Question 1

Which is true about HTTPS on FortiWeb? (Choose three.)

Options :

A : In true transparent mode, the TLS session terminator is a protected web server.

B : In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

C : After enabling HSTS, redirects to HTTPS are no longer necessary.

D : For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.

E : Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.

Answer: A,B,D

Question 2

When integrating FortiWeb and FortiAnalyzer, why is the selection for FortiWeb Version critical?(Choose two)

Options :

A : Defines communication protocol

B : Defines Database Schema

C : Defines Log storage location

D : Defines Log file format

Answer: C,D

Question 3

Which regex expression is the correct format for redirecting the URL http://www.example.com?

Options :

A : www/.example/.com

B : www.example.com

C : www\example\com

D : www\.example\.com

Answer: B

Question 4

When configuring protected hostnames in FortiWeb, what is their primary purpose?

Options :

A : Defining NAT policies

B : Redirecting traffic to a specific URL

C : Identifying internal network resources

D : Blocking outgoing traffic

Answer: C

Question 5

In web application security, what does API protection primarily involve?

Options :

A : Safeguarding APIs from unauthorized access and abuse

B : Blocking SQL injection attacks

C : Encrypting HTML content

D : Monitoring server performance

Answer: A