FCP_FWB_AD-7.4 Free Exam Questions & Answers PDF Updated on Jan-2026 [Q50-Q68]

Share

FCP_FWB_AD-7.4 Free Exam Questions and Answers PDF Updated on Jan-2026

Latest FCP_FWB_AD-7.4 Exam Dumps Recently Updated 157 Questions

NEW QUESTION # 50
What must you do with your FortiWeb logs to ensure PCI DSS compliance?

  • A. Store in an off-site location
  • B. Erase them every two weeks
  • C. Enable masking of sensitive data
  • D. Compress them into a .zip file format

Answer: C


NEW QUESTION # 51
What are two advantages of using the URL rewriting and redirecting feature on FortiWeb? (Choose two.)

  • A. It reduces server load by reducing the number of clients being served by a single web server.
  • B. It prevents the disclosure of underlying technology to clients.
  • C. It enhances security by redirecting all requests to a private IP address.
  • D. It reduces the number of requests, which reduces the risk of man-in-the-middle attacks.

Answer: B,D


NEW QUESTION # 52
When configuring URL rewriting, what is the primary purpose of using regular expressions (regex)?
(Select all that apply)

  • A. Blocking access to all URLs
  • B. Encrypting sensitive data in URLs
  • C. Matching and transforming specific URL patterns
  • D. Simplifying URLs for SEO purposes

Answer: C,D


NEW QUESTION # 53
Which would be a reason to implement HTTP rewriting?

  • A. The original page has moved to a new URL
  • B. To replace a vulnerable function in the requested URL
  • C. To send the request to secure channel
  • D. The original page has moved to a new IP address

Answer: B


NEW QUESTION # 54
Which regex expression is the correct format for redirecting the URL http://www.example.com?

  • A. www\example\com
  • B. www/.example/.com
  • C. www.example.com
  • D. www\.example\.com

Answer: C


NEW QUESTION # 55
Under which circumstances does FortiWeb use its own certificates? (Choose Two)

  • A. HTTPS access to GUI
  • B. HTTPS to FortiGate
  • C. HTTPS to clients
  • D. Secondary HTTPS connection to server where FortiWeb acts as a client

Answer: A,D


NEW QUESTION # 56
Which action must you take with your FortiWeb logs to ensure Payment Card Industry Data Security Standard (PCI DSS) compliance?

  • A. Keep all log files for at least one year.
  • B. Erase all logs every two weeks.
  • C. Store logs, unencrypted, in an off-site location for regulators to access.
  • D. Encrypt all log and configuration files on an offline server.

Answer: A


NEW QUESTION # 57
When configuring machine learning for web application security, what is the primary role of machine learning algorithms?

  • A. Authenticating user credentials
  • B. Identifying patterns and anomalies in web traffic
  • C. Encrypting sensitive data during transmission
  • D. Filtering unwanted spam emails

Answer: B


NEW QUESTION # 58
Which would be a reason to implement HTTP rewriting?

  • A. To implement load balancing.
  • B. To replace a vulnerable element in a requested URL.
  • C. To redirect HTTP to HTTPS.
  • D. The original page has moved to a new URL.

Answer: C

Explanation:
HTTP rewriting is a feature in FortiWeb that allows administrators to modify HTTP requests and responses for various purposes, including security enhancements, user experience improvements, and application functionality. One common use case for HTTP rewriting is to redirect HTTP traffic to HTTPS, ensuring that all communications between clients and the server are encrypted and secure.
Explanation of Options:
A . To redirect HTTP to HTTPS: This is a valid reason to implement HTTP rewriting. By rewriting incoming HTTP requests to HTTPS, administrators can enforce secure connections, protecting data integrity and confidentiality. FortiWeb supports this functionality, allowing seamless redirection from HTTP to HTTPS.
B . To implement load balancing: Load balancing is not typically achieved through HTTP rewriting. Instead, it involves distributing network traffic across multiple servers to ensure availability and reliability. FortiWeb provides load balancing features, but these are separate from HTTP rewriting capabilities.
C . To replace a vulnerable element in a requested URL: While HTTP rewriting can modify URLs, its primary purpose is not to replace vulnerable elements within URLs. Addressing vulnerabilities typically involves input validation, sanitization, and other security measures rather than rewriting URLs.
D . The original page has moved to a new URL: This is another valid reason to implement HTTP rewriting. When a webpage's URL changes, rewriting rules can redirect requests from the old URL to the new one, ensuring users can still access the content without encountering errors.
In summary, both options A and D are correct reasons to implement HTTP rewriting. However, in the context of FortiWeb's functionalities, redirecting HTTP to HTTPS (option A) is a common and significant use case, as it enhances security by ensuring encrypted connections.


