Fortinet Exam NSE6_FWB-6.4 Topic 1 Question 24 Discussion

Actual exam question for Fortinet's NSE6_FWB-6.4 exam

Question #: 24
Topic #: 1

An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods.

What FortiWeb feature should you configure?

AEnable ''Shared IP'' and configure the separate rate limits for requests from NATted source IPs.

BConfigure FortiWeb to use ''X-Forwarded-For:'' headers to find each client's private network IP, and to block attacks using that.

CEnable SYN cookies.

DConfigure a server policy that matches requests from shared Internet connections.

Show Suggested Answer

Suggested Answer: C

by Winfred at Oct 21, 2023, 10:28 PM

Limited Time Offer

25%

Off

Get Premium NSE6_FWB-6.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Marjory

7 months ago

Hmm, I'm not so sure about option B. Using the 'X-Forwarded-For' header to find the client's private IP might work, but it could be easily spoofed, making it less reliable.

upvoted 0 times

...

Kattie

7 months ago

I'm thinking option A might be the right answer. Enabling 'Shared IP' and configuring separate rate limits for requests from NATted IPs sounds like a good approach to mitigate the DoS attack.

upvoted 0 times

...

Dick

7 months ago

Yeah, I agree. Since the clients are behind a router on a private network, the public IP addresses they're using could be shared among multiple users. We need a way to handle that scenario.

upvoted 0 times

...

Lore

7 months ago

Hmm, this question seems to be testing our knowledge of FortiWeb features for protecting against DoS attacks. I'm guessing the answer has something to do with managing requests from NATted IP addresses.

upvoted 0 times

...