NSE6_FWB-6.0 Online Practice Questions and Answers

When generating a protection configuration from an auto learning report what critical step must you do before generating the final protection configuration?

A. Restart the FortiWeb to clear the caches

B. Drill down in the report to correct any false positives.

C. Activate the report to create t profile

D. Take the FortiWeb offline to apply the profile

A client is trying to start a session from a page that should normally be accessible only after they have

logged in.

When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

A. Reply with a "403 Forbidden" HTTP error

B. Allow the page access, but log the violation

C. Automatically redirect the client to the login page

D. Display an access policy message, then allow the client to continue, redirecting them to their requested page

E. Prompt the client to authenticate

Which is true about HTTPS on FortiWeb? (Choose three.)

A. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.

B. After enabling HSTS, redirects to HTTPS are no longer necessary.

C. In true transparent mode, the TLS session terminator is a protected web server.

D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.

E. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Which of the following is true about Local User Accounts?

A. Must be assigned regardless of any other authentication

B. Can be used for Single Sign On

C. Can be used for site publishing

D. Best suited for large environments with many users

In which operation mode(s) can FortiWeb modify HTTP packets? (Choose two.)

A. Transparent Inspection

B. Offline protection

C. True transparent proxy

D. Reverse proxy

How does offloading compression to FortiWeb benefit your network?

A. free up resources on the database server

B. Free up resources on the web server

C. reduces file size on the client's storage

D. free up resources on the FortiGate

You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a

cluster of web servers which all host the same web app. Requests for web app B should be forwarded to a

different, single web server.

Which is true about the solution?

A. Static or policy-based routes are not required.

B. To achieve HTTP content routing, you must chain policies: the first policy accepts all traffic, and forwards requests for web app A to the virtual server for policy A. It also forwards requests for web app B to the virtual server for policy B. Policy A and Policy B apply their app-specific protection profiles, and then distribute that app's traffic among all members of the server farm.

C. You must put the single web server into a server pool in order to use it with HTTP content routing.

D. The server policy applies the same protection profile to all its protected web apps.

In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies?

A. Non-matching traffic is allowed

B. non-Matching traffic is held in buffer

C. Non-matching traffic is Denied

D. Non-matching traffic is rerouted to FortiGate

Which of the following FortiWeb features is part of the mitigation tools against OWASP A4 threats?

A. Sensitive info masking

B. Poison Cookie detection

C. Session Management

D. Brute Force blocking

Under which circumstances does FortiWeb use its own certificates? (Choose Two)

A. Secondary HTTPS connection to server where FortiWeb acts as a client

B. HTTPS to clients

C. HTTPS access to GUI

D. HTTPS to FortiGate