NSE6_FWB-6.4試験問題集を提供していますFortinet問題 [Q13-Q33]

NSE6_FWB-6.4試験問題集を提供していますFortinet問題

NSE6_FWB-6.4認定ガイドPDFはリアル試験問題で100%カバー率

質問 # 13
Under what circumstances would you want to use the temporary uncompress feature of FortiWeb?

• A. In the case of the file being an .MP4 video
• B. In the case of compression being done on the web server, to inspect the content of the compressed file.
• C. In the case of compression being done on the FortiWeb, to inspect the content of the compressed file
• D. In the case of the file being a .MP3 music file

正解：B

質問 # 14
Which statement about local user accounts is true?

• A. They are best suited for large environments with many users.
• B. They can be used for SSO.
• C. They must be assigned, regardless of any other authentication.
• D. They cannot be used for site publishing.

正解：D

質問 # 15
FortiWeb offers the same load balancing algorithms as FortiGate.
Which two Layer 7 switch methods does FortiWeb also offer? (Choose two.)

• A. HTTP session-based round robin
• B. Round robin
• C. HTTP content routes
• D. HTTP user-based round robin

正解：B、C

質問 # 16
How does offloading compression to FortiWeb benefit your network?

• A. free up resources on the FortiGate
• B. reduces file size on the client's storage
• C. free up resources on the database server
• D. Free up resources on the web server

正解：D

質問 # 17
You are deploying FortiWeb 6.4 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are incorrect? (Choose two.)

• A. 0
• B. 1
• C. 2
• D. 3

正解：B、C

質問 # 18
True transparent proxy mode is best suited for use in which type of environment?

• A. New networks where infrastructure is not yet defined
• B. Environments where you cannot change the IP addressing scheme
• C. Small office to home office environments
• D. Flexible environments where you can easily change the IP addressing scheme

正解：D

解説：
Explanation
"Because blocking is not guaranteed to succeed in offline mode, this mode is best used during the evaluation and planning phase, early in implementation. Reverse proxy is the most popular operating mode. It can rewrite URLs, offload TLS, load balance, and apply NAT. For very large MSSP, true transparent mode has a significant advantage. You can drop it in without changing any schemes of limited IPv4 space-in transparent mode, you don't need to give IP addresses to the network interfaces on FortiWeb."

質問 # 19
How does your FortiWeb configuration differ if the FortiWeb is upstream of the SNAT device instead of downstream of the SNAT device?

• A. You must enable "Add" X-Forwarded-For: instead of the "Use" X-Forwarded-For: option.
• B. No special configuration required
• C. FortiWeb must be set for Transparent Mode
• D. You must enable the "Use" X-Forwarded-For: option.

正解：A

質問 # 20
Refer to the exhibit.

FortiWeb is configured to block traffic from Japan to your web application server. However, in the logs, the administrator is seeing traffic allowed from one particular IP address which is geo-located in Japan.
What can the administrator do to solve this problem? (Choose two.)

• A. If the IP address is configured as an IP reputation exception, remove it.
• B. Manually update the geo-location IP addresses for Japan.
• C. Configure the IP address as a blacklisted IP address.
• D. If the IP address is configured as a geo reputation exception, remove it.

正解：C、D

質問 # 21
Which two statements about the anti-defacement feature on FortiWeb are true? (Choose two.)

• A. Anti-defacement does not make a backup copy of your databases.
• B. Anti-defacement downloads a copy of your website to RAM, in order to restore a clean image, if it detects defacement.
• C. Anti-defacement can redirect users to a backup web server, if it detects a change.
• D. FortiWeb will only check to see if there are changes on the web server; it will not download the whole file each time.

正解：A、D

解説：
Explanation
Anti-defacement backs up web pages only, not databases.
If it detects any file changes, the FortiWeb appliance will download a new backup revision.

質問 # 22
An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods.
What FortiWeb feature should you configure?

• A. Configure FortiWeb to use "X-Forwarded-For:" headers to find each client's private network IP, and to block attacks using that.
• B. Enable "Shared IP" and configure the separate rate limits for requests from NATted source IPs.
• C. Configure a server policy that matches requests from shared Internet connections.
• D. Enable SYN cookies.

正解：D

質問 # 23
What key factor must be considered when setting brute force rate limiting and blocking?

