Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Fortinet
  3. FCP_FWB_AD-7.4

Fortinet FCP_FWB_AD-7.4 Exam (page: 1)
Fortinet FCP - FortiWeb 7.4 Administrator
Updated on: 28-Jul-2025

Viewing Page 1 of 9
FCP_FWB_AD-7.4 PDF 36 Questions

Which implementation is most suited for a deployment that must meet PCI DSS compliance criteria?

  1. SSL offloading with FortiWeb in reverse proxy mode
  2. SSL offloading with FortiWeb in PCI DSS mode
  3. SSL offloading with FortiWeb in transparency mode
  4. SSL offloading with FortiWeb in full transparent proxy mode

Answer(s): B

Explanation:

The Payment Card Industry Data Security Standard (PCI DSS) sets forth security requirements to protect cardholder data. Requirement 6.6 specifically mandates that public-facing web applications be protected against known attacks by either:Exclusive Networks+3Gordion+3layer7solutions.com+3

Reviewing applications via manual or automated vulnerability security assessment tools or methods, at least annually and after any changes.

Installing an automated technical solution that detects and prevents web-based attacks, such as a web application firewall (WAF), in front of public-facing web applications to continually inspect all traffic.

FortiWeb, Fortinet's web application firewall, offers various deployment modes to protect web applications:

Reverse Proxy Mode: FortiWeb acts as an intermediary, terminating client sessions and initiating sessions to the backend servers. This mode provides comprehensive protection and allows for features like SSL offloading, URL rewriting, and advanced routing capabilities.

Transparent Mode: FortiWeb operates at Layer 2, inspecting traffic without modifying it, making it invisible to both clients and servers. This mode simplifies deployment as it doesn't require changes to the existing network topology.

Full Transparent Proxy Mode: Combines aspects of both reverse proxy and transparent modes, providing inspection and modification capabilities while remaining transparent to network devices.

PCI DSS Mode: A specialized deployment tailored to meet PCI DSS compliance requirements. This mode ensures that FortiWeb is configured with security policies and features aligned with PCI DSS standards, offering robust protection against threats targeting cardholder data.

Given the need to meet PCI DSS compliance criteria, deploying FortiWeb in PCI DSS mode is the most appropriate choice. This mode is specifically designed to align with PCI DSS requirements, ensuring that all necessary security measures are in place to protect cardholder data



Review the following configuration:



What are two routing behaviors that you can expect on FortiWeb after this configuration change? (Choose two.)

  1. Non-HTTP traffic routed through the FortiWeb is allowed.
  2. IPv6 routing is enabled.
  3. Non-HTTP traffic destined to the FortiWeb virtual server IP address is dropped.
  4. Only ICMP traffic is allowed. All other traffic is dropped.

Answer(s): A,C

Explanation:

FortiWeb is primarily designed to handle HTTP and HTTPS traffic, protecting web applications from various threats. By default, when operating in reverse proxy mode, FortiWeb does not forward non- HTTP/HTTPS protocols to protected servers. However, administrators can configure FortiWeb to handle non-HTTP/HTTPS traffic differently using the config router setting command. This command allows enabling IP-based forwarding (routing) for non-HTTP/HTTPS traffic.
When enabled, FortiWeb can route non-HTTP traffic through itself to the appropriate backend servers.

Despite this capability, any non-HTTP/HTTPS traffic that is destined directly for a FortiWeb virtual server IP address is dropped. This means that while FortiWeb can be configured to forward non- HTTP/HTTPS traffic to backend servers, it will not process non-HTTP/HTTPS traffic targeted at its own virtual server IPs.

Regarding IPv6 routing, FortiWeb does support IPv6 in various operation modes, including reverse proxy, offline inspection, and transparent inspection. However, enabling IPv6 routing requires specific configurations and is not automatically enabled by default.



An attacker attempts to send an SQL injection attack containing the known attack string 'root'; -- through an API call.

Which FortiWeb inspection feature will be able to detect this attack the quickest?

