Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsNSE4DomainsHigh Availability and Diagnostics
NSE4Free — No Signup

High Availability and Diagnostics

Practice NSE4 High Availability and Diagnostics questions with full explanations on every answer.

145questions

Start practicing

High Availability and Diagnostics — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

NSE4 Domains

System and Network AdministrationFirewall Policies and NATAuthentication and VPNSecurity ProfilesHigh Availability and Diagnostics

Practice High Availability and Diagnostics questions

10Q20Q30Q50Q

All NSE4 High Availability and Diagnostics questions (145)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A network engineer is configuring an SD-WAN rule to steer voice traffic to the MPLS link with the lowest latency. The SLA target is set to latency < 50 ms and jitter < 10 ms. However, the MPLS link occasionally exceeds the latency threshold. What should the engineer do to ensure voice traffic uses the best available link without manual intervention?

2

An administrator has two FortiGate units in an active-passive HA cluster. The cluster is configured to use the heartbeat interface port3. During a failover test, the primary unit fails but the secondary does not take over. What is the most likely cause?

3

A company has two remote sites connected via an SD-WAN overlay. The headquarters uses a FortiGate with two WAN links: Fiber (priority 1) and LTE (priority 2). The SD-WAN rule for business-critical traffic uses the 'best quality' strategy with SLA targets for latency and jitter. The fiber link occasionally experiences high jitter but low latency. The engineer notices that traffic is not failing over to LTE even when jitter exceeds the threshold. What is the most likely reason?

4

In an active-active HA cluster, which of the following must be identical on both FortiGate units?

5

An SD-WAN rule is configured with a 'manual' strategy and multiple members. The engineer wants to ensure that voice traffic always uses the MPLS link as long as it meets the SLA, otherwise use the broadband link. Which configuration is required?

6

Which TWO statements about FortiGate HA heartbeat interfaces are correct?

7

Which THREE statements about SD-WAN rules are correct?

8

Refer to the exhibit. An administrator has configured HA on two FortiGate units. During a failover test, the secondary unit does not take over when the primary fails. What is the most likely cause?

9

Refer to the exhibit. An SD-WAN rule for voice traffic uses the SLA strategy with sla-match-mode 'any'. SLA 'sla1' measures ping to 8.8.8.8. If wan1 has latency 90 ms and jitter 10 ms, and wan2 has latency 110 ms and jitter 5 ms, which link will be selected for voice traffic?

10

A company has two FortiGate 100F units in an active-passive HA cluster with firmware version 7.2.5. The cluster is configured with session pickup and all interfaces are monitored. The network consists of three VLANs: VLAN10 (Users), VLAN20 (Servers), and VLAN30 (DMZ). The cluster is connected to two ISPs: ISP1 (port1) and ISP2 (port2). The internal network uses a single aggregated link (port3 and port4) as a LAG to the core switch. One day, the primary FortiGate experiences a hardware failure and the secondary takes over. After the primary is replaced and rejoins the cluster, the administrator notices that traffic passing through the cluster is intermittently dropping for a few seconds every minute. The administrator checks the cluster status and sees that the new primary (previously secondary) is in 'primary' state and the old primary (newly replaced) is in 'secondary' state. What is the most likely cause of the intermittent traffic drops?

11

A network engineer is configuring SD-WAN on a FortiGate with two WAN links: MPLS (port1) and Internet (port2). The MPLS link has lower latency and jitter. The engineer wants to route all VoIP traffic (SIP and RTP) over the MPLS link unless it is unavailable. Which SD-WAN rule configuration should be used?

12

A FortiGate is configured in an A-P HA cluster. The administrator wants to ensure that session failover occurs for UDP-based voice traffic. Which TWO settings must be enabled?

13

Refer to the exhibit. The HA cluster has been operational for 5 days. The primary unit suddenly loses power. Which of the following will happen?

14

Drag and drop the steps to configure HA (High Availability) on a FortiGate pair into the correct order.

15

Match each FortiGate routing concept to its definition.

16

An administrator has configured an active-passive HA cluster. During a failover test, the standby unit becomes active but existing user sessions are lost, requiring users to re-establish connections. Which configuration change would prevent this behavior?

17

A network administrator runs the following CLI command on a FortiGate to capture traffic for troubleshooting: 'diagnose sniffer packet any "host 10.0.1.100" 4'. What does the '4' at the end of the command specify?

