Question 1

A client is trying to start a session from a page that should normally be accessible only after they have logged in.When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

Options :

A : Reply with a "403 Forbidden" HTTP error

B : Allow the page access, but log the violation

C : Prompt the client to authenticate

D : Display an access policy message, then allow the client to continue, redirecting them to their requested page

E : Automatically redirect the client to the login page

Answer: A,B,E

Question 2

When integrating FortiWeb and FortiAnalyzer, why is the selection for FortiWeb Version critical?(Choose two)

Options :

A : Defines communication protocol

B : Defines Database Schema

C : Defines Log storage location

D : Defines Log file format

Answer: C,D

Question 3

Which algorithm is used to build mathematical models for bot detection?

Options :

A : HCM

B : SVM

C : SVN

D : HMM

Answer: B

Question 4

What is the primary purpose of configuring threat mitigation features in web application security?

Options :

A : Enhancing application performance

B : Optimizing database management

C : Improving user interface design

D : Protecting against malicious activities and attacks

Answer: D

Question 5

Which of the following is a common attack vector that API protection aims to mitigate?

Options :

A : Unauthorized access to APIs

B : Distributed Denial of Service (DDoS) attacks

C : SQL injection attacks

D : Cross-site scripting (XSS) attacks

Answer: A