Practice Free FCP_FWB_AD-7.4 Exam Online Questions
How does your FortiWeb configuration differ if the FortiWeb is upstream of the SNAT device instead of downstream of the SNAT device?
- A . FortiWeb must be set for Transparent Mode
- B . You must enable "Add" X-Forwarded-For: instead of the "Use" X-Forwarded-For: option.
- C . You must enable the "Use" X-Forwarded-For: option.
- D . No special configuration required
What is the purpose of configuring server pools in FortiWeb?
- A . Load balancing traffic
- B . Blocking malicious IPs
- C . Managing user authentication
- D . Monitoring system health
An attacker attempts to send an SQL injection attack containing the known attack string ‘root’; — through an API call.
Which FortiWeb inspection feature will be able to detect this attack the quickest?
- A . API gateway rule
- B . Known signatures
- C . Machine learning (ML)-based API protection―anomaly detection
- D . ML-based API protection―threat detection
B
Explanation:
The quickest detection for an SQL injection attack like the one described (‘root’; –) would be through known signatures. FortiWeb utilizes signature-based detection to match incoming traffic against predefined attack patterns. Since SQL injection attacks are commonly known and have specific patterns (such as ‘root’; –), known signatures would immediately recognize and flag this type of attack.
Under which two circumstances does FortiWeb use its own certificates? (Choose two.)
- A . Connecting to browser clients using SSL
- B . Making a secondary HTTPS connection to a server where FortiWeb acts as a client
- C . Routing an HTTPS connection to a FortiGate
- D . An administrator session connecting to the GUI using HTTPS
B, D
Explanation:
Making a secondary HTTPS connection to a server where FortiWeb acts as a client: When FortiWeb needs to connect to an external server via HTTPS (acting as a client), it may use its own certificates for that connection.
An administrator session connecting to the GUI using HTTPS: FortiWeb uses its own certificates to secure the HTTPS connection between the administrator and the FortiWeb GUI. This ensures secure access for management purposes.
Which two statements about distributed automatic radio resource provisioning (DARRP) are correct? (Choose two.)
- A . DARRP performs continuous spectrum analysis to detect sources of interference. It uses this information to allow the AP to select the optimum channel.
- B . DARRP performs measurements of the number of BSSIDs and their signal strength (RSSI). The controller then uses this information to select the optimum channel for the AP.
- C . DARRP measurements can be scheduled to occur at specific times.
- D . DARRP requires that wireless intrusion detection (WIDS) be enabled to detect neighboring devices.
What is the primary purpose of URL rewriting in application delivery? (Select all that apply)
- A . Enhancing security by obfuscating URLs
- B . Improving search engine optimization (SEO)
- C . Simplifying and optimizing URLs for users
- D . Preventing access to specific web pages
In which two ways does FortiWeb handle traffic that does not match any defined policies? (Choose two.)
- A . In reverse-proxy mode, the traffic is denied.
- B . In transparent mode, the traffic is passed through.
- C . In true transparent mode, ip-forward should be enabled to deny the traffic.
- D . In offline protection mode, the traffic is dropped with a TCP reset.