NEW QUESTION # 59
Examine the following code snippet:
servers:
- url: 'http://petstore.swagger.io/v1'
paths:
/pets:
get:
summary: List all pets
operationId: listPets
tags:
- pets
parameters:
- name: limit
in: query
description: How many items to return at one time (max 100)
required: true
schema:
$ref: '#/components/schemas/ref'
What is this a snippet from?

  • A. An API machine learning (ML) configuration file
  • B. An XML schema file
  • C. An API schema file
  • D. An HTTP request restriction file

Answer: C


NEW QUESTION # 60
What is the primary purpose of configuring content compression in application delivery? (Select all that apply)

  • A. Enhancing security by encrypting content
  • B. Reducing bandwidth consumption
  • C. Accelerating content loading for users
  • D. Preventing unauthorized access to web pages

Answer: B,C


NEW QUESTION # 61
Which implementation is most suited for a deployment that must meet PCI DSS compliance criteria?

  • A. SSL offloading with FortiWeb in full transparent proxy mode
  • B. SSL offloading with FortiWeb in reverse proxy mode
  • C. SSL offloading with FortiWeb in transparency mode
  • D. SSL offloading with FortiWeb in PCI DSS mode

Answer: D

Explanation:
The Payment Card Industry Data Security Standard (PCI DSS) sets forth security requirements to protect cardholder data. Requirement 6.6 specifically mandates that public-facing web applications be protected against known attacks by either:Exclusive Networks+3Gordion+3layer7solutions.com+3 Reviewing applications via manual or automated vulnerability security assessment tools or methods, at least annually and after any changes.
Installing an automated technical solution that detects and prevents web-based attacks, such as a web application firewall (WAF), in front of public-facing web applications to continually inspect all traffic.
FortiWeb, Fortinet's web application firewall, offers various deployment modes to protect web applications:
Reverse Proxy Mode: FortiWeb acts as an intermediary, terminating client sessions and initiating sessions to the backend servers. This mode provides comprehensive protection and allows for features like SSL offloading, URL rewriting, and advanced routing capabilities.
Transparent Mode: FortiWeb operates at Layer 2, inspecting traffic without modifying it, making it invisible to both clients and servers. This mode simplifies deployment as it doesn't require changes to the existing network topology.
Full Transparent Proxy Mode: Combines aspects of both reverse proxy and transparent modes, providing inspection and modification capabilities while remaining transparent to network devices.
PCI DSS Mode: A specialized deployment tailored to meet PCI DSS compliance requirements. This mode ensures that FortiWeb is configured with security policies and features aligned with PCI DSS standards, offering robust protection against threats targeting cardholder data.
Given the need to meet PCI DSS compliance criteria, deploying FortiWeb in PCI DSS mode is the most appropriate choice. This mode is specifically designed to align with PCI DSS requirements, ensuring that all necessary security measures are in place to protect cardholder data


NEW QUESTION # 62
Where in the controller interface can you find a wireless client's upstream and downstream link rates?

  • A. On the controller CLI, using the diag wireless-controller wlac -d sta command
  • B. On the AP CLI, using the cw_diag -d sta command
  • C. On the AP CLI, using the cw_diag ksta command
  • D. On the controller CLI, using the WiFi Client monitor

Answer: C


NEW QUESTION # 63
Review the following configuration:

What are two routing behaviors that you can expect on FortiWeb after this configuration change? (Choose two.)

  • A. Non-HTTP traffic routed through the FortiWeb is allowed.
  • B. Non-HTTP traffic destined to the FortiWeb virtual server IP address is dropped.
  • C. IPv6 routing is enabled.
  • D. Only ICMP traffic is allowed. All other traffic is dropped.

Answer: A,B

Explanation:
FortiWeb is primarily designed to handle HTTP and HTTPS traffic, protecting web applications from various threats. By default, when operating in reverse proxy mode, FortiWeb does not forward non-HTTP/HTTPS protocols to protected servers. However, administrators can configure FortiWeb to handle non-HTTP/HTTPS traffic differently using the config router setting command. This command allows enabling IP-based forwarding (routing) for non-HTTP/HTTPS traffic. When enabled, FortiWeb can route non-HTTP traffic through itself to the appropriate backend servers.
Despite this capability, any non-HTTP/HTTPS traffic that is destined directly for a FortiWeb virtual server IP address is dropped. This means that while FortiWeb can be configured to forward non-HTTP/HTTPS traffic to backend servers, it will not process non-HTTP/HTTPS traffic targeted at its own virtual server IPs.
Regarding IPv6 routing, FortiWeb does support IPv6 in various operation modes, including reverse proxy, offline inspection, and transparent inspection. However, enabling IPv6 routing requires specific configurations and is not automatically enabled by default.


NEW QUESTION # 64
Which two statements about background rogue scanning are correct? (Choose two.)

  • A. Background rogue scanning requires DARRP to be enabled on the AP instance
  • B. When detecting rogue APs, a dedicated radio configured for background scanning can suppress the rogue AP
  • C. A dedicated radio configured for background scanning can detect rogue devices on all other channels in its configured frequency band.
  • D. A dedicated radio configured for background scanning can support the connection of wireless clients

Answer: A,D


NEW QUESTION # 65
Review the following FortiWeb CLI command: diagnose network sniffer port3 none 6 When you use this command, what is the result?

  • A. It displays six packets before ending.
  • B. It shows only TCP packets.
  • C. It shows the interface name in the output.
  • D. It displays the MACaddress of packets.

Answer: C


NEW QUESTION # 66
In which two operating modes can FortiWeb modify HTTP packets? (Choose two.)

  • A. True transparent proxy
  • B. Reverse proxy
  • C. Virtual proxy
  • D. Transparent inspection

Answer: B,C

Explanation:
Virtual proxy: In virtual proxy mode, FortiWeb acts as an intermediary between clients and the server, and it can modify HTTP packets. It performs various security checks, such as inspecting and filtering HTTP traffic before forwarding it to the web server.
Reverse proxy: In reverse proxy mode, FortiWeb sits between the client and the server, handling incoming requests from clients, modifying or inspecting HTTP packets as needed, and forwarding them to the backend servers.


NEW QUESTION # 67
The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism.
Which two functions does the first layer perform? (Choose two.)

  • A. Determines whether traffic is an anomaly, based on observed application traffic over time
  • B. Builds a threat model behind every parameter and HTTP method
  • C. Determines if a detected threat is a false-positive or not
  • D. Determines whether an anomaly is a real attack or just a benign anomaly that should be ignored

Answer: A,B


NEW QUESTION # 68
......

Fortinet FCP_FWB_AD-7.4 Real 2026 Braindumps Mock Exam Dumps: https://www.2pass4sure.com/Public-Cloud-Security/FCP_FWB_AD-7.4-actual-exam-braindumps.html

FCP_FWB_AD-7.4 Exam Questions | Real FCP_FWB_AD-7.4 Practice Dumps: https://drive.google.com/open?id=1AV1tiORvtspo3QGna2uAHnKMFrqdS3lr