Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE6_FWB-6.4 Topic 8 Question 30 Discussion

Actual exam question for Fortinet's NSE6_FWB-6.4 exam
Question #: 30
Topic #: 8
[All NSE6_FWB-6.4 Questions]

An e-commerce web app is used by small businesses. Clients often access it from offices behind a router, where clients are on an IPv4 private network LAN. You need to protect the web application from denial of service attacks that use request floods.

What FortiWeb feature should you configure?

Show Suggested Answer Hide Answer
Suggested Answer: C

Contribute your Thoughts:

Emmanuel
6 months ago
I think configuring a server policy that matches requests from shared Internet connections (option D) is also important to consider.
upvoted 0 times
...
Dorothy
6 months ago
That's true, but enabling SYN cookies (option C) could also help protect against denial of service attacks.
upvoted 0 times
...
Cassi
6 months ago
I disagree, I believe option B) is more effective as it blocks attacks using the client's private network IP.
upvoted 0 times
...
Dorothy
6 months ago
I think option A) is the best choice because it allows us to set separate rate limits for requests coming from NATted source IPs.
upvoted 0 times
...
Glendora
6 months ago
Configuring a server policy that matches requests from shared Internet connections, like in option D, could also be effective in preventing request floods.
upvoted 0 times
...
Shakira
6 months ago
I see your point about SYN cookies, Arlene. It could be a good additional layer of protection.
upvoted 0 times
...
Arlene
6 months ago
I'm considering option C - enabling SYN cookies. It seems like a good defense mechanism against denial of service attacks.
upvoted 0 times
...
Glendora
7 months ago
I disagree with option A. I believe option B is the right choice as it helps to find each client's private network IP and block attacks using that information.
upvoted 0 times
...
Shakira
7 months ago
I think option A is the best choice because it allows us to configure separate rate limits for requests from NATted source IPs.
upvoted 0 times
...
Layla
8 months ago
Haha, option C made me chuckle a bit. Enabling SYN cookies is a classic TCP/IP security trick, but I don't think it's the best fit for this specific scenario.
upvoted 0 times
...
Linwood
8 months ago
Hmm, I'm not sure about option B. Using X-Forwarded-For headers to identify clients' private IPs might work, but it also seems a bit risky. What if the headers are spoofed or the app is already compromised?
upvoted 0 times
Ming
7 months ago
B: That's a good idea. Better to be thorough in our approach to security.
upvoted 0 times
...
Jessenia
8 months ago
A: Let's weigh the pros and cons of each option before making a decision.
upvoted 0 times
...
Celestina
8 months ago
D: Option D could be helpful in filtering out requests from shared Internet connections.
upvoted 0 times
...
Leonora
8 months ago
C: SYN cookies are also a good defense against DoS attacks.
upvoted 0 times
...
Rosalia
8 months ago
B: I agree, option A sounds like a safer choice in this scenario.
upvoted 0 times
...
Golda
8 months ago
A: It's always better to be cautious when it comes to security.
upvoted 0 times
...
...
Virgina
8 months ago
The key here is protecting the app against request floods, which could be coming from multiple clients behind a NAT router. I'm leaning towards option A, since configuring separate rate limits for NATted IPs seems like a logical approach.
upvoted 0 times
...
Allene
8 months ago
I think this question is really testing our understanding of network security concepts. Dealing with DDoS attacks is a common challenge for web apps, so we need to be familiar with the different features FortiWeb offers to mitigate these threats.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77