You are reviewing SSL-related issues on FortiWeb. An administrator reports that they receive a certificate warning when they access the FortiWeb GUI over HTTPS. Separately, your FortiWeb device also makes outbound HTTPS requests to a back-end API server.
In which two situations would FortiWeb use its own certificates to establish or secure the connection? (Choose two.)
A FortiWeb administrator needs to allow a known web indexer to scan the website for search engine visibility.
What is the easiest way to allow this on FortiWeb?
Which situation best explains when a FortiWeb administrator should enable automatic HTTP-to-HTTPS redirection?
A FortiWeb administrator sees the following request:
GET /api/v1/data HTTP/1.1
Host: example.com
Authorization: ApiKey abc123def456
The API key belongs to a user in group B who is authorized to access only /api/v1/reports.
What should the administrator do to prevent this unauthorized access?
How should a FortiWeb administrator configure behavior-based bot detection to identify traffic from nonhuman users?
Refer to the exhibit.

You are a FortiWeb administrator reviewing the biometrics-based detection rule shown in the exhibit. Your goal is to configure a rule that detects bots that avoid typical human interactions like using a mouse or clicking. You also want to log the detection event and apply a high-severity alert.
Based on the current configuration, which settings should you change to meet this goal?
You are a FortiWeb administrator investigating an SQL injection attack on your company’s customer portal. The network firewall and intrusion prevention system (IPS) did not stop the attack.
You decide to deploy a web application firewall (WAF) to help prevent this type of attack.
Which two actions can you take to block application-layer threats? (Choose two.)
A third-party penetration test reveals that users can bypass login controls through a mobile API. Your current FortiWeb configuration includes zero trust network access (ZTNA) profiles and cookie security, but API protection and client management are not enabled. The security team asks you to recommend the most effective way to close this gap.
Which FortiWeb adjustment would best prevent future unauthorized API access?
You are reviewing the FortiWeb integration with the Advanced Bot Protection (ABP) service.
Match each step in the ABP flow with its description.
