Exam NSE5_FWB_AD-8.0 Topic 1 Question 36 Discussion

Actual exam question for Fortinet's NSE5_FWB_AD-8.0 exam
Question #: 36
Topic #: 1
A third-party penetration test reveals that users can bypass login controls through a mobile API. Your current FortiWeb configuration includes zero trust network access (ZTNA) profiles and cookie security, but API protection and client management are not enabled. The security team asks you to recommend the most effective way to close this gap.
Which FortiWeb adjustment would best prevent future unauthorized API access?

Suggested Answer: B Vote an answer

The issue is unauthorized access through a mobile API, so the control must enforce API-specific identity and access rules. FortiWeb API protection can validate API structure, methods, paths, and authorization requirements, while client management can help associate requests with legitimate clients or authenticated users. ZTNA profiles and cookie security can help with access and session protection, but they do not replace API-specific authorization controls. Switching reverse-proxy mode to bypass cookie controls makes no sense and could weaken protection. Replacing ZTNA with bot protection addresses a different problem: automation, not API authorization. Logging only records activity after the fact and does not prevent bypass. The correct action is to enable API protection and client management for mobile API traffic.

by Maximilian at Jul 10, 2026, 10:49 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10