Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security Profiles practice sets

NSE4 Security Profiles • Complete Question Bank

NSE4 Security Profiles — All Questions With Answers

Complete NSE4 Security Profiles question bank — all 0 questions with answers and detailed explanations.

232
Questions
Free
No signup
Certifications/NSE4/Practice Test/Security Profiles/All Questions
Question 1mediummultiple choice
Read the full Security Profiles explanation →

A network administrator notices that users cannot access HTTPS websites after enabling SSL inspection. The firewall policy allows the traffic, and the certificate is trusted on the clients. What is the most likely cause?

Question 2easymultiple choice
Read the full Security Profiles explanation →

Which FortiGate feature allows you to block access to specific URL categories such as 'Social Media' or 'Gambling'?

Question 3hardmultiple choice
Read the full Security Profiles explanation →

An administrator configured SSL inspection with 'deep-inspection' profile. Users report that some websites fail to load with certificate errors. The firewall policy is correct. What is the most likely reason?

Question 4easymultiple choice
Read the full Security Profiles explanation →

When configuring SSL inspection, which type of inspection decrypts and inspects all HTTPS traffic including applications using non-standard ports?

Question 5mediummultiple choice
Read the full NAT/PAT explanation →

A company wants to block downloads of executable files via HTTP and HTTPS while allowing other content. Which combination of security profiles should be applied to the firewall policy?

Question 6mediummultiple choice
Read the full Security Profiles explanation →

After enabling SSL inspection, a user receives a warning 'The certificate is not trusted' in the browser. The administrator has installed the CA certificate on the client. What else could be the cause?

Question 7hardmultiple choice
Read the full Security Profiles explanation →

An administrator wants to inspect SSL traffic to a specific finance application that uses a custom port (9443) and a self-signed certificate. Which configuration is required?

Question 8easymultiple choice
Read the full Security Profiles explanation →

Which of the following is a prerequisite for SSL deep inspection to work correctly on FortiGate?

Question 9hardmultiple choice
Read the full Security Profiles explanation →

A user reports that a legitimate website is being blocked by FortiGate web filtering. The administrator checks and finds that the URL category is 'Unrated'. What is the most likely cause?

Question 10mediummulti select
Read the full Security Profiles explanation →

Which TWO actions can cause SSL inspection to fail with certificate errors on client browsers? (Choose two.)

Question 11hardmulti select
Read the full Security Profiles explanation →

Which THREE steps are necessary when configuring SSL deep inspection on FortiGate? (Choose three.)

Question 12mediummulti select
Read the full Security Profiles explanation →

Which TWO web filtering features can be used to block access to malicious websites? (Choose two.)

Question 13mediummultiple choice
Read the full Security Profiles explanation →

Refer to the exhibit. The policy applies deep inspection, but users cannot access any HTTPS websites. The FortiGate CA certificate is installed on clients. What is the most likely cause?

Exhibit

Refer to the exhibit.

config firewall policy
    edit 1
        set name "Web Access"
        set srcintf "internal"
        set dstintf "wan"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "HTTPS"
        set ssl-ssh-profile "deep-inspection"
        set utm-status enable
        set av-profile "default"
        set webfilter-profile "strict"
    next
end
Question 14hardmultiple choice
Read the full VPN explanation →

Refer to the exhibit. A FortiGate SSL VPN user is unable to connect. The debug output shows the above error. What is the most likely cause?

Exhibit

Refer to the exhibit.

diagnose debug application sslvpn -1
debug sslvpn error: SSL_accept failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
debug sslvpn error: SSL_accept failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
Question 15hardmultiple choice
Read the full Security Profiles explanation →

A company with 500 employees uses FortiGate as their internet gateway. They recently enabled SSL deep inspection using the built-in CA certificate. After deployment, many users report that they cannot access their online banking websites. The error message in the browser says 'The certificate is not trusted'. The administrator has already pushed the FortiGate CA certificate to all domain-joined computers via Group Policy. However, the problem persists for banking sites. The administrator also notices that banking sites load fine on mobile devices that do not have the CA certificate installed. What is the most likely cause and solution?

Question 16mediummultiple choice
Review the full subnetting walkthrough →

A school uses FortiGate for web filtering. They want to block social media sites for students during class hours (8 AM to 3 PM) but allow access for teachers at all times. The network has a single internet connection and all users are in the same subnet. The administrator created a firewall policy for students (source IP range 192.168.1.100-200) and another for teachers (source IP range 192.168.1.10-50). The student policy has a web filter profile that blocks social media. However, teachers are also being blocked from social media during class hours. What is the most likely cause?

Question 17mediummultiple choice
Read the full NAT/PAT explanation →

A network administrator notices that an IPS sensor is generating excessive false positives for a specific signature. The administrator wants to exclude traffic from a trusted internal server (IP 10.1.1.100) from inspection for that signature only, while keeping other signatures active. Which configuration change should the administrator apply?

Question 18hardmultiple choice
Read the full Security Profiles explanation →

A security engineer is designing an application control policy for a corporate network. The goal is to allow Microsoft Teams for business use but block personal use of other collaboration apps like Zoom and Slack. The engineer configures an application control profile with a rule to 'monitor' Microsoft Teams and 'block' Zoom and Slack. However, users report that Zoom is still working. What is the most likely reason?

Question 19easymultiple choice
Read the full Security Profiles explanation →

A company wants to block all peer-to-peer file sharing applications on the network. Which FortiGate feature should be used to achieve this goal?

Question 20hardmultiple choice
Read the full NAT/PAT explanation →

During a security audit, an administrator finds that an IPS sensor configured with a 'block' action for a critical vulnerability signature is not blocking the associated traffic. The traffic matches the signature, but the action appears as 'pass' in the logs. The IPS sensor is applied to a firewall policy that also has application control enabled. What is the most likely cause?

Question 21mediummultiple choice
Read the full Security Profiles explanation →

A company recently deployed FortiGate with application control to manage cloud application usage. They want to allow Google Drive for business but block personal Google accounts. Which application control configuration approach is most effective?

Question 22easymultiple choice
Read the full NAT/PAT explanation →

An administrator needs to ensure that IPS signatures are updated automatically on the FortiGate. Which configuration should be verified?

Question 23mediummultiple choice
Read the full Security Profiles explanation →

A network administrator is troubleshooting why certain web-based applications are not being identified by application control. The applications are accessed over HTTPS. What is the most likely missing configuration?

Question 24hardmulti select
Read the full Security Profiles explanation →

Which TWO statements about IPS in FortiGate are true?

Question 25mediummulti select
Read the full Security Profiles explanation →

Which TWO are valid actions for an application control rule?

Question 26hardmulti select
Read the full Security Profiles explanation →

Which THREE factors should be considered when tuning IPS to reduce false positives?

