Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsNSE4DomainsSecurity Profiles
NSE4Free — No Signup

Security Profiles

Practice NSE4 Security Profiles questions with full explanations on every answer.

232questions

Start practicing

Security Profiles — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

NSE4 Domains

System and Network AdministrationFirewall Policies and NATAuthentication and VPNSecurity ProfilesHigh Availability and Diagnostics

Practice Security Profiles questions

10Q20Q30Q50Q

All NSE4 Security Profiles questions (232)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A network administrator notices that users cannot access HTTPS websites after enabling SSL inspection. The firewall policy allows the traffic, and the certificate is trusted on the clients. What is the most likely cause?

2

Which FortiGate feature allows you to block access to specific URL categories such as 'Social Media' or 'Gambling'?

3

An administrator configured SSL inspection with 'deep-inspection' profile. Users report that some websites fail to load with certificate errors. The firewall policy is correct. What is the most likely reason?

4

When configuring SSL inspection, which type of inspection decrypts and inspects all HTTPS traffic including applications using non-standard ports?

5

A company wants to block downloads of executable files via HTTP and HTTPS while allowing other content. Which combination of security profiles should be applied to the firewall policy?

6

After enabling SSL inspection, a user receives a warning 'The certificate is not trusted' in the browser. The administrator has installed the CA certificate on the client. What else could be the cause?

7

An administrator wants to inspect SSL traffic to a specific finance application that uses a custom port (9443) and a self-signed certificate. Which configuration is required?

8

Which of the following is a prerequisite for SSL deep inspection to work correctly on FortiGate?

9

A user reports that a legitimate website is being blocked by FortiGate web filtering. The administrator checks and finds that the URL category is 'Unrated'. What is the most likely cause?

10

Which TWO actions can cause SSL inspection to fail with certificate errors on client browsers? (Choose two.)

11

Which THREE steps are necessary when configuring SSL deep inspection on FortiGate? (Choose three.)

12

Which TWO web filtering features can be used to block access to malicious websites? (Choose two.)

13

Refer to the exhibit. The policy applies deep inspection, but users cannot access any HTTPS websites. The FortiGate CA certificate is installed on clients. What is the most likely cause?

14

Refer to the exhibit. A FortiGate SSL VPN user is unable to connect. The debug output shows the above error. What is the most likely cause?

15

A company with 500 employees uses FortiGate as their internet gateway. They recently enabled SSL deep inspection using the built-in CA certificate. After deployment, many users report that they cannot access their online banking websites. The error message in the browser says 'The certificate is not trusted'. The administrator has already pushed the FortiGate CA certificate to all domain-joined computers via Group Policy. However, the problem persists for banking sites. The administrator also notices that banking sites load fine on mobile devices that do not have the CA certificate installed. What is the most likely cause and solution?

16

A school uses FortiGate for web filtering. They want to block social media sites for students during class hours (8 AM to 3 PM) but allow access for teachers at all times. The network has a single internet connection and all users are in the same subnet. The administrator created a firewall policy for students (source IP range 192.168.1.100-200) and another for teachers (source IP range 192.168.1.10-50). The student policy has a web filter profile that blocks social media. However, teachers are also being blocked from social media during class hours. What is the most likely cause?

17

A network administrator notices that an IPS sensor is generating excessive false positives for a specific signature. The administrator wants to exclude traffic from a trusted internal server (IP 10.1.1.100) from inspection for that signature only, while keeping other signatures active. Which configuration change should the administrator apply?

18

A security engineer is designing an application control policy for a corporate network. The goal is to allow Microsoft Teams for business use but block personal use of other collaboration apps like Zoom and Slack. The engineer configures an application control profile with a rule to 'monitor' Microsoft Teams and 'block' Zoom and Slack. However, users report that Zoom is still working. What is the most likely reason?

19

A company wants to block all peer-to-peer file sharing applications on the network. Which FortiGate feature should be used to achieve this goal?

20

During a security audit, an administrator finds that an IPS sensor configured with a 'block' action for a critical vulnerability signature is not blocking the associated traffic. The traffic matches the signature, but the action appears as 'pass' in the logs. The IPS sensor is applied to a firewall policy that also has application control enabled. What is the most likely cause?

21

A company recently deployed FortiGate with application control to manage cloud application usage. They want to allow Google Drive for business but block personal Google accounts. Which application control configuration approach is most effective?

22

An administrator needs to ensure that IPS signatures are updated automatically on the FortiGate. Which configuration should be verified?

23

A network administrator is troubleshooting why certain web-based applications are not being identified by application control. The applications are accessed over HTTPS. What is the most likely missing configuration?

24

Which TWO statements about IPS in FortiGate are true?

25

Which TWO are valid actions for an application control rule?

26

Which THREE factors should be considered when tuning IPS to reduce false positives?

27

An administrator has configured the policy shown in the exhibit. Traffic to the web server at 10.0.1.10 over HTTPS is allowed, but users complain that they cannot access the web server's login page. The IPS sensor 'High_Security_Sensor' has a signature that blocks SQL injection attempts. The application list 'Block_Social_Media' blocks Facebook and Twitter. What is the most likely cause of the issue?

