Lead4Pass NSE6_FWB-6.4 dumps | Practice the latest NSE6_FWB-6.4 exam questions

May 15, 2023
Lead4Pass NSE6_FWB-6.4 dumps for NSE6_FWB-6.4 exam

Lead4Pass updates Fortinet NSE6_FWB-6.4 dumps throughout the year, and more importantly, shares a part of the exam questions and answers for free each time, providing candidates with online practice tests!
The May NSE6_FWB-6.4 dumps have been updated and verified as authentic and valid by the Fortinet team! Now! Candidates can practice NSE6_FWB-6.4 test questions online!
Or use the Lead4Pass NSE6_FWB-6.4 dumps with PDF and VCE formats: https://www.leads4pass.com/nse6_fwb-6-4.html (contains 56 most recent exam questions and answers!).

Fortinet NSE6_FWB-6.4 Exam Questions Online Practice Test:

FromNumber of exam questionsExam nameExam code
Lead4Pass15Fortinet NSE 6 – FortiWeb 6.4NSE6_FWB-6.4
Question 1:

What key factor must be considered when setting brute force rate limiting and blocking?

A. A single client contacting multiple resources

B. Multiple clients sharing a single Internet connection

C. Multiple clients from geographically diverse locations

D. Multiple clients connecting to multiple resources

Correct Answer: B


What is one key factor that you must consider when setting brute force rate limiting and blocking? Multiple clients sharing a single Internet connection

Question 2:

Which algorithm is used to build mathematical models for bot detection?





Correct Answer: C

FortiWeb uses SVM (Support Vector Machine) algorithm to build up the bot detection model Reference: https://docs.fortinet.com/document/fortiweb/6.3.7/administration-guide/193258/machine-learning

Question 3:

When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?

A. If you are a small business or home office

B. If you are an enterprise whose employees use only mobile devices

C. If you are an enterprise whose resources do not need security

D. If you are an enterprise whose computers all trust your active directory or other CA server

Correct Answer: D

Question 4:

Refer to the exhibit.

Latest Fortinet NSE6_FWB-6.4 Exam Questions 4

Based on the configuration, what would happen if this FortiWeb were to lose power? (Choose two.)

A. Traffic that passes between port 5 and port 6 will be inspected.

B. Traffic will be interrupted between port 3 and port 4.

C. All traffic will be interrupted.

D. Traffic will pass between port5 and port6 uninspected.

Correct Answer: BD

Reference: https://docs.fortinet.com/document/fortiweb/6.3.10/administration-guide/33485/fail-to-wire-for-power-loss-reboots

Question 5:

In which operation mode(s) can FortiWeb modify HTTP packets? (Choose two.)

A. Transparent Inspection

B. Offline protection

C. True transparent proxy

D. Reverse proxy

Correct Answer: CD

Question 6:

You are using HTTP content routing on FortiWeb. Requests for web app A should be forwarded to a cluster of web servers that all host the same web app. Requests for web app B should be forwarded to a different, single web server.

Which is true about the solution?

A. Static or policy-based routes are not required.

B. To achieve HTTP content routing, you must chain policies: the first policy accepts all traffic, and forwards requests for web app A to the virtual server for policy A. It also forwards requests for web app B to the virtual server for policy B. Policy A and Policy B apply their app-specific protection profiles and then distribute that app\’s traffic among all members of the server farm.

C. You must put the single web server into a server pool in order to use it with HTTP content routing.

D. The server policy applies the same protection profile to all its protected web apps.

Correct Answer: B

Question 7:

Which of the following is true about Local User Accounts?

A. Must be assigned regardless of any other authentication

B. Can be used for Single Sign On

C. Can be used for site publishing

D. Best suited for large environments with many users

Correct Answer: C

Question 8:

You are configuring FortiAnalyzer to store logs from FortiWeb.

Which is true?