Question 27mediummultiple choice
Read the full NAT/PAT explanation →

An administrator has configured the policy shown in the exhibit. Traffic to the web server at 10.0.1.10 over HTTPS is allowed, but users complain that they cannot access the web server's login page. The IPS sensor 'High_Security_Sensor' has a signature that blocks SQL injection attempts. The application list 'Block_Social_Media' blocks Facebook and Twitter. What is the most likely cause of the issue?

Exhibit

Refer to the exhibit.

config firewall policy
    edit 1
        set name "Web-Server"
        set srcintf "port1"
        set dstintf "port2"
        set srcaddr "all"
        set dstaddr "10.0.1.10"
        set action accept
        set schedule "always"
        set service "HTTPS"
        set utm-status enable
        set ips-sensor "High_Security_Sensor"
        set application-list "Block_Social_Media"
    next
end
Question 28hardmultiple choice
Read the full Security Profiles explanation →

An administrator runs the command shown in the exhibit and sees anomalies detected from 10.1.1.100 to 10.2.2.200. The IPS sensor's anomaly settings are configured with the default actions. What will be the default action for the ICMP Flood anomaly?

Exhibit

Refer to the exhibit.

diagnose ips anomaly list

IPS anomalies detected:
  1. ICMP Flood from 10.1.1.100 to 10.2.2.200: 5000 pps (threshold: 1000 pps)
  2. TCP Scan from 10.1.1.100 to 10.2.2.200: 1000 pps (threshold: 500 pps)
  3. UDP Flood from 10.1.1.100 to 10.2.2.200: 3000 pps (threshold: 2000 pps)
Question 29mediummultiple choice
Read the full Security Profiles explanation →

A mid-sized company has a FortiGate 100F running FortiOS 7.2. They have two internal networks: Trusted (10.1.1.0/24) for employees and Guest (10.2.2.0/24) for visitors. The Guest network has a firewall policy that allows internet access only, with an application control profile that blocks all peer-to-peer and gaming applications. Recently, users on the Guest network have been able to play online games (e.g., Fortnite) despite the block. The administrator checks the application control profile and confirms that 'Fortnite' is listed as blocked. There are no other policies allowing Guest traffic. The administrator also notices that the Guest policy has 'set utm-status enable' and the application control profile is applied. What is the most likely reason that Fortnite is not being blocked?

Question 30mediummultiple choice
Read the full Security Profiles explanation →

A company uses deep SSL inspection to filter traffic. Users report that some HTTPS sites are not loading. The administrator checks the FortiGate and sees that the certificate for the sites is not trusted on the client machines. What is the most likely cause?

Question 31hardmultiple choice
Read the full Security Profiles explanation →

An administrator notices that traffic to a specific HTTPS website is being blocked. The FortiGate has SSL inspection enabled, and the web filter profile is set to monitor all categories. The URL is not in any blocked category. What should the administrator check next?

Question 32easymultiple choice
Read the full Security Profiles explanation →

A company wants to block all HTTP traffic but allow HTTPS. Which SSL inspection method should be used on the firewall policy?

Question 33mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures a web filter profile to block the 'Phishing' category. Users still report receiving phishing emails with links that bypass the filter. What is the most likely reason?

Question 34hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate is configured with SSL inspection and web filtering. The administrator notices that some HTTPS traffic is being blocked even though the URL is in an allowed category. What could be the cause?

Question 35mediummulti select
Read the full Security Profiles explanation →

Which TWO of the following are required for full SSL inspection to work correctly?

Question 36hardmulti select
Read the full Security Profiles explanation →

Which THREE of the following are valid methods to exclude certain HTTPS traffic from SSL inspection on a FortiGate?

Question 37easymultiple choice
Read the full Security Profiles explanation →

Refer to the exhibit. An administrator has configured the SSL/SSH profile shown. However, users are unable to access HTTPS websites. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
config firewall ssl-ssh-profile
    edit "deep-inspection"
        set caname "Fortinet_CA_SSL"
        config https
            set ports 443
            set status deep-inspection
        end
        set untrusted-caname ""
        set whitelist-mode disable
    next
end
```
Question 38mediummultiple choice
Read the full Security Profiles explanation →

A company with 500 users has a FortiGate 1000D running FortiOS 7.2. They have configured full SSL inspection and web filtering to block malware and phishing sites. The administrator receives complaints that some users cannot access a legitimate business website (https://vendor.example.com). The administrator checks the FortiGate logs and sees that the connection is allowed by the firewall policy and web filter. However, the user's browser shows 'ERR_CERT_AUTHORITY_INVALID'. The administrator verifies that the FortiGate's CA certificate is installed on all client machines. Further investigation reveals that the vendor's website uses a certificate signed by a private CA that is not trusted by the FortiGate. The administrator wants to resolve the issue without disabling SSL inspection for the whole website or compromising security. What should the administrator do?

Question 39mediummultiple choice
Read the full Security Profiles explanation →

A company wants to block all peer-to-peer (P2P) traffic using Application Control on their FortiGate. They have enabled the application control profile, but users can still download files via BitTorrent. What is the most likely reason?

Question 40hardmultiple choice
Read the full Security Profiles explanation →

An administrator has configured an IPS sensor to block critical-severity attacks. However, after a week, they notice that a known exploit (CVE-2021-44228) is still getting through. Which configuration change should be made to improve detection?

Question 41easymultiple choice
Read the full Security Profiles explanation →

A network administrator notices that a FortiGate IPS sensor is not detecting any attacks, even though there is known malicious traffic on the network. Which initial troubleshooting step should the administrator take?

Question 42mediummultiple choice
Read the full Security Profiles explanation →

An organization uses Application Control to allow only business-critical applications and block social media. The administrator has configured the profile to block Facebook and Twitter, but users can still access Facebook. The firewall policy applies the profile correctly. What is the most likely cause?

Question 43hardmulti select
Read the full Security Profiles explanation →

Which TWO of the following are best practices when configuring IPS on a FortiGate in a high-throughput environment?

Question 44hardmultiple choice
Read the full NAT/PAT explanation →

Given the above IPS sensor configuration, what will happen when traffic matching a high-severity IPS signature is detected?

Exhibit

Refer to the exhibit.

config ips sensor
    edit "sensor1"
        config entries
            edit 1
                set severity medium
                set action block
            next
        end
    next
end
Question 45hardmultiple choice
Read the full NAT/PAT explanation →

A large enterprise uses a FortiGate 600E in NAT mode to protect its internal network. The security team has implemented an Application Control profile that categorizes applications and allows only 'Business' and 'General-Interest' categories. They have also applied an IPS sensor with default settings and enabled SSL inspection for outbound traffic. Recently, the helpdesk has received reports that some users cannot access a critical cloud-based CRM application, while others can. The CRM uses HTTPS on port 443. The Application Control profile is applied to the firewall policy for outbound traffic. The IPS sensor is also applied. The FortiGate is not configured for load balancing. Which of the following is the most likely cause of the issue?

Question 46hardmultiple choice
Read the full Security Profiles explanation →

A company is implementing SSL/TLS inspection on a FortiGate to monitor encrypted traffic. They want to ensure that traffic to high-risk categories is blocked, while traffic to financial sites is inspected but not blocked. The administrator creates an SSL inspection profile that deep-inspects all traffic except traffic to financial sites. However, users report that they cannot access financial websites. What is the most likely cause?

Question 47mediummulti select
Read the full Security Profiles explanation →

An administrator is configuring web filtering on a FortiGate. Which TWO statements about web filtering profiles are correct?

Question 48easymultiple choice
Read the full Security Profiles explanation →

Refer to the exhibit. An administrator is troubleshooting why SSL inspection is not working for web traffic. The policy shown is the only policy matching the traffic. What is the most likely reason SSL inspection is failing?

Exhibit

Refer to the exhibit.

config firewall policy
    edit 1
        set name "SSL-Inspection"
        set srcintf "wan1"
        set dstintf "internal"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set ssl-ssh-profile "deep-inspection"
        set profile-protocol-options "default"
        set av-profile "default"
        set webfilter-profile "default"
    next
end
Question 49mediummultiple choice
Read the full Security Profiles explanation →

A company is deploying FortiGate for outbound web filtering. They want to block users from accessing social media sites during business hours, but still allow access to cloud-based productivity tools like Office 365. Which approach should the administrator use to meet this requirement?

Question 50hardmulti select
Read the full Security Profiles explanation →

An administrator is configuring an IPS profile on FortiGate to detect and block SQL injection attacks. The profile must be applied to inbound traffic to a web server. Which TWO settings should the administrator enable to achieve this goal? (Choose two.)

Question 51easymultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. An administrator has created an IPS sensor with two entries. The first entry sets severity 'medium' and action 'block'. The second entry sets severity 'critical' and action 'block'. What will happen when a packet triggers an IPS signature with severity 'low'?

Exhibit

Refer to the exhibit.

config ips sensor
    edit "sensor1"
        config entries
            edit 1
                set severity medium
                set action block
            next
            edit 2
                set severity critical
                set action block
            next
        end
    next
end
Question 52mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to configure IPsec VPN phase 1 settings on FortiGate into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 53mediumdrag order
Read the full Security Profiles explanation →

Drag and drop the steps to capture traffic on a FortiGate interface using the CLI into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 54mediumdrag order
Read the full Security Profiles explanation →

Drag and drop the steps to perform a factory reset on FortiGate via CLI into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 55mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the steps to configure a VLAN interface on FortiGate into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 56mediummatching
Read the full Security Profiles explanation →

Match each FortiGate CLI command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Displays current system resource usage

Tests network connectivity to a host

Traces packet flow through the firewall

Displays the entire running configuration

Resets the device to factory defaults

Question 57mediummatching
Read the full Security Profiles explanation →

Match each Fortinet HA mode to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

One unit handles traffic; standby unit takes over on failure

Both units handle traffic simultaneously for load balancing

Multiple units act as a single logical firewall

Ensures active sessions are preserved after failover

FortiGate Clustering Protocol used for HA synchronization

Question 58mediummatching
Read the full NAT/PAT explanation →

Match each FortiGate NAT type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Translates private source IP to public IP for outbound traffic

Translates public destination IP to private IP for inbound traffic

Assigns a range of ports to a private IP for NAT

Translates IPv6 traffic to IPv4 and vice versa

Translates IPv4 traffic to IPv6

Question 59mediummatching
Read the full Security Profiles explanation →

Match each FortiGate firewall policy action to its result.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Allows traffic matching the policy

Blocks traffic and sends a reset or ICMP unreachable

Routes traffic into an IPsec VPN tunnel

Routes traffic into an SSL VPN tunnel

Logs traffic without enforcing action (used for learning)

Question 60mediummultiple choice
Read the full Security Profiles explanation →

A network administrator notices that some users can access blocked web categories despite a web filter profile applied to the policy. The admin runs 'diagnose debug rating' and sees 'rating not allow' for the category. What is the MOST likely cause?

Question 61mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to block users from uploading sensitive documents through webmail. Which security profile should be configured on the FortiGate to achieve this goal?

Question 62hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate in flow-based mode is configured with an antivirus profile to block infected files. A user downloads a .zip file containing a known virus, but the download is allowed and the file is not quarantined. What is the MOST likely reason?

Question 63easymultiple choice
Read the full Security Profiles explanation →

What is the primary purpose of FortiSandbox integration with FortiGate antivirus?

Question 64mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures an IPS profile to block SQL injection attacks. However, SQL injection traffic is still passing through the FortiGate. The administrator confirms the IPS profile is applied to the correct policy. What is the most likely reason?

Question 65mediummultiple choice
Read the full DNS explanation →

A FortiGate administrator wants to block outgoing DNS requests to known malware domains. Which security profile should be used?

Question 66hardmultiple choice
Read the full Security Profiles explanation →

An administrator configures SSL deep inspection with a CA certificate. Users accessing an internal site (internal.company.com) receive a certificate error. The administrator wants to avoid the error without disabling deep inspection. What should be done?

Question 67easymultiple choice
Read the full Security Profiles explanation →

What is the difference between certificate inspection and full SSL deep inspection on a FortiGate?

Question 68mediummultiple choice
Read the full Security Profiles explanation →

An administrator is configuring email filtering on FortiGate to block spam. Which of the following is required for FortiGate to filter inbound email directly?

Question 69hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator runs the command 'diagnose application urlfilter 0 status' and sees 'status: enable' but users report that some malicious URLs are not blocked. The web filter profile uses FortiGuard categories with 'block' action. What should the administrator check next?

Question 70easymultiple choice
Read the full Security Profiles explanation →

An administrator wants to apply a safe search policy to enforce strict search results on Google, Bing, and Yahoo. Which security profile feature should be used?

Question 71mediummultiple choice
Read the full Security Profiles explanation →

A network administrator configures an application control profile to block social media applications. Users can still access Facebook through a web browser. What is the MOST likely reason?

Question 72mediummulti select
Read the full Security Profiles explanation →

An administrator needs to block users from uploading files containing credit card numbers to external websites. Which TWO actions must be configured? (Choose two.)

Question 73hardmulti select
Read the full Security Profiles explanation →

A FortiGate is configured with an IPS profile to detect and block anomalous network behavior. Which THREE types of detection does IPS anomaly detection include? (Choose three.)

Question 74mediummulti select
Read the full DNS explanation →

An administrator wants to ensure that all DNS traffic from internal users is filtered by the FortiGate to block malicious domains. Which TWO configurations are necessary? (Choose two.)

Question 75mediummultiple choice
Read the full Security Profiles explanation →

A network administrator wants to allow employees to access a specific web application but block all other application traffic. The administrator creates a firewall policy with an application control profile that allows the desired application. However, employees can still access other applications. What is the MOST likely reason?

Question 76hardmultiple choice
Read the full DNS explanation →

An administrator runs the CLI command: 'diagnose sys session list | grep -i dns' and sees sessions with dst port 53. The administrator has configured a DNS filter profile on the firewall policy. However, DNS requests are not being filtered. What is the MOST likely cause?

Question 77easymultiple choice
Read the full Security Profiles explanation →

Which of the following security profiles is used to prevent malicious files from being downloaded via HTTP, FTP, or email by inspecting the content of the traffic?

Question 78hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator is troubleshooting an issue where users cannot access a legitimate website that is categorized as 'Pornography' by FortiGuard. The web filter profile is configured to block that category. The administrator wants to allow access for a specific user group without modifying the global web filter profile. What is the BEST approach?

Question 79mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to prevent employees from uploading sensitive credit card numbers via web forms. Which security profile feature is MOST appropriate to achieve this?

Question 80easymultiple choice
Read the full Security Profiles explanation →

What is the PRIMARY purpose of enabling 'Safe Search' in a web filter profile?

Question 81mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator is configuring SSL deep inspection for a firewall policy that handles traffic to multiple internal servers. Some servers have self-signed certificates. The administrator wants to avoid certificate errors for users. What configuration is recommended?

Question 82mediummultiple choice
Read the full Security Profiles explanation →

Which of the following best describes the difference between flow-based and proxy-based inspection for antivirus scanning?

Question 83hardmultiple choice
Read the full Security Profiles explanation →

An administrator has configured an IPS profile with an anomaly detection sensor for 'tcp_syn_flood'. After applying the profile to a firewall policy, users report intermittent connectivity issues. The administrator runs 'diagnose ips anomaly list' and sees entries for 'tcp_syn_flood' with action 'pass'. What is the MOST likely cause of the connectivity issues?

Question 84easymultiple choice
Read the full Security Profiles explanation →

Which FortiGate security feature can be used to block outgoing emails that contain specific keywords, such as confidential information?

Question 85mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator has configured a firewall policy with SSL deep inspection using a forward trust CA certificate. When users access an HTTPS website with a valid certificate, they still receive a certificate warning. What is the MOST likely reason?

Question 86mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to integrate FortiSandbox with a FortiGate to analyze suspicious files. Which security profile must be configured to send files to FortiSandbox?

Question 87hardmulti select
Read the full Security Profiles explanation →

A FortiGate administrator is configuring a data leak prevention (DLP) profile to prevent the leakage of social security numbers (SSNs) via email. Which TWO settings must be configured in the DLP profile?

Question 88mediummulti select
Read the full Security Profiles explanation →

An administrator wants to block all peer-to-peer (P2P) file sharing applications such as BitTorrent and eMule on the network. Which THREE steps should the administrator take?

Question 89easymulti select
Read the full Security Profiles explanation →

Which TWO types of inspection can be used for HTTPS traffic in a FortiGate security policy?

Question 90mediummultiple choice
Read the full Security Profiles explanation →

A network administrator notices that users can access websites categorized as 'Pornography' despite a web filter profile blocking that category. The firewall policy uses the web filter profile and is applied to the users' traffic. What is the MOST likely cause?

Question 91hardmultiple choice
Read the full Security Profiles explanation →

You run the following CLI command on a FortiGate: diagnose sys session filter dport 443 diagnose sys session list The output shows many sessions with 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate about the traffic?

Question 92easymultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator wants to block all traffic to websites that are categorized as 'Malware' and 'Phishing'. Which security profile should be configured to achieve this goal?

Question 93mediummultiple choice
Read the full Security Profiles explanation →

An organization uses FortiSandbox to detect advanced threats. The administrator wants to ensure that files downloaded from the internet are sent to FortiSandbox for analysis before being delivered to users. Which Antivirus profile setting should be configured?

Question 94hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate is configured with an SSL deep inspection profile that uses 'Certificate Inspection' (not 'Full SSL Inspection'). Which of the following is TRUE about this configuration?

Question 95easymultiple choice
Read the full Security Profiles explanation →

An administrator wants to block the use of social media applications like Facebook and Twitter on the company network. Which security profile should be used?

Question 96mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator has configured an Application Control profile to block 'P2P' applications. However, users are still able to use BitTorrent. What is the MOST likely reason?

Question 97mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to prevent data leakage by blocking outbound emails that contain credit card numbers. Which security profile should be configured?

Question 98hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate receives a file via SMTP that contains a virus. The antivirus profile is set to 'Block' for viruses and the action is set to 'Quarantine'. However, the email is delivered to the user with the infected attachment. What could be the reason?

Question 99easymultiple choice
Read the full DNS explanation →

Which FortiGate security profile is BEST suited for blocking DNS queries to known malicious domains?

Question 100mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to allow users to override a blocked category (e.g., Social Networking) by entering an administrator-defined password. Which of the following must be configured?

Question 101hardmultiple choice
Read the full NAT/PAT explanation →

A FortiGate is configured with an IPS profile that includes a signature with a 'Pass' action. The firewall policy uses this IPS profile. What will happen when traffic matching that signature is detected?

Question 102mediummulti select
Read the full Security Profiles explanation →

A FortiGate is configured with a firewall policy that applies an Application Control profile and a Web Filter profile. The administrator wants to log all traffic blocked by the Web Filter profile. Which TWO configurations are required?

Question 103hardmulti select
Read the full Security Profiles explanation →

An administrator needs to ensure that all HTTPS traffic to a critical server is inspected by the IPS. The server uses a valid certificate from a public CA. Which THREE steps are required to achieve this?

Question 104mediummulti select
Read the full Security Profiles explanation →

A FortiGate administrator wants to block spam emails sent to the company's mail server. The mail server is behind the FortiGate. Which THREE configurations should be applied?

Question 105mediummultiple choice
Read the full Security Profiles explanation →

A network administrator notices that HTTP traffic to a specific website is being blocked by the web filter profile, but the website is categorized as 'General – Personal' in FortiGuard, which is allowed. What could cause this block?

Question 106hardmultiple choice
Read the full NAT/PAT explanation →

A FortiGate administrator configures SSL deep inspection on a policy using a self-signed CA certificate. Users report that they see a certificate warning in their browsers when accessing HTTPS sites. What is the most effective solution to eliminate these warnings?

Question 107easymultiple choice
Read the full Security Profiles explanation →

What is the primary difference between flow-based and proxy-based Antivirus inspection on a FortiGate?

Question 108mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to block all traffic to websites in the 'Pornography' category but allow an exception for a specific research site that falls under that category. The FortiGuard category is set to block. How should the administrator configure the exception?

Question 109mediummultiple choice
Read the full Security Profiles explanation →

An administrator runs the following CLI command and sees the output: 'diagnose sys session list | grep -A 5 10.1.1.100' and finds a session with 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate about the session?

Question 110hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate configured with IPS anomaly detection is generating false positives for the 'tcp_syn_flood' anomaly. The administrator wants to reduce the false positives without completely disabling the detection. Which action should the administrator take?

Question 111easymultiple choice
Read the full Security Profiles explanation →

Which security profile type requires a FortiSandbox license to enable advanced detection features?

Question 112hardmultiple choice
Read the full NAT/PAT explanation →

An administrator notices that a specific application (e.g., Skype) is not being detected by the application control profile. The profile includes the 'Skype' application signature but traffic is passing through without being logged as Skype. What is the most likely reason?

Question 113mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator wants to block spam emails destined for internal users. The FortiGate receives SMTP traffic on port 25. What is the most effective way to filter spam using the email filter profile?

Question 114mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures a DLP sensor to detect credit card numbers in traffic. However, the sensor is not detecting any credit card numbers even though they are present in emails. What could be the reason?

Question 115easymultiple choice
Read the full Security Profiles explanation →

Which of the following best describes the function of FortiGuard web filtering categories?

Question 116mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to ensure that search engine results from Google, Bing, and Yahoo are filtered to exclude explicit content when users perform searches. Which feature should the administrator configure in the web filter profile?

Question 117hardmulti select
Read the full Security Profiles explanation →

A FortiGate administrator is troubleshooting an issue where users cannot access an internal HTTPS server (10.10.10.10:443) after enabling SSL deep inspection. The administrator sees that the server's certificate is self-signed. Which TWO actions should the administrator take to allow access while maintaining inspection?

Question 118mediummulti select
Read the full Security Profiles explanation →

An administrator wants to prevent sensitive data (e.g., credit card numbers) from being sent out of the network via email. Which THREE components must be configured to achieve this?

Question 119mediummulti select
Read the full Security Profiles explanation →

A FortiGate administrator is configuring IPS to protect against a known exploit targeting a web server. The administrator wants to ensure that the IPS engine can decode the HTTP protocol. Which TWO actions are necessary?

Question 120mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures a web filter profile with FortiGuard category blocking and URL filter to allow example.com. Users report that example.com is still blocked. What is the most likely cause?

Question 121hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate is configured with flow-based antivirus and an IPS profile on a policy. The administrator runs 'diagnose ips packet-list' and sees that packets are being forwarded without inspection. What is the most likely reason?

Question 122easymultiple choice
Read the full Security Profiles explanation →

A network administrator wants to prevent users from downloading files with .exe extensions via HTTP and HTTPS. Which security profile feature should be used?

Question 123mediummultiple choice
Read the full NAT/PAT explanation →

An administrator configures an application control profile to block 'Facebook' and 'Twitter' using application signatures. Users can still access Facebook via HTTPS. The administrator has enabled deep inspection. What is missing?

Question 124mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator receives reports that some users are receiving spam emails despite an email filter profile being applied to the SMTP traffic. The email filter profile has 'spam' action set to 'discard'. What is the most likely reason spam is still reaching users?

Question 125hardmultiple choice
Read the full Security Profiles explanation →

An administrator enables deep inspection for HTTPS traffic. Users report that they cannot access some websites because of certificate errors. The administrator wants to override these errors and allow access. What should be configured?

Question 126easymultiple choice
Read the full Security Profiles explanation →

What is the purpose of the 'safe search' option in a FortiGate web filter profile?

Question 127mediummultiple choice
Read the full Security Profiles explanation →

An administrator configured a DLP profile to detect credit card numbers in outgoing emails. The profile is applied to an outbound SMTP policy. Users report that emails with credit card numbers are still being sent successfully. What is the most likely cause?

Question 128hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate is configured with flow-based inspection and an IPS profile. The administrator runs 'diagnose ips session list' and sees many sessions with 'state=bypass'. What does this indicate?

Question 129easymultiple choice
Read the full Security Profiles explanation →

Which two inspection modes are available for antivirus scanning on a FortiGate?

Question 130mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures an application control profile to block 'BitTorrent'. Users are still able to download files using BitTorrent. The administrator has enabled deep inspection and the policy is set to proxy-based. What is the most likely reason the application is not being blocked?

Question 131hardmultiple choice
Read the full NAT/PAT explanation →

An administrator wants to block users from uploading files to cloud storage services like Google Drive via HTTPS. Which security profile combination is required?

Question 132mediummulti select
Read the full Security Profiles explanation →

A FortiGate administrator is troubleshooting why antivirus scanning is not working for HTTPS traffic. Which TWO steps should be verified?