28

An administrator runs the command shown in the exhibit and sees anomalies detected from 10.1.1.100 to 10.2.2.200. The IPS sensor's anomaly settings are configured with the default actions. What will be the default action for the ICMP Flood anomaly?

29

A mid-sized company has a FortiGate 100F running FortiOS 7.2. They have two internal networks: Trusted (10.1.1.0/24) for employees and Guest (10.2.2.0/24) for visitors. The Guest network has a firewall policy that allows internet access only, with an application control profile that blocks all peer-to-peer and gaming applications. Recently, users on the Guest network have been able to play online games (e.g., Fortnite) despite the block. The administrator checks the application control profile and confirms that 'Fortnite' is listed as blocked. There are no other policies allowing Guest traffic. The administrator also notices that the Guest policy has 'set utm-status enable' and the application control profile is applied. What is the most likely reason that Fortnite is not being blocked?

30

A company uses deep SSL inspection to filter traffic. Users report that some HTTPS sites are not loading. The administrator checks the FortiGate and sees that the certificate for the sites is not trusted on the client machines. What is the most likely cause?

31

An administrator notices that traffic to a specific HTTPS website is being blocked. The FortiGate has SSL inspection enabled, and the web filter profile is set to monitor all categories. The URL is not in any blocked category. What should the administrator check next?

32

A company wants to block all HTTP traffic but allow HTTPS. Which SSL inspection method should be used on the firewall policy?

33

An administrator configures a web filter profile to block the 'Phishing' category. Users still report receiving phishing emails with links that bypass the filter. What is the most likely reason?

34

A FortiGate is configured with SSL inspection and web filtering. The administrator notices that some HTTPS traffic is being blocked even though the URL is in an allowed category. What could be the cause?

35

Which TWO of the following are required for full SSL inspection to work correctly?

36

Which THREE of the following are valid methods to exclude certain HTTPS traffic from SSL inspection on a FortiGate?

37

Refer to the exhibit. An administrator has configured the SSL/SSH profile shown. However, users are unable to access HTTPS websites. What is the most likely cause?

38

A company with 500 users has a FortiGate 1000D running FortiOS 7.2. They have configured full SSL inspection and web filtering to block malware and phishing sites. The administrator receives complaints that some users cannot access a legitimate business website (https://vendor.example.com). The administrator checks the FortiGate logs and sees that the connection is allowed by the firewall policy and web filter. However, the user's browser shows 'ERR_CERT_AUTHORITY_INVALID'. The administrator verifies that the FortiGate's CA certificate is installed on all client machines. Further investigation reveals that the vendor's website uses a certificate signed by a private CA that is not trusted by the FortiGate. The administrator wants to resolve the issue without disabling SSL inspection for the whole website or compromising security. What should the administrator do?

39

A company wants to block all peer-to-peer (P2P) traffic using Application Control on their FortiGate. They have enabled the application control profile, but users can still download files via BitTorrent. What is the most likely reason?

40

An administrator has configured an IPS sensor to block critical-severity attacks. However, after a week, they notice that a known exploit (CVE-2021-44228) is still getting through. Which configuration change should be made to improve detection?

41

A network administrator notices that a FortiGate IPS sensor is not detecting any attacks, even though there is known malicious traffic on the network. Which initial troubleshooting step should the administrator take?

42

An organization uses Application Control to allow only business-critical applications and block social media. The administrator has configured the profile to block Facebook and Twitter, but users can still access Facebook. The firewall policy applies the profile correctly. What is the most likely cause?

43

Which TWO of the following are best practices when configuring IPS on a FortiGate in a high-throughput environment?

44

Given the above IPS sensor configuration, what will happen when traffic matching a high-severity IPS signature is detected?

45

A large enterprise uses a FortiGate 600E in NAT mode to protect its internal network. The security team has implemented an Application Control profile that categorizes applications and allows only 'Business' and 'General-Interest' categories. They have also applied an IPS sensor with default settings and enabled SSL inspection for outbound traffic. Recently, the helpdesk has received reports that some users cannot access a critical cloud-based CRM application, while others can. The CRM uses HTTPS on port 443. The Application Control profile is applied to the firewall policy for outbound traffic. The IPS sensor is also applied. The FortiGate is not configured for load balancing. Which of the following is the most likely cause of the issue?

46

A company is implementing SSL/TLS inspection on a FortiGate to monitor encrypted traffic. They want to ensure that traffic to high-risk categories is blocked, while traffic to financial sites is inspected but not blocked. The administrator creates an SSL inspection profile that deep-inspects all traffic except traffic to financial sites. However, users report that they cannot access financial websites. What is the most likely cause?

47

An administrator is configuring web filtering on a FortiGate. Which TWO statements about web filtering profiles are correct?

48

Refer to the exhibit. An administrator is troubleshooting why SSL inspection is not working for web traffic. The policy shown is the only policy matching the traffic. What is the most likely reason SSL inspection is failing?

