Online Access Free NSE6_FWB-6.4 Practice Test

In which scenario might you want to use the compression feature on FortiWeb?

• A.When you are offering a music streaming service
• B.Never, since most traffic today is already highly compressed
• C.When you want to reduce buffering of video streams
• D.When you are serving many corporate road warriors using 4G tablets and phones

Refer to the exhibit.

FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.
What must the administrator do to avoid this problem? (Choose two.)

• A.Place FortiWeb in front of FortiADC.
• B.Enable the Use X-Forwarded-For setting on FortiWeb.
• C.Enable the Add X-Forwarded-For setting on FortiWeb.
• D.No Special configuration is required; connectivity will be re-established after the set timeout.

An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods.
What FortiWeb feature should you configure?

• A.Enable SYN cookies.
• B.Configure a server policy that matches requests from shared Internet connections.
• C.Enable "Shared IP" and configure the separate rate limits for requests from NATted source IPs.
• D.Configure FortiWeb to use "X-Forwarded-For:" headers to find each client's private network IP, and to block attacks using that.

Which is true about HTTPS on FortiWeb? (Choose three.)

• A.In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.
• B.After enabling HSTS, redirects to HTTPS are no longer necessary.
• C.Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.
• D.For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
• E.In true transparent mode, the TLS session terminator is a protected web server.

What role does FortiWeb play in ensuring PCI DSS compliance?

• A.Provides credit card processing capabilities
• B.Provides load balancing between multiple web servers
• C.PCI specifically requires a WAF
• D.Provide ability to securely process cash transactions