最新的Fortinet NSE 5 - FortiWeb 8.0 Administrator - NSE5_FWB_AD-8.0免費考試真題
問題1
Refer to the exhibit.

There is only one administrator account configured on FortiWeb and IPv6 is not configured on any interface.
Which action should an administrator take to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?

There is only one administrator account configured on FortiWeb and IPv6 is not configured on any interface.
Which action should an administrator take to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題2
A FortiWeb administrator is reviewing issues found during a security audit. The audit lists shortcomings based on behavior, configuration, and data protection.
The administrator must break down the findings and match them with the correct FortiWeb feature.
Select each FortiWeb feature in the left column, hold and drag it to the blank space next to the OWASP issue in the column on the right. Once you match a FortiWeb feature to the OWASP issue, you can move it again if you want to change your answer by clicking on the FortiWeb feature. You need to match five FortiWeb features to the OWASP issue in the work area.

The administrator must break down the findings and match them with the correct FortiWeb feature.
Select each FortiWeb feature in the left column, hold and drag it to the blank space next to the OWASP issue in the column on the right. Once you match a FortiWeb feature to the OWASP issue, you can move it again if you want to change your answer by clicking on the FortiWeb feature. You need to match five FortiWeb features to the OWASP issue in the work area.

正確答案:

Explanation:

The mapping follows the security risk each FortiWeb feature mitigates. User Tracking maps to Broken Access Control because it helps enforce authenticated-session behavior and can prevent unauthorized access patterns.
HSTS Header Security maps to Cryptographic Failures because it forces browsers toward HTTPS and reduces downgrade or weak transport behavior. Padding Oracle Protection also maps to Cryptographic Failures because padding oracle attacks exploit weaknesses in encrypted session or token handling. Web Vulnerability Scan maps to Security Misconfiguration because scans help expose misconfigured, exposed, or vulnerable application components. Session Forwarding fits Insecure Design because it helps enforce expected application flow rather than allowing users or attackers to jump through weakly designed paths.
問題3
You need to monitor and respond to repeated suspicious activity from individual users who are accessing your web application.
Your goal is to evaluate each action the user takes and apply a response when their behavior becomes risky.
What can you configure on FortiWeb to track user behavior and respond automatically when risky activity continues?
Your goal is to evaluate each action the user takes and apply a response when their behavior becomes risky.
What can you configure on FortiWeb to track user behavior and respond automatically when risky activity continues?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題4
Refer to the exhibit.

You are a FortiWeb administrator reviewing how FortiAI protects sensitive data when interacting with a large language model (LLM).
Drag each label to the corresponding step in the FortiAI data privacy workflow.


You are a FortiWeb administrator reviewing how FortiAI protects sensitive data when interacting with a large language model (LLM).
Drag each label to the corresponding step in the FortiAI data privacy workflow.

正確答案:

Explanation:

The FortiAI privacy workflow is designed to prevent sensitive local values from being exposed directly to the external LLM. First, the administrator submits a natural-language query. FortiWeb then masks sensitive data before the request leaves the local environment. The FortiAI Proxy sends the masked query to the LLM, allowing the LLM to process the intent without seeing the original confidential values. The LLM returns a function response rather than directly operating on sensitive production data. FortiWeb then unmasks the values and runs the query locally, keeping sensitive data under FortiWeb control. Finally, the administrator sees the result with the original values restored. This preserves usability while reducing data exposure risk.

