• Home
  • Articles
  • [Aug 31, 2022] NSE6_FWB-6.1 certification guide Q&A from Training Expert Prep4cram [Q17-Q38]

[Aug 31, 2022] NSE6_FWB-6.1 certification guide Q&A from Training Expert Prep4cram [Q17-Q38]

Share

[Aug 31, 2022] NSE6_FWB-6.1 certification guide Q&A from Training Expert Prep4cram

NSE6_FWB-6.1 Certification Overview Latest NSE6_FWB-6.1 PDF Dumps


Prerequisites of Fortinet NSE6_FWB-6.1 Exam

Familiarity with the deployment and configuration of Fortinet solutions in Azure

 

NEW QUESTION 17
When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?

  • A. If you are an enterprise whose computers all trust your active directory or other CA server
  • B. If you are an enterprise whose employees use only mobile devices
  • C. If you are a small business or home office
  • D. If you are an enterprise whose resources do not need security

Answer: D

Explanation:
This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates. The reason why they're considered different from traditional certificate-authority signed certificates is that they're created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.

 

NEW QUESTION 18
Refer to the exhibit.

There is only one administrator account configured on FortiWeb. What must an administrator do to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?

  • A. The configuration changes must be made on the upstream device.
  • B. Change the Access Profile to Read_Only.
  • C. Configure IPv4 Trusted Host # 3 with a specific IP address.
  • D. Delete the built-in administrator user and create a new one.

Answer: D

 

NEW QUESTION 19
True transparent proxy mode is best suited for use in which type of environment?

  • A. Small office to home office environments
  • B. New networks where infrastructure is not yet defined
  • C. Environments where you cannot change the IP addressing scheme
  • D. Flexible environments where you can easily change the IP addressing scheme

Answer: C

Explanation:
Does not require changes to the IP address scheme of the network. Requests are destined for a web server and not the FortiWeb appliance. This operation mode supports the same feature set as True Transparent Proxy mode.

 

NEW QUESTION 20
What must you do with your FortiWeb logs to ensure PCI DSS compliance?

  • A. Store in an off-site location
  • B. Compress them into a .zip file format
  • C. Enable masking of sensitive data
  • D. Erase them every two weeks

Answer: C

 

NEW QUESTION 21
Which algorithm is used to build mathematical models for bot detection?

  • A. SVN
  • B. HCM
  • C. HMM
  • D. SVM

Answer: D

Explanation:
FortiWeb uses SVM (Support Vector Machine) algorithm to build up the bot detection model

 

NEW QUESTION 22
Refer to the exhibit.

FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.
What must the administrator do to avoid this problem? (Choose two.)

  • A. Place FortiWeb in front of FortiADC.
  • B. Enable the Use X-Forwarded-For setting on FortiWeb.
  • C. No Special configuration is required; connectivity will be re-established after the set timeout.
  • D. Enable the Add X-Forwarded-For setting on FortiWeb.

Answer: B,D

Explanation:
Configure your load balancer to insert or append to an X-Forwarded-For:, X-Real-IP:, or other HTTP X-header. Also configure FortiWeb to find the original attacker's or client's IP address in that HTTP header

 

NEW QUESTION 23
FortiWeb offers the same load balancing algorithms as FortiGate.
Which two Layer 7 switch methods does FortiWeb also offer? (Choose two.)

  • A. HTTP content routes
  • B. HTTP user-based round robin
  • C. Round robin
  • D. HTTP session-based round robin

Answer: A,C

Explanation:
Reference:
http://fortinet.globalgate.com.ar/pdfs/FortiWeb/FortiWeb_DS.pdf

 

NEW QUESTION 24
Which statement about local user accounts is true?

  • A. They cannot be used for site publishing.
  • B. They must be assigned, regardless of any other authentication.
  • C. They can be used for SSO.
  • D. They are best suited for large environments with many users.

Answer: C

Explanation:
You can configure the Remedy Single Sign-On server to authenticate TrueSight Capacity Optimization users as local users.

 

NEW QUESTION 25
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)

  • A. Offline protection
  • B. Transparent inspection
  • C. Reverse proxy
  • D. True transparent proxy

Answer: A,D

Explanation:
FortiWeb appliances operating in offline protection mode or either of the transparent modes

 

NEW QUESTION 26
Refer to the exhibit.

FortiWeb is configured to block traffic from Japan to your web application server. However, in the logs, the administrator is seeing traffic allowed from one particular IP address which is geo-located in Japan.
What can the administrator do to solve this problem? (Choose two.)

  • A. If the IP address is configured as a geo reputation exception, remove it.
  • B. If the IP address is configured as an IP reputation exception, remove it.
  • C. Manually update the geo-location IP addresses for Japan.
  • D. Configure the IP address as a blacklisted IP address.

Answer: C,D

Explanation:
IP reputation leverages many techniques for accurate, early, and frequently updated identification of compromised and malicious clients so you can block attackers before they target your servers.
IP blacklisting is a method used to filter out illegitimate or malicious IP addresses from accessing your networks. Blacklists are lists containing ranges of or individual IP addresses that you want to block.
Reference:
https://www.imperva.com/learn/application-security/ip-blacklist/

 

NEW QUESTION 27
Which two statements about the anti-defacement feature on FortiWeb are true? (Choose two.)

  • A. Anti-defacement does not make a backup copy of your databases.
  • B. Anti-defacement can redirect users to a backup web server, if it detects a change.
  • C. FortiWeb will only check to see if there are changes on the web server; it will not download the whole file each time.
  • D. Anti-defacement downloads a copy of your website to RAM, in order to restore a clean image, if it detects defacement.

Answer: A,C

Explanation:
Anti-defacement backs up web pages only, not databases.
If it detects any file changes, the FortiWeb appliance will download a new backup revision.

 

NEW QUESTION 28
When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform the browser of the new URL? (Choose two.)

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A,C

 

NEW QUESTION 29
......

The Best Fortinet NSE6_FWB-6.1 Study Guides and Dumps of 2022: https://pass4sure.prep4cram.com/NSE6_FWB-6.1-exam-cram.html

Related Articles

more
Fortinet NSE6_FWB-6.1 Certification Practice Exam

Prep4cram is an excellent team of professionals that provide all of the best exam cram sheets and exam preparations that will help you magnificently prepare for certification exams. Our passing rate of exam prep is higher and higher.

Latest Exam Cram

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Prep4cram NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy