• Home
  • Articles
  • Get Latest Jun-2023 Conduct effective penetration tests using ValidTorrent NSE6_FWB-6.4 exam [Q19-Q35]

Get Latest Jun-2023 Conduct effective penetration tests using ValidTorrent NSE6_FWB-6.4 exam [Q19-Q35]

Share

Get Latest [Jun-2023] Conduct effective penetration tests using ValidTorrent NSE6_FWB-6.4

Penetration testers simulate NSE6_FWB-6.4 exam PDF

NEW QUESTION # 19
A client is trying to start a session from a page that should normally be accessible only after they have logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

  • A. Reply with a "403 Forbidden" HTTP error
  • B. Prompt the client to authenticate
  • C. Display an access policy message, then allow the client to continue, redirecting them to their requested page
  • D. Allow the page access, but log the violation
  • E. Automatically redirect the client to the login page

Answer: A,D,E


NEW QUESTION # 20
You are configuring FortiAnalyzer to store logs from FortiWeb.
Which is true?

  • A. FortiAnalyzer will store antivirus and DLP archives from FortiWeb.
  • B. FortiWeb will query FortiAnalyzer for reports, instead of generating them locally.
  • C. You must enable ADOMs on FortiAnalyzer.
  • D. To store logs from FortiWeb 6.4, on FortiAnalyzer, you must select "FrotiWeb 6.1".

Answer: C


NEW QUESTION # 21
When integrating FortiWeb and FortiAnalyzer, why is the selection for FortiWeb Version critical? (Choose two)

  • A. Defines Log storage location
  • B. Defines Log file format
  • C. Defines Database Schema
  • D. Defines communication protocol

Answer: A,B


NEW QUESTION # 22
You are using HTTP content routing on FortiWeb. You want requests for web application A to be forwarded to a cluster of web servers, which all host the same web application. You want requests for web application B to be forwarded to a different, single web server.
Which statement about this solution is true?

  • A. You must put the single web server in to a server pool, in order to use it with HTTP content routing.
  • B. The server policy applies the same protection profile to all of its protected web applications.
  • C. You must chain policies so that requests for web application A go to the virtual server for policy A, and requests for web application B go to the virtual server for policy B.
  • D. Static or policy-based routes are not required.

Answer: D


NEW QUESTION # 23
You've configured an authentication rule with delegation enabled on FortiWeb.
What happens when a user tries to access the web application?

  • A. FrotiWeb redirects users to a FortiAuthenticator page, then if the user authenticates successfully, FortiGate signals to FortiWeb to allow access to the web app
  • B. ForitWeb redirects the user to the web app's authentication page
  • C. FortiWeb forwards the HTTP challenge from the server to the client, then monitors the reply, allowing access if the user authenticates successfully
  • D. FortiWeb replies with a HTTP challenge of behalf of the server, the if the user authenticates successfully, FortiWeb allows the request and also includes credentials in the request that it forwards to the web app

Answer: A


NEW QUESTION # 24
How does your FortiWeb configuration differ if the FortiWeb is upstream of the SNAT device instead of downstream of the SNAT device?

  • A. You must enable the "Use" X-Forwarded-For: option.
  • B. No special configuration required
  • C. FortiWeb must be set for Transparent Mode
  • D. You must enable "Add" X-Forwarded-For: instead of the "Use" X-Forwarded-For: option.

Answer: D


NEW QUESTION # 25
Refer to the exhibits.


FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on the configuration shown in the exhibits, which of the following statements is true?

  • A. FortiGate should forward web traffic to virtual server IP address.
  • B. You must disable the Preserve Client IP setting on FotriGate for this configuration to work.
  • C. The configuration is incorrect. FortiWeb should always be located upstream to FortiGate.
  • D. FortiGate should forward web traffic to the server pool IP addresses.

Answer: A


NEW QUESTION # 26
When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform the browser of the new URL? (Choose two.)