49

A company is deploying FortiGate for outbound web filtering. They want to block users from accessing social media sites during business hours, but still allow access to cloud-based productivity tools like Office 365. Which approach should the administrator use to meet this requirement?

50

An administrator is configuring an IPS profile on FortiGate to detect and block SQL injection attacks. The profile must be applied to inbound traffic to a web server. Which TWO settings should the administrator enable to achieve this goal? (Choose two.)

51

Refer to the exhibit. An administrator has created an IPS sensor with two entries. The first entry sets severity 'medium' and action 'block'. The second entry sets severity 'critical' and action 'block'. What will happen when a packet triggers an IPS signature with severity 'low'?

52

Drag and drop the steps to configure IPsec VPN phase 1 settings on FortiGate into the correct order.

53

Drag and drop the steps to capture traffic on a FortiGate interface using the CLI into the correct order.

54

Drag and drop the steps to perform a factory reset on FortiGate via CLI into the correct order.

55

Drag and drop the steps to configure a VLAN interface on FortiGate into the correct order.

56

Match each FortiGate CLI command to its function.

57

Match each Fortinet HA mode to its description.

58

Match each FortiGate NAT type to its description.

59

Match each FortiGate firewall policy action to its result.

60

A network administrator notices that some users can access blocked web categories despite a web filter profile applied to the policy. The admin runs 'diagnose debug rating' and sees 'rating not allow' for the category. What is the MOST likely cause?

61

An administrator wants to block users from uploading sensitive documents through webmail. Which security profile should be configured on the FortiGate to achieve this goal?

62

A FortiGate in flow-based mode is configured with an antivirus profile to block infected files. A user downloads a .zip file containing a known virus, but the download is allowed and the file is not quarantined. What is the MOST likely reason?

63

What is the primary purpose of FortiSandbox integration with FortiGate antivirus?

64

An administrator configures an IPS profile to block SQL injection attacks. However, SQL injection traffic is still passing through the FortiGate. The administrator confirms the IPS profile is applied to the correct policy. What is the most likely reason?

65

A FortiGate administrator wants to block outgoing DNS requests to known malware domains. Which security profile should be used?

66

An administrator configures SSL deep inspection with a CA certificate. Users accessing an internal site (internal.company.com) receive a certificate error. The administrator wants to avoid the error without disabling deep inspection. What should be done?

67

What is the difference between certificate inspection and full SSL deep inspection on a FortiGate?

68

An administrator is configuring email filtering on FortiGate to block spam. Which of the following is required for FortiGate to filter inbound email directly?

69

A FortiGate administrator runs the command 'diagnose application urlfilter 0 status' and sees 'status: enable' but users report that some malicious URLs are not blocked. The web filter profile uses FortiGuard categories with 'block' action. What should the administrator check next?

70

An administrator wants to apply a safe search policy to enforce strict search results on Google, Bing, and Yahoo. Which security profile feature should be used?

71

A network administrator configures an application control profile to block social media applications. Users can still access Facebook through a web browser. What is the MOST likely reason?

72

An administrator needs to block users from uploading files containing credit card numbers to external websites. Which TWO actions must be configured? (Choose two.)

73

A FortiGate is configured with an IPS profile to detect and block anomalous network behavior. Which THREE types of detection does IPS anomaly detection include? (Choose three.)

74

An administrator wants to ensure that all DNS traffic from internal users is filtered by the FortiGate to block malicious domains. Which TWO configurations are necessary? (Choose two.)

75

A network administrator wants to allow employees to access a specific web application but block all other application traffic. The administrator creates a firewall policy with an application control profile that allows the desired application. However, employees can still access other applications. What is the MOST likely reason?

76

An administrator runs the CLI command: 'diagnose sys session list | grep -i dns' and sees sessions with dst port 53. The administrator has configured a DNS filter profile on the firewall policy. However, DNS requests are not being filtered. What is the MOST likely cause?

77

Which of the following security profiles is used to prevent malicious files from being downloaded via HTTP, FTP, or email by inspecting the content of the traffic?

78

A FortiGate administrator is troubleshooting an issue where users cannot access a legitimate website that is categorized as 'Pornography' by FortiGuard. The web filter profile is configured to block that category. The administrator wants to allow access for a specific user group without modifying the global web filter profile. What is the BEST approach?

79

An administrator wants to prevent employees from uploading sensitive credit card numbers via web forms. Which security profile feature is MOST appropriate to achieve this?

80

What is the PRIMARY purpose of enabling 'Safe Search' in a web filter profile?

81

A FortiGate administrator is configuring SSL deep inspection for a firewall policy that handles traffic to multiple internal servers. Some servers have self-signed certificates. The administrator wants to avoid certificate errors for users. What configuration is recommended?

82

Which of the following best describes the difference between flow-based and proxy-based inspection for antivirus scanning?

83

An administrator has configured an IPS profile with an anomaly detection sensor for 'tcp_syn_flood'. After applying the profile to a firewall policy, users report intermittent connectivity issues. The administrator runs 'diagnose ips anomaly list' and sees entries for 'tcp_syn_flood' with action 'pass'. What is the MOST likely cause of the connectivity issues?

84

Which FortiGate security feature can be used to block outgoing emails that contain specific keywords, such as confidential information?

85

A FortiGate administrator has configured a firewall policy with SSL deep inspection using a forward trust CA certificate. When users access an HTTPS website with a valid certificate, they still receive a certificate warning. What is the MOST likely reason?

86

An administrator wants to integrate FortiSandbox with a FortiGate to analyze suspicious files. Which security profile must be configured to send files to FortiSandbox?

87

A FortiGate administrator is configuring a data leak prevention (DLP) profile to prevent the leakage of social security numbers (SSNs) via email. Which TWO settings must be configured in the DLP profile?

88

An administrator wants to block all peer-to-peer (P2P) file sharing applications such as BitTorrent and eMule on the network. Which THREE steps should the administrator take?

89

Which TWO types of inspection can be used for HTTPS traffic in a FortiGate security policy?

90

A network administrator notices that users can access websites categorized as 'Pornography' despite a web filter profile blocking that category. The firewall policy uses the web filter profile and is applied to the users' traffic. What is the MOST likely cause?

91

You run the following CLI command on a FortiGate: diagnose sys session filter dport 443 diagnose sys session list The output shows many sessions with 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate about the traffic?

92

A FortiGate administrator wants to block all traffic to websites that are categorized as 'Malware' and 'Phishing'. Which security profile should be configured to achieve this goal?

93

An organization uses FortiSandbox to detect advanced threats. The administrator wants to ensure that files downloaded from the internet are sent to FortiSandbox for analysis before being delivered to users. Which Antivirus profile setting should be configured?

94

A FortiGate is configured with an SSL deep inspection profile that uses 'Certificate Inspection' (not 'Full SSL Inspection'). Which of the following is TRUE about this configuration?

95

An administrator wants to block the use of social media applications like Facebook and Twitter on the company network. Which security profile should be used?

96

A FortiGate administrator has configured an Application Control profile to block 'P2P' applications. However, users are still able to use BitTorrent. What is the MOST likely reason?

97

An administrator wants to prevent data leakage by blocking outbound emails that contain credit card numbers. Which security profile should be configured?

98

A FortiGate receives a file via SMTP that contains a virus. The antivirus profile is set to 'Block' for viruses and the action is set to 'Quarantine'. However, the email is delivered to the user with the infected attachment. What could be the reason?

99

Which FortiGate security profile is BEST suited for blocking DNS queries to known malicious domains?

100

An administrator wants to allow users to override a blocked category (e.g., Social Networking) by entering an administrator-defined password. Which of the following must be configured?

101

A FortiGate is configured with an IPS profile that includes a signature with a 'Pass' action. The firewall policy uses this IPS profile. What will happen when traffic matching that signature is detected?

102

A FortiGate is configured with a firewall policy that applies an Application Control profile and a Web Filter profile. The administrator wants to log all traffic blocked by the Web Filter profile. Which TWO configurations are required?

103

An administrator needs to ensure that all HTTPS traffic to a critical server is inspected by the IPS. The server uses a valid certificate from a public CA. Which THREE steps are required to achieve this?

104

A FortiGate administrator wants to block spam emails sent to the company's mail server. The mail server is behind the FortiGate. Which THREE configurations should be applied?

105

A network administrator notices that HTTP traffic to a specific website is being blocked by the web filter profile, but the website is categorized as 'General – Personal' in FortiGuard, which is allowed. What could cause this block?

106

A FortiGate administrator configures SSL deep inspection on a policy using a self-signed CA certificate. Users report that they see a certificate warning in their browsers when accessing HTTPS sites. What is the most effective solution to eliminate these warnings?

107

What is the primary difference between flow-based and proxy-based Antivirus inspection on a FortiGate?

108

An administrator wants to block all traffic to websites in the 'Pornography' category but allow an exception for a specific research site that falls under that category. The FortiGuard category is set to block. How should the administrator configure the exception?

109

An administrator runs the following CLI command and sees the output: 'diagnose sys session list | grep -A 5 10.1.1.100' and finds a session with 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate about the session?

110

A FortiGate configured with IPS anomaly detection is generating false positives for the 'tcp_syn_flood' anomaly. The administrator wants to reduce the false positives without completely disabling the detection. Which action should the administrator take?

111

Which security profile type requires a FortiSandbox license to enable advanced detection features?

112

An administrator notices that a specific application (e.g., Skype) is not being detected by the application control profile. The profile includes the 'Skype' application signature but traffic is passing through without being logged as Skype. What is the most likely reason?

113

A FortiGate administrator wants to block spam emails destined for internal users. The FortiGate receives SMTP traffic on port 25. What is the most effective way to filter spam using the email filter profile?

114

An administrator configures a DLP sensor to detect credit card numbers in traffic. However, the sensor is not detecting any credit card numbers even though they are present in emails. What could be the reason?

115

Which of the following best describes the function of FortiGuard web filtering categories?

