Fortinet NSE 5 - FortiWeb 8.0 Administrator - NSE5_FWB_AD-8.0 FREE EXAM DUMPS QUESTIONS & ANSWERS

You are reviewing the FortiWeb integration with the Advanced Bot Protection (ABP) service.
Match each step in the ABP flow with its description.
Correct Answer:

Explanation:

The ABP workflow begins when FortiWeb challenges the browser by injecting JavaScript used to collect behavior data. The client browser then executes that JavaScript and sends the observed behavior information to the ABP service. FortiWeb then uses the ABP service decision process to determine whether the browser behavior looks human or automated. If the ABP service identifies the activity as malicious or bot-like, FortiWeb blocks the request before it reaches the protected application. If the request is validated as coming from a real user, FortiWeb allows the traffic to continue to the back-end server. The order is important because FortiWeb cannot allow or block based on ABP until browser behavior has first been collected and evaluated.
You are a FortiWeb administrator investigating an SQL injection attack on your company's customer portal.
The network firewall and intrusion prevention system (IPS) did not stop the attack.
You decide to deploy a web application firewall (WAF) to help prevent this type of attack.
Which two actions can you take to block application-layer threats? (Choose two.)
Correct Answer: B,D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Refer to the exhibits.


You are configuring a FortiWeb device in reverse proxy mode, placed downstream from a FortiGate. The server pool includes two back-end web servers: 10.1.1.21 and 10.1.1.22, and you've defined a health check policy.
After completing the server policy configuration and applying it to a virtual server, you notice that FortiWeb is not forwarding traffic to the back-end servers. No errors or health check failures appear in the logs.
Based on the configuration shown in the exhibit, which change should you make to restore back-end traffic flow?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
You are reviewing a report from your FortiWeb logs and notice a JavaScript payload like < script > document.
cookie < /script > is submitted through a product review form. The page doesn't filter the script, and when users view the review, their session cookies are exposed.
Why is this attack dangerous?
Correct Answer: A Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
0
0
0
10