  1. API gateway rule
  2. Known signatures
  3. Machine learning (ML)-based API protection--anomaly detection
  4. ML-based API protection--threat detection

Answer(s): B

Explanation:

The quickest detection for an SQL injection attack like the one described ('root'; --) would be through known signatures. FortiWeb utilizes signature-based detection to match incoming traffic against predefined attack patterns. Since SQL injection attacks are commonly known and have specific patterns (such as 'root'; --), known signatures would immediately recognize and flag this type of attack.



Refer to the exhibit.



What are two additional configuration elements that you must be configure for this API gateway? (Choose two.)

  1. You must define rate limits.
  2. You must define URL prefixes.
  3. You must select a setting in the Allow User Group field.
  4. You must enable and configure Host Status.

Answer(s): A,B

Explanation:

When configuring an API Gateway on a FortiWeb appliance, it's essential to include specific elements to ensure proper functionality and security. Two critical configuration elements are:

Defining Rate Limits:
Implementing rate limits is crucial to control the number of requests a client can make to the API within a specified timeframe. This helps prevent abuse, such as denial-of-service attacks, by limiting excessive requests from clients.

Defining URL Prefixes:
Specifying URL prefixes allows the FortiWeb appliance to identify and manage API requests accurately. By defining these prefixes, the appliance can route and process API calls correctly, ensuring that only legitimate traffic reaches the backend services.

These configurations align with Fortinet's best practices for setting up an API Gateway policy.
While the exact steps may vary depending on the FortiWeb firmware version, the general process involves navigating to the Web Application Firewall section, selecting the API Gateway Policy tab, and configuring the necessary parameters, including rate limits and URL prefixes.



Which would be a reason to implement HTTP rewriting?

  1. To redirect HTTP to HTTPS.
  2. To implement load balancing.
  3. To replace a vulnerable element in a requested URL.
  4. The original page has moved to a new URL.

Answer(s): A

Explanation:

HTTP rewriting is a feature in FortiWeb that allows administrators to modify HTTP requests and responses for various purposes, including security enhancements, user experience improvements, and application functionality. One common use case for HTTP rewriting is to redirect HTTP traffic to HTTPS, ensuring that all communications between clients and the server are encrypted and secure.

Explanation of Options:

A . To redirect HTTP to HTTPS: This is a valid reason to implement HTTP rewriting. By rewriting incoming HTTP requests to HTTPS, administrators can enforce secure connections, protecting data integrity and confidentiality. FortiWeb supports this functionality, allowing seamless redirection from HTTP to HTTPS.

B . To implement load balancing: Load balancing is not typically achieved through HTTP rewriting. Instead, it involves distributing network traffic across multiple servers to ensure availability and reliability. FortiWeb provides load balancing features, but these are separate from HTTP rewriting capabilities.

C . To replace a vulnerable element in a requested URL: While HTTP rewriting can modify URLs, its primary purpose is not to replace vulnerable elements within URLs. Addressing vulnerabilities typically involves input validation, sanitization, and other security measures rather than rewriting URLs.

D . The original page has moved to a new URL: This is another valid reason to implement HTTP rewriting.
When a webpage's URL changes, rewriting rules can redirect requests from the old URL to the new one, ensuring users can still access the content without encountering errors.

In summary, both options A and D are correct reasons to implement HTTP rewriting. However, in the context of FortiWeb's functionalities, redirecting HTTP to HTTPS (option A) is a common and significant use case, as it enhances security by ensuring encrypted connections.



