2025年最新の実際に出る無料Fortinet FCP_FWB_AD-7.4試験問題集と解答
FCP_FWB_AD-7.4練習テストエンジンで今すぐ試そう157試験問題
質問 # 76
What should you consider when troubleshooting threat detection and mitigation-related issues in a web application? (Select all that apply)
- A. Analyzing firewall policies
- B. Disabling security features temporarily
- C. Collecting and analyzing traffic data
- D. Reviewing web server logs
正解:A、C、D
質問 # 77
Which implementation is most suited for a deployment that must meet PCI DSS compliance criteria?
- A. SSL offloading with FortiWeb in transparency mode
- B. SSL offloading with FortiWeb in PCI DSS mode
- C. SSL offloading with FortiWeb in reverse proxy mode
- D. SSL offloading with FortiWeb in full transparent proxy mode
正解:B
解説:
The Payment Card Industry Data Security Standard (PCI DSS) sets forth security requirements to protect cardholder data. Requirement 6.6 specifically mandates that public-facing web applications be protected against known attacks by either:Exclusive Networks+3Gordion+3layer7solutions.com+3 Reviewing applications via manual or automated vulnerability security assessment tools or methods, at least annually and after any changes.
Installing an automated technical solution that detects and prevents web-based attacks, such as a web application firewall (WAF), in front of public-facing web applications to continually inspect all traffic.
FortiWeb, Fortinet's web application firewall, offers various deployment modes to protect web applications:
Reverse Proxy Mode: FortiWeb acts as an intermediary, terminating client sessions and initiating sessions to the backend servers. This mode provides comprehensive protection and allows for features like SSL offloading, URL rewriting, and advanced routing capabilities.
Transparent Mode: FortiWeb operates at Layer 2, inspecting traffic without modifying it, making it invisible to both clients and servers. This mode simplifies deployment as it doesn't require changes to the existing network topology.
Full Transparent Proxy Mode: Combines aspects of both reverse proxy and transparent modes, providing inspection and modification capabilities while remaining transparent to network devices.
PCI DSS Mode: A specialized deployment tailored to meet PCI DSS compliance requirements. This mode ensures that FortiWeb is configured with security policies and features aligned with PCI DSS standards, offering robust protection against threats targeting cardholder data.
Given the need to meet PCI DSS compliance criteria, deploying FortiWeb in PCI DSS mode is the most appropriate choice. This mode is specifically designed to align with PCI DSS requirements, ensuring that all necessary security measures are in place to protect cardholder data
質問 # 78
Which two statements about background rogue scanning are correct? (Choose two.)
- A. A dedicated radio configured for background scanning can detect rogue devices on all other channels in its configured frequency band.
- B. A dedicated radio configured for background scanning can support the connection of wireless clients
- C. When detecting rogue APs, a dedicated radio configured for background scanning can suppress the rogue AP
- D. Background rogue scanning requires DARRP to be enabled on the AP instance
正解:B、D
質問 # 79
An attacker attempts to send an SQL injection attack containing the known attack string 'root'; -- through an API call.
Which FortiWeb inspection feature will be able to detect this attack the quickest?
- A. API gateway rule
- B. ML-based API protection-threat detection
- C. Known signatures
- D. Machine learning (ML)-based API protection-anomaly detection
正解:C
解説:
The quickest detection for an SQL injection attack like the one described ('root'; --) would be through known signatures. FortiWeb utilizes signature-based detection to match incoming traffic against predefined attack patterns. Since SQL injection attacks are commonly known and have specific patterns (such as 'root'; --), known signatures would immediately recognize and flag this type of attack.
質問 # 80
What is a key consideration when identifying FortiWeb deployment requirements?
- A. Internet speed
- B. Hardware specifications
- C. Number of firewall policies
- D. Local user authentication
正解:B
質問 # 81
When is it possible to use a self-signed certificate, rather than one purchased from a commercial certificate authority?
- A. If you are an enterprise whose computers all trust your active directory or other CA server
- B. If you are an enterprise whose resources do not need security
- C. If you are an enterprise whose employees use only mobile devices
- D. If you are a small business or home office
正解:A
質問 # 82
Which of the following is a critical system setting that should be configured during FortiWeb deployment?
- A. Default web filtering policies
- B. DNS server settings
- C. Email notifications
- D. System time synchronization
正解:D
質問 # 83
Which factor is the best indicator of wireless client connection quality?
- A. Downstream link rate, the connection rate for the AP to the client
- B. The receive signal strength (RSS) of the client at the AP
- C. The channel utilization of the channel the client is using
- D. Upstream link rate, the connection rate for the client to the AP
正解:D
質問 # 84
Which two FortiWeb operation modes support machine learning? (Choose two.)
- A. True transparent proxy
- B. Reverse proxy
- C. Transparent proxy
- D. Offline protection
正解:A、B
質問 # 85
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)
- A. True transparent proxy
- B. Reverse proxy
- C. Transparent inspection
- D. Virtual proxy
正解:B、D
解説:
Virtual proxy: In virtual proxy mode, FortiWeb acts as an intermediary between clients and the server, and it can modify HTTP packets. It performs various security checks, such as inspecting and filtering HTTP traffic before forwarding it to the web server.
