Page 1 of 198
Fortinet NSE 5 -FortiWeb 8.0 Administrator
latest Version: 6.0 practice Exam –
Questions with Answers & Rationales|
INSTANT PDF DOWNLOAD
Q1. A network administrator is deploying FortiWeb for the
first time. What is the recommended initial step after
completing the basic network configuration?
A) Create a Web Protection Profile
B) Configure an administrative user account and change default
passwords
C) Enable all security signatures at the highest level
D) Deploy FortiWeb in Transparent mode
Answer: B
,Page 2 of 198
Rationale: One of the first security steps after initial network
configuration is to change default administrative credentials and
configure proper administrative access to prevent unauthorized
access to the FortiWeb management interface .
Q2. FortiWeb can be deployed in which of the following
modes? (Choose two.)
A) Reverse Proxy mode
B) Transparent Inspection mode
C) Layer 2 Bridge mode
D) Endpoint Security mode
Answer: A, B
Rationale: FortiWeb supports multiple deployment modes, most
notably Reverse Proxy mode for explicit proxy deployments and
Transparent Inspection mode (often called "invisible" or "bridge"
mode) where FortiWeb is placed inline without requiring client
,Page 3 of 198
configuration changes. Operational considerations differ
between these deployment types .
Q3. A company wants to deploy FortiWeb without changing
the client's DNS to point at a proxy address. Which
deployment mode is most appropriate?
A) Explicit Proxy mode
B) Reverse Proxy mode
C) Transparent mode (inline)
D) Offline mode
Answer: C
Rationale: Transparent mode is the preferred choice when you
want to place FortiWeb inline in the network path without
requiring client configuration changes. In this mode, FortiWeb
inspects traffic as it passes through while clients are unaware of
the WAF, and no proxy settings are required .
, Page 4 of 198
Q4. When configuring a Server Policy in Reverse Proxy mode,
what is the default traffic behavior before any policy is
configured and enabled?
A) Allow all traffic because Reverse Proxy mode is permissive by
default
B) Deny all traffic until at least one server policy is configured
and enabled
C) Allow only traffic from trusted IP addresses
D) Deny only traffic that matches attack signatures
Answer: B
Rationale: FortiWeb in Reverse Proxy mode denies all traffic by
default. Without a properly configured server policy (which
includes the virtual server, protection profile, and web protection
profile), requests are not processed. This is a critical security
design .
Fortinet NSE 5 -FortiWeb 8.0 Administrator
latest Version: 6.0 practice Exam –
Questions with Answers & Rationales|
INSTANT PDF DOWNLOAD
Q1. A network administrator is deploying FortiWeb for the
first time. What is the recommended initial step after
completing the basic network configuration?
A) Create a Web Protection Profile
B) Configure an administrative user account and change default
passwords
C) Enable all security signatures at the highest level
D) Deploy FortiWeb in Transparent mode
Answer: B
,Page 2 of 198
Rationale: One of the first security steps after initial network
configuration is to change default administrative credentials and
configure proper administrative access to prevent unauthorized
access to the FortiWeb management interface .
Q2. FortiWeb can be deployed in which of the following
modes? (Choose two.)
A) Reverse Proxy mode
B) Transparent Inspection mode
C) Layer 2 Bridge mode
D) Endpoint Security mode
Answer: A, B
Rationale: FortiWeb supports multiple deployment modes, most
notably Reverse Proxy mode for explicit proxy deployments and
Transparent Inspection mode (often called "invisible" or "bridge"
mode) where FortiWeb is placed inline without requiring client
,Page 3 of 198
configuration changes. Operational considerations differ
between these deployment types .
Q3. A company wants to deploy FortiWeb without changing
the client's DNS to point at a proxy address. Which
deployment mode is most appropriate?
A) Explicit Proxy mode
B) Reverse Proxy mode
C) Transparent mode (inline)
D) Offline mode
Answer: C
Rationale: Transparent mode is the preferred choice when you
want to place FortiWeb inline in the network path without
requiring client configuration changes. In this mode, FortiWeb
inspects traffic as it passes through while clients are unaware of
the WAF, and no proxy settings are required .
, Page 4 of 198
Q4. When configuring a Server Policy in Reverse Proxy mode,
what is the default traffic behavior before any policy is
configured and enabled?
A) Allow all traffic because Reverse Proxy mode is permissive by
default
B) Deny all traffic until at least one server policy is configured
and enabled
C) Allow only traffic from trusted IP addresses
D) Deny only traffic that matches attack signatures
Answer: B
Rationale: FortiWeb in Reverse Proxy mode denies all traffic by
default. Without a properly configured server policy (which
includes the virtual server, protection profile, and web protection
profile), requests are not processed. This is a critical security
design .
