You are setting up a FortiWeb policy to protect a customer login portal. Users connect to https://login.training.lab, and you want FortiWeb to forward those requests to a load-balanced pool of back-end servers.
Which three components must you configure to complete the server policy?
A FortiWeb administrator wants to create a machine learning (ML)-based bot detection system.
Which three actions must the administrator take to build and activate this ML model? (Choose three.)
Which URL should you rewrite to reduce security risk?
You are configuring the FortiWeb client-side protection feature to defend against browser-based attacks.
Based on the layered defense strategy, drag and drop each control to the corresponding stage of defense.

Refer to the exhibit.

You are a FortiWeb administrator reviewing the biometrics-based detection rule shown in the exhibit. Your goal is to configure a rule that detects bots that avoid typical human interactions like using a mouse or clicking. You also want to log the detection event and apply a high-severity alert.
Based on the current configuration, which settings should you change to meet this goal?
You are hosting multiple secure web applications behind a single public IP address on FortiWeb.
When a client connects to a service, FortiWeb needs to:
Identify the correct SSL certificate.
Decrypt the request.
Route the request to the correct back-end server.
Match each FortiWeb function to the request handling step that performs the function.

You are reviewing a report from your FortiWeb logs and notice a JavaScript payload like < script > document.cookie < /script > is submitted through a product review form. The page doesn’t filter the script, and when users view the review, their session cookies are exposed.
Why is this attack dangerous?
A FortiWeb administrator is reviewing issues found during a security audit. The audit lists shortcomings based on behavior, configuration, and data protection.
The administrator must break down the findings and match them with the correct FortiWeb feature.
Select each FortiWeb feature in the left column, hold and drag it to the blank space next to the OWASP issue in the column on the right. Once you match a FortiWeb
feature to the OWASP issue, you can move it again if you want to change your answer by clicking on the FortiWeb feature. You need to match five FortiWeb features to
the OWASP issue in the work area.

How should a FortiWeb administrator configure behavior-based bot detection to identify traffic from nonhuman users?
You are reviewing the FortiWeb integration with the Advanced Bot Protection (ABP) service.
Match each step in the ABP flow with its description.