Reverse proxy: In reverse proxy mode, FortiWeb sits between the client and the server, handling incoming requests from clients, modifying or inspecting HTTP packets as needed, and forwarding them to the backend servers.
質問 # 86
Which two statements about distributed automatic radio resource provisioning (DARRP) are correct?
(Choose two.)
- A. DARRP requires that wireless intrusion detection (WIDS) be enabled to detect neighboring devices.
- B. DARRP performs continuous spectrum analysis to detect sources of interference. It uses this information to allow the AP to select the optimum channel.
- C. DARRP performs measurements of the number of BSSIDs and their signal strength (RSSI). The controller then uses this information to select the optimum channel for the AP.
- D. DARRP measurements can be scheduled to occur at specific times.
正解:C、D
質問 # 87
Examine the following code snippet:
servers:
- url: 'http://petstore.swagger.io/v1'
paths:
/pets:
get:
summary: List all pets
operationId: listPets
tags:
- pets
parameters:
- name: limit
in: query
description: How many items to return at one time (max 100)
required: true
schema:
$ref: '#/components/schemas/ref'
What is this a snippet from?
- A. An HTTP request restriction file
- B. An API machine learning (ML) configuration file
- C. An XML schema file
- D. An API schema file
正解:D
質問 # 88
Which FortiWeb configuration element is used to define rules for allowing or blocking specific types of traffic?
- A. High Availability (HA)
- B. Security profile
- C. Firewall policy
- D. Protected hostname
正解:C
質問 # 89
What is the primary purpose of a Content Security Policy (CSP) in web application security? (Select all that apply)
- A. Preventing cross-site scripting (XSS) attacks
- B. Enforcing strong password policies
- C. Controlling the sources of content that a web page can load
- D. Mitigating SQL injection attacks
正解:A、C
質問 # 90
When configuring threat mitigation features for a web application, what is the primary purpose of rate limiting?
- A. Identifying malicious IP addresses
- B. Preventing brute force attacks
- C. Optimizing web server performance
- D. Encrypting sensitive data
正解:B
質問 # 91
Which algorithm is used to build mathematical models for bot detection?
- A. HCM
- B. SVM
- C. SVN
- D. HMM
正解:B
質問 # 92
Refer to the exhibits.

What will happen when a client attempts a mousedown cross-site scripting (XSS) attack against the site http://my.blog.org/userl1/blog.php and FortiWeb is enforcing the highlighted signature?
- A. The connection will be allowed.
- B. The connection will be blocked as an XSS attack.
- C. The connection will be stripped of the mousedown JavaScript code.
- D. FortiWeb will report the new mousedown attack to FortiGuard.
正解:A
解説:
In the provided configuration, the signature exception has been set for the URL http://my.blog.org/user1V. This means that any request to this specific URL will bypass the signature ID 01000001, which is designed to block cross-site scripting (XSS) attacks using the mousedown event. As the request comes from the URL http://my.blog.org/userl1/blog.php, which does not match the exception rule for http://my.blog.org/user1V, the attack will be allowed through.
Therefore, the connection will be allowed because the exception rule bypasses protection for the specified URL.
質問 # 93
In web application security, what does API protection primarily involve?
- A. Encrypting HTML content
- B. Blocking SQL injection attacks
- C. Monitoring server performance
- D. Safeguarding APIs from unauthorized access and abuse
正解:D
質問 # 94
Which operation mode does not require additional configuration in order to allow FTP traffic to your web server?
- A. Transparent Inspection
- B. Reverse-Proxy
- C. Offline Protection
- D. True Transparent Proxy
正解:A
質問 # 95
When configuring HTTP content routing, which factors should be considered for routing decisions?
(Select all that apply)
- A. User-agent header
- B. Destination port number
- C. HTTP request method
- D. Source IP address
正解:A、C
質問 # 96
When configuring protected hostnames in FortiWeb, what is their primary purpose?
- A. Redirecting traffic to a specific URL
- B. Blocking outgoing traffic
- C. Identifying internal network resources
- D. Defining NAT policies
正解:C
質問 # 97
Which command will enable debugging for the FortiWeb user tracking feature?
- A. diagnose debug application user-cracking 7
- B. diagnose debug enable user-cracking 7
- C. debug enable user-tracking 7
- D. debug application user-cracking 7
正解:A
解説:
To enable debugging for the user tracking feature in FortiWeb, you would use the command diagnose debug application user-tracking 7. This command enables debugging for the user-tracking application and sets the debug level to 7, providing detailed logs for troubleshooting.
質問 # 98
Which of the following is true about Local User Accounts?
- A. Best suited for large environments with many users
- B. Can be used for Single Sign On
- C. Can be used for site publishing
- D. Must be assigned regardless of any other authentication
正解:C
質問 # 99
......
試験合格保証付きのPublic Cloud Security FCP_FWB_AD-7.4試験問題集:https://jp.fast2test.com/FCP_FWB_AD-7.4-premium-file.html