A. FortiAnalyzer will store antivirus and DLP archives from FortiWeb.

B. You must enable ADOMs on FortiAnalyzer.

C. To store logs from FortiWeb 6.4, on FortiAnalyzer, you must select “FrotiWeb 6.1”.

D. FortiWeb will query FortiAnalyzer for reports, instead of generating them locally.

Correct Answer: B

Question 9:

Which regex expression is the correct format for redirecting the URL http://www.example.com?

A. www\.example\.com

B. www.example.com

C. www\example\com

D. www/.example/.com

Correct Answer: B

\1://www.company.com/\2/\3 Reference: https://learn.akamai.com/en-us/webhelp/edge-redirector/edge-redirector-guide/GUID-0C22DFC2-DCC4-42AF-BDB2-9537FBEE03FD.html

Question 10:

Which of the following would be a reason for implementing rewrites?

A. Page has been moved to a new URL

B. Page has been moved to a new IP address

C. Replace vulnerable functions.

D. Send connection to a secure channel

Correct Answer: C

Question 11:

What role does FortiWeb play in ensuring PCI DSS compliance?

A. PCI specifically requires a WAF

B. Provides credit card processing capabilities

C. Provide the ability to securely process cash transactions

D. Provides load balancing between multiple web servers

Correct Answer: A

FortiWeb helps you meet all PCI requirements, but PCI now specifically recommends using a WAF, and developing remediations against the top 10 vulnerabilities, according to OWASP.

Question 12:

How does FortiWeb protect against defacement attacks?

A. It keeps a complete backup of all files and the database.

B. It keeps hashes of files and periodically compares them to the server.

C. It keeps full copies of all files and directories.

D. It keeps a live duplicate of the database.

Correct Answer: B

The anti-defacement feature examines a website \’s files for changes at specified time intervals. If it detects a change that could indicate a defacement attack, the FortiWeb appliance can notify you and quickly react by automatically restoring the website contents to the previous backup.

Reference: https://help.fortinet.com/fweb/551/Content/FortiWeb/fortiweb-admin/anti_defacement.htm

Question 13:

Which three statements about HTTPS on FortiWeb are true? (Choose three.)

A. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.

B. After enabling HSTS, redirects to HTTPS are no longer necessary.

C. In true transparent mode, the TLS session terminator is a protected web server.

D. Enabling RC4 protects against the BEAST attack but is not recommended if you configure FortiWeb to only offer TLS 1.2.

E. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Correct Answer: CDE

Reference: https://docs.fortinet.com/document/fortiweb/6.3.0/administration-guide/742465/supported-cipher-suites-protocol-versions

Question 14:

Which would be a reason to implement HTTP rewriting?

A. The original page has moved to a new URL

B. To replace a vulnerable function in the requested URL

C. To send the request to secure the channel

D. The original page has moved to a new IP address

Correct Answer: B

Create a new URL rewriting rule.

Reference: https://docs.fortinet.com/document/fortiweb/6.3.0/administration-guide/961303/rewriting-redirecting

Question 15:

When generating a protection configuration from an auto-learning report what critical step must you do before generating the final protection configuration?

A. Restart the FortiWeb to clear the caches

B. Drill down in the report to correct any false positives.

C. Activate the report to create t profile

D. Take the FortiWeb offline to apply the profile

Correct Answer: B

Every free sharing of Fortinet NSE6_FWB-6.4 exam questions is the hard work of our Fortinet team, and we hope to help you improve your strength!
Now, use NSE6_FWB-6.4 PDF dumps or NSE6_FWB-6.4 VCE dumps: https://www.leads4pass.com/nse6_fwb-6-4.html (both formats contain the latest exam questions and answers!)
Also, get 15% off with code “Fortinet”!

If you haven’t started studying for the Fortinet NSE6_FWB-6.4 exam, or are still on the sidelines, you can first practice online to improve your strength.
However, if you want to start your NSE6_FWB-6.4 journey early, these Fortinet NSE6_FWB-6.4 dumps can still be relevant and useful as you prepare for the exam.