Fortinet NSE 5 - FortiWeb 8.0 Administrator Sample Questions:
1. A third-party penetration test reveals that users can bypass login controls through a mobile API. Your current FortiWeb configuration includes zero trust network access (ZTNA) profiles and cookie security, but API protection and client management are not enabled. The security team asks you to recommend the most effective way to close this gap.
Which FortiWeb adjustment would best prevent future unauthorized API access?
A) Log only API traffic and rely on FortiAnalyzer for future alerts.
B) Switch to a reverse-proxy mode to bypass cookie-based controls.
C) Enable API protection and client management to enforce identity checks on mobile API traffic.
D) Replace ZTNA with bot protection to reduce false positives.
2. You are reviewing a report from your FortiWeb logs and notice a JavaScript payload like < script > document.
cookie < /script > is submitted through a product review form. The page doesn't filter the script, and when users view the review, their session cookies are exposed.
Why is this attack dangerous?
A) It leaks back-end database information.
B) It bypasses login pages.
C) It forces a victim to click malicious links.
D) It executes code in the victim's browser.
3. A large enterprise has an existing web infrastructure with complex routing rules and static IP address assignments. The network administrators cannot modify the current IP address scheme, but they need FortiWeb to inspect and block threats like SQL injection and cross-site scripting (XSS) without changing the client-server communication flow.
In this situation, which FortiWeb operation mode is the most suitable?
A) True transparent proxy mode
B) Decryption mirror mode
C) Web Cache Communication Protocol (WCCP) redirection mode
D) Reverse proxy mode
4. Refer to the exhibit.
You have deployed FortiWeb behind a FortiGate that is configured as a reverse proxy and inserts the X- Forwarded-For HTTP header when forwarding HTTP and HTTPS traffic.
FortiWeb is using a custom inline protection profile, and logging is enabled, as shown in the exhibit.
You notice that FortiWeb is blocking legitimate users, and all requests in the attack logs appear to come from the FortiGate IP address, not the original client IP address.
Which action should you take to fix this issue?
A) Replace the current deployment mode with a one-arm proxy to expose source IP addresses.
B) Modify the protection profile to use the X-Forwarded-For header for client IP address detection.
C) Recreate the server policy using the predefined profile instead of a custom one.
D) Disable IP-based detection features on FortiWeb to avoid IP-related blocking.
Solutions:
| Question # 1 Answer: C | Question # 2 Answer: D | Question # 3 Answer: A | Question # 4 Answer: B |
We're so confident of our products that we provide no hassle product exchange.


By Evangeline

