Fortinet NSE 5 - FortiWeb 8.0 Administrator Questions and Answers
Refer to the exhibit.

You have deployed FortiWeb behind a FortiGate that is configured as a reverse proxy and inserts the X-Forwarded-For HTTP header when forwarding HTTP and HTTPS traffic.
FortiWeb is using a custom inline protection profile, and logging is enabled, as shown in the exhibit.
You notice that FortiWeb is blocking legitimate users, and all requests in the attack logs appear to come from the FortiGate IP address, not the original client IP address.
Which action should you take to fix this issue?
While reviewing FortiWeb logs, you notice a suspicious login request that failed authentication. You suspect it may be part of an injection attack targeting the login form.
Which input pattern is an example of a typical SQL injection attempt that could bypass authentication checks?
Refer to the exhibit.

You are a FortiWeb administrator reviewing how FortiAI protects sensitive data when interacting with a large language model (LLM).
Drag each label to the corresponding step in the FortiAI data privacy workflow.

A FortiWeb administrator is hardening a customer checkout website.
The site contains sensitive links such as Login, Payment, and Admin, which are embedded in the HTML content of several pages.
A vulnerability scan shows that automated bots can crawl the web pages and easily enumerate these links by parsing the HTML source, even though users access them normally, through the site navigation.
Which FortiWeb feature should the administrator enable to prevent automated scanners from discovering these links?
FortiWeb is blocking groups of users behind your load balancer. In the logs, all users show the same source IP address.
Which action should you take to restore proper client identification?
You are hosting multiple secure web applications behind a single public IP address on FortiWeb.
When a client connects to a service, FortiWeb needs to:
Identify the correct SSL certificate.
Decrypt the request.
Route the request to the correct back-end server.
Match each FortiWeb function to the request handling step that performs the function.

You need to monitor and respond to repeated suspicious activity from individual users who are accessing your web application.
Your goal is to evaluate each action the user takes and apply a response when their behavior becomes risky.
What can you configure on FortiWeb to track user behavior and respond automatically when risky activity continues?
Which URL should you rewrite to reduce security risk?
Which situation best explains when a FortiWeb administrator should enable automatic HTTP-to-HTTPS redirection?
You recently deployed two FortiWeb devices in an active-active (A-A) high availability (HA) cluster.
During routine maintenance, you want to confirm that the cluster is synchronizing the correct configuration areas and that both FortiWeb devices behave consistently in production.
As the FortiWeb administrator, which two configuration areas should you examine to verify that HA synchronization is functioning correctly? (Choose two.)



