You are reviewing the FortiWeb integration with the Advanced Bot Protection (ABP) service.
Match each step in the ABP flow with its description.

Which situation best explains when a FortiWeb administrator should enable automatic HTTP-to-HTTPS redirection?
A FortiWeb administrator wants to create a machine learning (ML)-based bot detection system.
Which three actions must the administrator take to build and activate this ML model? (Choose three.)
You are reviewing a report from your FortiWeb logs and notice a JavaScript payload like < script > document.cookie < /script > is submitted through a product review form. The page doesn’t filter the script, and when users view the review, their session cookies are exposed.
Why is this attack dangerous?
A large enterprise has an existing web infrastructure with complex routing rules and static IP address assignments. The network administrators cannot modify the current IP address scheme, but they need FortiWeb to inspect and block threats like SQL injection and cross-site scripting (XSS) without changing the client-server communication flow.
In this situation, which FortiWeb operation mode is the most suitable?
Refer to the exhibit.

You are configuring SSL offloading on FortiWeb to protect a public-facing application. Clients connect using HTTPS, while FortiWeb forwards requests to the back-end server using HTTP.
You are reviewing certificate deployment and need to decide where to install the private key for the certificate used in client connections.
In this SSL offloading setup, which device is responsible for using the private key associated with the web server certificate?
Refer to the exhibit.

There is only one administrator account configured on FortiWeb and IPv6 is not configured on any interface.
Which action should an administrator take to restrict any brute force attacks that attempt to gain access to the FortiWeb management GUI?
You need to monitor and respond to repeated suspicious activity from individual users who are accessing your web application.
Your goal is to evaluate each action the user takes and apply a response when their behavior becomes risky.
What can you configure on FortiWeb to track user behavior and respond automatically when risky activity continues?
A FortiWeb administrator is deciding between using SAML SSO or HTML authentication. They want to minimize the number of credential prompts users receive across multiple Fortinet services.
Which statement accurately describes which option is best, and why?
A FortiWeb administrator is hardening a customer checkout website.
The site contains sensitive links such as Login, Payment, and Admin, which are embedded in the HTML content of several pages.
A vulnerability scan shows that automated bots can crawl the web pages and easily enumerate these links by parsing the HTML source, even though users access them normally, through the site navigation.
Which FortiWeb feature should the administrator enable to prevent automated scanners from discovering these links?