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A,D


NEW QUESTION # 27
Which operation mode does not require additional configuration in order to allow FTP traffic to your web server?

  • A. Reverse-Proxy
  • B. Transparent Inspection
  • C. True Transparent Proxy
  • D. Offline Protection

Answer: B


NEW QUESTION # 28
In which scenario might you want to use the compression feature on FortiWeb?

  • A. When you want to reduce buffering of video streams
  • B. When you are offering a music streaming service
  • C. Never, since most traffic today is already highly compressed
  • D. When you are serving many corporate road warriors using 4G tablets and phones

Answer: D

Explanation:
Explanation
https://training.fortinet.com/course/view.php?id=3363
When might you want to use the compression feature on FortiWeb? When you are serving many road warriors who are using 4G tablets and phones


NEW QUESTION # 29
Which of the following is true about Local User Accounts?

  • A. Can be used for Single Sign On
  • B. Can be used for site publishing
  • C. Best suited for large environments with many users
  • D. Must be assigned regardless of any other authentication

Answer: B


NEW QUESTION # 30
True transparent proxy mode is best suited for use in which type of environment?

  • A. Environments where you cannot change the IP addressing scheme
  • B. Flexible environments where you can easily change the IP addressing scheme
  • C. New networks where infrastructure is not yet defined
  • D. Small office to home office environments

Answer: B

Explanation:
Explanation
"Because blocking is not guaranteed to succeed in offline mode, this mode is best used during the evaluation and planning phase, early in implementation. Reverse proxy is the most popular operating mode. It can rewrite URLs, offload TLS, load balance, and apply NAT. For very large MSSP, true transparent mode has a significant advantage. You can drop it in without changing any schemes of limited IPv4 space-in transparent mode, you don't need to give IP addresses to the network interfaces on FortiWeb."


NEW QUESTION # 31
When the FortiWeb is configured in Reverse Proxy mode and the FortiGate is configured as an SNAT device, what IP address will the FortiGate's Real Server configuration point at?

  • A. IP Address of the Virtual Server on the FortiWeb
  • B. Virtual Server IP on the FortiGate
  • C. FortiWeb's real IP
  • D. Server's real IP

Answer: B


NEW QUESTION # 32
What must you do with your FortiWeb logs to ensure PCI DSS compliance?

  • A. Compress them into a .zip file format
  • B. Erase them every two weeks
  • C. Enable masking of sensitive data
  • D. Store in an off-site location

Answer: C


NEW QUESTION # 33
Review the following configuration:

What is the expected result of this configuration setting?

  • A. When machine learning (ML) is in its running phase, FortiWeb will accept a set number of samples from the same source IP address.
  • B. When machine learning (ML) is in its collecting phase, FortiWeb will accept an unlimited number of samples from the same source IP address.
  • C. When machine learning (ML) is in its collecting phase, FortiWeb will not accept any samples from any source IP addresses.
  • D. When machine learning (ML) is in its running phase, FortiWeb will accept an unlimited number of samples from the same source IP address.

Answer: B


NEW QUESTION # 34
Refer to the exhibit.

FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.
What must the administrator do to avoid this problem? (Choose two.)

  • A. Place FortiWeb in front of FortiADC.
  • B. No Special configuration is required; connectivity will be re-established after the set timeout.
  • C. Enable the Add X-Forwarded-For setting on FortiWeb.
  • D. Enable the Use X-Forwarded-For setting on FortiWeb.

Answer: A,D

Explanation:
Explanation
Configure your load balancer to insert or append to an X-Forwarded-For:, X-Real-IP:, or other HTTP X-header. Also configure FortiWeb to find the original attacker's or client's IP address in that HTTP header


NEW QUESTION # 35
......

Tested Material Used To NSE6_FWB-6.4 Test Engine: https://passguide.validtorrent.com/NSE6_FWB-6.4-valid-exam-torrent.html

Related Articles

more
Fortinet NSE6_FWB-6.4 Certification Practice Exam

Copyright © 2026 ValidTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy