Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← High Availability and Diagnostics practice sets

NSE4 High Availability and Diagnostics • Complete Question Bank

NSE4 High Availability and Diagnostics — All Questions With Answers

Complete NSE4 High Availability and Diagnostics question bank — all 0 questions with answers and detailed explanations.

145
Questions
Free
No signup
Certifications/NSE4/Practice Test/High Availability and Diagnostics/All Questions
Question 1mediummultiple choice
Read the full MPLS explanation →

A network engineer is configuring an SD-WAN rule to steer voice traffic to the MPLS link with the lowest latency. The SLA target is set to latency < 50 ms and jitter < 10 ms. However, the MPLS link occasionally exceeds the latency threshold. What should the engineer do to ensure voice traffic uses the best available link without manual intervention?

Question 2easymultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator has two FortiGate units in an active-passive HA cluster. The cluster is configured to use the heartbeat interface port3. During a failover test, the primary unit fails but the secondary does not take over. What is the most likely cause?

Question 3hardmultiple choice
Study the full SD-WAN breakdown →

A company has two remote sites connected via an SD-WAN overlay. The headquarters uses a FortiGate with two WAN links: Fiber (priority 1) and LTE (priority 2). The SD-WAN rule for business-critical traffic uses the 'best quality' strategy with SLA targets for latency and jitter. The fiber link occasionally experiences high jitter but low latency. The engineer notices that traffic is not failing over to LTE even when jitter exceeds the threshold. What is the most likely reason?

Question 4easymultiple choice
Read the full High Availability and Diagnostics explanation →

In an active-active HA cluster, which of the following must be identical on both FortiGate units?

Question 5mediummultiple choice
Read the full MPLS explanation →

An SD-WAN rule is configured with a 'manual' strategy and multiple members. The engineer wants to ensure that voice traffic always uses the MPLS link as long as it meets the SLA, otherwise use the broadband link. Which configuration is required?

Question 6mediummulti select
Read the full High Availability and Diagnostics explanation →

Which TWO statements about FortiGate HA heartbeat interfaces are correct?

Question 7hardmulti select
Study the full SD-WAN breakdown →

Which THREE statements about SD-WAN rules are correct?

Question 8hardmultiple choice
Read the full High Availability and Diagnostics explanation →

Refer to the exhibit. An administrator has configured HA on two FortiGate units. During a failover test, the secondary unit does not take over when the primary fails. What is the most likely cause?

Exhibit

Refer to the exhibit.

config system ha
    set group-name "HA_Cluster"
    set mode a-p
    set hbdev "port3" 50
    set session-pickup enable
    set session-pickup-connectionless enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port1"
            set gateway 10.0.1.1
        next
    end
    set override disable
    set priority 100
end
Question 9mediummultiple choice
Study the full SD-WAN breakdown →

Refer to the exhibit. An SD-WAN rule for voice traffic uses the SLA strategy with sla-match-mode 'any'. SLA 'sla1' measures ping to 8.8.8.8. If wan1 has latency 90 ms and jitter 10 ms, and wan2 has latency 110 ms and jitter 5 ms, which link will be selected for voice traffic?

Exhibit

Refer to the exhibit.

config system sdwan
    set status enable
    config members
        edit 1
            set interface "wan1"
            set gateway 10.0.0.254
            set source 10.0.0.1
        next
        edit 2
            set interface "wan2"
            set gateway 10.0.1.254
            set source 10.0.1.1
        next
    end
    config performance-sla
        edit 1
            set name "sla1"
            set server "8.8.8.8"
            set protocol "ping"
            set probe-packets 5
            set latency-threshold 100
            set jitter-threshold 20
        next
    end
    config service
        edit 1
            set name "voice"
            set mode sla
            set sla-match-mode any
            config sla
                edit "sla1"
                    set id 1
                next
            end
            set priority-members 1 2
        next
    end
end
Question 10hardmultiple choice
Open the full VLAN trunking answer →

A company has two FortiGate 100F units in an active-passive HA cluster with firmware version 7.2.5. The cluster is configured with session pickup and all interfaces are monitored. The network consists of three VLANs: VLAN10 (Users), VLAN20 (Servers), and VLAN30 (DMZ). The cluster is connected to two ISPs: ISP1 (port1) and ISP2 (port2). The internal network uses a single aggregated link (port3 and port4) as a LAG to the core switch. One day, the primary FortiGate experiences a hardware failure and the secondary takes over. After the primary is replaced and rejoins the cluster, the administrator notices that traffic passing through the cluster is intermittently dropping for a few seconds every minute. The administrator checks the cluster status and sees that the new primary (previously secondary) is in 'primary' state and the old primary (newly replaced) is in 'secondary' state. What is the most likely cause of the intermittent traffic drops?

Question 11mediummultiple choice
Read the full MPLS explanation →

A network engineer is configuring SD-WAN on a FortiGate with two WAN links: MPLS (port1) and Internet (port2). The MPLS link has lower latency and jitter. The engineer wants to route all VoIP traffic (SIP and RTP) over the MPLS link unless it is unavailable. Which SD-WAN rule configuration should be used?

Question 12hardmulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate is configured in an A-P HA cluster. The administrator wants to ensure that session failover occurs for UDP-based voice traffic. Which TWO settings must be enabled?

Question 13hardmultiple choice
Read the full High Availability and Diagnostics explanation →

Refer to the exhibit. The HA cluster has been operational for 5 days. The primary unit suddenly loses power. Which of the following will happen?

Exhibit

Refer to the exhibit.

config system ha
    set group-name "HA_Group"
    set mode a-p
    set hbdev "port1" 100
    set session-pickup enable
    set session-pickup-connectionless enable
    set priority 200
end

diagnose sys ha status

HA Health Status: OK
Model: FortiGate-100E
Group: HA_Group
Mode: A-P
Group ID: 0
Debug: 0

Cluster Uptime: 5 days 2 hours 15 mins

Cluster Members:

Member 1 (FGT100E3G17012345)
    Role: Primary
    Serial: FGT100E3G17012345
    Priority: 200
    Heartbeat interface: port1 (10.0.0.1)
    Heartbeat status: OK

Member 2 (FGT100E3G17012346)
    Role: Secondary
    Serial: FGT100E3G17012346
    Priority: 100
    Heartbeat interface: port1 (10.0.0.2)
    Heartbeat status: OK
Question 14mediumdrag order
Read the full High Availability and Diagnostics explanation →

Drag and drop the steps to configure HA (High Availability) on a FortiGate pair into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 15mediummatching
Review the full routing breakdown →

Match each FortiGate routing concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manually configured path to a destination network

Link-state routing protocol for internal networks

Path-vector routing protocol for internet and WAN

Routes traffic based on source/destination or service

Load-balances traffic across multiple routes with same cost

Question 16mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator has configured an active-passive HA cluster. During a failover test, the standby unit becomes active but existing user sessions are lost, requiring users to re-establish connections. Which configuration change would prevent this behavior?

Question 17easymultiple choice
Read the full High Availability and Diagnostics explanation →

A network administrator runs the following CLI command on a FortiGate to capture traffic for troubleshooting: 'diagnose sniffer packet any "host 10.0.1.100" 4'. What does the '4' at the end of the command specify?

Question 18mediummultiple choice
Read the full High Availability and Diagnostics explanation →

In an active-active HA cluster, the administrator notices that traffic is not being load-balanced evenly across both units. What is the most likely cause?

Question 19hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator executes 'diagnose debug flow' for a specific session and sees the output: 'id=20085 trace_id=10 func=print_pkt_detail line=5567 msg="vd-root:0 received packet via port1".' Later, the trace shows 'msg="Deny by policy"'. What is the most likely next step the administrator should take?

Question 20mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to send logs to an external FortiAnalyzer for centralized monitoring. Which log configuration step is required?

Question 21easymultiple choice
Read the full High Availability and Diagnostics explanation →

What is the purpose of the heartbeat interface in a FortiGate HA cluster?

Question 22hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator runs 'diagnose sys session filter dport 443' and then 'diagnose sys session list'. The output shows many sessions with 'proto_state=01' and 'expire=3599'. What does 'expire=3599' indicate?

Question 23mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to block a specific application using the FortiGuard Application Control service. Which two objects must be correctly configured in the firewall policy to achieve this? (Choose the best single answer describing the required object types.)

Question 24hardmultiple choice
Read the full High Availability and Diagnostics explanation →

During a failover in an active-passive HA cluster, the newly active unit does not have the same session table as the previous primary, causing all existing sessions to drop. Which setting should the administrator verify?

Question 25easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which log severity level indicates a failure that requires immediate attention?

Question 26mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator notices that the FortiGate HA cluster has two units, but only one is shown as 'primary' and the other as 'standby'. The administrator did not configure any load balancing. Which HA mode is in use?

Question 27hardmultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate admin wants to inspect SSL-encrypted traffic for threats using IPS. The admin creates an SSL inspection profile with 'full SSL inspection' and applies it to the policy. What additional configuration is necessary for the IPS engine to process the decrypted traffic?

Question 28hardmulti select
Read the full VPN explanation →

An administrator is troubleshooting a VPN tunnel that fails to establish. Which TWO CLI commands would provide the most relevant diagnostic information? (Choose two.)

Question 29mediummulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator wants to ensure that logs are retained even after a power outage. Which THREE storage options provide persistent log storage? (Choose three.)

Question 30mediummulti select
Read the full High Availability and Diagnostics explanation →

An active-passive HA cluster is experiencing frequent failovers. Which TWO factors could cause unnecessary failovers? (Choose two.)

Question 31mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator has configured an active-passive HA cluster with two units. During a failover test, they notice that existing TCP sessions are dropped and must be re-established. What configuration change should the administrator make to ensure sessions are preserved during failover?

Question 32easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which FortiGate diagnostic command allows you to capture packets on an interface for troubleshooting network connectivity issues?

Question 33hardmultiple choice
Review the full routing breakdown →

A FortiGate in an active-active HA cluster is experiencing asymmetric routing. The administrator runs 'diagnose debug flow' on a packet from a client to a server. The flow trace shows the packet is allowed by policy, but the response is dropped. What is the most likely cause?

Question 34mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator runs 'diagnose sys session filter dport 443' and then 'diagnose sys session list'. The output shows many sessions with 'proto_state=01' and 'expire=0'. What does this indicate about these sessions?

Question 35mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An organization wants to send FortiGate logs to a central log management system for long-term storage and compliance. Which FortiGate feature is specifically designed for collecting and analyzing logs from multiple FortiGate devices?

Question 36easymultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator wants to see real-time debugging output for traffic matching a specific source IP address. Which command sequence would achieve this?

Question 37hardmultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator has configured an active-passive HA cluster. After a failover event, the former primary unit comes back online and immediately takes over as primary again, causing another failover. The administrator wants the original primary to stay in standby until the current primary fails. Which setting should be configured?

Question 38easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which FortiGate log severity level indicates that a system is unusable and requires immediate attention?

Question 39mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to ensure that traffic logs are sent to a FortiAnalyzer even when the FortiGate's local disk is full. What configuration is required?

Question 40mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator notices that after upgrading the firmware, the HA cluster fails to form. Both units show the correct HA configuration. What is the most likely cause?

Question 41hardmultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator runs 'diagnose debug flow' and sees the output 'FW-6: packet is allowed by policy' but the packet is still dropped. What additional debug information should the administrator check to determine why the packet is dropped after being allowed?

Question 42easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which of the following log types on FortiGate records traffic that is denied by a firewall policy?

Question 43mediummulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is troubleshooting an issue where HTTPS traffic is not being properly inspected by the web filter. The policy has SSL inspection enabled. Which TWO commands would provide the most useful real-time debugging information? (Choose two.)