Question 133hardmulti select
Read the full Security Profiles explanation →

An administrator wants to block all traffic from the 'P2P' application category but allow traffic from 'File Sharing' applications like Dropbox. Which THREE configurations are required to achieve this?

Question 134mediummulti select
Read the full Security Profiles explanation →

An administrator configures a DLP profile to detect Social Security numbers in outbound traffic. The profile is applied to an outbound HTTP policy. Which TWO additional configurations are necessary for the DLP to inspect HTTPS traffic?

Question 135mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?

Question 136easymultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator wants to block access to gambling websites using web filtering. Which FortiGuard category should be blocked?

Question 137mediummultiple choice
Read the full Security Profiles explanation →

An administrator runs the CLI command 'diagnose debug rating' and sees that all FortiGuard web filter requests are timing out. What is the most likely cause?

Question 138hardmultiple choice
Read the full NAT/PAT explanation →

A FortiGate is configured with SSL deep inspection using a self-signed CA certificate. Users report that they see a certificate warning in their browser when accessing HTTPS sites. The admin wants to eliminate these warnings. What should the admin do?

Question 139mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to block an application named 'Skype' on the network. They create an application control profile and add a rule to block 'Skype'. However, after applying the profile to the policy, users can still use Skype. What is the most likely reason?

Question 140easymultiple choice
Read the full NAT/PAT explanation →

Which IPS detection method analyzes traffic patterns over time to identify attacks that are characterized by a threshold of events?

Question 141mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator configures an email filter profile to block spam. Users report that some legitimate emails are being blocked. The administrator wants to reduce false positives while still blocking spam. What should the administrator do?

Question 142hardmultiple choice
Read the full Security Profiles explanation →

An administrator configures a DLP profile to detect credit card numbers in email traffic. The DLP rule uses a regular expression. However, the DLP sensor is not triggering on emails containing credit card numbers. What is a likely reason?

Question 143mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to allow access to a specific website that is blocked by the FortiGuard web filter category 'Social Networking'. The administrator creates a URL filter override to allow the site. After applying, the site is still blocked. What should the administrator check?

Question 144easymultiple choice
Read the full NAT/PAT explanation →

Which security profile component is specifically designed to prevent data exfiltration by inspecting outgoing traffic for sensitive data patterns?

Question 145mediummultiple choice
Read the full NAT/PAT explanation →

An administrator configures an IPS profile with a signature that has a 'block' action. However, traffic matching the signature is only being logged and not blocked. What is the most likely reason?

Question 146hardmultiple choice
Read the full Security Profiles explanation →

An administrator integrates FortiGate with FortiSandbox for advanced threat detection. The FortiGate is configured to send files to FortiSandbox for analysis. Despite correct configuration, files are not being submitted. The administrator runs 'diagnose debug application fortisandbox -1' and sees 'no server configured'. What is the issue?

Question 147mediummulti select
Read the full Security Profiles explanation →

A network administrator wants to ensure that all users are blocked from accessing websites categorized as 'Pornography' and 'Hacking' on a FortiGate. Which TWO actions should the administrator take? (Choose two.)

Question 148hardmulti select
Read the full Security Profiles explanation →

An administrator is troubleshooting why an application control profile is not detecting a custom application that uses a non-standard port. The administrator wants to ensure the application is properly identified. Which THREE steps should the administrator take? (Choose three.)

Question 149mediummulti select
Read the full Security Profiles explanation →

A FortiGate administrator wants to prevent users from downloading executable files via HTTP from the internet. Which TWO security profile features can be used together to achieve this? (Choose two.)

Question 150easymultiple choice
Read the full Security Profiles explanation →

A network administrator wants to prevent users from accessing known malicious websites using FortiGate. Which security profile should be applied to the firewall policy to achieve this goal?

Question 151mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures an antivirus profile in proxy-based inspection mode on a FortiGate. However, SMTP traffic is not being scanned for viruses. The firewall policy includes the antivirus profile and the FortiGate has a valid FortiGuard subscription. What is the most likely cause?

Question 152hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator receives reports that users cannot access a legitimate website that uses HTTPS. The web filtering profile is configured with strict FortiGuard categories and 'monitor all' for unknown sites. The firewall policy has an SSL/SSH inspection profile set to 'deep-inspection'. What is the most likely cause of the issue?

Question 153easymultiple choice
Read the full Security Profiles explanation →

Which IPS detection method uses a baseline of normal traffic and alerts when deviations exceed a threshold?

Question 154mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures an application control profile to block social media applications. Users can still access Facebook and Twitter via web browsers. What is the most likely reason?

Question 155hardmultiple choice
Read the full Security Profiles explanation →

An administrator runs the command 'diagnose ips anomaly list' and sees many entries for 'tcp_src_session' with high counts. Users report slow internet. What is the most likely issue?

Question 156easymultiple choice
Read the full DNS explanation →

What is the purpose of the DNS filter security profile on a FortiGate?

Question 157mediummultiple choice
Read the full Security Profiles explanation →

A company policy requires that all web searches by employees use safe search. Which setting should be configured in the web filtering profile?

Question 158mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures a data leak prevention (DLP) profile to detect credit card numbers in outgoing emails. However, no violations are logged. The email filter profile is applied with the DLP profile on the same policy. What is the most likely cause?

Question 159hardmultiple choice
Read the full Security Profiles explanation →

An administrator sees the following CLI output when checking an IPS sensor: 'config ips sensor edit test config entries edit 1 set severity medium set action block set target default end'. However, attacks with severity medium are still passing. The IPS sensor is applied to a policy with flow-based inspection. What is the likely issue?

Question 160easymultiple choice
Read the full Security Profiles explanation →

Which SSL/TLS inspection mode only validates the server certificate without decrypting the traffic?

Question 161mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures an email filter profile to block spam. Despite correct configuration, spam emails still reach users' inboxes. The FortiGate is deployed as a transparent bridge. What is the most likely reason?

Question 162hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator needs to configure a policy so that traffic to a specific external server is exempted from SSL deep inspection. Which method should be used?

Question 163mediummulti select
Read the full Security Profiles explanation →

An administrator wants to detect and prevent malware outbreaks. The FortiGate is integrated with FortiSandbox. Which TWO actions should be taken to ensure files are sent to FortiSandbox for analysis?

Question 164hardmulti select
Read the full Security Profiles explanation →

An administrator receives reports that some internal users can access Facebook despite a web filtering profile that blocks the 'Social Networking' category. The policy is configured with deep inspection. Which THREE checks should the administrator perform to troubleshoot this issue?

Question 165mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?

Question 166easymultiple choice
Read the full Security Profiles explanation →

Which inspection mode in the antivirus profile processes traffic by buffering the entire file before scanning, allowing more thorough detection but potentially increasing latency?

Question 167hardmultiple choice
Read the full NAT/PAT explanation →

An admin has configured an application control profile to block 'Facebook' and 'Twitter' using application signatures. Users can still access these sites via HTTPS. The firewall policy has SSL deep inspection enabled and the application control profile is applied. What is the MOST likely cause?

Question 168mediummultiple choice
Read the full DNS explanation →

