You are hosting multiple secure web applications behind a single public IP address on FortiWeb.
When a client connects to a service, FortiWeb needs to:
Identify the correct SSL certificate.
Decrypt the request.
Route the request to the correct back-end server.
Match each FortiWeb function to the request handling step that performs the function.

Which situation best explains when a FortiWeb administrator should enable automatic HTTP-to-HTTPS redirection?
You are reviewing SSL-related issues on FortiWeb. An administrator reports that they receive a certificate warning when they access the FortiWeb GUI over HTTPS. Separately, your FortiWeb device also makes outbound HTTPS requests to a back-end API server.
In which two situations would FortiWeb use its own certificates to establish or secure the connection? (Choose two.)
You are reviewing a report from your FortiWeb logs and notice a JavaScript payload like < script > document.cookie < /script > is submitted through a product review form. The page doesn’t filter the script, and when users view the review, their session cookies are exposed.
Why is this attack dangerous?
Refer to the exhibit.

You are a FortiWeb administrator reviewing the biometrics-based detection rule shown in the exhibit. Your goal is to configure a rule that detects bots that avoid typical human interactions like using a mouse or clicking. You also want to log the detection event and apply a high-severity alert.
Based on the current configuration, which settings should you change to meet this goal?
A large enterprise has an existing web infrastructure with complex routing rules and static IP address assignments. The network administrators cannot modify the current IP address scheme, but they need FortiWeb to inspect and block threats like SQL injection and cross-site scripting (XSS) without changing the client-server communication flow.
In this situation, which FortiWeb operation mode is the most suitable?
You are setting up a FortiWeb policy to protect a customer login portal. Users connect to https://login.training.lab, and you want FortiWeb to forward those requests to a load-balanced pool of back-end servers.
Which three components must you configure to complete the server policy?
Your team is spending too much time digging through FortiWeb logs to investigate threats.
How can FortiAI improve this workflow?
Refer to the exhibit.

There is only one administrator account configured on FortiWeb and IPv6 is not configured on any interface.
Which action should an administrator take to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?
You need to monitor and respond to repeated suspicious activity from individual users who are accessing your web application.
Your goal is to evaluate each action the user takes and apply a response when their behavior becomes risky.
What can you configure on FortiWeb to track user behavior and respond automatically when risky activity continues?
|
PDF + Testing Engine
|
|---|
|
$49.5 |
|
Testing Engine
|
|---|
|
$37.5 |
|
PDF (Q&A)
|
|---|
|
$31.5 |
Fortinet Free Exams |
|---|
|