Question 44hardmulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to configure an active-passive HA cluster to ensure that management access is available via a dedicated IP address that moves with the active unit. Which THREE configuration steps are required? (Choose three.)

Question 45mediummulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is investigating a performance issue and suspects that a large number of incomplete TCP connections are consuming session table resources. Which TWO commands would help identify such sessions? (Choose two.)

Question 46mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A network administrator is troubleshooting a FortiGate HA cluster that is not failing over as expected. The cluster consists of two units in active-passive mode. The administrator issues the command 'diagnose sys ha status' and sees that both units have the same priority. What is the most likely cause of the failover issue?

Question 47easymultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to capture packets on interface port2 for 10 seconds to diagnose a connectivity issue. Which command should the administrator use?

Question 48hardmultiple choice
Read the full High Availability and Diagnostics explanation →

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 49mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to forward logs to a FortiAnalyzer for centralized management. The FortiAnalyzer is reachable at 10.0.1.100. Which configuration step is required on the FortiGate to send logs to this FortiAnalyzer?

Question 50mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is troubleshooting a FortiGate HA cluster that is experiencing frequent failovers. The heartbeat interfaces are configured on port1 and port2. Which diagnostic command should the administrator use to check heartbeat packet loss?

Question 51easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which log severity level indicates that a device is unusable and requires immediate attention?

Question 52mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator wants to configure ZTNA to secure access to an internal application. Which of the following components is essential for ZTNA to function?

Question 53hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator runs 'diagnose debug flow' for a specific source IP and sees the output includes 'no matching policy'. The FortiGate has a firewall policy that should match the traffic. What is the most likely reason for this message?

Question 54mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate cluster in active-passive HA is configured with two heartbeat interfaces. The primary unit fails completely. The secondary unit detects the failure and becomes primary. After the original primary recovers, it remains in passive mode. What is the most likely reason for this behavior?

Question 55easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which FortiGate log type records information about firewall policy matches and traffic statistics?

Question 56hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator configures a FortiGate to use FortiGuard for web filtering. However, some users report that certain categories are not being blocked as configured. The administrator checks the FortiGuard subscription status and it is valid. What is the most likely cause?

Question 57mediummultiple choice
Read the full High Availability and Diagnostics explanation →

In an active-active HA cluster, session synchronization is enabled. What is the primary purpose of session synchronization in this mode?

Question 58mediummulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is troubleshooting a traffic issue where users cannot access a specific website. The administrator runs 'diagnose debug flow' and sees the output indicating that traffic is being denied by a firewall policy. Which two actions should the administrator take to identify the specific policy denying the traffic? (Choose two.)

Question 59hardmulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is configuring an active-passive HA cluster and needs to ensure that management access is available via a dedicated management IP address that does not fail over. Which three steps should the administrator take? (Choose three.)

Question 60easymulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator wants to send logs to both a local disk and a remote FortiCloud account. Which two conditions must be met for this to work? (Choose two.)

Question 61mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate HA cluster is running in active-passive mode with two units. The administrator notices that the primary unit fails over to the secondary unit every few minutes, causing service disruption. The heartbeat interfaces are configured on port1 and port2. What is the MOST likely cause of the frequent failovers?

Question 62hardmultiple choice
Read the full High Availability and Diagnostics explanation →

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 63easymultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to capture packets on the DMZ interface to troubleshoot a connectivity issue. Which CLI command should be used to start a packet capture?

Question 64mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator configures a FortiGate HA cluster in active-active mode. After enabling session synchronization, they notice that new sessions are not being synced to the secondary unit. The cluster is using a dedicated heartbeat interface. What could be the reason?

Question 65hardmultiple choice
Review the full routing breakdown →

An administrator runs 'diagnose debug flow' for a specific policy and sees the following output: id=20085 trace_id=10 func=vf_ip_route_in msg='No matching interface to route packet' What does this indicate?

Question 66easymultiple choice
Read the full High Availability and Diagnostics explanation →

What is the purpose of the 'override' setting in FortiGate HA?

Question 67mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to send logs to a FortiAnalyzer device for long-term storage and analysis. Which log configuration must be set up?

Question 68mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is troubleshooting a policy that should allow HTTP traffic but it is being blocked. They run 'diagnose debug flow' and see the output ends with 'msg=deny by forward policy check'. What is the most likely cause?

Question 69easymultiple choice
Read the full High Availability and Diagnostics explanation →

What is the function of Zero Trust Network Access (ZTNA) on a FortiGate?

Question 70mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate cluster is configured in active-passive HA. The administrator wants to manage the cluster using a single IP address that always points to the current primary unit. Which configuration should be applied?

Question 71hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator runs 'diagnose sys session list' and sees a session with 'expire=0'. What does this indicate?

Question 72mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate receives log messages with severity 'warning'. What is the log severity level number for 'warning' according to FortiGate's log severity levels?

Question 73mediummulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate HA cluster in active-passive mode is experiencing unexpected failovers. The administrator suspects the heartbeat link is unreliable. Which TWO actions would help diagnose the heartbeat link issue? (Select two.)

Question 74hardmulti select
Read the full High Availability and Diagnostics explanation →

An administrator is troubleshooting a FortiGate that is not sending logs to FortiCloud. The FortiGate has internet connectivity and a valid FortiCloud subscription. Which THREE steps should the administrator take to resolve this issue? (Select three.)

Question 75mediummulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator needs to ensure that a specific traffic flow is fully inspected by the antivirus and IPS profiles. The traffic is HTTPS. Which THREE configuration items are required? (Select three.)

Question 76mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate HA cluster is operating in active-passive mode. The active unit fails over to the passive unit. After the failover, some existing TCP sessions are dropped. What is the MOST likely cause?

Question 77easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which CLI command is used on a FortiGate to perform a real-time packet capture on an interface?

Question 78hardmultiple choice
Read the full High Availability and Diagnostics explanation →

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

Question 79mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator wants to ensure that in an active-passive HA cluster, a specific unit becomes the primary (active) unit after a reboot. Which configuration parameter should be set to a higher value on that unit?

Question 80easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which FortiGate log type records user authentication events, such as successful logins and failed login attempts?

Question 81mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator notices that traffic matching a firewall policy is not being logged. The policy has logging enabled. The FortiGate has local disk storage. What should the administrator check first?

Question 82hardmultiple choice
Read the full High Availability and Diagnostics explanation →

In an active-active HA cluster, what is the purpose of the 'session sync' configuration?

Question 83easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which FortiGuard subscription service is required for URL filtering and web categorization?

Question 84mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is troubleshooting a firewall policy that should apply application control. The application control profile is configured but traffic is not being inspected. The administrator runs 'diagnose debug flow' and sees that the traffic is hitting the correct policy. What could be the issue?

Question 85mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator wants to configure Zero Trust Network Access (ZTNA) to secure access to an internal application. What is required on the FortiGate?

Question 86hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is configuring HA on two FortiGates. Both units have the same model and firmware. When they are connected, neither unit becomes active. The admin checks the HA status and sees that the cluster is not formed. What is the MOST likely cause?

Question 87mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate admin wants to send logs to both a local disk and a remote FortiAnalyzer. Which log configuration must be set?

Question 88easymulti select
Read the full High Availability and Diagnostics explanation →

Which TWO of the following are valid methods to view real-time debug output on a FortiGate? (Choose two.)

Question 89mediummulti select
Read the full High Availability and Diagnostics explanation →

An administrator is configuring an active-passive HA pair. Which THREE of the following must be identical on both units for the cluster to form? (Choose three.)

Question 90hardmulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is troubleshooting why traffic from a specific source IP is not being logged. The traffic is allowed by a firewall policy with logging enabled. Which TWO commands could the administrator use to verify if the traffic is hitting the expected policy? (Choose two.)

Question 91mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate admin runs 'diagnose sys session filter dport 443' and then 'diagnose sys session list'. The output shows a session with 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate about the session?