A FortiGate is configured to use a DNS filter profile to block access to malicious domains. However, users can still reach a known malicious domain. The DNS filter profile is applied to the firewall policy. Which step should the admin take FIRST to troubleshoot?

Question 169easymultiple choice
Read the full Security Profiles explanation →

Which web filtering feature allows an administrator to force web search engines to filter explicit content in search results, regardless of the user's browser settings?

Question 170hardmultiple choice
Read the full Security Profiles explanation →

An admin runs the following command on a FortiGate: 'diagnose sys session filter dport 443' and sees output: 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate?

Question 171mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator wants to block all traffic to a known malicious IP address range using the Intrusion Prevention System (IPS). Which IPS configuration method is most appropriate?

Question 172easymultiple choice
Read the full Security Profiles explanation →

Which security profile type is used to prevent sensitive data such as credit card numbers from being sent out of the network via email or web traffic?

Question 173mediummultiple choice
Read the full Security Profiles explanation →

An administrator has configured an SSL deep inspection profile with 'certificate inspection' for a firewall policy. Users report that they receive certificate errors when accessing HTTPS sites. What is the MOST likely reason?

Question 174mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate is configured to integrate with FortiSandbox for advanced threat detection. The antivirus profile is set to send files to FortiSandbox when a virus is detected. What action does FortiGate take on the file while it is being analyzed by FortiSandbox?

Question 175easymultiple choice
Read the full NAT/PAT explanation →

Which security profile is used to detect and prevent network-based attacks by analyzing traffic patterns and comparing them against known attack signatures?

Question 176mediummultiple choice
Read the full Security Profiles explanation →

An administrator configures an email filter profile to block spam. Users complain that legitimate emails from a specific partner are being blocked. The admin wants to allow emails from that partner's domain without disabling spam filtering for other domains. What is the BEST approach?

Question 177hardmulti select
Read the full Security Profiles explanation →

A FortiGate administrator notices that some users can bypass the web filter to access prohibited categories. The web filter profile is applied to the firewall policy. Which TWO actions should the admin take to determine why the filter is being bypassed? (Choose two.)

Question 178mediummulti select
Read the full DNS explanation →

An administrator wants to configure a DNS filter to block access to known malicious domains and also enforce safe search on search engines. Which THREE settings are required in the DNS filter profile? (Choose three.)

Question 179mediummulti select
Read the full Security Profiles explanation →

A FortiGate is configured with an application control profile to allow only 'business-approved' applications. Users are still able to use Skype for Business. The admin wants to ensure that only Skype for Business is allowed and other Skype variants are blocked. Which THREE steps should the admin take? (Choose three.)

Question 180mediummultiple choice
Read the full Security Profiles explanation →

A network administrator configures a web filtering profile to block access to the 'Social Networking' FortiGuard category. However, users can still access Facebook. The firewall policy has web filtering enabled. What is the MOST likely reason?

Question 181mediummultiple choice
Read the full NAT/PAT explanation →

An administrator needs to block all traffic from an application that uses a proprietary protocol not recognized by any application signature. Which security profile method should be used to block this traffic?

Question 182hardmultiple choice
Read the full Security Profiles explanation →

An administrator runs 'diagnose ips anomaly list' and sees many 'tcp_syn_flood' entries. The IPS profile has anomaly detection enabled with action 'pass'. The administrator wants to block such attacks. What change is required?

Question 183easymultiple choice
Read the full DNS explanation →

What is the purpose of enabling 'DNS filter' in a security profile?

Question 184mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate is configured for SSL deep inspection using a CA certificate. Users report that some websites show certificate errors. The administrator wants to allow these sites without inspection. Which setting should be used?

Question 185easymultiple choice
Read the full Security Profiles explanation →

Which security profile is used to detect and prevent spam email messages?

Question 186hardmultiple choice
Read the full NAT/PAT explanation →

An administrator configures an application control profile to block 'Facebook' and 'Twitter' using application signatures. Users can still access Facebook via HTTPS. The firewall policy has application control enabled and SSL deep inspection is not configured. Why is Facebook not blocked?

Question 187mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate with antivirus in flow-based inspection mode is not detecting a known virus in HTTP traffic. The same virus is detected when using proxy-based inspection. What is the most likely reason?

Question 188easymultiple choice
Read the full Security Profiles explanation →

What is the function of an IPS 'protocol decoder'?

Question 189mediummultiple choice
Read the full Security Profiles explanation →

An administrator wants to block upload of files containing credit card numbers via web forms. Which security profile should be used?

Question 190hardmultiple choice
Read the full Security Profiles explanation →

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

Question 191mediummultiple choice
Read the full DNS explanation →

A FortiGate administrator wants to ensure that all DNS queries to known malware domains are blocked. The firewall policy allows DNS traffic. Which security profile must be applied?

Question 192mediummulti select
Read the full Security Profiles explanation →

A network admin wants to block all traffic from the BitTorrent application. The admin has enabled application control on the firewall policy. Which TWO steps are necessary to achieve this?

Question 193hardmulti select
Read the full Security Profiles explanation →

An administrator receives alerts about a possible data breach. Sensitive data (credit card numbers) might be leaving the network via email. The admin wants to detect and block such emails. Which THREE security profiles should be combined?

Question 194easymulti select
Read the full Security Profiles explanation →

A FortiGate admin wants to enforce safe search on Google and Bing for all users. The firewall policy has web filtering enabled. Which TWO configurations are required?

Question 195mediummultiple choice
Read the full Security Profiles explanation →

A network administrator notices that traffic from a specific internal host is not being inspected by the application control profile applied to the firewall policy. The policy is configured with proxy-based inspection and the application control profile includes a rule to block 'Facebook'. The administrator confirms the host can still access Facebook. What is the MOST likely cause?

Question 196easymultiple choice
Read the full Security Profiles explanation →

Which inspection mode allows FortiGate to perform virus scanning by reassembling the entire file in memory before scanning, providing better detection but potentially higher latency?

Question 197hardmultiple choice
Read the full NAT/PAT explanation →

A FortiGate administrator runs the following command and sees: 'diagnose ips anomaly list' returns no entries, but the IPS sensor is configured with anomaly signatures. What is the MOST likely reason the signatures are not appearing?

Question 198mediummultiple choice
Read the full Security Profiles explanation →

An organization wants to prevent users from downloading files with extensions such as .exe and .scr via HTTP and HTTPS. The FortiGate already has a web filter profile applied to the relevant policy. Which web filter feature should be configured to achieve this?

Question 199mediummultiple choice
Read the full DNS explanation →

A FortiGate administrator needs to ensure that all outbound DNS queries from internal clients are inspected for malicious domains. The administrator has a DNS filter profile configured. What additional configuration is required on the firewall policy to make the DNS filter effective?

Question 200easymultiple choice
Read the full Security Profiles explanation →

What is the purpose of the 'safe search' option in a FortiGate web filter profile?

Question 201hardmultiple choice
Read the full Security Profiles explanation →

A FortiGate is configured with SSL deep inspection using a locally generated CA certificate. A user reports that they cannot access https://www.example.com and receive a certificate error. The administrator checks the firewall policy and sees that the SSL inspection profile is set to 'certificate-inspection' instead of 'deep-inspection'. What is the MOST likely effect?

Question 202easymultiple choice
Read the full Security Profiles explanation →

Which FortiGate feature allows the administrator to scan SMTP, IMAP, and POP3 traffic for spam and apply actions such as tagging or discarding?

Question 203mediummultiple choice
Read the full Security Profiles explanation →

