Real NSE6_FWB-6.1 dumps - Real Fortinet dumps PDF in here [Dec-2021]
Realistic ExamsLabs NSE6_FWB-6.1 Dumps PDF - 100% Passing Guarantee
NEW QUESTION 17
True transparent proxy mode is best suited for use in which type of environment?
- A. Small office to home office environments
- B. Flexible environments where you can easily change the IP addressing scheme
- C. New networks where infrastructure is not yet defined
- D. Environments where you cannot change the IP addressing scheme
Answer: D
Explanation:
Does not require changes to the IP address scheme of the network. Requests are destined for a web server and not the FortiWeb appliance. This operation mode supports the same feature set as True Transparent Proxy mode.
NEW QUESTION 18
Which two statements about the anti-defacement feature on FortiWeb are true? (Choose two.)
- A. Anti-defacement downloads a copy of your website to RAM, in order to restore a clean image, if it detects defacement.
- B. Anti-defacement can redirect users to a backup web server, if it detects a change.
- C. Anti-defacement does not make a backup copy of your databases.
- D. FortiWeb will only check to see if there are changes on the web server; it will not download the whole file each time.
Answer: C,D
Explanation:
Anti-defacement backs up web pages only, not databases.
If it detects any file changes, the FortiWeb appliance will download a new backup revision.
NEW QUESTION 19
When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform the browser of the new URL? (Choose two.)
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A,C
NEW QUESTION 20
Which three statements about HTTPS on FortiWeb are true? (Choose three.)
- A. For SNI, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
- B. In transparent inspection mode, you select the certificate that FortiWeb presents in the server pool, not in the server policy.
- C. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to offer only TLS 1.2.
- D. In true transparent mode, the TLS session terminator is a protected web server.
- E. After enabling HSTS, redirects to HTTPS are never needed.
Answer: A,B,D
NEW QUESTION 21
Refer to the exhibit.
Many legitimate users are being identified as bots. FortiWeb bot detection has been configured with the settings shown in the exhibit. The FortiWeb administrator has already verified that the current model is accurate.
What can the administrator do to fix this problem, making sure that real bots are not allowed through FortiWeb?
- A. Enable Bot Confirmation
- B. Change Model Type to Strict
- C. Change Action under Action Settings to Alert
- D. Disable Dynamically Update Model
Answer: A
Explanation:
Bot Confirmation
If the number of anomalies from a user has reached the Anomaly Count, the system executes Bot Confirmation before taking actions.
The Bot Confirmation is to confirm if the user is indeed a bot. The system sends RBE (Real Browser Enforcement) JavaScript or CAPTCHA to the client to double check if it's a real bot.
NEW QUESTION 22
What can an administrator do if a client has been incorrectly period blocked?
- A. Manually release the ID address from the temporary blacklist.
- B. Nothing, it is not possible to override a period block.
- C. Force a new IP address to the client.
- D. Disconnect the client from the network.
Answer: A
Explanation:
Block Period
Enter the number of seconds that you want to block the requests. The valid range is 1-3,600 seconds. The default value is 60 seconds.
This option only takes effect when you choose Period Block in Action.
Note: That's a temporary blacklist so you can manually release them from the blacklist.
NEW QUESTION 23
A client is trying to start a session from a page that would normally be accessible only after the client has logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)
- A. Redirect the client to the login page
- B. Display an access policy message, then allow the client to continue
- C. Allow the page access, but log the violation
- D. Prompt the client to authenticate
- E. Reply with a 403 Forbidden HTTP error
Answer: A,C,E
NEW QUESTION 24
What must you do with your FortiWeb logs to ensure PCI DSS compliance?
- A. Erase them every two weeks
- B. Compress them into a .zip file format
- C. Enable masking of sensitive data
- D. Store in an off-site location
Answer: C
NEW QUESTION 25
Refer to the exhibit.
Based on the configuration, what would happen if this FortiWeb were to lose power? (Choose two.)
- A. Traffic will be interrupted between port3 and port4.
- B. All traffic will be interrupted.
- C. Traffic will pass between port5 and port6 uninspected.
- D. Traffic that passes between port5 and port6 will be inspected.
Answer: A,C
NEW QUESTION 26
Which statement about local user accounts is true?
- A. They are best suited for large environments with many users.
- B. They must be assigned, regardless of any other authentication.
- C. They cannot be used for site publishing.
- D. They can be used for SSO.
Answer: D
Explanation:
You can configure the Remedy Single Sign-On server to authenticate TrueSight Capacity Optimization users as local users.
NEW QUESTION 27
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)
- A. Transparent inspection
- B. Offline protection
- C. Reverse proxy
- D. True transparent proxy
Answer: B,D
Explanation:
FortiWeb appliances operating in offline protection mode or either of the transparent modes
NEW QUESTION 28
What key factor must be considered when setting brute force rate limiting and blocking?
- A. Multiple clients connecting to multiple resources
- B. Multiple clients sharing a single Internet connection
- C. A single client contacting multiple resources
- D. Multiple clients from geographically diverse locations
Answer: A
NEW QUESTION 29
......
Verified NSE6_FWB-6.1 dumps Q&As Latest NSE6_FWB-6.1 Download: https://www.examslabs.com/Fortinet/NSE-6-Network-Security-Specialist/best-NSE6_FWB-6.1-exam-dumps.html