• A. Multiple clients from geographically diverse locations
• B. Multiple clients sharing a single Internet connection
• C. Multiple clients connecting to multiple resources
• D. A single client contacting multiple resources

正解：B

解説：
Explanation
https://training.fortinet.com/course/view.php?id=3363 What is one key factor that you must consider when setting brute force rate limiting and blocking? Multiple clients sharing a single Internet connection

質問 # 24
Refer to the exhibit.

FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.
What must the administrator do to avoid this problem? (Choose two.)

• A. No Special configuration is required; connectivity will be re-established after the set timeout.
• B. Enable the Use X-Forwarded-For setting on FortiWeb.
• C. Place FortiWeb in front of FortiADC.
• D. Enable the Add X-Forwarded-For setting on FortiWeb.

正解：B、C

解説：
Explanation
Configure your load balancer to insert or append to an X-Forwarded-For:, X-Real-IP:, or other HTTP X-header. Also configure FortiWeb to find the original attacker's or client's IP address in that HTTP header

質問 # 25
Which three statements about HTTPS on FortiWeb are true? (Choose three.)

• A. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
• B. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.
• C. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.
• D. In true transparent mode, the TLS session terminator is a protected web server.
• E. After enabling HSTS, redirects to HTTPS are no longer necessary.

正解：B、C、D

質問 # 26
How does an ADOM differ from a VDOM?

• A. ADOMs do not have virtual networking
• B. Allows you to have 1 administrator for multiple tenants
• C. ADOMs only affect specific functions, and do not provide full separation like VDOMs do.
• D. ADOMs improve performance by offloading some functions.

正解：A

質問 # 27
What benefit does Auto Learning provide?

• A. Automatically identifies and blocks suspicious IPs
• B. Automatically builds rules sets
• C. Automatically blocks all detected threats
• D. FortiWeb scans all traffic without taking action and makes recommendations on rules

正解：B

質問 # 28
Which algorithm is used to build mathematical models for bot detection?

• A. HMM
• B. HCM
• C. SVM
• D. SVN

正解：C

解説：
Explanation
FortiWeb uses SVM (Support Vector Machine) algorithm to build up the bot detection model

質問 # 29
You are configuring FortiAnalyzer to store logs from FortiWeb.
Which is true?

• A. FortiAnalyzer will store antivirus and DLP archives from FortiWeb.
• B. FortiWeb will query FortiAnalyzer for reports, instead of generating them locally.
• C. You must enable ADOMs on FortiAnalyzer.
• D. To store logs from FortiWeb 6.4, on FortiAnalyzer, you must select "FrotiWeb 6.1".

正解：C

質問 # 30
Which of the following is true about Local User Accounts?

• A. Best suited for large environments with many users
• B. Must be assigned regardless of any other authentication
• C. Can be used for Single Sign On
• D. Can be used for site publishing

正解：D

質問 # 31
When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?

• A. If you are an enterprise whose resources do not need security
• B. If you are an enterprise whose computers all trust your active directory or other CA server
• C. If you are an enterprise whose employees use only mobile devices
• D. If you are a small business or home office

正解：B

質問 # 32
When the FortiWeb is configured in Reverse Proxy mode and the FortiGate is configured as an SNAT device, what IP address will the FortiGate's Real Server configuration point at?

• A. IP Address of the Virtual Server on the FortiWeb
• B. Server's real IP
• C. FortiWeb's real IP
• D. Virtual Server IP on the FortiGate

正解：D

質問 # 33
......

Fortinet NSE6_FWB-6.4試験は、Webアプリケーションセキュリティの分野におけるITプロフェッショナルの知識とスキルを評価するために設計された認定試験です。この試験は、Fortinetが提供する多数の認定試験の1つであり、FortinetのFortiWeb 6.4テクノロジーの技術的な知識と能力を検証したい個人を対象としています。

Fortinet NSE6_FWB-6.4試験に合格するためには、FortiWeb 6.4の機能と機能性に関する知識、およびアプリケーションファイアウォールを構成および管理する能力を示さなければなりません。試験は、複数選択肢の問題と実習演習から構成され、候補者のFortiWebアプリケーションファイアウォールに関連する問題のトラブルシューティングと解決能力をテストします。試験に合格すると、候補者はネットワークおよびセキュリティ管理分野のキャリア向上のために業界専門家から貴重な資格と認識されるFortiWeb 6.4のFortinet NSE 6認定を受けます。

 

合格させるNSE6_FWB-6.4試験にはリアル問題解答：https://www.jpntest.com/shiken/NSE6_FWB-6.4-mondaishu