更新された2022年02月21日検証済み！NSE6_FWB-6.1問題集と解答で100%合格できる [Q12-Q29]

更新された2022年02月21日検証済み！NSE6_FWB-6.1問題集と解答で100%合格できる

2022年最新のの問題NSE6_FWB-6.1問題集を試そう！更新されたFortinet試験合格させます

質問 12
What is one of the key benefits of the FortiGuard IP reputation feature?

• A. It provides a document of IP addresses that are suspect, so that administrators can manually update their blacklists.
• B. It maintains a list of public IPs with a bad reputation for participating in attacks.
• C. It is updated once per year.
• D. It maintains a list of private IP addresses.

正解: B

解説:
FortiGuard IP Reputation service assigns a poor reputation, including virus-infected clients and malicious spiders/crawlers.

 

質問 13
Which three statements about HTTPS on FortiWeb are true? (Choose three.)

• A. In transparent inspection mode, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
• B. After enabling HSTS, redirects to HTTPS are never needed.
• C. In true transparent mode, the TLS session terminator is a protected web server.
• D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to offer only TLS 1.2.
• E. For SNI, you select the certificate that FortiWeb presents in the server pool, not in the server policy.

正解: A,C,E

 

質問 14
Refer to the exhibit.

Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate.
What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?

• A. Change Action under Action Settings to Alert
• B. Disable Dynamically Update Model
• C. Enable Bot Confirmation
• D. Change Model Type to Strict

正解: C

解説:
Bot Confirmation
If the number of anomalies from a user has reached the Anomaly Count, the system executes Bot Confirmation before taking actions.
The Bot Confirmation is to confirm if the user is indeed a bot. The system sends RBE (Real Browser Enforcement) JavaScript or CAPTCHA to the client to double check if it's a real bot.

 

質問 15
When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?

• A. If you are a small business or home office
• B. If you are an enterprise whose computers all trust your active directory or other CA server
• C. If you are an enterprise whose employees use only mobile devices
• D. If you are an enterprise whose resources do not need security

正解: D

解説:
This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates. The reason why they're considered different from traditional certificate-authority signed certificates is that they're created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.

 

質問 16
Refer to the exhibit.

There is only one administrator account configured on FortiWeb. What must an administrator do to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?

• A. Configure IPv4 Trusted Host # 3 with a specific IP address.
• B. The configuration changes must be made on the upstream device.
• C. Change the Access Profile to Read_Only.
• D. Delete the built-in administrator user and create a new one.

正解: D

 

質問 17
A client is trying to start a session from a page that would normally be accessible only after the client has logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

• A. Allow the page access, but log the violation
• B. Prompt the client to authenticate
• C. Redirect the client to the login page
• D. Display an access policy message, then allow the client to continue
• E. Reply with a 403 Forbidden HTTP error

正解: A,C,E

 

質問 18
When viewing the attack logs on FortiWeb, which client IP address is shown when you are using XFF header rules?

• A. Client real IP
• B. FortiGate local IP
• C. FortiWeb IP
• D. FortiGate public IP

正解: A

解説:
When an XFF header reaches Alteon from a client, Alteon removes all the content from the header and injects the client IP address. Alteon then forwards the header to the server.

 

質問 19
Refer to the exhibits.


FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on the configuration shown in the exhibits, which of the following statements is true?

• A. The configuration is incorrect. FortiWeb should always be located upstream to FortiGate.
• B. FortiGate should forward web traffic to the server pool IP addresses.
• C. FortiGate should forward web traffic to virtual server IP address.
• D. You must disable the Preserve Client IP setting on FotriGate for this configuration to work.

正解: C

 

質問 20
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)

• A. Transparent inspection
• B. Offline protection
• C. Reverse proxy
• D. True transparent proxy

正解: B,D

解説:
FortiWeb appliances operating in offline protection mode or either of the transparent modes

 

質問 21
When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform the browser of the new URL? (Choose two.)

• A. 0
• B. 1
• C. 2
• D. 3

正解: A,C

 

質問 22
True transparent proxy mode is best suited for use in which type of environment?

• A. Environments where you cannot change the IP addressing scheme
• B. New networks where infrastructure is not yet defined
• C. Small office to home office environments
• D. Flexible environments where you can easily change the IP addressing scheme

正解: A

解説:
Does not require changes to the IP address scheme of the network. Requests are destined for a web server and not the FortiWeb appliance. This operation mode supports the same feature set as True Transparent Proxy mode.

 

質問 23
You are using HTTP content routing on FortiWeb. You want requests for web application A to be forwarded to a cluster of web servers, which all host the same web application. You want requests for web application B to be forwarded to a different, single web server.
Which statement about this solution is true?

• A. You must put the single web server in to a server pool, in order to use it with HTTP content routing.
• B. Static or policy-based routes are not required.
• C. You must chain policies so that requests for web application A go to the virtual server for policy A, and requests for web application B go to the virtual server for policy B.
• D. The server policy applies the same protection profile to all of its protected web applications.

正解: B

 

質問 24
......

最新のNSE6_FWB-6.1試験問題集でFortinetトレーニング試験には：https://www.jpntest.com/shiken/NSE6_FWB-6.1-mondaishu