Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE6_FWB-6.4 Topic 8 Question 30 Discussion

Actual exam question for Fortinet's NSE6_FWB-6.4 exam
Question #: 30
Topic #: 8
[All NSE6_FWB-6.4 Questions]

An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods.

What FortiWeb feature should you configure?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Devorah at Mar 04, 2024, 05:49 PM

Limited Time Offer

25%

Off

Get Premium NSE6_FWB-6.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Emmanuel
8 months ago
I think configuring a server policy that matches requests from shared Internet connections (option D) is also important to consider.
upvoted 0 times
...
Dorothy
8 months ago
That's true, but enabling SYN cookies (option C) could also help protect against denial of service attacks.
upvoted 0 times
...
Cassi
8 months ago
I disagree, I believe option B) is more effective as it blocks attacks using the client's private network IP.
upvoted 0 times
...
Dorothy
8 months ago
I think option A) is the best choice because it allows us to set separate rate limits for requests coming from NATted source IPs.
upvoted 0 times
...
Glendora
8 months ago
Configuring a server policy that matches requests from shared Internet connections, like in option D, could also be effective in preventing request floods.
upvoted 0 times
...
Shakira
8 months ago
I see your point about SYN cookies, Arlene. It could be a good additional layer of protection.
upvoted 0 times
...
Arlene
9 months ago
I'm considering option C - enabling SYN cookies. It seems like a good defense mechanism against denial of service attacks.
upvoted 0 times
...
Glendora
9 months ago
I disagree with option A. I believe option B is the right choice as it helps to find each client's private network IP and block attacks using that information.
upvoted 0 times
...
Shakira
10 months ago
I think option A is the best choice because it allows us to configure separate rate limits for requests from NATted source IPs.
upvoted 0 times
...
Layla
10 months ago
Haha, option C made me chuckle a bit. Enabling SYN cookies is a classic TCP/IP security trick, but I don't think it's the best fit for this specific scenario.
upvoted 0 times
...
Linwood
10 months ago
Hmm, I'm not sure about option B. Using X-Forwarded-For headers to identify clients' private IPs might work, but it also seems a bit risky. What if the headers are spoofed or the app is already compromised?
upvoted 0 times
Ming
10 months ago
B: That's a good idea. Better to be thorough in our approach to security.
upvoted 0 times
...
Jessenia
10 months ago
A: Let's weigh the pros and cons of each option before making a decision.
upvoted 0 times
...
Celestina
10 months ago
D: Option D could be helpful in filtering out requests from shared Internet connections.
upvoted 0 times
...
Leonora
10 months ago
C: SYN cookies are also a good defense against DoS attacks.
upvoted 0 times
...
Rosalia
10 months ago
B: I agree, option A sounds like a safer choice in this scenario.
upvoted 0 times
...
Golda
10 months ago
A: It's always better to be cautious when it comes to security.
upvoted 0 times
...
...
Virgina
11 months ago
The key here is protecting the app against request floods, which could be coming from multiple clients behind a NAT router. I'm leaning towards option A, since configuring separate rate limits for NATted IPs seems like a logical approach.
upvoted 0 times
...
Allene
11 months ago
I think this question is really testing our understanding of network security concepts. Dealing with DDoS attacks is a common challenge for web apps, so we need to be familiar with the different features FortiWeb offers to mitigate these threats.
upvoted 0 times
...

Save Cancel