Fortinet Exam NSE6_FWB-6.4 Topic 8 Question 30 Discussion

Actual exam question for Fortinet's NSE6_FWB-6.4 exam

Question #: 30
Topic #: 8

An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods.

What FortiWeb feature should you configure?

AEnable ''Shared IP'' and configure the separate rate limits for requests from NATted source IPs.

BConfigure FortiWeb to use ''X-Forwarded-For:'' headers to find each client's private network IP, and to block attacks using that.

CEnable SYN cookies.

DConfigure a server policy that matches requests from shared Internet connections.

Show Suggested Answer

Suggested Answer: C

by Devorah at Mar 04, 2024, 05:49 PM

Limited Time Offer

25%

Off

Get Premium NSE6_FWB-6.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Layla

8 days ago

Haha, option C made me chuckle a bit. Enabling SYN cookies is a classic TCP/IP security trick, but I don't think it's the best fit for this specific scenario.

upvoted 0 times

...

Linwood

8 days ago

Hmm, I'm not sure about option B. Using X-Forwarded-For headers to identify clients' private IPs might work, but it also seems a bit risky. What if the headers are spoofed or the app is already compromised?

upvoted 0 times

...

Virgina

9 days ago

The key here is protecting the app against request floods, which could be coming from multiple clients behind a NAT router. I'm leaning towards option A, since configuring separate rate limits for NATted IPs seems like a logical approach.

upvoted 0 times

...

Allene

10 days ago

I think this question is really testing our understanding of network security concepts. Dealing with DDoS attacks is a common challenge for web apps, so we need to be familiar with the different features FortiWeb offers to mitigate these threats.

upvoted 0 times

...