Question 92easymultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is configuring an active-passive HA cluster and wants to ensure that the secondary unit can be monitored and managed directly via HTTPS even when it is not the primary. Which setting must be enabled?

Question 93hardmultiple choice
Read the full VPN explanation →

A FortiGate admin is troubleshooting intermittent VPN disconnections. The admin enables debug flow with 'diagnose debug flow filter daddr 10.0.0.1' and 'diagnose debug flow trace start 10'. The output shows 'msg: send to x.x.x.x via intf port1' but then immediately 'msg: no matching policy'. However, the firewall policy list shows a policy that should match. What is the most likely cause?

Question 94mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator needs to ensure that in an active-passive HA cluster, the primary unit always remains the preferred master unless it fails, regardless of other factors. The administrator sets the primary's HA priority to 200 and the secondary to 100. However, after a reboot of the primary, the secondary becomes the primary. What additional step is required?

Question 95mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A network admin receives an alert that the FortiGate disk logs are no longer being written. The admin checks the disk status and sees that the disk is full. However, the admin needs to preserve the logs for compliance purposes. Which action should the admin take to continue logging while preserving the existing logs?

Question 96easymultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator wants to monitor real-time traffic flows on a FortiGate, specifically to see packet details for traffic matching certain criteria. Which command should the administrator use to capture live packets on an interface?

Question 97hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is troubleshooting a slow web application. The admin suspects that the FortiGate's session table might be full, causing new sessions to be dropped. Which command should the admin use to check the current session table utilization?

Question 98mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A company has two FortiGate units in an active-active HA cluster. They want to ensure that sessions initiated from the internet through a virtual IP are synchronized to the peer unit in case of failover. Which HA setting is required?

Question 99easymultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator needs to send logs from a FortiGate to a remote FortiAnalyzer for centralized log storage and analysis. Which configuration step is required on the FortiGate?

Question 100mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate is configured with an active-passive HA cluster. The admin notices that when the primary unit fails, the secondary takes over, but after the primary recovers, it does not automatically become active again. What is the most likely reason?

Question 101mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An admin is troubleshooting why a user's traffic is not being logged. The firewall policy has logging enabled at 'All Sessions'. The admin checks the traffic log and sees no entries for that user. The admin runs 'diagnose debug flow' and sees the traffic is matching the policy. What could be the issue?

Question 102hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is configuring ZTNA (Zero Trust Network Access) on a FortiGate. The administrator needs to ensure that only clients with a valid posture assessment can access an internal application. Which access proxy setting must be configured to enforce this requirement?

Question 103mediummulti select
Read the full High Availability and Diagnostics explanation →

An administrator is setting up an active-passive HA pair and wants to ensure that the cluster can properly monitor each unit's health. Which TWO interfaces must be configured as HA heartbeat interfaces? (Choose two.)

Question 104hardmulti select
Read the full High Availability and Diagnostics explanation →

An administrator is troubleshooting an issue where users cannot access an internal web server via the internet through a FortiGate. The FortiGate has a virtual IP (VIP) configured for the web server. The administrator runs 'diagnose debug flow filter daddr <public-ip>' and 'diagnose debug flow trace start 100'. The output shows 'msg: forward to x.x.x.x via intf port2' but then 'msg: policy deny'. Which TWO actions should the administrator take to resolve the issue? (Choose two.)

Question 105mediummulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is configuring logging to meet a compliance requirement that all security events must be stored for at least one year. The FortiGate has limited local disk space. Which THREE actions should the administrator take to meet this requirement? (Choose three.)

Question 106mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate HA cluster is configured in active-passive mode with two units. The primary unit fails. The secondary unit takes over, but some established TCP sessions are dropped. What is the most likely cause?

Question 107easymultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator wants to troubleshoot a traffic flow issue on a FortiGate. They suspect packets are being dropped. Which command should they use to perform a real-time packet capture on an interface?

