Which is true about HTTPS on FortiWeb? (Choose three.)
A. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
B. After enabling HSTS, redirects to HTTPS are no longer necessary.
C. In true transparent mode, the TLS session terminator is a protected web server.
D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.
E. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.
Which of the following is true about Local User Accounts?
A. Must be assigned regardless of any other authentication
B. Can be used for Single Sign On
C. Can be used for site publishing
D. Best suited for large environments with many users
What other consideration must you take into account when configuring Defacement protection A. Use FortiWeb to block SQL Injections and keep regular backups of the Database
B. Also incorporate a FortiADC into your network
C. None. FortiWeb completely secures the site against defacement attacks
D. Configure the FortiGate to perform Anti-Defacement as well
What is one of the key benefits of the FortiGuard IP Reputation feature?
A. FortiGuard maintains a list of public IPs with a bad reputation for participating in attacks.
B. It is updated once per year
C. Provides a Document of IP addresses that are suspect, so that administrators can manually update their blacklists
D. It maintains a list of private IP addresses
You are deploying FortiWeb 6.0 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are incorrect? (Choose two.)

A. 6
B. 9
C. 3
D. 2
How does your FortiWeb configuration differ if the FortiWeb is upstream of the SNAT device instead of downstream of the SNAT device?
A. You must enable the "Use" X-Forwarded-For: option.
B. FortiWeb must be set for Transparent Mode
C. No special configuration required
D. You must enable "Add" X-Forwarded-For: instead of the "Use" X-Forwarded-For: option.
In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies?
A. Non-matching traffic is allowed
B. non-Matching traffic is held in buffer
C. Non-matching traffic is Denied
D. Non-matching traffic is rerouted to FortiGate
Which of the following FortiWeb features is part of the mitigation tools against OWASP A4 threats?
A. Sensitive info masking
B. Poison Cookie detection
C. Session Management
D. Brute Force blocking
An e-commerce web app is used by small businesses. Clients often access it from offices behind a router,
where clients are on an IPv4 private network LAN. You need to protect the web application from denial of
service attacks that use request floods.
What FortiWeb feature should you configure?
A. Enable "Shared IP" and configure the separate rate limits for requests from NATted source IPs.
B. Configure FortiWeb to use "X-Forwarded-For:" headers to find each client's private network IP, and to block attacks using that.
C. Enable SYN cookies.
D. Configure a server policy that matches requests from shared Internet connections.
What benefit does Auto Learning provide?
A. Automatically identifies and blocks suspicious IPs
B. FortiWeb scans all traffic without taking action and makes recommendations on rules
C. Automatically builds rules sets
D. Automatically blocks all detected threats