Viewing Page 1 of 9



Share your comments for Fortinet FCP_FWB_AD-7.4 exam with other users:

BK 8/11/2023 12:23:00 PM

very useful
INDIA


Deepika Narayanan 7/13/2023 11:05:00 PM

yes need this exam dumps
Anonymous


Blessious Phiri 8/15/2023 3:31:00 PM

these questions are a great eye opener
Anonymous


Jagdesh 9/8/2023 8:17:00 AM

thank you for providing these questions and answers. they helped me pass my exam. you guys are great.
CANADA


TS 7/18/2023 3:32:00 PM

good knowledge
Anonymous


Asad Khan 11/1/2023 2:44:00 AM

answer 10 should be a because only a new project will be created & the organization is the same.
Anonymous


Raj 9/12/2023 3:49:00 PM

can you please upload the dump again
UNITED STATES


Christian Klein 6/23/2023 1:32:00 PM

is it legit questions from sap certifications ?
UNITED STATES


anonymous 1/12/2024 3:34:00 PM

question 16 should be b (changing the connector settings on the monitor) pc and monitor were powered on. the lights on the pc are on indicating power. the monitor is showing an error text indicating that it is receiving power too. this is a clear sign of having the wrong input selected on the monitor. thus, the "connector setting" needs to be switched from hdmi to display port on the monitor so it receives the signal from the pc, or the other way around (display port to hdmi).
UNITED STATES


NSPK 1/18/2024 10:26:00 AM

q 10. ans is d (in the target org: open deployment settings, click edit next to the source org. select allow inbound changes and save
Anonymous


mohamed abdo 9/1/2023 4:59:00 AM

very useful
Anonymous


Tom 3/18/2022 8:00:00 PM

i purchased this exam dumps from another website with way more questions but they were all invalid and outdate. this exam dumps was right to the point and all from recent exam. it was a hard pass.
UNITED KINGDOM


Edrick GOP 10/24/2023 6:00:00 AM

it was a good experience and i got 90% in the 200-901 exam.
Anonymous


anonymous 8/10/2023 2:28:00 AM

hi please upload this
Anonymous


Bakir 7/6/2023 7:24:00 AM

please upload it
UNITED KINGDOM


Aman 6/18/2023 1:27:00 PM

really need this dump. can you please help.
UNITED KINGDOM


Neela Para 1/8/2024 6:39:00 PM

really good and covers many areas explaining the answer.
NEW ZEALAND


Karan Patel 8/15/2023 12:51:00 AM

yes, can you please upload the exam?
UNITED STATES


NISHAD 11/7/2023 11:28:00 AM

how many questions are there in these dumps?
UNITED STATES


Pankaj 7/3/2023 3:57:00 AM

hi team, please upload this , i need it.
UNITED STATES


DN 9/4/2023 11:19:00 PM

question 14 - run terraform import: this is the recommended best practice for bringing manually created or destroyed resources under terraform management. you use terraform import to associate an existing resource with a terraform resource configuration. this ensures that terraform is aware of the resource, and you can subsequently manage it with terraform.
Anonymous


Zhiguang 8/19/2023 11:37:00 PM

please upload dump. thanks in advance.
Anonymous


deedee 12/23/2023 5:51:00 PM

great great
UNITED STATES


Asad Khan 11/1/2023 3:10:00 AM

answer 16 should be b your organizational policies require you to use virtual machines directly
Anonymous


Sale Danasabe 10/24/2023 5:21:00 PM

the question are kind of tricky of you didnt get the hnag on it.
Anonymous


Luis 11/16/2023 1:39:00 PM

can anyone tell me if this is for rhel8 or rhel9?
UNITED STATES


hik 1/19/2024 1:47:00 PM

good content
UNITED STATES


Blessious Phiri 8/15/2023 2:18:00 PM

pdb and cdb are critical to the database
Anonymous


Zuned 10/22/2023 4:39:00 AM

till 104 questions are free, lets see how it helps me in my exam today.
UNITED STATES


Muhammad Rawish Siddiqui 12/3/2023 12:11:00 PM

question # 56, answer is true not false.
SAUDI ARABIA


Amaresh Vashishtha 8/27/2023 1:33:00 AM

i would be requiring dumps to prepare for certification exam
Anonymous


Asad 9/8/2023 1:01:00 AM

very helpful
PAKISTAN


Blessious Phiri 8/13/2023 3:10:00 PM

control file is the heart of rman backup
Anonymous


Senthil 9/19/2023 5:47:00 AM

hi could you please upload the ibm c2090-543 dumps
Anonymous