18

In an active-active HA cluster, the administrator notices that traffic is not being load-balanced evenly across both units. What is the most likely cause?

19

An administrator executes 'diagnose debug flow' for a specific session and sees the output: 'id=20085 trace_id=10 func=print_pkt_detail line=5567 msg="vd-root:0 received packet via port1".' Later, the trace shows 'msg="Deny by policy"'. What is the most likely next step the administrator should take?

20

A FortiGate administrator needs to send logs to an external FortiAnalyzer for centralized monitoring. Which log configuration step is required?

21

What is the purpose of the heartbeat interface in a FortiGate HA cluster?

22

An administrator runs 'diagnose sys session filter dport 443' and then 'diagnose sys session list'. The output shows many sessions with 'proto_state=01' and 'expire=3599'. What does 'expire=3599' indicate?

23

A FortiGate administrator needs to block a specific application using the FortiGuard Application Control service. Which two objects must be correctly configured in the firewall policy to achieve this? (Choose the best single answer describing the required object types.)

24

During a failover in an active-passive HA cluster, the newly active unit does not have the same session table as the previous primary, causing all existing sessions to drop. Which setting should the administrator verify?

25

Which log severity level indicates a failure that requires immediate attention?

26

An administrator notices that the FortiGate HA cluster has two units, but only one is shown as 'primary' and the other as 'standby'. The administrator did not configure any load balancing. Which HA mode is in use?

27

A FortiGate admin wants to inspect SSL-encrypted traffic for threats using IPS. The admin creates an SSL inspection profile with 'full SSL inspection' and applies it to the policy. What additional configuration is necessary for the IPS engine to process the decrypted traffic?

28

An administrator is troubleshooting a VPN tunnel that fails to establish. Which TWO CLI commands would provide the most relevant diagnostic information? (Choose two.)

29

A FortiGate administrator wants to ensure that logs are retained even after a power outage. Which THREE storage options provide persistent log storage? (Choose three.)

30

An active-passive HA cluster is experiencing frequent failovers. Which TWO factors could cause unnecessary failovers? (Choose two.)

31

A FortiGate administrator has configured an active-passive HA cluster with two units. During a failover test, they notice that existing TCP sessions are dropped and must be re-established. What configuration change should the administrator make to ensure sessions are preserved during failover?

32

Which FortiGate diagnostic command allows you to capture packets on an interface for troubleshooting network connectivity issues?

33

A FortiGate in an active-active HA cluster is experiencing asymmetric routing. The administrator runs 'diagnose debug flow' on a packet from a client to a server. The flow trace shows the packet is allowed by policy, but the response is dropped. What is the most likely cause?

34

A FortiGate administrator runs 'diagnose sys session filter dport 443' and then 'diagnose sys session list'. The output shows many sessions with 'proto_state=01' and 'expire=0'. What does this indicate about these sessions?

35

An organization wants to send FortiGate logs to a central log management system for long-term storage and compliance. Which FortiGate feature is specifically designed for collecting and analyzing logs from multiple FortiGate devices?

36

A FortiGate administrator wants to see real-time debugging output for traffic matching a specific source IP address. Which command sequence would achieve this?

37

A FortiGate administrator has configured an active-passive HA cluster. After a failover event, the former primary unit comes back online and immediately takes over as primary again, causing another failover. The administrator wants the original primary to stay in standby until the current primary fails. Which setting should be configured?

38

Which FortiGate log severity level indicates that a system is unusable and requires immediate attention?

39

A FortiGate administrator needs to ensure that traffic logs are sent to a FortiAnalyzer even when the FortiGate's local disk is full. What configuration is required?

40

A FortiGate administrator notices that after upgrading the firmware, the HA cluster fails to form. Both units show the correct HA configuration. What is the most likely cause?

41

A FortiGate administrator runs 'diagnose debug flow' and sees the output 'FW-6: packet is allowed by policy' but the packet is still dropped. What additional debug information should the administrator check to determine why the packet is dropped after being allowed?

42

Which of the following log types on FortiGate records traffic that is denied by a firewall policy?

43

A FortiGate administrator is troubleshooting an issue where HTTPS traffic is not being properly inspected by the web filter. The policy has SSL inspection enabled. Which TWO commands would provide the most useful real-time debugging information? (Choose two.)

44

A FortiGate administrator needs to configure an active-passive HA cluster to ensure that management access is available via a dedicated IP address that moves with the active unit. Which THREE configuration steps are required? (Choose three.)

45

A FortiGate administrator is investigating a performance issue and suspects that a large number of incomplete TCP connections are consuming session table resources. Which TWO commands would help identify such sessions? (Choose two.)

46

A network administrator is troubleshooting a FortiGate HA cluster that is not failing over as expected. The cluster consists of two units in active-passive mode. The administrator issues the command 'diagnose sys ha status' and sees that both units have the same priority. What is the most likely cause of the failover issue?

47

A FortiGate administrator needs to capture packets on interface port2 for 10 seconds to diagnose a connectivity issue. Which command should the administrator use?

48

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

49

A FortiGate administrator needs to forward logs to a FortiAnalyzer for centralized management. The FortiAnalyzer is reachable at 10.0.1.100. Which configuration step is required on the FortiGate to send logs to this FortiAnalyzer?

50

An administrator is troubleshooting a FortiGate HA cluster that is experiencing frequent failovers. The heartbeat interfaces are configured on port1 and port2. Which diagnostic command should the administrator use to check heartbeat packet loss?

51

Which log severity level indicates that a device is unusable and requires immediate attention?

52

A FortiGate administrator wants to configure ZTNA to secure access to an internal application. Which of the following components is essential for ZTNA to function?

53

An administrator runs 'diagnose debug flow' for a specific source IP and sees the output includes 'no matching policy'. The FortiGate has a firewall policy that should match the traffic. What is the most likely reason for this message?

54

A FortiGate cluster in active-passive HA is configured with two heartbeat interfaces. The primary unit fails completely. The secondary unit detects the failure and becomes primary. After the original primary recovers, it remains in passive mode. What is the most likely reason for this behavior?

55

Which FortiGate log type records information about firewall policy matches and traffic statistics?

56

An administrator configures a FortiGate to use FortiGuard for web filtering. However, some users report that certain categories are not being blocked as configured. The administrator checks the FortiGuard subscription status and it is valid. What is the most likely cause?

57

In an active-active HA cluster, session synchronization is enabled. What is the primary purpose of session synchronization in this mode?

58

A FortiGate administrator is troubleshooting a traffic issue where users cannot access a specific website. The administrator runs 'diagnose debug flow' and sees the output indicating that traffic is being denied by a firewall policy. Which two actions should the administrator take to identify the specific policy denying the traffic? (Choose two.)

59

A FortiGate administrator is configuring an active-passive HA cluster and needs to ensure that management access is available via a dedicated management IP address that does not fail over. Which three steps should the administrator take? (Choose three.)

60

A FortiGate administrator wants to send logs to both a local disk and a remote FortiCloud account. Which two conditions must be met for this to work? (Choose two.)

61

A FortiGate HA cluster is running in active-passive mode with two units. The administrator notices that the primary unit fails over to the secondary unit every few minutes, causing service disruption. The heartbeat interfaces are configured on port1 and port2. What is the MOST likely cause of the frequent failovers?

62

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

63

A FortiGate administrator needs to capture packets on the DMZ interface to troubleshoot a connectivity issue. Which CLI command should be used to start a packet capture?

64

An administrator configures a FortiGate HA cluster in active-active mode. After enabling session synchronization, they notice that new sessions are not being synced to the secondary unit. The cluster is using a dedicated heartbeat interface. What could be the reason?

65

An administrator runs 'diagnose debug flow' for a specific policy and sees the following output: id=20085 trace_id=10 func=vf_ip_route_in msg='No matching interface to route packet' What does this indicate?

66

What is the purpose of the 'override' setting in FortiGate HA?

67

A FortiGate administrator needs to send logs to a FortiAnalyzer device for long-term storage and analysis. Which log configuration must be set up?

68

An administrator is troubleshooting a policy that should allow HTTP traffic but it is being blocked. They run 'diagnose debug flow' and see the output ends with 'msg=deny by forward policy check'. What is the most likely cause?

69

What is the function of Zero Trust Network Access (ZTNA) on a FortiGate?

70

A FortiGate cluster is configured in active-passive HA. The administrator wants to manage the cluster using a single IP address that always points to the current primary unit. Which configuration should be applied?

71

An administrator runs 'diagnose sys session list' and sees a session with 'expire=0'. What does this indicate?

72

A FortiGate receives log messages with severity 'warning'. What is the log severity level number for 'warning' according to FortiGate's log severity levels?

73

A FortiGate HA cluster in active-passive mode is experiencing unexpected failovers. The administrator suspects the heartbeat link is unreliable. Which TWO actions would help diagnose the heartbeat link issue? (Select two.)

74

An administrator is troubleshooting a FortiGate that is not sending logs to FortiCloud. The FortiGate has internet connectivity and a valid FortiCloud subscription. Which THREE steps should the administrator take to resolve this issue? (Select three.)

75

A FortiGate administrator needs to ensure that a specific traffic flow is fully inspected by the antivirus and IPS profiles. The traffic is HTTPS. Which THREE configuration items are required? (Select three.)

76

A FortiGate HA cluster is operating in active-passive mode. The active unit fails over to the passive unit. After the failover, some existing TCP sessions are dropped. What is the MOST likely cause?

77

Which CLI command is used on a FortiGate to perform a real-time packet capture on an interface?

78

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

79

A FortiGate administrator wants to ensure that in an active-passive HA cluster, a specific unit becomes the primary (active) unit after a reboot. Which configuration parameter should be set to a higher value on that unit?

80

Which FortiGate log type records user authentication events, such as successful logins and failed login attempts?

81

An administrator notices that traffic matching a firewall policy is not being logged. The policy has logging enabled. The FortiGate has local disk storage. What should the administrator check first?

82

In an active-active HA cluster, what is the purpose of the 'session sync' configuration?

83

Which FortiGuard subscription service is required for URL filtering and web categorization?

84

An administrator is troubleshooting a firewall policy that should apply application control. The application control profile is configured but traffic is not being inspected. The administrator runs 'diagnose debug flow' and sees that the traffic is hitting the correct policy. What could be the issue?

85

A FortiGate administrator wants to configure Zero Trust Network Access (ZTNA) to secure access to an internal application. What is required on the FortiGate?

86

An administrator is configuring HA on two FortiGates. Both units have the same model and firmware. When they are connected, neither unit becomes active. The admin checks the HA status and sees that the cluster is not formed. What is the MOST likely cause?

87

A FortiGate admin wants to send logs to both a local disk and a remote FortiAnalyzer. Which log configuration must be set?

88

Which TWO of the following are valid methods to view real-time debug output on a FortiGate? (Choose two.)

89

An administrator is configuring an active-passive HA pair. Which THREE of the following must be identical on both units for the cluster to form? (Choose three.)

90

A FortiGate administrator is troubleshooting why traffic from a specific source IP is not being logged. The traffic is allowed by a firewall policy with logging enabled. Which TWO commands could the administrator use to verify if the traffic is hitting the expected policy? (Choose two.)

91

A FortiGate admin runs 'diagnose sys session filter dport 443' and then 'diagnose sys session list'. The output shows a session with 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate about the session?

92

An administrator is configuring an active-passive HA cluster and wants to ensure that the secondary unit can be monitored and managed directly via HTTPS even when it is not the primary. Which setting must be enabled?

93

A FortiGate admin is troubleshooting intermittent VPN disconnections. The admin enables debug flow with 'diagnose debug flow filter daddr 10.0.0.1' and 'diagnose debug flow trace start 10'. The output shows 'msg: send to x.x.x.x via intf port1' but then immediately 'msg: no matching policy'. However, the firewall policy list shows a policy that should match. What is the most likely cause?

94

An administrator needs to ensure that in an active-passive HA cluster, the primary unit always remains the preferred master unless it fails, regardless of other factors. The administrator sets the primary's HA priority to 200 and the secondary to 100. However, after a reboot of the primary, the secondary becomes the primary. What additional step is required?

95

A network admin receives an alert that the FortiGate disk logs are no longer being written. The admin checks the disk status and sees that the disk is full. However, the admin needs to preserve the logs for compliance purposes. Which action should the admin take to continue logging while preserving the existing logs?

96

An administrator wants to monitor real-time traffic flows on a FortiGate, specifically to see packet details for traffic matching certain criteria. Which command should the administrator use to capture live packets on an interface?

97

An administrator is troubleshooting a slow web application. The admin suspects that the FortiGate's session table might be full, causing new sessions to be dropped. Which command should the admin use to check the current session table utilization?

