NEW QUESTION 1
Reverse-proxy mode is best suited for use in which type of environment?

• A. New networks where infrastructure is not yet defined
• B. Environments where you cannot change your IP addressing scheme
• C. Flexible environments where you can easily change the IP addressing scheme
• D. Small Office/Home Office environments

Answer: B

NEW QUESTION 2
You’ve configured an authentication rule with delegation enabled on FortiWeb. Whathappens when a user tries to access the web application?

• A. FrotiWeb redirects users to a FortiAuthenticator page, then if the user authenticates successfully, FortiGate signals to FortiWeb to allow access to the web app
• B. ForitWeb redirects the user tothe web app’s authentication page
• C. FortiWeb forwards the HTTP challenge from the server to the client, then monitors the reply, allowing access if the user authenticates successfully
• D. FortiWeb replies with a HTTP challenge of behalf of the server, theif the user authenticates successfully, FortiWeb allows the request and also includes credentials in the request that it forwards to the web app

Answer: A

NEW QUESTION 3
In which operation mode(s) can FortiWeb modify HTTP packets? (Choose two.)

• A. Transparent Inspection
• B. Offlineprotection
• C. True transparent proxy
• D. Reverse proxy

Answer: D

NEW QUESTION 4
Which of the followingwould be a reason for implementing rewrites?

• A. Page has been moved to a new URL
• B. Page has been moved to a new IP address
• C. Replace vulnerable functions.
• D. Send connection to secure channel

Answer: A

NEW QUESTION 5
Which of the following is true about Local User Accounts?

• A. Must be assigned regardless of any other authentication
• B. Can be used for Single Sign On
• C. Can be used for site publishing
• D. Best suited for large environments with many users

Answer: A

NEW QUESTION 6
When viewing the attack logs on your FortiWeb, which IP Address is shown for the client when using XFF Header rules?

• A. FortiGate’s public IP
• B. FortiGate’s local IP
• C. FortiWeb’s IP
• D. Client’s real IP

Answer: D

NEW QUESTION 7
Which is true about HTTPS on FortiWeb? (Choose three.)

• A. For SNI, you select the certificate that FortiWeb will present in the server pool, not in the server policy.
• B. After enabling HSTS, redirects to HTTPS are no longer necessary.
• C. In true transparent mode, the TLS session terminator is a protected web server.
• D. Enabling RC4 protects against the BEAST attack, but is not recommended if you configure FortiWeb to only offer TLS 1.2.
• E. In transparent inspection mode, you select which certificate that FortiWeb will present in the server pool, not in the server policy.

Answer: ACE

NEW QUESTION 8
In Reverse proxy mode, how does FortiWeb handle traffic that does not match any defined policies?

• A. Non-matching traffic is allowed
• B. non-Matching traffic is held in buffer
• C. Non-matching traffic is Denied
• D. Non-matching traffic is rerouted to FortiGate

Answer: C

NEW QUESTION 9
......