FCP – FortiWeb Administrator 7.4 — Question 25

An administrator notices multiple IP addresses attempting to log in to an application frequently, within a short time period. They suspect attackers are attempting to guess user passwords for a secure application.
What is the best way to limit this type of attack on FortiWeb, while still allowing legitimate traffic through?

Answer options

• A. Blocklist any suspected IPs.
• B. Configure a brute force login custom policy.
• C. Rate limit all connections from suspected IP addresses.
• D. Block the IP address at the border router.

Correct answer: B

Explanation

The best approach is to configure a brute force login custom policy, which allows FortiWeb to specifically target and mitigate login attempts that exhibit characteristics of brute force attacks while still allowing legitimate users through. Blocking suspected IPs may inadvertently affect legitimate traffic, and rate limiting could hinder user experience. Blocking at the border router is too broad and could result in loss of access for valid users.