An organization uses FortiSandbox to analyze suspicious files. The FortiGate is configured to send files to FortiSandbox for analysis when the antivirus scan fails to reach a verdict. Which antivirus inspection mode must be used on the firewall policy for this integration to work?

Question 204mediummultiple choice
Read the full NAT/PAT explanation →

A FortiGate administrator configures an IPS sensor with a signature that has a 'pass' action. The sensor is applied to a firewall policy. When traffic matches this signature, what will happen?

Question 205hardmultiple choice
Read the full Security Profiles explanation →

An administrator has configured DLP sensors to detect credit card numbers in outgoing traffic. However, the administrator notices that traffic containing credit card numbers is still passing through undetected. The firewall policy uses flow-based inspection. What is the MOST likely reason DLP is not detecting the data?

Question 206easymultiple choice
Read the full Security Profiles explanation →

What is the primary function of protocol decoders in the FortiGate IPS engine?

Question 207mediummulti select
Read the full Security Profiles explanation →

A FortiGate administrator wants to block access to Facebook for all internal users. However, the administrator must ensure that the CEO's computer (IP 10.0.0.100) is exempted. Which TWO steps should the administrator take? (Choose two.)

Question 208hardmulti select
Read the full Security Profiles explanation →

A FortiGate administrator is troubleshooting an issue where a user receives a certificate error when accessing a web server. The administrator has configured SSL deep inspection with a custom CA certificate. The error indicates the certificate is not trusted. Which THREE actions could resolve this issue? (Choose three.)

Question 209mediummulti select
Read the full Security Profiles explanation →

An organization wants to implement data leak prevention (DLP) to detect when credit card numbers are sent via email (SMTP) and webmail (HTTPS). The FortiGate is using proxy-based inspection. Which THREE configurations are necessary? (Choose three.)

Question 210mediummultiple choice
Read the full Security Profiles explanation →

A network administrator notices that HTTP traffic is being scanned by the antivirus profile, but HTTPS traffic to the same web server is not being scanned. The firewall policy has the antivirus profile applied and SSL inspection is set to 'certificate-inspection'. What is the most likely reason HTTPS traffic is not being scanned?

Question 211hardmultiple choice
Read the full Security Profiles explanation →

An administrator configures a web filter profile to block the URL category 'Pornography'. The profile is applied to a policy for the sales department. Users report they can still access some sites that should be blocked. The administrator verifies that the FortiGuard web filter service is licensed and the FortiGate has internet connectivity. What should the administrator check next?

Question 212mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator needs to prevent employees from using peer-to-peer file sharing applications such as BitTorrent. The administrator creates an application control profile with a rule to block the 'Peer-to-Peer' application category. After applying the profile to the firewall policy, users can still use BitTorrent. What is the most likely cause?

Question 213easymultiple choice
Read the full Security Profiles explanation →

What is the purpose of enabling 'Safe Search' in a web filter profile on a FortiGate?

Question 214mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate administrator wants to integrate with FortiSandbox to analyze suspicious files detected by antivirus. The administrator configures the FortiSandbox settings under Security Fabric. However, files are not being sent to FortiSandbox. The antivirus profile is set to 'flow-based' inspection. What could be the reason?

Question 215hardmultiple choice
Read the full Security Profiles explanation →

An administrator runs 'diagnose ips anomaly list' and sees the following output: List of anomaly events: ID: 1, Type: tcp_syn_flood, Status: triggered, Count: 1500, Threshold: 1000 What does this indicate?

Question 216mediummultiple choice
Read the full Security Profiles explanation →

A school district uses a FortiGate to filter web traffic for students. The administrator wants to enforce that Google searches are filtered for explicit content. Which configuration should be applied?

Question 217easymultiple choice
Read the full DNS explanation →

What is the purpose of the 'DNS Filter' feature on a FortiGate?

Question 218mediummultiple choice
Read the full NAT/PAT explanation →

A FortiGate is configured with an IPS profile to protect a web server. The administrator notices that some attacks are not being detected. The IPS signature database is up to date. What should the administrator check first?

Question 219easymultiple choice
Read the full Security Profiles explanation →

What is the difference between 'certificate inspection' and 'full SSL deep inspection' on a FortiGate?

Question 220mediummulti select
Read the full NAT/PAT explanation →

A FortiGate administrator is configuring intrusion prevention (IPS) for a web server. The administrator wants to both block known exploits and detect anomalous traffic patterns. Which TWO features should be enabled? (Choose two.)

Question 221hardmulti select
Read the full Security Profiles explanation →

An organization uses FortiMail for email filtering and FortiGate for web filtering. The administrator wants to ensure that email traffic is filtered for spam and malware before reaching the internal mail server. Which TWO steps should be taken? (Choose two.)

Question 222mediummulti select
Read the full Security Profiles explanation →

A FortiGate administrator needs to prevent data leakage by blocking the upload of files containing credit card numbers via web traffic. Which THREE components must be configured? (Choose three.)

Question 223mediummulti select
Read the full Security Profiles explanation →

A FortiGate administrator wants to create a web filter profile that blocks access to social networking sites during work hours but allows them during lunch breaks. Additionally, the administrator wants to ensure that HTTPS social networking sites are blocked. Which TWO configurations are required? (Choose two.)

Question 224hardmulti select
Read the full NAT/PAT explanation →

An administrator configures an IPS sensor with a signature that is triggered by traffic to a specific server. The signature is set to 'Block' but the traffic is not being blocked. The administrator verifies that the IPS sensor is applied to the correct firewall policy and that the signature is enabled. Which TWO additional checks should the administrator perform? (Choose two.)

Question 225mediummultiple choice
Read the full Security Profiles explanation →

A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?

Question 226easymultiple choice
Read the full Security Profiles explanation →

An administrator wants to block access to websites that host malware. Which FortiGate feature should be configured to achieve this goal?

Question 227hardmultiple choice
Read the full Security Profiles explanation →

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

Question 228mediummulti select
Read the full Security Profiles explanation →

A network admin is configuring a security policy for outbound HTTP traffic. The requirements are: (1) block access to known malicious websites, (2) prevent users from downloading executable files, (3) detect and block C2 traffic. Which THREE security profiles should be applied to the policy?

Question 229mediummulti select
Read the full DNS explanation →

A security administrator wants to ensure that all DNS queries from internal users are filtered to block access to known malicious domains. Which TWO configurations must be applied?

Question 230hardmulti select
Read the full Security Profiles explanation →

An administrator has configured an IPS profile to detect SQL injection attacks. However, some SQL injection attempts are still reaching the web server. Which TWO actions should the administrator take to improve detection?

Question 231easymulti select
Read the full Security Profiles explanation →

Which TWO are valid types of SSL/TLS inspection available on FortiGate?

Question 232hardmulti select
Read the full Security Profiles explanation →

A FortiGate admin is troubleshooting email filtering. Legitimate emails from a specific external domain are being marked as spam. Which THREE steps should the admin take to resolve this?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

NSE4 Practice Test 1 — 10 Questions→NSE4 Practice Test 2 — 10 Questions→NSE4 Practice Test 3 — 10 Questions→NSE4 Practice Test 4 — 10 Questions→NSE4 Practice Test 5 — 10 Questions→NSE4 Practice Exam 1 — 20 Questions→NSE4 Practice Exam 2 — 20 Questions→NSE4 Practice Exam 3 — 20 Questions→NSE4 Practice Exam 4 — 20 Questions→Free NSE4 Practice Test 1 — 30 Questions→Free NSE4 Practice Test 2 — 30 Questions→Free NSE4 Practice Test 3 — 30 Questions→NSE4 Practice Questions 1 — 50 Questions→NSE4 Practice Questions 2 — 50 Questions→NSE4 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

System and Network AdministrationFirewall Policies and NATAuthentication and VPNSecurity ProfilesHigh Availability and Diagnostics

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security Profiles setsAll Security Profiles questionsNSE4 Practice Hub