Online Access Free FCP_FWB_AD-7.4 Exam Questions

A client is trying to start a session from a page that should normally be accessible only after they have logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

• A.Prompt the client to authenticate
• B.Display an access policy message, then allow the client to continue, redirecting them to their requested page
• C.Reply with a "403 Forbidden" HTTP error
• D.Allow the page access, but log the violation
• E.Automatically redirect the client to the login page

What is the purpose of using Web Application Firewalls (WAFs) in the context of web application security? (Select all that apply)

• A.Protecting against DDoS attacks
• B.Enforcing secure authentication
• C.Preventing SQL injection attacks
• D.Optimizing website performance

Which is true about HTTPS on FortiWeb? (Choose three.)

• A.Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.
• B.In true transparent mode, the TLS session terminator is a protected web server.
• C.For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
• D.After enabling HSTS, redirects to HTTPS are no longer necessary.
• E.In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Refer to the exhibit.

Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate.
What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?

• A.Change Action under Action Settings to Alert
• B.Enable Bot Confirmation
• C.Disable Dynamically Update Model
• D.Change Model Type to Strict

What other consideration must you take into account when configuring Defacement protection?

• A.Use FortiWeb to block SQL Injections and keep regular backups of the Database
• B.Also incorporate a FortiADC into your network
• C.None. FortiWeb completely secures the site against defacement attacks
• D.Configure the FortiGate to perform Anti-Defacement as well