located in Japan. What can the administrator do to solve this problem? (Choose two.). Manually update the geo-location IP addresses for Japan. If the IP address is configured as a geo reputation exception, remove it. Configure the IP address as a blacklisted IP address. If the IP address is configured as an IP reputation exception, remove it.

Question: 8 Which algorithm is used to build mathematical models for bot detection?. HCM. SVN. SVM. HMM.

Question: 9 A client is trying to start a session from a page that would normally be accessible only after the client has logged in. When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.). Display an access policy message, then allow the client to continue. Redirect the client to the login page. Allow the page access, but log the violation. Prompt the client to authenticate. Reply with a 403 Forbidden HTTP error.

Question: 10 Refer to the exhibit. Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate. What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?. Change Model Type to Strict. Change Action under Action Settings to Alert. Disable Dynamically Update Model. Enable Bot Confirmation.

Question: 11 What can an administrator do if a client has been incorrectly period blocked?. Nothing, it is not possible to override a period block. Manually release the ID address from the temporary blacklist. Force a new IP address to the client. Disconnect the client from the network.

Question: 12 Which regex expression is the correct format for redirecting the URL http://www.example.com?. www\.example\.com. www.example.com. www\example\com. www/.example/.com.

Question: 13 When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform the browser of the new URL? (Choose two.). 403. 302. 301. 404.

Question: 14 True transparent proxy mode is best suited for use in which type of environment?. New networks where infrastructure is not yet defined. Flexible environments where you can easily change the IP addressing scheme. Small office to home office environments. Environments where you cannot change the IP addressing scheme.

Question: 15 What is the expected result of this configuration setting?. When machine learning (ML) is in its collecting phase, FortiWeb will accept an unlimited number of samples from the same source IP address. When machine learning (ML) is in its running phase, FortiWeb will accept an unlimited number of samples from the same source IP address. When machine learning (ML) is in its collecting phase, FortiWeb will not accept any samples from any source IP addresses. When machine learning (ML) is in its running phase, FortiWeb will accept a set number of samples from the same source IP address.

Question: 16 Which two statements about the anti-defacement feature on FortiWeb are true? (Choose two.). Anti-defacement can redirect users to a backup web server, if it detects a change. Anti-defacement downloads a copy of your website to RAM, in order to restore a clean image, if it detects defacement. FortiWeb will only check to see if there are changes on the web server; it will not download the whole file each time. Anti-defacement does not make a backup copy of your databases.

Question: 17 What must you do with your FortiWeb logs to ensure PCI DSS compliance?. Store in an off-site location. Erase them every two weeks. Enable masking of sensitive data. Compress them into a .zip file format.

Question: 18 What role does FortiWeb play in ensuring PCI DSS compliance?. It provides the ability to securely process cash transactions. It provides the required SQL server protection. It provides the WAF required by PCI. It provides credit card processing capabilities.

Question: 19 Refer to the exhibit. There is only one administrator account configured on FortiWeb. What must an administrator do to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?. Delete the built-in administrator user and create a new one. Configure IPv4 Trusted Host # 3 with a specific IP address. The configuration changes must be made on the upstream device. Change the Access Profile to Read_Only.

Question: 20 What key factor must be considered when setting brute force rate limiting and blocking?. A single client contacting multiple resources. Multiple clients sharing a single Internet connection. Multiple clients from geographically diverse locations. Multiple clients connecting to multiple resources.

Question: 21 Refer to the exhibits. FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on the configuration shown in the exhibits, which of the following statements is true?. FortiGate should forward web traffic to the server pool IP addresses. The configuration is incorrect. FortiWeb should always be located upstream to FortiGate. You must disable the Preserve Client IP setting on FotriGate for this configuration to work. FortiGate should forward web traffic to virtual server IP address.

Question: 22 When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?. If you are a small business or home office. If you are an enterprise whose employees use only mobile devices. If you are an enterprise whose resources do not need security. If you are an enterprise whose computers all trust your active directory or other CA server.

