NSE 6 – FortiWeb 6.1 — Question 26

The FortiWeb machine learning (ML) feature is a two-phase analysis mechanism.
Which two functions does the first layer perform? (Choose two.)

Answer options

• A. Determines whether an anomaly is a real attack or just a benign anomaly that should be ignored
• B. Builds a threat model behind every parameter and HTTP method
• C. Determines if a detected threat is a false-positive or not
• D. Determines whether traffic is an anomaly, based on observed application traffic over time

Correct answer: B, D

Explanation

The correct answers are B and D because the first layer of FortiWeb's machine learning focuses on building threat models for parameters and HTTP methods, as well as identifying anomalies in traffic. Options A and C pertain to identifying and evaluating threats, which are functions typically associated with the second layer of analysis.