NSE 6 – FortiWeb 5.6/6.0 — Question 17

A client is trying to start a session from a page that should normally be accessible only after they have logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

Answer options

• A. Reply with a "403 Forbidden" HTTP error
• B. Allow the page access, but log the violation
• C. Automatically redirect the client to the login page
• D. Display an access policy message, then allow the client to continue, redirecting them to their requested page
• E. Prompt the client to authenticate

Correct answer: A, B, C

Explanation

The correct answers are A, B, and C because they represent actions FortiWeb can take to enforce security when a session is invalid. Option A provides a clear indication that access is denied, while B allows for logging of the violation without granting access. Option C ensures the user is guided to log in, which is critical for securing access. Options D and E do not align with the typical response of FortiWeb for unauthorized access in this scenario.