Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Fortinet
  3. FCP_FWB_AD-7.4

Fortinet FCP_FWB_AD-7.4 Exam (page: 2)
Fortinet FCP - FortiWeb 7.4 Administrator
Updated on: 12-Feb-2026

Viewing Page 2 of 9
FCP_FWB_AD-7.4 PDF 63 Questions

What is the difference between an API gateway protection schema and a machine learning (ML) API protection schema?

  1. An API gateway protection schema does not allow authentication.
  2. An API gateway protection schema handles response bodies.
  3. An API gateway protection schema supports data types other than string.
  4. An API gateway protection schema cannot change without administrator intervention.

Answer(s): C

Explanation:

In FortiWeb's API protection mechanisms, there are distinctions between the traditional API gateway protection schema and the machine learning (ML) based API protection schema:

Data Type Support: The API gateway protection schema has the capability to support various data types beyond just strings, allowing for more comprehensive validation and enforcement of API schemas.

Schema Adaptability: The ML-based API protection schema is designed to automatically learn and adapt to changes in the API structure without requiring manual intervention from administrators. This dynamic learning process enables FortiWeb to identify and protect against anomalies and potential threats in real-time.



Refer to the exhibits.





What will happen when a client attempts a mousedown cross-site scripting (XSS) attack against the site http://my.blog.org/userl1/blog.php and FortiWeb is enforcing the highlighted signature?

  1. The connection will be stripped of the mousedown JavaScript code.
  2. The connection will be blocked as an XSS attack.
  3. FortiWeb will report the new mousedown attack to FortiGuard.
  4. The connection will be allowed.

Answer(s): D

Explanation:

In the provided configuration, the signature exception has been set for the URL http://my.blog.org/user1V. This means that any request to this specific URL will bypass the signature ID 01000001, which is designed to block cross-site scripting (XSS) attacks using the mousedown event. As the request comes from the URL http://my.blog.org/userl1/blog.php, which does not match the exception rule for http://my.blog.org/user1V, the attack will be allowed through.

Therefore, the connection will be allowed because the exception rule bypasses protection for the specified URL.



Which high availability mode is commonly used to integrate with a traffic distributer like FortiADC?

  1. Cold standby
  2. Load sharing
  3. Active-Active
  4. Active-Passive

Answer(s): C

Explanation:

In Fortinet's high availability (HA) configurations, integrating FortiWeb with a traffic distributor like FortiADC is best achieved using the Active-Active HA mode. This mode allows multiple FortiWeb appliances to operate simultaneously, distributing traffic loads and enhancing both performance and redundancy.

FortiWeb supports several HA modes:

Active-Passive: One appliance actively handles all traffic, while the other remains on standby, ready to take over if the active unit fails.

Active-Active: Multiple appliances actively process traffic concurrently, sharing the load and providing redundancy.

High Volume Active-Active: An enhanced version of Active-Active, designed for environments with exceptionally high traffic volumes.

When integrating with a traffic distributor like FortiADC, the Active-Active mode is particularly advantageous. FortiADC can intelligently distribute incoming traffic across multiple active FortiWeb appliances, optimizing resource utilization and ensuring high availability. This setup not only balances the load but also provides fault tolerance; if one appliance becomes unavailable, FortiADC can redirect traffic to the remaining active units without service interruption.

This collaborative approach between FortiWeb and FortiADC ensures that web applications remain secure, performant, and resilient against failures.



A customer wants to be able to index your websites for search and advertisement purposes.

What is the easiest way to allow this on a FortiWeb?

  1. Add the indexer IP address to the trusted IP list on the FortiWeb.
  2. Add the indexer IP address to the FortiGuard "Known Search Engines" category.
  3. Create a firewall rule to bypass the FortiWeb entirely for the indexer IP address.
  4. Do not allow any external sites to index your websites.

Answer(s): A

Explanation:

The easiest way to allow a search engine indexer (such as Googlebot or Bingbot) to index your website on a FortiWeb is to add the indexer's IP address to the trusted IP list. This ensures that traffic from trusted indexers is allowed through without being blocked or interfered with by FortiWeb's security features like bot protection.



Refer to the exhibit.



A FortiWeb device is deployed upstream of a device performing source network address translation (SNAT) or load balancing.

What configuration must you perform on FortiWeb to preserve the original IP address of the client?

  1. Enable and configure the Preserve Client IP setting.
  2. Use a transparent operating mode on FortiWeb.
  3. Enable and configure the Add X-Forwarded-For setting.
  4. Turn off NAT on the FortiWeb.

Answer(s): A

Explanation:

When FortiWeb is deployed upstream of a device performing source network address translation (SNAT) or load balancing, the original client IP address may be lost. To preserve the original client IP address, you must enable and configure the Preserve Client IP setting on FortiWeb. This allows FortiWeb to retain and pass the client's original IP address to the backend servers for accurate logging and processing.



Viewing Page 2 of 9



Share your comments for Fortinet FCP_FWB_AD-7.4 exam with other users:

Az 9/16/2023 2:43:00 PM

q75. azure files is pass
SWITZERLAND


ketty 11/9/2023 8:10:00 AM

very helpful
Anonymous


Sonail 5/2/2022 1:36:00 PM

thank you for these questions. it helped a lot.
UNITED STATES


Shariq 7/28/2023 8:00:00 AM

how do i get the h12-724 dumps
Anonymous


adi 10/30/2023 11:51:00 PM

nice data dumps
Anonymous


EDITH NCUBE 7/25/2023 7:28:00 AM

answers are correct
SOUTH AFRICA


Raja 6/20/2023 4:38:00 AM

good explanation
UNITED STATES


BigMouthDog 1/22/2022 8:17:00 PM

hi team just want to know if there is any update version of the exam 350-401
AUSTRALIA


francesco 10/30/2023 11:08:00 AM

helpful on 2017 scrum guide
EUROPEAN UNION


Amitabha Roy 10/5/2023 3:16:00 AM

planning to attempt for the exam.
Anonymous


Prem Yadav 7/29/2023 6:20:00 AM

pleaseee upload
INDIA


Ahmed Hashi 7/6/2023 5:40:00 PM

thanks ly so i have information cia
EUROPEAN UNION


mansi 5/31/2023 7:58:00 AM

hello team, i need sap qm dumps for practice
INDIA


Jamil aljamil 12/4/2023 4:47:00 AM

it’s good but not senatios based
UNITED KINGDOM


Cath 10/10/2023 10:19:00 AM

q.119 - the correct answer is b - they are not captured in an update set as theyre data.
VIET NAM


P 1/6/2024 11:22:00 AM

good matter
Anonymous


surya 7/30/2023 2:02:00 PM

please upload c_sacp_2308
CANADA


Sasuke 7/11/2023 10:30:00 PM

please upload the dump. thanks very much !!
Anonymous


V 7/4/2023 8:57:00 AM

good questions
UNITED STATES


TTB 8/22/2023 5:30:00 AM

hi, could you please update the latest dump version
Anonymous


T 7/28/2023 9:06:00 PM

this question is keep repeat : you are developing a sales application that will contain several azure cloud services and handle different components of a transaction. different cloud services will process customer orders, billing, payment, inventory, and shipping. you need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using xml messages. what should you include in the recommendation?
NEW ZEALAND


Gurgaon 9/28/2023 4:35:00 AM

great questions
UNITED STATES


wasif 10/11/2023 2:22:00 AM

its realy good
UNITED ARAB EMIRATES


Shubhra Rathi 8/26/2023 1:12:00 PM

oracle 1z0-1059-22 dumps
Anonymous


Leo 7/29/2023 8:48:00 AM

please share me the pdf..
INDIA


AbedRabbou Alaqabna 12/18/2023 3:10:00 AM

q50: which two functions can be used by an end user when pivoting an interactive report? the correct answer is a, c because we do not have rank in the function pivoting you can check in the apex app
GREECE


Rohan Limaye 12/30/2023 8:52:00 AM

best to practice
Anonymous


Aparajeeta 10/13/2023 2:42:00 PM

so far it is good
Anonymous


Vgf 7/20/2023 3:59:00 PM

please provide me the dump
Anonymous


Deno 10/25/2023 1:14:00 AM

i failed the cisa exam today. but i have found all the questions that were on the exam to be on this site.
Anonymous


CiscoStudent 11/15/2023 5:29:00 AM

in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.
Anonymous


pankaj 9/28/2023 4:36:00 AM

it was helpful
Anonymous


User123 10/8/2023 9:59:00 AM

good question
UNITED STATES


vinay 9/4/2023 10:23:00 AM

really nice
Anonymous