Fortinet NSE5_FWB_AD-8.0 Fortinet NSE 5 - FortiWeb 8.0 Administrator Exam Practice Test
Fortinet NSE 5 - FortiWeb 8.0 Administrator Questions and Answers
You are reviewing SSL-related issues on FortiWeb. An administrator reports that they receive a certificate warning when they access the FortiWeb GUI over HTTPS. Separately, your FortiWeb device also makes outbound HTTPS requests to a back-end API server.
In which two situations would FortiWeb use its own certificates to establish or secure the connection? (Choose two.)
Refer to the exhibit.


A FortiWeb administrator is trying to enable policy-based traffic logging on FortiWeb but doesn’t see the traffic log option available in the server policy settings.
What is the most likely reason this option is not visible?
Refer to the exhibit.

What does the exhibit show?
You are reviewing the FortiWeb integration with the Advanced Bot Protection (ABP) service.
Match each step in the ABP flow with its description.

A FortiWeb administrator is deciding between using SAML SSO or HTML authentication. They want to minimize the number of credential prompts users receive across multiple Fortinet services.
Which statement accurately describes which option is best, and why?
You have configured parameter validation, file security, and machine learning (ML) anomaly detection for a web form, but some server-side request forgery tests are still succeeding. You need to advise the team on what to prioritize next to improve SSRF protection without compromising other parts of the application.
Which recommendation would best strengthen FortiWeb’s ability to block remaining SSRF attempts?
A large enterprise has an existing web infrastructure with complex routing rules and static IP address assignments. The network administrators cannot modify the current IP address scheme, but they need FortiWeb to inspect and block threats like SQL injection and cross-site scripting (XSS) without changing the client-server communication flow.
In this situation, which FortiWeb operation mode is the most suitable?
A FortiWeb administrator is hardening a customer checkout website.
The site contains sensitive links such as Login, Payment, and Admin, which are embedded in the HTML content of several pages.
A vulnerability scan shows that automated bots can crawl the web pages and easily enumerate these links by parsing the HTML source, even though users access them normally, through the site navigation.
Which FortiWeb feature should the administrator enable to prevent automated scanners from discovering these links?
A FortiWeb administrator is reviewing issues found during a security audit. The audit lists shortcomings based on behavior, configuration, and data protection.
The administrator must break down the findings and match them with the correct FortiWeb feature.
Select each FortiWeb feature in the left column, hold and drag it to the blank space next to the OWASP issue in the column on the right. Once you match a FortiWeb
feature to the OWASP issue, you can move it again if you want to change your answer by clicking on the FortiWeb feature. You need to match five FortiWeb features to
the OWASP issue in the work area.

You are setting up a FortiWeb policy to protect a customer login portal. Users connect to https://login.training.lab, and you want FortiWeb to forward those requests to a load-balanced pool of back-end servers.
Which three components must you configure to complete the server policy?



