A FortiWeb administrator sees the following request:
GET /api/v1/data HTTP/1.1
Host: example.com
Authorization: ApiKey abc123def456
The API key belongs to a user in group B who is authorized to access only /api/v1/reports.
What should the administrator do to prevent this unauthorized access?
Which situation best explains when a FortiWeb administrator should enable automatic HTTP-to-HTTPS redirection?
You have configured parameter validation, file security, and machine learning (ML) anomaly detection for a web form, but some server-side request forgery tests are still succeeding. You need to advise the team on what to prioritize next to improve SSRF protection without compromising other parts of the application.
Which recommendation would best strengthen FortiWeb’s ability to block remaining SSRF attempts?
FortiWeb is blocking groups of users behind your load balancer. In the logs, all users show the same source IP address.
Which action should you take to restore proper client identification?
Your team is spending too much time digging through FortiWeb logs to investigate threats.
How can FortiAI improve this workflow?
Refer to the exhibit.

There is only one administrator account configured on FortiWeb and IPv6 is not configured on any interface.
Which action should an administrator take to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?
You are a FortiWeb administrator investigating an SQL injection attack on your company’s customer portal. The network firewall and intrusion prevention system (IPS) did not stop the attack.
You decide to deploy a web application firewall (WAF) to help prevent this type of attack.
Which two actions can you take to block application-layer threats? (Choose two.)