What can an administrator do if a client has been incorrectly Period Blocked?
A. Disconnect the client from the network
B. Manually release the IP from the temporary Blacklist
C. Nothing, it is not possible to override a Period Block
D. Force a new IP address to the client.
A client is trying to start a session from a page that should normally be accessible only after they have
logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)
A. Reply with a "403 Forbidden" HTTP error
B. Allow the page access, but log the violation
C. Automatically redirect the client to the login page
D. Display an access policy message, then allow the client to continue, redirecting them to their requested page
E. Prompt the client to authenticate
What is one of the key benefits of the FortiGuard IP Reputation feature?
A. FortiGuard maintains a list of public IPs with a bad reputation for participating in attacks.
B. It is updated once per year
C. Provides a Document of IP addresses that are suspect, so that administrators can manually update their blacklists
D. It maintains a list of private IP addresses
You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a
cluster of web servers which all host the same web app. Requests for web app B should be forwarded to a
different, single web server.
Which is true about the solution?
A. Static or policy-based routes are not required.
B. To achieve HTTP content routing, you must chain policies: the first policy accepts all traffic, and forwards requests for web app A to the virtual server for policy A. It also forwards requests for web app B to the virtual server for policy B. Policy A and Policy B apply their app-specific protection profiles, and then distribute that app's traffic among all members of the server farm.
C. You must put the single web server into a server pool in order to use it with HTTP content routing.
D. The server policy applies the same protection profile to all its protected web apps.
In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies?
A. Non-matching traffic is allowed
B. non-Matching traffic is held in buffer
C. Non-matching traffic is Denied
D. Non-matching traffic is rerouted to FortiGate
You've configured an authentication rule with delegation enabled on FortiWeb. What happens when a user tries to access the web application?
A. FrotiWeb redirects users to a FortiAuthenticator page, then if the user authenticates successfully, FortiGate signals to FortiWeb to allow access to the web app
B. ForitWeb redirects the user to the web app's authentication page
C. FortiWeb forwards the HTTP challenge from the server to the client, then monitors the reply, allowing access if the user authenticates successfully
D. FortiWeb replies with a HTTP challenge of behalf of the server, the if the user authenticates successfully, FortiWeb allows the request and also includes credentials in the request that it forwards to the web app
Which implementation is best suited for a deployment that must meet compliance criteria?
A. SSL Inspection with FortiWeb in Transparency mode
B. SSL Offloading with FortiWeb in reverse proxy mode
C. SSL Inspection with FrotiWeb in Reverse Proxy mode
D. SSL Offloading with FortiWeb in Transparency Mode
Which of the following FortiWeb features is part of the mitigation tools against OWASP A4 threats?
A. Sensitive info masking
B. Poison Cookie detection
C. Session Management
D. Brute Force blocking
What capability can FortiWeb add to your Web App that your Web App may or may not already have?
A. Automatic backup and recovery
B. High Availability
C. HTTP/HTML Form Authentication
D. SSL Inspection
Under which circumstances does FortiWeb use its own certificates? (Choose Two)
A. Secondary HTTPS connection to server where FortiWeb acts as a client
B. HTTPS to clients
C. HTTPS access to GUI
D. HTTPS to FortiGate