Practice Free FCP_FWB_AD-7.4 Exam Online Questions
Question #21
Under what circumstances would you want to use the temporary uncompress feature of FortiWeb?
- A . In the case of compression being done on the web server, to inspect the content of the compressed file.
- B . In the case of compression being done on the FortiWeb, to inspect the content of the compressed file
- C . In the case of the file being an .MP4 video
- D . In the case of the file being a .MP3 music file
Correct Answer: A
Question #22
In the context of web application security, what is the primary role of a Content Security Policy (CSP)?
- A . Preventing SQL injection attacks
- B . Controlling the sources of content that a web page can load
- C . Detecting malicious JavaScript code
- D . Encrypting data at rest
Correct Answer: B
Question #23
Which implementation is most suited for a deployment that must meet PCI DSS compliance criteria?
- A . SSL offloading with FortiWeb in reverse proxy mode
- B . SSL offloading with FortiWeb in PCI DSS mode
- C . SSL offloading with FortiWeb in transparency mode
- D . SSL offloading with FortiWeb in full transparent proxy mode
Correct Answer: B
B
Explanation:
The Payment Card Industry Data Security Standard (PCI DSS) sets forth security requirements to protect cardholder data. Requirement 6.6 specifically mandates that public-facing web applications be protected against known attacks by either: Exclusive Networks+3Gordion+3layer7solutions.com+3
Reviewing applications via manual or automated vulnerability security assessment tools or methods, at least annually and after any changes.
Installing an automated technical solution that detects and prevents web-based attacks, such as a web application firewall (WAF), in front of public-facing web applications to continually inspect all traffic.
FortiWeb,
Fortinet’s web application firewall, offers various deployment modes to protect web applications:
Reverse Proxy Mode: FortiWeb acts as an intermediary, terminating client sessions and initiating sessions to the backend servers. This mode provides comprehensive protection and allows for features like SSL offloading, URL rewriting, and advanced routing capabilities.
Transparent Mode: FortiWeb operates at Layer 2, inspecting traffic without modifying it, making it invisible to both clients and servers. This mode simplifies deployment as it doesn’t require changes to the existing network topology.
Full Transparent Proxy Mode: Combines aspects of both reverse proxy and transparent modes, providing inspection and modification capabilities while remaining transparent to network devices.
PCI DSS Mode: A specialized deployment tailored to meet PCI DSS compliance requirements. This mode ensures that FortiWeb is configured with security policies and features aligned with PCI DSS standards, offering robust protection against threats targeting cardholder data.
Given the need to meet PCI DSS compliance criteria, deploying FortiWeb in PCI DSS mode is the most appropriate choice. This mode is specifically designed to align with PCI DSS requirements, ensuring that all necessary security measures are in place to protect cardholder data
B
Explanation:
The Payment Card Industry Data Security Standard (PCI DSS) sets forth security requirements to protect cardholder data. Requirement 6.6 specifically mandates that public-facing web applications be protected against known attacks by either: Exclusive Networks+3Gordion+3layer7solutions.com+3
Reviewing applications via manual or automated vulnerability security assessment tools or methods, at least annually and after any changes.
Installing an automated technical solution that detects and prevents web-based attacks, such as a web application firewall (WAF), in front of public-facing web applications to continually inspect all traffic.
FortiWeb,
Fortinet’s web application firewall, offers various deployment modes to protect web applications:
Reverse Proxy Mode: FortiWeb acts as an intermediary, terminating client sessions and initiating sessions to the backend servers. This mode provides comprehensive protection and allows for features like SSL offloading, URL rewriting, and advanced routing capabilities.
Transparent Mode: FortiWeb operates at Layer 2, inspecting traffic without modifying it, making it invisible to both clients and servers. This mode simplifies deployment as it doesn’t require changes to the existing network topology.
Full Transparent Proxy Mode: Combines aspects of both reverse proxy and transparent modes, providing inspection and modification capabilities while remaining transparent to network devices.
PCI DSS Mode: A specialized deployment tailored to meet PCI DSS compliance requirements. This mode ensures that FortiWeb is configured with security policies and features aligned with PCI DSS standards, offering robust protection against threats targeting cardholder data.
Given the need to meet PCI DSS compliance criteria, deploying FortiWeb in PCI DSS mode is the most appropriate choice. This mode is specifically designed to align with PCI DSS requirements, ensuring that all necessary security measures are in place to protect cardholder data
Question #24
When configuring URL rewriting, what is the primary purpose of using regular expressions (regex)? (Select all that apply)
- A . Matching and transforming specific URL patterns
- B . Encrypting sensitive data in URLs
- C . Blocking access to all URLs
- D . Simplifying URLs for SEO purposes
Correct Answer: AD
Question #25
When integrating FortiWeb and FortiAnalyzer, why is the selection for FortiWeb Version critical? (Choose two)
- A . Defines Log file format
- B . Defines communication protocol
- C . Defines Database Schema
- D . Defines Log storage location
Correct Answer: AD
Question #26
In order for FortiWeb to provide the best possible protection for servers, how should you deploy it?
- A . In-line, without FortiGate, deployed in true transparent mode.
- B . In-line, in front of FortiGate, deployed in offline protection mode.
- C . In a one-arm topology, deployed in transparent mode.
- D . In-line, behind FortiGate, deployed in reverse proxy mode.
Correct Answer: D
Question #27
Which Layer 7 routing method does FortiWeb support?
- A . URL policy routing
- B . OSPF
- C . BGP
- D . HTTP content routing
Correct Answer: D
D
Explanation:
FortiWeb is a Web Application Firewall (WAF) designed to protect web applications from various threats. Among its features, FortiWeb supports Layer 7 routing methods, which operate based on the content of the HTTP/HTTPS traffic.
HTTP Content Routing refers to the capability of directing incoming web traffic to specific backend servers based on characteristics found within the HTTP requests, such as URL paths, headers, or other content. This allows for more granular and efficient distribution of traffic, ensuring that requests are handled by the appropriate servers based on their content.
Analysis of Options:
D
Explanation:
FortiWeb is a Web Application Firewall (WAF) designed to protect web applications from various threats. Among its features, FortiWeb supports Layer 7 routing methods, which operate based on the content of the HTTP/HTTPS traffic.
HTTP Content Routing refers to the capability of directing incoming web traffic to specific backend servers based on characteristics found within the HTTP requests, such as URL paths, headers, or other content. This allows for more granular and efficient distribution of traffic, ensuring that requests are handled by the appropriate servers based on their content.
Analysis of Options:
Question #28
Which is an example of a cross-site scripting (XSS) attack?
- A . SELECT username FROM accounts WHERE username=’admin ’; — ‘ AND password=’password’;
- B . <img src="http://badfile/nothere" onerror=alert(document.cookie);>
- C . SELECT username FROM accounts WHERE username=’XSS’ ‘ AND
password=’alert("http://badurl.com")’; - D . <IMG SRC="xss.png">
Correct Answer: B
B
Explanation:
Cross-Site Scripting (XSS) is a type of web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This can lead to session hijacking, credential theft, or redirection to malicious sites. XSS attacks typically exploit vulnerabilities in web applications that fail to properly sanitize user input.
Here’s an analysis of the given options:
B
Explanation:
Cross-Site Scripting (XSS) is a type of web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This can lead to session hijacking, credential theft, or redirection to malicious sites. XSS attacks typically exploit vulnerabilities in web applications that fail to properly sanitize user input.
Here’s an analysis of the given options:
Question #29
What benefit does Auto Learning provide?
- A . Automatically builds rules sets
- B . FortiWeb scans all traffic without taking action and makes recommendations on rules
- C . Automatically identifies and blocks suspicious IPs
- D . Automatically blocks all detected threats
Correct Answer: A
Question #30
Which high availability (HA) mode uses gratuitous Address Resolution Protocol (ARP) to advertise a failover event to neighboring network devices?
- A . Passive-Passive
- B . Active-Passive
- C . Active-Active
- D . Passive-Active
Correct Answer: B
B
Explanation:
In Active-Passive high availability (HA) mode, the active unit is responsible for handling traffic while the passive unit remains idle, ready to take over in case of a failure. When a failover occurs, the active unit sends out gratuitous ARP messages to notify neighboring devices about the change in the active unit’s IP address. This ensures that the network devices update their ARP tables and can forward traffic to the new active unit.
B
Explanation:
In Active-Passive high availability (HA) mode, the active unit is responsible for handling traffic while the passive unit remains idle, ready to take over in case of a failure. When a failover occurs, the active unit sends out gratuitous ARP messages to notify neighboring devices about the change in the active unit’s IP address. This ensures that the network devices update their ARP tables and can forward traffic to the new active unit.