Question 108hardmultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator runs 'diagnose debug flow' with a filter for a specific source IP. The output shows 'no policy matched' for the traffic. The administrator verifies that a firewall policy exists with that source IP. What is the most likely reason for the 'no policy matched' message?

Question 109mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate HA cluster is set to active-active mode. The administrator notices that session synchronization is enabled but some sessions are not being synced between cluster units. Which of the following is a likely cause for incomplete session synchronization in active-active mode?

Question 110mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is reviewing log files on a FortiGate and needs to identify events related to a specific user authentication failure. The FortiGate has local disk logging enabled. Which command would the administrator use to search the logs for this event?

Question 111easymultiple choice
Read the full NAT/PAT explanation →

A FortiGate administrator receives an alert that the FortiGuard antivirus database on the firewall is outdated. Which subscription service must be active to update the antivirus signatures?

Question 112mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is configuring a FortiGate HA cluster and wants to ensure that the primary unit is always preferred based on its configuration priority. Which setting should be enabled to allow the primary unit to resume its role after a failover if it regains connectivity?

Question 113hardmultiple choice
Read the full VRF explanation →

A FortiGate administrator runs 'diagnose sys session filter dport 443' followed by 'diagnose sys session list' and sees the following output for a session: src=10.0.1.10 dst=192.168.2.20 sport=12345 dport=443 proto=6 vrf=0

What does the 'proto=6' indicate about this session?

Question 114mediummultiple choice
Review the full routing breakdown →

A FortiGate administrator is troubleshooting an issue where internal users cannot access a public web server. The administrator runs 'diagnose debug flow' and sees the output shows 'forward to port2' but then 'no route to host'. What is the most likely cause?

Question 115easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which log severity level indicates that a log message is for informational purposes and does not require immediate action?

Question 116hardmulti select
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is configuring ZTNA (Zero Trust Network Access) to secure access to an internal application. Which two components must be configured to create a ZTNA rule? (Choose two.)

Question 117easymultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator wants to view real-time debug output for traffic flowing through a FortiGate. Which command should they use to enable flow tracing with a specific source IP filter?

Question 118mediummulti select
Read the full High Availability and Diagnostics explanation →

In a FortiGate HA cluster, the administrator wants to reduce failover time when the primary unit fails. Which two adjustments can help achieve this? (Choose two.)

Question 119mediummultiple choice
Read the full VPN explanation →

A FortiGate administrator is troubleshooting a VPN tunnel that is not establishing. The administrator wants to view the IKE debug output in real time. Which command should they use?

Question 120easymultiple choice
Read the full network assurance explanation →

An administrator wants to send logs from a FortiGate to an external syslog server. Which log forwarding method should they configure?

Question 121hardmultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is setting up an HA cluster with two FortiGates. The heartbeat interfaces are connected via a dedicated switch. The administrator wants to ensure that the management IP is always accessible through the active unit. Which configuration is required?

Question 122mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator wants to view the current session table on a FortiGate. Which command should they use?

Question 123mediummultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator notices that the HA cluster is frequently failing over even though no hardware failure has occurred. The heartbeat link shows some packet loss. What is the best action to reduce unnecessary failovers?

Question 124easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which of the following FortiGate log types records information about user authentication and administrative access?

Question 125mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator needs to store logs for compliance purposes and wants them to be retained even if the FortiGate is reset. Which log storage option should they use?

Question 126mediummultiple choice
Read the full High Availability and Diagnostics explanation →

In an active-passive HA cluster, the administrator wants to ensure that new connections are load-balanced across both units only for specific services while maintaining failover capability. Which configuration should be applied?

Question 127hardmultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate administrator is diagnosing a performance issue. They notice that the CPU usage is consistently high. Which command can provide a real-time view of the processes consuming CPU?

Question 128mediummultiple choice
Read the full network assurance explanation →

An administrator wants to ensure that log messages are categorized by severity and that only events with severity 'error' and above are sent to the syslog server. Which configuration should be used?

Question 129mediummultiple choice
Read the full High Availability and Diagnostics explanation →

In a FortiGate HA cluster, the administrator needs to perform a firmware upgrade without causing a full service outage. Which procedure should be followed?

