Question 7 - Fortinet FCP_FWB_AD-7.4 Real Exam Questions [Jan 2026 Update]

Q: 7

An administrator notices multiple IP addresses attempting to log in to an application frequently, within a short time period. They suspect attackers are attempting to guess user passwords for a secure application. What is the best way to limit this type of attack on FortiWeb, while still allowing legitimate traffic through?

Options

Correct Answer:

Explanation

The scenario describes a classic brute force login attack, where an attacker uses multiple IPs to guess user credentials. The most effective and specific method to mitigate this on FortiWeb is by configuring a brute force login policy. This feature is designed to detect and block this exact behavior by monitoring the rate of failed login attempts from a source IP within a specified time frame. Once the configured threshold is exceeded, FortiWeb can automatically take action, such as temporarily blocking the offending IP, which directly stops the attack while minimizing impact on legitimate users.

Why Incorrect

A. Blocklist any suspected IPs.

This is a manual and reactive approach. For an attack using multiple and potentially changing IP addresses, manual blocklisting is inefficient and may not keep up with the attack.

C. Rate limit all connections from suspected IP addresses.

Rate limiting is a less precise control. It restricts all connections from an IP, which could inadvertently impact legitimate users sharing that IP (e.g., behind a NAT) and doesn't specifically target the malicious login-failure behavior.

D. Block the IP address at the border router.

This action is outside the scope of FortiWeb's application-layer capabilities. While a valid network security measure, it lacks the application-level intelligence to specifically identify and block based on failed login attempts.

References

1. FortiWeb 7.0 Administration Guide

Page 413

Section: "Defeating brute force logins".

The documentation states

"You can create a brute force signature to define the conditions of a brute force login attack. You can then create a custom brute force policy to specify the action to take when FortiWeb detects a brute force login attack." This directly supports using a dedicated policy for this threat.

2. FortiWeb 7.0 Administration Guide

Page 414

Section: "Configuring brute force login protection".

This section details the configuration steps

including setting a "Threshold" for the number of failed login attempts within a "Time Period" and defining an "Action" such as Period Block. This confirms the feature's design is to specifically counter the attack described in the question.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE