更新されたPDF(2022年最新)実際にあるFortinet NSE6_FWB-6.1試験問題
検証済みのNSE6_FWB-6.1試験問題集PDF[2022年最新] 成功の秘訣はFast2test
質問 10
Which statement about local user accounts is true?
- A. They must be assigned, regardless of any other authentication.
- B. They cannot be used for site publishing.
- C. They are best suited for large environments with many users.
- D. They can be used for SSO.
正解: D
解説:
You can configure the Remedy Single Sign-On server to authenticate TrueSight Capacity Optimization users as local users.
質問 11
Which regex expression is the correct format for redirecting the URL http://www.example.com?
- A. www.example.com
- B. www/.example/.com
- C. www\.example\.com
- D. www\example\com
正解: A
解説:
\1://www.company.com/\2/\3
質問 12
Refer to the exhibit.
FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack occurs, FortiWeb blocks traffic based on the 192.0.2.1 source IP address, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to access the servers.
What must the administrator do to avoid this problem? (Choose two.)
- A. No Special configuration is required; connectivity will be re-established after the set timeout.
- B. Place FortiWeb in front of FortiADC.
- C. Enable the Use X-Forwarded-For setting on FortiWeb.
- D. Enable the Add X-Forwarded-For setting on FortiWeb.
正解: C,D
解説:
Configure your load balancer to insert or append to an X-Forwarded-For:, X-Real-IP:, or other HTTP X-header. Also configure FortiWeb to find the original attacker's or client's IP address in that HTTP header
質問 13
When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?
- A. If you are a small business or home office
- B. If you are an enterprise whose computers all trust your active directory or other CA server
- C. If you are an enterprise whose employees use only mobile devices
- D. If you are an enterprise whose resources do not need security
正解: D
解説:
This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates. The reason why they're considered different from traditional certificate-authority signed certificates is that they're created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
質問 14
When FortiWeb triggers a redirect action, which two HTTP codes does it send to the client to inform the browser of the new URL? (Choose two.)
- A. 0
- B. 1
- C. 2
- D. 3
正解: A,C
質問 15
Refer to the exhibit.
FortiWeb is configured to block traffic from Japan to your web application server. However, in the logs, the administrator is seeing traffic allowed from one particular IP address which is geo-located in Japan.
What can the administrator do to solve this problem? (Choose two.)
- A. Configure the IP address as a blacklisted IP address.
- B. If the IP address is configured as a geo reputation exception, remove it.
- C. Manually update the geo-location IP addresses for Japan.
- D. If the IP address is configured as an IP reputation exception, remove it.
正解: A,C
解説:
IP reputation leverages many techniques for accurate, early, and frequently updated identification of compromised and malicious clients so you can block attackers before they target your servers.
IP blacklisting is a method used to filter out illegitimate or malicious IP addresses from accessing your networks. Blacklists are lists containing ranges of or individual IP addresses that you want to block.
Reference:
https://www.imperva.com/learn/application-security/ip-blacklist/
質問 16
Refer to the exhibits.

FortiWeb is configured in reverse proxy mode and it is deployed downstream to FortiGate. Based on the configuration shown in the exhibits, which of the following statements is true?
- A. The configuration is incorrect. FortiWeb should always be located upstream to FortiGate.
- B. FortiGate should forward web traffic to the server pool IP addresses.
- C. FortiGate should forward web traffic to virtual server IP address.
- D. You must disable the Preserve Client IP setting on FotriGate for this configuration to work.
正解: C
質問 17
When viewing the attack logs on FortiWeb, which client IP address is shown when you are using XFF header rules?
- A. Client real IP
- B. FortiGate local IP
- C. FortiWeb IP
- D. FortiGate public IP
正解: A
解説:
When an XFF header reaches Alteon from a client, Alteon removes all the content from the header and injects the client IP address. Alteon then forwards the header to the server.
質問 18
Which would be a reason to implement HTTP rewriting?
- A. The original page has moved to a new IP address
- B. To replace a vulnerable function in the requested URL
- C. The original page has moved to a new URL
- D. To send the request to secure channel
正解: C
解説:
Create a new URL rewriting rule.
質問 19
True transparent proxy mode is best suited for use in which type of environment?
- A. Environments where you cannot change the IP addressing scheme
- B. New networks where infrastructure is not yet defined
- C. Small office to home office environments
- D. Flexible environments where you can easily change the IP addressing scheme
正解: A
解説:
Does not require changes to the IP address scheme of the network. Requests are destined for a web server and not the FortiWeb appliance. This operation mode supports the same feature set as True Transparent Proxy mode.
質問 20
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)
- A. Transparent inspection
- B. Offline protection
- C. Reverse proxy
- D. True transparent proxy
正解: B,D
解説:
FortiWeb appliances operating in offline protection mode or either of the transparent modes
質問 21
What is one of the key benefits of the FortiGuard IP reputation feature?
- A. It provides a document of IP addresses that are suspect, so that administrators can manually update their blacklists.
- B. It maintains a list of public IPs with a bad reputation for participating in attacks.
- C. It is updated once per year.
- D. It maintains a list of private IP addresses.
正解: B
解説:
FortiGuard IP Reputation service assigns a poor reputation, including virus-infected clients and malicious spiders/crawlers.
質問 22
......
ベストを体験せよ!NSE6_FWB-6.1試験問題トレーニングを提供しています:https://jp.fast2test.com/NSE6_FWB-6.1-premium-file.html