FCP_FWB_AD-7.4 Exam - Free Fortinet Questions and Answers

Question #1 (Topic: Exam A)

Which implementation is most suited for a deployment that must meet PCI DSS compliance criteria?

A. SSL offloading with FortiWeb in reverse proxy mode B. SSL offloading with FortiWeb in PCI DSS mode C. SSL offloading with FortiWeb in transparency mode D. SSL offloading with FortiWeb in full transparent proxy mode

Answer: B

Question #2 (Topic: Exam A)

Review the following configuration:

What are two routing behaviors that you can expect on FortiWeb after this configuration change? (Choose two.)

A. Non-HTTP traffic routed through the FortiWeb is allowed. B. IPv6 routing is enabled. C. Non-HTTP traffic destined to the FortiWeb virtual server IP address is dropped. D. Only ICMP traffic is allowed. All other traffic is dropped.

Answer: AC

Question #3 (Topic: Exam A)

An attacker attempts to send an SQL injection attack containing the known attack string 'root'; -- through an API call.
Which FortiWeb inspection feature will be able to detect this attack the quickest?

A. API gateway rule B. Known signatures C. Machine learning (ML)-based API protection—anomaly detection D. ML-based API protection—threat detection

Answer: B

Question #4 (Topic: Exam A)

Refer to the exhibit.

What are two additional configuration elements that you must be configure for this API gateway? (Choose two.)

A. You must define rate limits. B. You must define URL prefixes. C. You must select a setting in the Allow User Group field. D. You must enable and configure Host Status.

Answer: AB

Question #5 (Topic: Exam A)

Which would be a reason to implement HTTP rewriting?

A. To redirect HTTP to HTTPS. B. To implement load balancing. C. To replace a vulnerable element in a requested URL. D. The original page has moved to a new URL.

Answer: C

Fortinet FCP_FWB_AD-7.4 - FCP - FortiWeb 7.4 Administrator Exam