Certbus > Fortinet > Fortinet Certifications > NSE6_FWB-6.1 > NSE6_FWB-6.1 Online Practice Questions and Answers

NSE6_FWB-6.1 Online Practice Questions and Answers

Questions 4

What can an administrator do if a client has been incorrectly Period Blocked?

A. Disconnect the client from the network

B. Manually release the IP from the temporary Blacklist

C. Nothing, it is not possible to override a Period Block

D. Force a new IP address to the client.

Browse 30 Q&As
Questions 5

When generating a protection configuration from an auto learning report what critical step must you do before generating the final protection configuration?

A. Restart the FortiWeb to clear the caches

B. Drill down in the report to correct any false positives.

C. Activate the report to create t profile

D. Take the FortiWeb offline to apply the profile

Browse 30 Q&As
Questions 6

How does an ADOM differ from a VDOM?

A. ADOMs do not have virtual networking

B. ADOMs improve performance by offloading some functions.

C. ADOMs only affect specific functions, and do not provide full separation like VDOMs do.

D. Allows you to have 1 administrator for multiple tenants

Browse 30 Q&As
Questions 7

Which is true about HTTPS on FortiWeb? (Choose three.)

A. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.

B. After enabling HSTS, redirects to HTTPS are no longer necessary.

C. In true transparent mode, the TLS session terminator is a protected web server.

D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.

E. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Browse 30 Q&As
Questions 8

When viewing the attack logs on your FortiWeb, which IP Address is shown for the client when using XFF Header rules?

A. FortiGate's public IP

B. FortiGate's local IP

C. FortiWeb's IP

D. Client's real IP

Browse 30 Q&As
Questions 9

Which of the following is true about Local User Accounts?

A. Must be assigned regardless of any other authentication

B. Can be used for Single Sign On

C. Can be used for site publishing

D. Best suited for large environments with many users

Browse 30 Q&As
Questions 10

What is one of the key benefits of the FortiGuard IP Reputation feature?

A. FortiGuard maintains a list of public IPs with a bad reputation for participating in attacks.

B. It is updated once per year

C. Provides a Document of IP addresses that are suspect, so that administrators can manually update their blacklists

D. It maintains a list of private IP addresses

Browse 30 Q&As
Questions 11

How does offloading compression to FortiWeb benefit your network?

A. free up resources on the database server

B. Free up resources on the web server

C. reduces file size on the client's storage

D. free up resources on the FortiGate

Browse 30 Q&As
Questions 12

When the FortiWeb is configured in Reverse Proxy mode and the FortiGate is configured as an SNAT device, what IP address will the FortiGate's Real Server configuration point at?

A. Virtual Server IP on the FortiGate

B. Server's real IP

C. FortiWeb's real IP

D. IP Address of the Virtual Server on the FortiWeb

Browse 30 Q&As
Questions 13

You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a

cluster of web servers which all host the same web app. Requests for web app B should be forwarded to a

different, single web server.

Which is true about the solution?

A. Static or policy-based routes are not required.

B. To achieve HTTP content routing, you must chain policies: the first policy accepts all traffic, and forwards requests for web app A to the virtual server for policy A. It also forwards requests for web app B to the virtual server for policy B. Policy A and Policy B apply their app-specific protection profiles, and then distribute that app's traffic among all members of the server farm.

C. You must put the single web server into a server pool in order to use it with HTTP content routing.

D. The server policy applies the same protection profile to all its protected web apps.

Browse 30 Q&As
Questions 14

In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies?

A. Non-matching traffic is allowed

B. non-Matching traffic is held in buffer

C. Non-matching traffic is Denied

D. Non-matching traffic is rerouted to FortiGate

Browse 30 Q&As
Questions 15

What role does FortiWeb play in ensuring PCI DSS compliance?

A. PCI specifically requires a WAF

B. Provides credit card processing capabilities

C. Provide ability to securely process cash transactions

D. Provides load balancing between multiple web servers

Browse 30 Q&As
Questions 16

What capability can FortiWeb add to your Web App that your Web App may or may not already have?

A. Automatic backup and recovery

B. High Availability

C. HTTP/HTML Form Authentication

D. SSL Inspection

Browse 30 Q&As
Questions 17

An e-commerce web app is used by small businesses. Clients often access it from offices behind a router,

where clients are on an IPv4 private network LAN. You need to protect the web application from denial of

service attacks that use request floods.

What FortiWeb feature should you configure?

A. Enable "Shared IP" and configure the separate rate limits for requests from NATted source IPs.

B. Configure FortiWeb to use "X-Forwarded-For:" headers to find each client's private network IP, and to block attacks using that.

C. Enable SYN cookies.

D. Configure a server policy that matches requests from shared Internet connections.

Browse 30 Q&As
Questions 18

Under which circumstances does FortiWeb use its own certificates? (Choose Two)

A. Secondary HTTPS connection to server where FortiWeb acts as a client

B. HTTPS to clients

C. HTTPS access to GUI

D. HTTPS to FortiGate

Browse 30 Q&As
Exam Code: NSE6_FWB-6.1
Exam Name: Fortinet NSE 6 - FortiWeb 6.1
Last Update: Mar 17, 2025
Questions: 30 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99