Question: 23 In which scenario might you want to use the compression feature on FortiWeb?. When you are serving many corporate road warriors using 4G tablets and phones. When you are offering a music streaming service. When you want to reduce buffering of video streams. Never, since most traffic today is already highly compressed.

Question: 24 The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism. Which two functions does the first layer perform? (Choose two.). Determines whether an anomaly is a real attack or just a benign anomaly that should be ignored. Builds a threat model behind every parameter and HTTP method. Determines if a detected threat is a false-positive or not. Determines whether traffic is an anomaly, based on observed application traffic over time.

Question: 25 In which two operating modes can FortiWeb modify HTTP packets? (Choose two.). Offline protection. Transparent inspection. Reverse Proxy. True transparent proxy.

Question: 26 When viewing the attack logs on FortiWeb, which client IP address is shown when you are using XFF header rules?. FortiGate public IP. FortiWeb. FortiGate local IP. Client real IP.

Question: 27 Which three statements about HTTPS on FortiWeb are true? (Choose three.). For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy. After enabling HSTS, redirects to HTTPS are no longer necessary. In true transparent mode, the TLS session terminator is a protected web server. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Question: 28 What is one of the key benefits of the FortiGuard IP reputation feature?. It maintains a list of private IP addresses. It provides a document of IP addresses that are suspect, so that administrators can manually update their blacklists. It is updated once per year. It maintains a list of public IPs with a bad reputation for participating in attacks.

Question: 29 How does FortiWeb protect against defacement attacks?. It keeps a complete backup of all files and the database. It keeps hashes of files and periodically compares them to the server. It keeps full copies of all files and directories. It keeps a live duplicate of the database.

Question: 30 You are using HTTP content routing on FortiWeb. You want requests for web application A to be forwarded to a cluster of web servers, which all host the same web application. You want requests for web application B to be forwarded to a different, single web server. Which statement about this solution is true?. The server policy applies the same protection profile to all of its protected web applications. You must put the single web server in to a server pool, in order to use it with HTTP content routing. You must chain policies so that requests for web application A go to the virtual server for policy A, and requests for web application B go to the virtual server for policy B. Static or policy-based routes are not required.

Question: 31 When generating a protection configuration from an auto learning report what critical step must you do before generating the final protection configuration?. Restart the FortiWeb to clear the caches. Drill down in the report to correct any false positives. Activate the report to create the profile. Take the FortiWeb offline to apply the profile.

Question: 32 How does an ADOM differ from a VDOM?. ADOMs do not have virtual networking. ADOMs improve performance by offloading some functions. ADOMs only affect specific functions, and do not provide full separation like VDOMs do. Allows you to have 1 administrator for multiple tenants.

Question: 33 You are configuring FortiAnalyzer to store logs from FortiWeb. Which is true?. FortiAnalyzer will store antivirus and DLP archives from FortiWeb. You must enable ADOMs on FortiAnalyzer. To store logs from FortiWeb 6.4, on FortiAnalyzer, you must select “FrotiWeb 6.1”. FortiWeb will query FortiAnalyzer for reports, instead of generating them locally.

Question: 34 Which of the following would be a reason for implementing rewrites?. Page has been moved to a new URL. Page has been moved to a new IP address. Replace vulnerable functions. Send connection to secure channel.

Question: 35 A client is trying to start a session from a page that should normally be accessible only after they have logged in. When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.). Reply with a “403 Forbidden” HTTP error. Allow the page access, but log the violation. Automatically redirect the client to the login page. Display an access policy message, then allow the client to continue, redirecting them to their requested page. Prompt the client to authenticate.

Question: 36 Which is true about HTTPS on FortiWeb? (Choose three.). For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy. After enabling HSTS, redirects to HTTPS are no longer necessary. In true transparent mode, the TLS session terminator is a protected web server. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Question: 37 Which of the following is true about Local User Accounts?. Must be assigned regardless of any other authentication. Can be used for Single Sign On. Can be used for site publishing. Best suited for large environments with many users.