Question 130easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which FortiGate feature allows administrators to verify if a specific IP address is being blocked by a security policy?

Question 131mediummultiple choice
Read the full NAT/PAT explanation →

A FortiGate administrator configures a ZTNA rule to protect an internal web server. The rule uses an access proxy. Which component on the FortiGate terminates the incoming ZTNA connection?

Question 132hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator is troubleshooting a FortiGate that is not sending logs to FortiAnalyzer. The FortiAnalyzer is reachable from the FortiGate. Which command should the administrator use to test the connectivity and log forwarding?

Question 133mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator configures a FortiGate HA cluster in active-passive mode. After a failover, some UDP-based sessions are lost. What is the MOST likely reason?

Question 134easymultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator wants to capture HTTP traffic on port1 for troubleshooting. Which CLI command should be used?

Question 135hardmultiple choice
Read the full High Availability and Diagnostics explanation →

A FortiGate HA cluster is experiencing frequent failovers. The administrator checks the HA event log and sees repeated 'Heartbeat loss' messages. The heartbeat interfaces are connected directly via a crossover cable. What is the MOST likely cause?

Question 136mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator runs 'diagnose debug flow' and sees the output 'no matching policy'. What does this indicate?

Question 137easymultiple choice
Read the full High Availability and Diagnostics explanation →

Which log severity level indicates that the system is unusable?

Question 138mediummultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator needs to configure a FortiGate to send logs to an external FortiAnalyzer. Which setting is required?

Question 139mediummultiple choice
Read the full NAT/PAT explanation →

An administrator wants to view the current session table entries filtered by destination port 443. Which command should be used?

Question 140hardmultiple choice
Read the full High Availability and Diagnostics explanation →

In an active-active HA cluster, session synchronization is configured. A new session is created on the primary unit. When does the secondary unit learn about this session?

Question 141easymultiple choice
Read the full VPN explanation →

Which FortiGate feature allows users to access internal applications without a VPN client?

Question 142mediummultiple choice
Read the full DNS explanation →

An administrator notices that the FortiGate is not receiving updates from FortiGuard. The DNS settings are correct and the FortiGate can ping update.fortiguard.net. What is the MOST likely cause?

Question 143hardmultiple choice
Read the full High Availability and Diagnostics explanation →

An administrator configures HA override on a cluster with priority 200 on primary and 100 on secondary. The primary fails, secondary takes over. When primary recovers, what happens?

Question 144mediummultiple choice
Read the full High Availability and Diagnostics explanation →

Which type of log records information about firewall policy matches, such as allowed or denied traffic?

Question 145mediummulti select
Read the full High Availability and Diagnostics explanation →

An administrator needs to configure HA on a pair of FortiGates with the following requirements: the cluster must support session failover for TCP, UDP, and ICMP; the management interface should be accessible on both units; and the failover must be triggered if port2 goes down. Which TWO settings must be configured? (Choose two.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

NSE4 Practice Test 1 — 10 Questions→NSE4 Practice Test 2 — 10 Questions→NSE4 Practice Test 3 — 10 Questions→NSE4 Practice Test 4 — 10 Questions→NSE4 Practice Test 5 — 10 Questions→NSE4 Practice Exam 1 — 20 Questions→NSE4 Practice Exam 2 — 20 Questions→NSE4 Practice Exam 3 — 20 Questions→NSE4 Practice Exam 4 — 20 Questions→Free NSE4 Practice Test 1 — 30 Questions→Free NSE4 Practice Test 2 — 30 Questions→Free NSE4 Practice Test 3 — 30 Questions→NSE4 Practice Questions 1 — 50 Questions→NSE4 Practice Questions 2 — 50 Questions→NSE4 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

System and Network AdministrationFirewall Policies and NATAuthentication and VPNSecurity ProfilesHigh Availability and Diagnostics

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All High Availability and Diagnostics setsAll High Availability and Diagnostics questionsNSE4 Practice Hub