[2022年最新] 完璧NSE6_FWB-6.1問題集問題と解答で一年無料最速更新
更新されたのは2022年リアルな無敵NSE6_FWB-6.1問題集で100% 無料NSE6_FWB-6.1試験問題集
質問 10
Which would be a reason to implement HTTP rewriting?
- A. The original page has moved to a new IP address
- B. To replace a vulnerable function in the requested URL
- C. The original page has moved to a new URL
- D. To send the request to secure channel
正解: C
解説:
Create a new URL rewriting rule.
質問 11
Which three statements about HTTPS on FortiWeb are true? (Choose three.)
- A. In transparent inspection mode, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
- B. After enabling HSTS, redirects to HTTPS are never needed.
- C. In true transparent mode, the TLS session terminator is a protected web server.
- D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to offer only TLS 1.2.
- E. For SNI, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
正解: A,C,E
質問 12
Refer to the exhibit.
FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.
What must the administrator do to avoid this problem? (Choose two.)
- A. No Special configuration is required; connectivity will be re-established after the set timeout.
- B. Place FortiWeb in front of FortiADC.
- C. Enable the Use X-Forwarded-For setting on FortiWeb.
- D. Enable the Add X-Forwarded-For setting on FortiWeb.
正解: C,D
解説:
Configure your load balancer to insert or append to an X-Forwarded-For:, X-Real-IP:, or other HTTP X-header. Also configure FortiWeb to find the original attacker's or client's IP address in that HTTP header
質問 13
Which algorithm is used to build mathematical models for bot detection?
- A. HCM
- B. HMM
- C. SVN
- D. SVM
正解: D
解説:
FortiWeb uses SVM (Support Vector Machine) algorithm to build up the bot detection model
質問 14
What can an administrator do if a client has been incorrectly period blocked?
- A. Force a new IP address to the client.
- B. Disconnect the client from the network.
- C. Nothing, it is not possible to override a period block.
- D. Manually release the ID address from the temporary blacklist.
正解: D
解説:
Block Period
Enter the number of seconds that you want to block the requests. The valid range is 1-3,600 seconds. The default value is 60 seconds.
This option only takes effect when you choose Period Block in Action.
Note: That's a temporary blacklist so you can manually release them from the blacklist.
質問 15
Refer to the exhibit.
Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate.
What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?
- A. Change Action under Action Settings to Alert
- B. Disable Dynamically Update Model
- C. Enable Bot Confirmation
- D. Change Model Type to Strict
正解: C
解説:
Bot Confirmation
If the number of anomalies from a user has reached the Anomaly Count, the system executes Bot Confirmation before taking actions.
The Bot Confirmation is to confirm if the user is indeed a bot. The system sends RBE (Real Browser Enforcement) JavaScript or CAPTCHA to the client to double check if it's a real bot.
質問 16
FortiWeb offers the same load balancing algorithms as FortiGate.
Which two Layer 7 switch methods does FortiWeb also offer? (Choose two.)
- A. Round robin
- B. HTTP session-based round robin
- C. HTTP content routes
- D. HTTP user-based round robin
正解: A,C
解説:
Reference:
http://fortinet.globalgate.com.ar/pdfs/FortiWeb/FortiWeb_DS.pdf
質問 17
What key factor must be considered when setting brute force rate limiting and blocking?
- A. Multiple clients from geographically diverse locations
- B. A single client contacting multiple resources
- C. Multiple clients connecting to multiple resources
- D. Multiple clients sharing a single Internet connection
正解: C
質問 18
What must you do with your FortiWeb logs to ensure PCI DSS compliance?
- A. Compress them into a .zip file format
- B. Store in an off-site location
- C. Erase them every two weeks
- D. Enable masking of sensitive data
正解: D
質問 19
Which two statements about running a vulnerability scan are true? (Choose two.)
- A. You should run the vulnerability scan on a live website to get accurate results.
- B. Vulnerability scanning increases the load on FortiWeb, so it should be avoided.
- C. You should run the vulnerability scan in a test environment.
- D. You should run the vulnerability scan during a maintenance window.
正解: C,D
解説:
Should the Vulnerability Scanner allow it, SVMS will set the scan schedule (or schedules) to run in a maintenance window. SVMS will advise Client of the scanner's ability to complete the scan(s) within the maintenance window.
Vulnerabilities on live web sites. Instead, duplicate the web site and its database in a test environment.
Reference:
https://help.fortinet.com/fweb/552/Content/FortiWeb/fortiweb-admin/vulnerability_scans.htm
質問 20
A client is trying to start a session from a page that would normally be accessible only after the client has logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)
- A. Allow the page access, but log the violation
- B. Prompt the client to authenticate
- C. Redirect the client to the login page
- D. Display an access policy message, then allow the client to continue
- E. Reply with a 403 Forbidden HTTP error
正解: A,C,E
質問 21
What role does FortiWeb play in ensuring PCI DSS compliance?
- A. It provides the WAF required by PCI.
- B. It provides the ability to securely process cash transactions.
- C. It provides credit card processing capabilities.
- D. It provides the required SQL server protection.
正解: C
解説:
FortiWeb protects against attacks that lead to sensitive data exposure such as SQL Injection and other injection types. Additionally, FortiWeb inspects all web server outgoing traffic for sensitive data such as Social Security numbers, credit card numbers and other predefined or custom based sensitive data.
質問 22
......
NSE6_FWB-6.1問題集PDFとテストエンジン試験問題:https://www.jpntest.com/shiken/NSE6_FWB-6.1-mondaishu