Practice Free FCP_FWB_AD-7.4 Exam Online Questions
What is the primary purpose of configuring threat mitigation features in web application security?
- A . Enhancing application performance
- B . Protecting against malicious activities and attacks
- C . Optimizing database management
- D . Improving user interface design
When configuring machine learning for web application security, what is the primary role of machine learning algorithms?
- A . Identifying patterns and anomalies in web traffic
- B . Encrypting sensitive data during transmission
- C . Filtering unwanted spam emails
- D . Authenticating user credentials
Which statement about local user accounts is true?
- A . They are best suited for large environments with many users.
- B . They cannot be used for site publishing.
- C . They must be assigned, regardless of any other authentication.
- D . They can be used for SSO.
During FortiWeb deployment, which feature can be used to protect against Distributed Denial of Service (DDoS) attacks?
- A . Server pools
- B . Intrusion Prevention System (IPS)
- C . Load balancing
- D . Rate limiting
When configuring Auto TX Power control on an AP radio, which two statements best describe how the radio responds? (Choose two.)
- A . When the AP detects any other wireless signal stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.
- B . When the AP detects PF Interference from an unknown source such as a cordless phone with a signal stronger that -70 dBm, it will increase its transmission power until it reaches the maximum configured TX power limit.
- C . When the AP detects any wireless client signal weaker than -70 dBm, it will reduce its transmission power until it reaches the maximum configured TX power limit.
- D . When the AP detects any interference from a trusted neighboring AP stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.
Which two functions does the first layer of the FortiWeb anomaly machine learning (ML) analysis mechanism perform? (Choose two.)
- A . Determines whether an anomaly is a real attack or just a harmless anomaly that should be ignored
- B . Determines a probability model behind every parameter and HTTP method passing through FortiWeb
- C . Determines whether traffic is an anomaly, based on observable features overtime
- D . Determines if a detected threat is a false-positive or not
B, C
Explanation:
The first layer of the FortiWeb anomaly machine learning (ML) analysis mechanism focuses on analyzing traffic and creating a probability model for parameters and HTTP methods to detect potential anomalies. It also assesses traffic patterns over time to determine whether certain behavior is anomalous. These functions are key to understanding and classifying traffic before further analysis is done.
What is the purpose of a CAPTCHA in web application security?
- A . Authenticating users
- B . Encrypting data in transit
- C . Preventing automated form submissions by bots
- D . Securing API endpoints
You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a cluster of web servers which all host the same web app. Requests for web app B should be forwarded to a different, single web server.
Which is true about the solution?
- A . The server policy applies the same protection profile to all its protected web apps.
- B . Static or policy-based routes are not required.
- C . To achieve HTTP content routing, you must chain policies: the first policy accepts all traffic, and forwards requests for web app A to the virtual server for policy A. It also forwards requests for web app B to the virtual server for policy B. Policy A and Policy B apply their app-specific protection profiles, and then distribute that app’s traffic among all members of the server farm.
- D . You must put the single web server into a server pool in order to use it with HTTP content routing.
In which operation mode must you direct all HTTP requests to the web server and not a virtual IP?
- A . Routed proxy
- B . Reverse proxy
- C . Virtual proxy
- D . True transparent proxy
Which HTTP response code is commonly used to indicate a permanent redirection in application delivery?
- A . 200 OK
- B . 301 Moved Permanently
- C . 404 Not Found
- D . 500 Internal Server Error