116

An administrator wants to ensure that search engine results from Google, Bing, and Yahoo are filtered to exclude explicit content when users perform searches. Which feature should the administrator configure in the web filter profile?

117

A FortiGate administrator is troubleshooting an issue where users cannot access an internal HTTPS server (10.10.10.10:443) after enabling SSL deep inspection. The administrator sees that the server's certificate is self-signed. Which TWO actions should the administrator take to allow access while maintaining inspection?

118

An administrator wants to prevent sensitive data (e.g., credit card numbers) from being sent out of the network via email. Which THREE components must be configured to achieve this?

119

A FortiGate administrator is configuring IPS to protect against a known exploit targeting a web server. The administrator wants to ensure that the IPS engine can decode the HTTP protocol. Which TWO actions are necessary?

120

An administrator configures a web filter profile with FortiGuard category blocking and URL filter to allow example.com. Users report that example.com is still blocked. What is the most likely cause?

121

A FortiGate is configured with flow-based antivirus and an IPS profile on a policy. The administrator runs 'diagnose ips packet-list' and sees that packets are being forwarded without inspection. What is the most likely reason?

122

A network administrator wants to prevent users from downloading files with .exe extensions via HTTP and HTTPS. Which security profile feature should be used?

123

An administrator configures an application control profile to block 'Facebook' and 'Twitter' using application signatures. Users can still access Facebook via HTTPS. The administrator has enabled deep inspection. What is missing?

124

A FortiGate administrator receives reports that some users are receiving spam emails despite an email filter profile being applied to the SMTP traffic. The email filter profile has 'spam' action set to 'discard'. What is the most likely reason spam is still reaching users?

125

An administrator enables deep inspection for HTTPS traffic. Users report that they cannot access some websites because of certificate errors. The administrator wants to override these errors and allow access. What should be configured?

126

What is the purpose of the 'safe search' option in a FortiGate web filter profile?

127

An administrator configured a DLP profile to detect credit card numbers in outgoing emails. The profile is applied to an outbound SMTP policy. Users report that emails with credit card numbers are still being sent successfully. What is the most likely cause?

128

A FortiGate is configured with flow-based inspection and an IPS profile. The administrator runs 'diagnose ips session list' and sees many sessions with 'state=bypass'. What does this indicate?

129

Which two inspection modes are available for antivirus scanning on a FortiGate?

130

An administrator configures an application control profile to block 'BitTorrent'. Users are still able to download files using BitTorrent. The administrator has enabled deep inspection and the policy is set to proxy-based. What is the most likely reason the application is not being blocked?

131

An administrator wants to block users from uploading files to cloud storage services like Google Drive via HTTPS. Which security profile combination is required?

132

A FortiGate administrator is troubleshooting why antivirus scanning is not working for HTTPS traffic. Which TWO steps should be verified?

133

An administrator wants to block all traffic from the 'P2P' application category but allow traffic from 'File Sharing' applications like Dropbox. Which THREE configurations are required to achieve this?

134

An administrator configures a DLP profile to detect Social Security numbers in outbound traffic. The profile is applied to an outbound HTTP policy. Which TWO additional configurations are necessary for the DLP to inspect HTTPS traffic?

135

A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?

136

A FortiGate administrator wants to block access to gambling websites using web filtering. Which FortiGuard category should be blocked?

137

An administrator runs the CLI command 'diagnose debug rating' and sees that all FortiGuard web filter requests are timing out. What is the most likely cause?

138

A FortiGate is configured with SSL deep inspection using a self-signed CA certificate. Users report that they see a certificate warning in their browser when accessing HTTPS sites. The admin wants to eliminate these warnings. What should the admin do?

139

An administrator wants to block an application named 'Skype' on the network. They create an application control profile and add a rule to block 'Skype'. However, after applying the profile to the policy, users can still use Skype. What is the most likely reason?

140

Which IPS detection method analyzes traffic patterns over time to identify attacks that are characterized by a threshold of events?

141

A FortiGate administrator configures an email filter profile to block spam. Users report that some legitimate emails are being blocked. The administrator wants to reduce false positives while still blocking spam. What should the administrator do?

142

An administrator configures a DLP profile to detect credit card numbers in email traffic. The DLP rule uses a regular expression. However, the DLP sensor is not triggering on emails containing credit card numbers. What is a likely reason?

143

An administrator wants to allow access to a specific website that is blocked by the FortiGuard web filter category 'Social Networking'. The administrator creates a URL filter override to allow the site. After applying, the site is still blocked. What should the administrator check?

144

Which security profile component is specifically designed to prevent data exfiltration by inspecting outgoing traffic for sensitive data patterns?

145

An administrator configures an IPS profile with a signature that has a 'block' action. However, traffic matching the signature is only being logged and not blocked. What is the most likely reason?

146

An administrator integrates FortiGate with FortiSandbox for advanced threat detection. The FortiGate is configured to send files to FortiSandbox for analysis. Despite correct configuration, files are not being submitted. The administrator runs 'diagnose debug application fortisandbox -1' and sees 'no server configured'. What is the issue?

147

A network administrator wants to ensure that all users are blocked from accessing websites categorized as 'Pornography' and 'Hacking' on a FortiGate. Which TWO actions should the administrator take? (Choose two.)

148

An administrator is troubleshooting why an application control profile is not detecting a custom application that uses a non-standard port. The administrator wants to ensure the application is properly identified. Which THREE steps should the administrator take? (Choose three.)

149

A FortiGate administrator wants to prevent users from downloading executable files via HTTP from the internet. Which TWO security profile features can be used together to achieve this? (Choose two.)

150

A network administrator wants to prevent users from accessing known malicious websites using FortiGate. Which security profile should be applied to the firewall policy to achieve this goal?

151

An administrator configures an antivirus profile in proxy-based inspection mode on a FortiGate. However, SMTP traffic is not being scanned for viruses. The firewall policy includes the antivirus profile and the FortiGate has a valid FortiGuard subscription. What is the most likely cause?

152

A FortiGate administrator receives reports that users cannot access a legitimate website that uses HTTPS. The web filtering profile is configured with strict FortiGuard categories and 'monitor all' for unknown sites. The firewall policy has an SSL/SSH inspection profile set to 'deep-inspection'. What is the most likely cause of the issue?

153

Which IPS detection method uses a baseline of normal traffic and alerts when deviations exceed a threshold?

154

An administrator configures an application control profile to block social media applications. Users can still access Facebook and Twitter via web browsers. What is the most likely reason?

155

An administrator runs the command 'diagnose ips anomaly list' and sees many entries for 'tcp_src_session' with high counts. Users report slow internet. What is the most likely issue?

156

What is the purpose of the DNS filter security profile on a FortiGate?

157

A company policy requires that all web searches by employees use safe search. Which setting should be configured in the web filtering profile?

158

An administrator configures a data leak prevention (DLP) profile to detect credit card numbers in outgoing emails. However, no violations are logged. The email filter profile is applied with the DLP profile on the same policy. What is the most likely cause?

159

An administrator sees the following CLI output when checking an IPS sensor: 'config ips sensor edit test config entries edit 1 set severity medium set action block set target default end'. However, attacks with severity medium are still passing. The IPS sensor is applied to a policy with flow-based inspection. What is the likely issue?

160

Which SSL/TLS inspection mode only validates the server certificate without decrypting the traffic?

161

An administrator configures an email filter profile to block spam. Despite correct configuration, spam emails still reach users' inboxes. The FortiGate is deployed as a transparent bridge. What is the most likely reason?

162

A FortiGate administrator needs to configure a policy so that traffic to a specific external server is exempted from SSL deep inspection. Which method should be used?

163

An administrator wants to detect and prevent malware outbreaks. The FortiGate is integrated with FortiSandbox. Which TWO actions should be taken to ensure files are sent to FortiSandbox for analysis?

164

An administrator receives reports that some internal users can access Facebook despite a web filtering profile that blocks the 'Social Networking' category. The policy is configured with deep inspection. Which THREE checks should the administrator perform to troubleshoot this issue?

165

A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?

166

Which inspection mode in the antivirus profile processes traffic by buffering the entire file before scanning, allowing more thorough detection but potentially increasing latency?

167

An admin has configured an application control profile to block 'Facebook' and 'Twitter' using application signatures. Users can still access these sites via HTTPS. The firewall policy has SSL deep inspection enabled and the application control profile is applied. What is the MOST likely cause?

168

A FortiGate is configured to use a DNS filter profile to block access to malicious domains. However, users can still reach a known malicious domain. The DNS filter profile is applied to the firewall policy. Which step should the admin take FIRST to troubleshoot?

169

Which web filtering feature allows an administrator to force web search engines to filter explicit content in search results, regardless of the user's browser settings?

170

An admin runs the following command on a FortiGate: 'diagnose sys session filter dport 443' and sees output: 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate?

171

A FortiGate administrator wants to block all traffic to a known malicious IP address range using the Intrusion Prevention System (IPS). Which IPS configuration method is most appropriate?

172

Which security profile type is used to prevent sensitive data such as credit card numbers from being sent out of the network via email or web traffic?

173

An administrator has configured an SSL deep inspection profile with 'certificate inspection' for a firewall policy. Users report that they receive certificate errors when accessing HTTPS sites. What is the MOST likely reason?

174

A FortiGate is configured to integrate with FortiSandbox for advanced threat detection. The antivirus profile is set to send files to FortiSandbox when a virus is detected. What action does FortiGate take on the file while it is being analyzed by FortiSandbox?

175

Which security profile is used to detect and prevent network-based attacks by analyzing traffic patterns and comparing them against known attack signatures?

176

An administrator configures an email filter profile to block spam. Users complain that legitimate emails from a specific partner are being blocked. The admin wants to allow emails from that partner's domain without disabling spam filtering for other domains. What is the BEST approach?

177

A FortiGate administrator notices that some users can bypass the web filter to access prohibited categories. The web filter profile is applied to the firewall policy. Which TWO actions should the admin take to determine why the filter is being bypassed? (Choose two.)

178

An administrator wants to configure a DNS filter to block access to known malicious domains and also enforce safe search on search engines. Which THREE settings are required in the DNS filter profile? (Choose three.)

179

A FortiGate is configured with an application control profile to allow only 'business-approved' applications. Users are still able to use Skype for Business. The admin wants to ensure that only Skype for Business is allowed and other Skype variants are blocked. Which THREE steps should the admin take? (Choose three.)

180

A network administrator configures a web filtering profile to block access to the 'Social Networking' FortiGuard category. However, users can still access Facebook. The firewall policy has web filtering enabled. What is the MOST likely reason?

181

An administrator needs to block all traffic from an application that uses a proprietary protocol not recognized by any application signature. Which security profile method should be used to block this traffic?

182

An administrator runs 'diagnose ips anomaly list' and sees many 'tcp_syn_flood' entries. The IPS profile has anomaly detection enabled with action 'pass'. The administrator wants to block such attacks. What change is required?

183

What is the purpose of enabling 'DNS filter' in a security profile?

184

A FortiGate is configured for SSL deep inspection using a CA certificate. Users report that some websites show certificate errors. The administrator wants to allow these sites without inspection. Which setting should be used?

185

Which security profile is used to detect and prevent spam email messages?

186

An administrator configures an application control profile to block 'Facebook' and 'Twitter' using application signatures. Users can still access Facebook via HTTPS. The firewall policy has application control enabled and SSL deep inspection is not configured. Why is Facebook not blocked?

187

A FortiGate with antivirus in flow-based inspection mode is not detecting a known virus in HTTP traffic. The same virus is detected when using proxy-based inspection. What is the most likely reason?

188

What is the function of an IPS 'protocol decoder'?

189

An administrator wants to block upload of files containing credit card numbers via web forms. Which security profile should be used?

190

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

191

A FortiGate administrator wants to ensure that all DNS queries to known malware domains are blocked. The firewall policy allows DNS traffic. Which security profile must be applied?

192

A network admin wants to block all traffic from the BitTorrent application. The admin has enabled application control on the firewall policy. Which TWO steps are necessary to achieve this?

193

An administrator receives alerts about a possible data breach. Sensitive data (credit card numbers) might be leaving the network via email. The admin wants to detect and block such emails. Which THREE security profiles should be combined?

194

A FortiGate admin wants to enforce safe search on Google and Bing for all users. The firewall policy has web filtering enabled. Which TWO configurations are required?

195

A network administrator notices that traffic from a specific internal host is not being inspected by the application control profile applied to the firewall policy. The policy is configured with proxy-based inspection and the application control profile includes a rule to block 'Facebook'. The administrator confirms the host can still access Facebook. What is the MOST likely cause?

196

Which inspection mode allows FortiGate to perform virus scanning by reassembling the entire file in memory before scanning, providing better detection but potentially higher latency?

197

A FortiGate administrator runs the following command and sees: 'diagnose ips anomaly list' returns no entries, but the IPS sensor is configured with anomaly signatures. What is the MOST likely reason the signatures are not appearing?

198

An organization wants to prevent users from downloading files with extensions such as .exe and .scr via HTTP and HTTPS. The FortiGate already has a web filter profile applied to the relevant policy. Which web filter feature should be configured to achieve this?

199

A FortiGate administrator needs to ensure that all outbound DNS queries from internal clients are inspected for malicious domains. The administrator has a DNS filter profile configured. What additional configuration is required on the firewall policy to make the DNS filter effective?

200

What is the purpose of the 'safe search' option in a FortiGate web filter profile?

201

A FortiGate is configured with SSL deep inspection using a locally generated CA certificate. A user reports that they cannot access https://www.example.com and receive a certificate error. The administrator checks the firewall policy and sees that the SSL inspection profile is set to 'certificate-inspection' instead of 'deep-inspection'. What is the MOST likely effect?

202

Which FortiGate feature allows the administrator to scan SMTP, IMAP, and POP3 traffic for spam and apply actions such as tagging or discarding?

203

An organization uses FortiSandbox to analyze suspicious files. The FortiGate is configured to send files to FortiSandbox for analysis when the antivirus scan fails to reach a verdict. Which antivirus inspection mode must be used on the firewall policy for this integration to work?

204

A FortiGate administrator configures an IPS sensor with a signature that has a 'pass' action. The sensor is applied to a firewall policy. When traffic matches this signature, what will happen?

205

An administrator has configured DLP sensors to detect credit card numbers in outgoing traffic. However, the administrator notices that traffic containing credit card numbers is still passing through undetected. The firewall policy uses flow-based inspection. What is the MOST likely reason DLP is not detecting the data?

206

What is the primary function of protocol decoders in the FortiGate IPS engine?

207

A FortiGate administrator wants to block access to Facebook for all internal users. However, the administrator must ensure that the CEO's computer (IP 10.0.0.100) is exempted. Which TWO steps should the administrator take? (Choose two.)

208

A FortiGate administrator is troubleshooting an issue where a user receives a certificate error when accessing a web server. The administrator has configured SSL deep inspection with a custom CA certificate. The error indicates the certificate is not trusted. Which THREE actions could resolve this issue? (Choose three.)

209

An organization wants to implement data leak prevention (DLP) to detect when credit card numbers are sent via email (SMTP) and webmail (HTTPS). The FortiGate is using proxy-based inspection. Which THREE configurations are necessary? (Choose three.)

210

A network administrator notices that HTTP traffic is being scanned by the antivirus profile, but HTTPS traffic to the same web server is not being scanned. The firewall policy has the antivirus profile applied and SSL inspection is set to 'certificate-inspection'. What is the most likely reason HTTPS traffic is not being scanned?

211

An administrator configures a web filter profile to block the URL category 'Pornography'. The profile is applied to a policy for the sales department. Users report they can still access some sites that should be blocked. The administrator verifies that the FortiGuard web filter service is licensed and the FortiGate has internet connectivity. What should the administrator check next?

212

A FortiGate administrator needs to prevent employees from using peer-to-peer file sharing applications such as BitTorrent. The administrator creates an application control profile with a rule to block the 'Peer-to-Peer' application category. After applying the profile to the firewall policy, users can still use BitTorrent. What is the most likely cause?

213

What is the purpose of enabling 'Safe Search' in a web filter profile on a FortiGate?

214

A FortiGate administrator wants to integrate with FortiSandbox to analyze suspicious files detected by antivirus. The administrator configures the FortiSandbox settings under Security Fabric. However, files are not being sent to FortiSandbox. The antivirus profile is set to 'flow-based' inspection. What could be the reason?

215

An administrator runs 'diagnose ips anomaly list' and sees the following output: List of anomaly events: ID: 1, Type: tcp_syn_flood, Status: triggered, Count: 1500, Threshold: 1000 What does this indicate?

216

A school district uses a FortiGate to filter web traffic for students. The administrator wants to enforce that Google searches are filtered for explicit content. Which configuration should be applied?

217

What is the purpose of the 'DNS Filter' feature on a FortiGate?

218

A FortiGate is configured with an IPS profile to protect a web server. The administrator notices that some attacks are not being detected. The IPS signature database is up to date. What should the administrator check first?

219

What is the difference between 'certificate inspection' and 'full SSL deep inspection' on a FortiGate?

220

A FortiGate administrator is configuring intrusion prevention (IPS) for a web server. The administrator wants to both block known exploits and detect anomalous traffic patterns. Which TWO features should be enabled? (Choose two.)

221

An organization uses FortiMail for email filtering and FortiGate for web filtering. The administrator wants to ensure that email traffic is filtered for spam and malware before reaching the internal mail server. Which TWO steps should be taken? (Choose two.)

222

A FortiGate administrator needs to prevent data leakage by blocking the upload of files containing credit card numbers via web traffic. Which THREE components must be configured? (Choose three.)

223

A FortiGate administrator wants to create a web filter profile that blocks access to social networking sites during work hours but allows them during lunch breaks. Additionally, the administrator wants to ensure that HTTPS social networking sites are blocked. Which TWO configurations are required? (Choose two.)

224

An administrator configures an IPS sensor with a signature that is triggered by traffic to a specific server. The signature is set to 'Block' but the traffic is not being blocked. The administrator verifies that the IPS sensor is applied to the correct firewall policy and that the signature is enabled. Which TWO additional checks should the administrator perform? (Choose two.)

225

A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?

226

An administrator wants to block access to websites that host malware. Which FortiGate feature should be configured to achieve this goal?

227

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

228

A network admin is configuring a security policy for outbound HTTP traffic. The requirements are: (1) block access to known malicious websites, (2) prevent users from downloading executable files, (3) detect and block C2 traffic. Which THREE security profiles should be applied to the policy?

229

A security administrator wants to ensure that all DNS queries from internal users are filtered to block access to known malicious domains. Which TWO configurations must be applied?

230

An administrator has configured an IPS profile to detect SQL injection attacks. However, some SQL injection attempts are still reaching the web server. Which TWO actions should the administrator take to improve detection?

231

Which TWO are valid types of SSL/TLS inspection available on FortiGate?

232

A FortiGate admin is troubleshooting email filtering. Legitimate emails from a specific external domain are being marked as spam. Which THREE steps should the admin take to resolve this?

Practice all 232 Security Profiles questions

Other NSE4 exam domains

System and Network AdministrationFirewall Policies and NATAuthentication and VPNHigh Availability and Diagnostics

Frequently asked questions

What does the Security Profiles domain cover on the NSE4 exam?

The Security Profiles domain covers the key concepts tested in this area of the NSE4 exam blueprint published by Fortinet. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all NSE4 domains — no account required.

How many Security Profiles questions are in the NSE4 question bank?

The Courseiva NSE4 question bank contains 232 questions in the Security Profiles domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Security Profiles for NSE4?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Security Profiles questions for NSE4?

Yes — the session launcher on this page draws questions exclusively from the Security Profiles domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your NSE4 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide