FCP_FWB_AD-7.4 Exam Dumps - Fortinet Public Cloud Security Questions and Answers

The best way to limit brute force login attacks on FortiWeb is to configure a brute force login custom policy. FortiWeb provides the ability to detect and mitigate brute force login attempts by automatically limiting the number of failed login attempts within a specific time period. This approach allows you to block or rate limit suspicious IP addresses while still allowing legitimate users access, based on your configuration.

When FortiWeb is deployed upstream of a device performing source network address translation (SNAT) or load balancing, the original client IP address may be lost. To preserve the original client IP address, you must enable and configure the Preserve Client IP setting on FortiWeb. This allows FortiWeb to retain and pass the client's original IP address to the backend servers for accurate logging and processing.

Making a secondary HTTPS connection to a server where FortiWeb acts as a client: When FortiWeb needs to connect to an external server via HTTPS (acting as a client), it may use its own certificates for that connection.

An administrator session connecting to the GUI using HTTPS: FortiWeb uses its own certificates to secure the HTTPS connection between the administrator and the FortiWeb GUI. This ensures secure access for management purposes.

The Payment Card Industry Data Security Standard (PCI DSS) sets forth security requirements to protect cardholder data. Requirement 6.6 specifically mandates that public-facing web applications be protected against known attacks by either:​Exclusive Networks+3Gordion+3layer7solutions.com+3

Reviewing applications via manual or automated vulnerability security assessment tools or methods, at least annually and after any changes.​

Installing an automated technical solution that detects and prevents web-based attacks, such as a web application firewall (WAF), in front of public-facing web applications to continually inspect all traffic.​

FortiWeb, Fortinet's web application firewall, offers various deployment modes to protect web applications:​

Reverse Proxy Mode: FortiWeb acts as an intermediary, terminating client sessions and initiating sessions to the backend servers. This mode provides comprehensive protection and allows for features like SSL offloading, URL rewriting, and advanced routing capabilities.​

Transparent Mode: FortiWeb operates at Layer 2, inspecting traffic without modifying it, making it invisible to both clients and servers. This mode simplifies deployment as it doesn't require changes to the existing network topology.​

Full Transparent Proxy Mode: Combines aspects of both reverse proxy and transparent modes, providing inspection and modification capabilities while remaining transparent to network devices.​

PCI DSS Mode: A specialized deployment tailored to meet PCI DSS compliance requirements. This mode ensures that FortiWeb is configured with security policies and features aligned with PCI DSS standards, offering robust protection against threats targeting cardholder data.​

Given the need to meet PCI DSS compliance criteria, deploying FortiWeb inPCI DSS modeis the most appropriate choice. This mode is specifically designed to align with PCI DSS requirements, ensuring that all necessary security measures are in place to protect cardholder data

FortiWeb is a Web Application Firewall (WAF) designed to protect web applications from various threats. Among its features, FortiWeb supports Layer 7 routing methods, which operate based on the content of the HTTP/HTTPS traffic.​

HTTP Content Routingrefers to the capability of directing incoming web traffic to specific backend servers based on characteristics found within the HTTP requests, such as URL paths, headers, or other content. This allows for more granular and efficient distribution of traffic, ensuring that requests are handled by the appropriate servers based on their content.​

Analysis of Options:

A. URL policy routing: While this term suggests routing decisions based on URL policies, it is not a standard term used in FortiWeb's documentation. FortiWeb's content routing encompasses URL-based decisions, making this option less precise.​

B. OSPF (Open Shortest Path First): This is a Layer 3 routing protocol used for IP routing within an Autonomous System. It operates at the network layer and is not related to Layer 7 routing methods.​

C. BGP (Border Gateway Protocol): Another Layer 3 routing protocol, BGP is used for routing between Autonomous Systems on the internet. It does not pertain to Layer 7 or application-layer routing.​

D. HTTP content routing: This aligns with FortiWeb's capabilities to make routing decisions based on the content of HTTP requests, such as URL paths, headers, or other application-layer data. This is a Layer 7 routing method supported by FortiWeb.

Therefore, the correct answer isD. HTTP content routing.​

References:

FortiWeb 7.2.6 Administration Guide: "FortiWeb provides advanced Layer 7 load balancing and authentication offload services." ​cloud.orange-business.com

FortiWeb Data Sheet: "FortiWeb provides advanced Layer 7 load balancing and authentication offload services." ​Exclusive Networks

FortiWeb on OCB-FE - Installation and Deployment Guide: "FortiWeb provides advanced Layer 7 load balancing and authentication offload services." ​cloud.orange-business.com

These references confirm that FortiWeb supports HTTP content routing as a Layer 7 routing method.

In Fortinet's high availability (HA) configurations, integrating FortiWeb with a traffic distributor like FortiADC is best achieved using the Active-Active HA mode. This mode allows multiple FortiWeb appliances to operate simultaneously, distributing traffic loads and enhancing both performance and redundancy.​

FortiWeb supports several HA modes:​

Active-Passive: One appliance actively handles all traffic, while the other remains on standby, ready to take over if the active unit fails.​

Active-Active: Multiple appliances actively process traffic concurrently, sharing the load and providing redundancy.​

High Volume Active-Active: An enhanced version of Active-Active, designed for environments with exceptionally high traffic volumes.​

When integrating with a traffic distributor like FortiADC, the Active-Active mode is particularly advantageous. FortiADC can intelligently distribute incoming traffic across multiple active FortiWeb appliances, optimizing resource utilization and ensuring high availability. This setup not only balances the load but also provides fault tolerance; if one appliance becomes unavailable, FortiADC can redirect traffic to the remaining active units without service interruption.​

This collaborative approach between FortiWeb and FortiADC ensures that web applications remain secure, performant, and resilient against failures.

Cross-Site Scripting (XSS) is a type of web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This can lead to session hijacking, credential theft, or redirection to malicious sites. XSS attacks typically exploit vulnerabilities in web applications that fail to properly sanitize user input.

Here’s an analysis of the given options:

A. SELECT username FROM accounts WHERE username='admin';-- ' AND password='password';

This is an example ofSQL Injection (SQLi)rather than XSS. It manipulates SQL queries to bypass authentication, not execute JavaScript in a user’s browser.

B. <img src="http://badfile/nothere" onerror=alert(document.cookie);>

This is a classicXSS attack.

It uses an tag with a non-existent src attribute.

The onerror event triggers when the image fails to load, executing alert(document.cookie);, which can expose session cookies.

This method is commonly used forstealing cookies or executing arbitrary scripts.

C. SELECT username FROM accounts WHERE username='XSS' ' AND password='alert("http://badurl.com")';

This isneither a valid SQL injection nor a valid XSS attack.

The syntax suggests an incorrect SQL query rather than JavaScript execution in a browser.

D. <IMG SRC="xss.png">

This isnot a valid XSS attackunless there is an additional event handler like onload, onerror, or onmouseover executing JavaScript.

By itself, it just loads an image and does not execute any malicious script.

Thus,Option Bis the correct answer as it represents a real-world XSS attack technique.

References:

OWASP XSS Guide: https://owasp.org/www-community/attacks/xss/

Fortinet XSS Protection Documentation: https://docs.fortinet.com/

In the SVM plot of potential bot activity, you can see that the sample value (orange) is significantly different from the average value (green) and the maximum value (blue) in most of the metrics. This suggests unusual or abnormal behavior, indicating that the connection might be a bot. Typically, botsexhibit patterns that diverge from normal user activity, such as higher frequencies of certain types of requests, abnormal throughput, or an unusual pattern of HTTP requests (such as requests without referers or excessive TCP connections).

It does not affect denial-of-service (DoS) protection profile actions to rate limit traffic: Monitor mode allows FortiWeb to monitor traffic without impacting the protection profile actions, including rate limiting in the DoS protection profiles. Traffic will still be subjected to DoS protection actions like rate limiting, but FortiWeb will not block traffic unless a violation occurs.

It overrides all usual profile actions. FortiWeb accepts all requests and generates alert email or log messages only for violations: In monitor mode, FortiWeb will allow all traffic through and generate logs or alerts for any violations, but it will not take active actions like blocking requests or redirecting traffic. This allows you to observe the traffic patterns and potential threats without disrupting normal operations.

Bot ML models analyze multiple connections over time instead of analyzing each connection as a single unit: This is the key distinction. Bot ML models focus on analyzing patterns over a period of time, looking at behavioral patterns across multiple requests or connections from the same source to identify potential bot activity. Unlike traditional anomaly detection or API models that may focus on single connections or individual transactions, bot detection typically examines aggregated behavior to identify patterns indicative of bots, such as high-frequency requests or unusual traffic flows.