Question: 39 What other consideration must you take into account when configuring Defacement protection. Use FortiWeb to block SQL Injections and keep regular backups of the Database. Also incorporate a FortiADC into your network. None. FortiWeb completely secures the site against defacement attacks. Configure the FortiGate to perform Anti-Defacement as well.

Question: 40 Under what circumstances would you want to use the temporary uncompress feature of FortiWeb?. In the case of compression being done on the FortiWeb, to inspect the content of the compressed file. In the case of the file being a .MP3 music file. In the case of compression being done on the web server, to inspect the content of the compressed file. In the case of the file being an .MP4 video.

Question: 41 You are deploying FortiWeb 6.4 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are incorrect? (Choose two.). A. 6. B. 9. C. 3. D. 2.

Question: 42. free up resources on the database server. Free up resources on the web serve. reduces file size on the client’s storage. free up resources on the FortiGate.

Question: 43 When the FortiWeb is configured in Reverse Proxy mode and the FortiGate is configured as an SNAT device, what IP address will the FortiGate’s Real Server configuration point at?. Virtual Server IP on the FortiGate. Server’s real IP. FortiWeb’s real IP. IP Address of the Virtual Server on the FortiWeb.

Question: 44 How does your FortiWeb configuration differ if the FortiWeb is upstream of the SNAT device instead of downstream of the SNAT device?. You must enable the “Use” X-Forwarded-For: option. FortiWeb must be set for Transparent Mode. No special configuration required. You must enable “Add” X-Forwarded-For: instead of the “Use” X-Forwarded-For: option.

Question: 46 In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies?. Non-matching traffic is allowed. non-Matching traffic is held in buffer. Non-matching traffic is Denied. Non-matching traffic is rerouted to FortiGate.

Question: 47 You’ve configured an authentication rule with delegation enabled on FortiWeb. What happens when a user tries to access the web application?. FortiWeb redirects users to a FortiAuthenticator page, then if the user authenticates successfully, FortiGate signals to FortiWeb to allow access to the web app. FortiWeb redirects the user to the web app’s authentication page. FortiWeb forwards the HTTP challenge from the server to the client, then monitors the reply, allowing access if the user authenticates successfully. FortiWeb replies with a HTTP challenge of behalf of the server, the if the user authenticates successfully, FortiWeb allows the request and also includes credentials in the request that it forwards to the web app.

Question: 48 When integrating FortiWeb and FortiAnalyzer, why is the selection for FortiWeb Version critical? (Choose two). Defines Log file format. Defines communication protocol. Defines Database Schema. Defines Log storage location.

Question: 49 What role does FortiWeb play in ensuring PCI DSS compliance?. PCI specifically requires a WAF. Provides credit card processing capabilities. Provide ability to securely process cash transactions. Provides load balancing between multiple web servers.

Question: 50 Which operation mode does not require additional configuration in order to allow FTP traffic to your web server?. Offline Protection. Transparent Inspection. True Transparent Proxy. Reverse-Proxy.

Question: 51 Which implementation is best suited for a deployment that must meet compliance criteria?. SSL Inspection with FortiWeb in Transparency mode. SSL Offloading with FortiWeb in reverse proxy mode. SSL Inspection with FortiWeb in Reverse Proxy mode. SSL Offloading with FortiWeb in Transparency Mode.

Question: 52 Which of the following FortiWeb features is part of the mitigation tools against OWASP A4 threats?. Sensitive info masking. Poison Cookie detection. Session Management. Brute Force blocking.

Question: 53 What capability can FortiWeb add to your Web App that your Web App may or may not already have?. Automatic backup and recovery. High Availability. HTTP/HTML Form Authentication. SSL Inspection.

Question: 54 An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods. What FortiWeb feature should you configure?. Enable “Shared IP” and configure the separate rate limits for requests from NATted source IPs. Configure FortiWeb to use “X-Forwarded-For:” headers to find each client’s private network IP, and to block attacks using that. Enable SYN cookies. Configure a server policy that matches requests from shared Internet connections.

Question: 55 Under which circumstances does FortiWeb use its own certificates? (Choose Two). Secondary HTTPS connection to server where FortiWeb acts as a client. HTTPS to clients. HTTPS access to GUI. HTTPS to FortiGate.

