Fortinet FCP_FWB_AD-7.4 FCP - FortiWeb 7.4 Administrator Exam Practice Test

In Active-Passive high availability (HA) mode, the active unit is responsible for handling traffic while the passive unit remains idle, ready to take over in case of a failure. When a failover occurs, the active unit sends out gratuitous ARP messages to notify neighboring devices about the change in the active unit’s IP address. This ensures that the network devices update their ARP tables and can forward traffic to the new active unit.

In SAML (Security Assertion Markup Language) deployments, the Identity Provider (IdP) is responsible for storing and managing user authentication credentials, such as usernames and passwords. The IdP authenticates the user and then issues a SAML assertion to the Service Provider (SP), which allows the user to access services without needing to re-enter credentials.

When FortiWeb is deployed upstream of a device performing source network address translation (SNAT) or load balancing, the original client IP address may be lost. To preserve the original client IP address, you must enable and configure the Preserve Client IP setting on FortiWeb. This allows FortiWeb to retain and pass the client's original IP address to the backend servers for accurate logging and processing.

A self-signed certificate is useful when all the devices in your network can be configured to trust it. In this case, if your enterprise's computers trust the internal Active Directory or Certificate Authority (CA) server that signed the certificate, the self-signed certificate can be used internally for HTTPS connections without raising trust issues.

HTTP rewriting is a feature in FortiWeb that allows administrators to modify HTTP requests and responses for various purposes, including security enhancements, user experience improvements, and application functionality. One common use case for HTTP rewriting is to redirect HTTP traffic to HTTPS, ensuring that all communications between clients and the server are encrypted and secure.​

Explanation of Options:

A. To redirect HTTP to HTTPS:This is a valid reason to implement HTTP rewriting. By rewriting incoming HTTP requests to HTTPS, administrators can enforce secure connections, protecting data integrity and confidentiality. FortiWeb supports this functionality, allowing seamless redirection from HTTP to HTTPS.​

B. To implement load balancing:Load balancing is not typically achieved through HTTP rewriting. Instead, it involves distributing network traffic across multiple servers to ensure availability and reliability. FortiWeb provides load balancing features, but these are separate from HTTP rewriting capabilities.​

C. To replace a vulnerable element in a requested URL:While HTTP rewriting can modify URLs, its primary purpose is not to replace vulnerable elements within URLs. Addressing vulnerabilities typically involves input validation, sanitization, and other security measures rather than rewriting URLs.​

D. The original page has moved to a new URL:This is another valid reason to implement HTTP rewriting. When a webpage's URL changes, rewriting rules can redirect requests from the old URL to the new one, ensuring users can still access the content without encountering errors.​

In summary, both options A and D are correct reasons to implement HTTP rewriting. However, in the context of FortiWeb's functionalities, redirecting HTTP to HTTPS (option A) is a common and significant use case, as it enhances security by ensuring encrypted connections.

The best way to limit brute force login attacks on FortiWeb is to configure a brute force login custom policy. FortiWeb provides the ability to detect and mitigate brute force login attempts by automatically limiting the number of failed login attempts within a specific time period. This approach allows you to block or rate limit suspicious IP addresses while still allowing legitimate users access, based on your configuration.

Place FortiWeb in front of FortiADC: This configuration change places FortiWeb between the client and FortiADC, so that FortiWeb can directly inspect and protect the incoming traffic before FortiADC applies SNAT (Source Network Address Translation). By placing FortiWeb in front, it will have access to the real client IP addresses, and it will be able to properly identify and handle attack traffic without blocking legitimate client traffic.

Enable and configure the Use X-Forwarded-For setting on FortiWeb: This setting allows FortiWeb to extract the original client IP address from the X-Forwarded-For header in the HTTP request, which is inserted by FortiADC when performing SNAT. With this setting enabled, FortiWeb will be able to block traffic based on the original client IP address rather than the SNATed IP address (192.0.2.1), preserving the accuracy of the security measures.

Cross-Site Scripting (XSS) is a type of web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This can lead to session hijacking, credential theft, or redirection to malicious sites. XSS attacks typically exploit vulnerabilities in web applications that fail to properly sanitize user input.

Here’s an analysis of the given options:

A. SELECT username FROM accounts WHERE username='admin';-- ' AND password='password';

This is an example ofSQL Injection (SQLi)rather than XSS. It manipulates SQL queries to bypass authentication, not execute JavaScript in a user’s browser.

B. <img src="http://badfile/nothere" onerror=alert(document.cookie);>

This is a classicXSS attack.

It uses an tag with a non-existent src attribute.

The onerror event triggers when the image fails to load, executing alert(document.cookie);, which can expose session cookies.

This method is commonly used forstealing cookies or executing arbitrary scripts.

C. SELECT username FROM accounts WHERE username='XSS' ' AND password='alert("http://badurl.com")';

This isneither a valid SQL injection nor a valid XSS attack.

The syntax suggests an incorrect SQL query rather than JavaScript execution in a browser.

D. <IMG SRC="xss.png">

This isnot a valid XSS attackunless there is an additional event handler like onload, onerror, or onmouseover executing JavaScript.

By itself, it just loads an image and does not execute any malicious script.

Thus,Option Bis the correct answer as it represents a real-world XSS attack technique.

References:

OWASP XSS Guide: https://owasp.org/www-community/attacks/xss/

Fortinet XSS Protection Documentation: https://docs.fortinet.com/

Making a secondary HTTPS connection to a server where FortiWeb acts as a client: When FortiWeb needs to connect to an external server via HTTPS (acting as a client), it may use its own certificates for that connection.

An administrator session connecting to the GUI using HTTPS: FortiWeb uses its own certificates to secure the HTTPS connection between the administrator and the FortiWeb GUI. This ensures secure access for management purposes.

In the configuration, the command set sample-limit-by-ip 0 disables the sample limit for any specific IP address. This means that during the machine learning (ML) running phase, FortiWeb will not limit the number of samples it accepts from the same IP address. Setting this to 0 effectively removes any restrictions on the number of samples from a given IP address.