NSE 6 – FortiWeb 6.1 — Question 27

A client is trying to start a session from a page that would normally be accessible only after the client has logged in.
When a start page rule detects the invalid session access, what can FortiWeb do? (Choose three.)

Answer options

• A. Display an access policy message, then allow the client to continue
• B. Redirect the client to the login page
• C. Allow the page access, but log the violation
• D. Prompt the client to authenticate
• E. Reply with a 403 Forbidden HTTP error

Correct answer: B, C, E

Explanation

The correct answers, B, C, and E, represent actions FortiWeb can take to manage invalid session access. Option B allows users to redirect to the login page to authenticate, C allows access while logging the incident, and E provides a standard HTTP error response. Options A and D are incorrect as they either allow access without proper authentication or imply a prompt that is not a standard response to a rules violation.