Question: 56 What benefit does Auto Learning provide?. Automatically identifies and blocks suspicious IPs. FortiWeb scans all traffic without taking action and makes recommendations on rules. Automatically builds rules sets. Automatically blocks all detected threats.

Which two statements about the anti-defacement feature on FortiWeb are true? (Choose two.}. Antidefacement can redirect users to a backup web server, if it detects a change. Anti-defacement downloads a copy of your website to RAM, in order to restore a clean image, if it detects defacement. FortiWed will only check to see if there are changes on the wed server; it will not download the whole file each time. Anti-defacement does not make a backup copy of your databases.

Which two statements about running a vulnerability scan are true? (Choose two.). You should run the vulnerability scan during a maintenance window. You should run the vulnerability scan in a test environment. Vulnerability scanning increases the load on FortiWeb, so it should be avoided. You should run the vulnerability scan on a five website to get accurate results.

Refer to the exhibit. What is true about this FortiWeb device? (Choose two.). lt is currently running version 6.4.0. it has 41% of the disk available for logging. It is currently running version 6.4.1. It was upgraded to a different version after initial installation.

Which objects are required to configure a server policy in Reverse Proxy mode without content routing? (Choose two.). Server Pool. Virtual Server. Site Publishing. Protected hostname.

Which command will enable debugging for the FortiWeb user tracking feature?. diagnose debug enable user-tracking 7. debug application user-tracking 7. diagnose debug application user-tracking 7. debug enable user-tracking 7.

which two items can be defined in a FortiWeb XML Protection Rule? (Choose two). Attribute name length. Web protection profile. API key. Element depth.

Whitch tow statements about the anti-defacement feature on FortiWeb are true? (Choose two.). Anti-defacement can redirect users to a backup web server if it detects a change. FortiWeb will only check to see if there are changes on the web server; it will not download all the contents each time. Anti-defacement does not make a backup copy of your database. Anti-defacement downloads a copy of your website to RAM, in order to restore a clean image inmediately if it detects a defacement.

Which statements about HTTPS on FortiWeb are true? (Choose two.). For SNI, you selec the certificate that fortiWeb presents in the server pool, not in the server policy. In transparent inspection moe, you select the certificate that fortiWeb presents to clients in the server pool, not in the server policy. Afther enabling HSTS, redirects to HTTPS are never needed. In true transparent mode, an SSL conection is terminated on the protected web server.

Which high availability mode is easiest to integrate with a traffic distributer like FortiADC?. Active-Active. Active-Pasive. Load Sharing. Cold Standby.

Refer to the exhibit. If a device (which is performing SNAT or load balancing) sits downstream from FortiWeb, what configuration must you do to preserve the original IP address of the client?. Enable and configure the Add X-Forwarded-For setting. No special configuration is requeriment. Enable and configure the Preserve Client IP Setting. Use a transparent operating mode on FortiWeb.

What can an administrator do if a client | has been incorrectly period blocked?. Nothing, it is not possible to override a period block. Manually release the IP address from the temporary blocklist. Force a new IP address to the client. Reboot the client.

In which operation mode are HTTP requests destined to a virtual server IP address on the FortiWeb, and not to a web server directly?. Reverse Proxy. True transparent proxy. Transparent inspection. Virtual Proxy.

In which situation would you use the temporary uncompress feature on FortiWeb?. To examine client data if it is encrypted when it reaches FortiWeb. When the content size is too large and you want to optimize RAM usage. When compression is being done on FortiWeb, to inspect the content of the compressed file. To examine client data that is compressed when it reaches FortiWeb.

Refer to the exhibit. The exhibit shows SSL offloading. Which device is using the private key for the protected web server?. FortiWeb. None. The private key is not needed in SSL offloading. Client. Server.

Review the following FortiWeb CLI command: Diagnose network sniffer port3 none 6. It will display only six packets before ending. It will show the interface name in the output. It will only show TCP packets. It will display the mac address of the source and destination interfaces.