98

A company has two FortiGate units in an active-active HA cluster. They want to ensure that sessions initiated from the internet through a virtual IP are synchronized to the peer unit in case of failover. Which HA setting is required?

99

An administrator needs to send logs from a FortiGate to a remote FortiAnalyzer for centralized log storage and analysis. Which configuration step is required on the FortiGate?

100

A FortiGate is configured with an active-passive HA cluster. The admin notices that when the primary unit fails, the secondary takes over, but after the primary recovers, it does not automatically become active again. What is the most likely reason?

101

An admin is troubleshooting why a user's traffic is not being logged. The firewall policy has logging enabled at 'All Sessions'. The admin checks the traffic log and sees no entries for that user. The admin runs 'diagnose debug flow' and sees the traffic is matching the policy. What could be the issue?

102

An administrator is configuring ZTNA (Zero Trust Network Access) on a FortiGate. The administrator needs to ensure that only clients with a valid posture assessment can access an internal application. Which access proxy setting must be configured to enforce this requirement?

103

An administrator is setting up an active-passive HA pair and wants to ensure that the cluster can properly monitor each unit's health. Which TWO interfaces must be configured as HA heartbeat interfaces? (Choose two.)

104

An administrator is troubleshooting an issue where users cannot access an internal web server via the internet through a FortiGate. The FortiGate has a virtual IP (VIP) configured for the web server. The administrator runs 'diagnose debug flow filter daddr <public-ip>' and 'diagnose debug flow trace start 100'. The output shows 'msg: forward to x.x.x.x via intf port2' but then 'msg: policy deny'. Which TWO actions should the administrator take to resolve the issue? (Choose two.)

105

A FortiGate administrator is configuring logging to meet a compliance requirement that all security events must be stored for at least one year. The FortiGate has limited local disk space. Which THREE actions should the administrator take to meet this requirement? (Choose three.)

106

A FortiGate HA cluster is configured in active-passive mode with two units. The primary unit fails. The secondary unit takes over, but some established TCP sessions are dropped. What is the most likely cause?

107

An administrator wants to troubleshoot a traffic flow issue on a FortiGate. They suspect packets are being dropped. Which command should they use to perform a real-time packet capture on an interface?

108

A FortiGate administrator runs 'diagnose debug flow' with a filter for a specific source IP. The output shows 'no policy matched' for the traffic. The administrator verifies that a firewall policy exists with that source IP. What is the most likely reason for the 'no policy matched' message?

109

A FortiGate HA cluster is set to active-active mode. The administrator notices that session synchronization is enabled but some sessions are not being synced between cluster units. Which of the following is a likely cause for incomplete session synchronization in active-active mode?

110

An administrator is reviewing log files on a FortiGate and needs to identify events related to a specific user authentication failure. The FortiGate has local disk logging enabled. Which command would the administrator use to search the logs for this event?

111

A FortiGate administrator receives an alert that the FortiGuard antivirus database on the firewall is outdated. Which subscription service must be active to update the antivirus signatures?

112

An administrator is configuring a FortiGate HA cluster and wants to ensure that the primary unit is always preferred based on its configuration priority. Which setting should be enabled to allow the primary unit to resume its role after a failover if it regains connectivity?

113

A FortiGate administrator runs 'diagnose sys session filter dport 443' followed by 'diagnose sys session list' and sees the following output for a session: src=10.0.1.10 dst=192.168.2.20 sport=12345 dport=443 proto=6 vrf=0 What does the 'proto=6' indicate about this session?

114

A FortiGate administrator is troubleshooting an issue where internal users cannot access a public web server. The administrator runs 'diagnose debug flow' and sees the output shows 'forward to port2' but then 'no route to host'. What is the most likely cause?

115

Which log severity level indicates that a log message is for informational purposes and does not require immediate action?

116

A FortiGate administrator is configuring ZTNA (Zero Trust Network Access) to secure access to an internal application. Which two components must be configured to create a ZTNA rule? (Choose two.)

117

An administrator wants to view real-time debug output for traffic flowing through a FortiGate. Which command should they use to enable flow tracing with a specific source IP filter?

118

In a FortiGate HA cluster, the administrator wants to reduce failover time when the primary unit fails. Which two adjustments can help achieve this? (Choose two.)

119

A FortiGate administrator is troubleshooting a VPN tunnel that is not establishing. The administrator wants to view the IKE debug output in real time. Which command should they use?

120

An administrator wants to send logs from a FortiGate to an external syslog server. Which log forwarding method should they configure?

121

A FortiGate administrator is setting up an HA cluster with two FortiGates. The heartbeat interfaces are connected via a dedicated switch. The administrator wants to ensure that the management IP is always accessible through the active unit. Which configuration is required?

122

An administrator wants to view the current session table on a FortiGate. Which command should they use?

123

A FortiGate administrator notices that the HA cluster is frequently failing over even though no hardware failure has occurred. The heartbeat link shows some packet loss. What is the best action to reduce unnecessary failovers?

124

Which of the following FortiGate log types records information about user authentication and administrative access?

125

An administrator needs to store logs for compliance purposes and wants them to be retained even if the FortiGate is reset. Which log storage option should they use?

126

In an active-passive HA cluster, the administrator wants to ensure that new connections are load-balanced across both units only for specific services while maintaining failover capability. Which configuration should be applied?

127

A FortiGate administrator is diagnosing a performance issue. They notice that the CPU usage is consistently high. Which command can provide a real-time view of the processes consuming CPU?

128

An administrator wants to ensure that log messages are categorized by severity and that only events with severity 'error' and above are sent to the syslog server. Which configuration should be used?

129

In a FortiGate HA cluster, the administrator needs to perform a firmware upgrade without causing a full service outage. Which procedure should be followed?

130

Which FortiGate feature allows administrators to verify if a specific IP address is being blocked by a security policy?

131

A FortiGate administrator configures a ZTNA rule to protect an internal web server. The rule uses an access proxy. Which component on the FortiGate terminates the incoming ZTNA connection?

132

An administrator is troubleshooting a FortiGate that is not sending logs to FortiAnalyzer. The FortiAnalyzer is reachable from the FortiGate. Which command should the administrator use to test the connectivity and log forwarding?

133

An administrator configures a FortiGate HA cluster in active-passive mode. After a failover, some UDP-based sessions are lost. What is the MOST likely reason?

134

An administrator wants to capture HTTP traffic on port1 for troubleshooting. Which CLI command should be used?

135

A FortiGate HA cluster is experiencing frequent failovers. The administrator checks the HA event log and sees repeated 'Heartbeat loss' messages. The heartbeat interfaces are connected directly via a crossover cable. What is the MOST likely cause?

136

An administrator runs 'diagnose debug flow' and sees the output 'no matching policy'. What does this indicate?

137

Which log severity level indicates that the system is unusable?

138

An administrator needs to configure a FortiGate to send logs to an external FortiAnalyzer. Which setting is required?

139

An administrator wants to view the current session table entries filtered by destination port 443. Which command should be used?

140

In an active-active HA cluster, session synchronization is configured. A new session is created on the primary unit. When does the secondary unit learn about this session?

141

Which FortiGate feature allows users to access internal applications without a VPN client?

142

An administrator notices that the FortiGate is not receiving updates from FortiGuard. The DNS settings are correct and the FortiGate can ping update.fortiguard.net. What is the MOST likely cause?

143

An administrator configures HA override on a cluster with priority 200 on primary and 100 on secondary. The primary fails, secondary takes over. When primary recovers, what happens?

144

Which type of log records information about firewall policy matches, such as allowed or denied traffic?

145

An administrator needs to configure HA on a pair of FortiGates with the following requirements: the cluster must support session failover for TCP, UDP, and ICMP; the management interface should be accessible on both units; and the failover must be triggered if port2 goes down. Which TWO settings must be configured? (Choose two.)

Practice all 145 High Availability and Diagnostics questions

Other NSE4 exam domains

System and Network AdministrationFirewall Policies and NATAuthentication and VPNSecurity Profiles

Frequently asked questions

What does the High Availability and Diagnostics domain cover on the NSE4 exam?

The High Availability and Diagnostics domain covers the key concepts tested in this area of the NSE4 exam blueprint published by Fortinet. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all NSE4 domains — no account required.

How many High Availability and Diagnostics questions are in the NSE4 question bank?

The Courseiva NSE4 question bank contains 145 questions in the High Availability and Diagnostics domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice High Availability and Diagnostics for NSE4?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only High Availability and Diagnostics questions for NSE4?

Yes — the session launcher on this page draws questions exclusively from the High Availability and Diagnostics domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your NSE4 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide