Back to Fortinet NSE 4 Network Security Professional NSE4

Fortinet exam questions

Fortinet NSE 4 Network Security Professional NSE4 practice test

Practise CPU questions covering socket types, core counts, clock speeds, and cooling solutions for the NSE4 exam.

1,000
practice questions
5
topics covered
NSE4
exam code
Fortinet
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 1,000 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 1,000 NSE4 questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

14 pages · 75 questions per page · 1,000 total

Domain practice

Study NSE4 by domain

Each domain has its own study sheet and practice test. Target the areas where you're weakest instead of repeating questions you already know.

All domains with question counts →

Related practice questions

Study NSE4 by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Fortinet NSE 4 Network Security Professional NSE4 practice questions

Start practice test

Drag and drop the steps to capture traffic on a FortiGate interface using the CLI into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Drag and drop the steps to configure HA (High Availability) on a FortiGate pair into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Drag and drop the steps to perform a factory reset on FortiGate via CLI into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 4easymultiple choice
Read the full VPN explanation →

Refer to the exhibit. A network administrator configured an IPsec VPN between the main office and a branch office. Remote users at the branch office report that they cannot access resources in the main office. The tunnel status shows up on both sides. What is the most likely cause of the connectivity issue?

Exhibit

Refer to the exhibit.
config vpn ipsec phase1-interface
    edit "to_Branch"
        set interface "wan1"
        set ike-version 2
        set keylife 86400
        set peertype any
        set net-device disable
        set mode-cfg enable
        set proposal aes256-sha256
        set dhgroup 14
        set remote-gw 203.0.113.5
        set psksecret ENC ...
    next
end
config vpn ipsec phase2-interface
    edit "to_Branch_p2"
        set phase1name "to_Branch"
        set proposal aes256-sha256
        set pfs enable
        set dhgrp 14
        set auto-negotiate enable
        set keylifeseconds 3600
    next
end
Question 5mediummultiple choice
Read the full NAT/PAT explanation →

Given the exhibit, a user in the internal network tries to SSH to a public server (203.0.113.10). What will happen and why?

Exhibit

Refer to the exhibit.

config firewall policy
    edit 1
        set name "Allow-Internet"
        set srcintf "internal"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
        set logtraffic all
    next
    edit 2
        set name "Block-SSH"
        set srcintf "internal"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action deny
        set schedule "always"
        set service "SSH"
        set logtraffic all
    next
end

An administrator is configuring web filtering on a FortiGate. Which TWO statements about web filtering profiles are correct?

Refer to the exhibit. An administrator is troubleshooting why SSL inspection is not working for web traffic. The policy shown is the only policy matching the traffic. What is the most likely reason SSL inspection is failing?

Exhibit

Refer to the exhibit.

config firewall policy
    edit 1
        set name "SSL-Inspection"
        set srcintf "wan1"
        set dstintf "internal"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set ssl-ssh-profile "deep-inspection"
        set profile-protocol-options "default"
        set av-profile "default"
        set webfilter-profile "default"
    next
end

A company is deploying FortiGate for outbound web filtering. They want to block users from accessing social media sites during business hours, but still allow access to cloud-based productivity tools like Office 365. Which approach should the administrator use to meet this requirement?

An administrator is configuring an IPS profile on FortiGate to detect and block SQL injection attacks. The profile must be applied to inbound traffic to a web server. Which TWO settings should the administrator enable to achieve this goal? (Choose two.)

Question 10easymultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. An administrator has created an IPS sensor with two entries. The first entry sets severity 'medium' and action 'block'. The second entry sets severity 'critical' and action 'block'. What will happen when a packet triggers an IPS signature with severity 'low'?

Exhibit

Refer to the exhibit.

config ips sensor
    edit "sensor1"
        config entries
            edit 1
                set severity medium
                set action block
            next
            edit 2
                set severity critical
                set action block
            next
        end
    next
end
Question 11hardmulti select
Read the full VPN explanation →

Which TWO are best practices for configuring IPsec VPN on FortiGate to ensure high availability and security?

A FortiGate is configured in an A-P HA cluster. The administrator wants to ensure that session failover occurs for UDP-based voice traffic. Which TWO settings must be enabled?

An administrator needs to configure a FortiGate to allow web traffic from the internal network to the Internet. The internal network is 192.168.1.0/24 and the WAN interface is port1 with IP 203.0.113.1. Which firewall policy is correct?

Question 14hardmultiple choice
Review the full routing breakdown →

Refer to the exhibit. The FortiGate has two default routes. The administrator attempts to ping 8.8.8.8 from the CLI and receives no response. What is the most likely reason?

Exhibit

Refer to the exhibit.
config router static
    edit 1
        set device port1
        set gateway 203.0.113.1
        set dst 0.0.0.0 0.0.0.0
        set distance 10
    next
    edit 2
        set device port2
        set gateway 10.0.0.1
        set dst 0.0.0.0 0.0.0.0
        set distance 20
    next
end
Question 15hardmultiple choice
Read the full NAT/PAT explanation →

A FortiGate administrator is troubleshooting a problem where users cannot access the Internet. The FortiGate has a default route pointing to the ISP gateway. The administrator runs 'execute ping 8.8.8.8' from the FortiGate CLI and it succeeds. However, internal users behind NAT are unable to reach external servers. Which is the most likely cause?

Question 16mediummultiple choice
Read the full NAT/PAT explanation →

A network administrator configures a firewall policy to allow HTTP traffic from the internal network (10.0.0.0/8) to a web server (172.16.1.10). Users on the 10.0.0.0/8 network cannot access the web server, but other internal users can. The administrator checks the policy list and sees the policy is enabled and in the correct position. What is the most likely cause?

Question 17hardmultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. An administrator runs 'diagnose firewall auth list' and sees two authenticated users. The firewall policy requires authentication for HTTP traffic from 10.0.0.0/24 to 192.168.1.10. User 'jsmith' has been idle for 20 minutes, but the authentication session is still active. The idle timeout is set to 30 minutes. What will happen after 30 minutes of inactivity?

Exhibit

FGT # diagnose firewall auth list
1: authid=1 type=ldap user=jsmith src=10.0.0.5 dst=192.168.1.10 proto=6 port=80 duration=1200 timeout=3600
2: authid=2 type=ldap user=ajones src=10.0.0.6 dst=192.168.1.10 proto=6 port=80 duration=600 timeout=3600
Question 18hardmultiple choice
Read the full VPN explanation →

A company with multiple remote sites uses IPsec VPNs. One site reports intermittent connectivity. The administrator checks the logs and sees 'IPsec phase 2 negotiation failed' messages. Which configuration change is most likely to resolve the issue?

A FortiGate administrator is troubleshooting a high CPU usage issue. The 'get system performance status' command shows that the CPU usage is consistently above 80% with no traffic. Which of the following is the most likely cause?

An administrator needs to configure a FortiGate to send logs to two different syslog servers for redundancy. Which configuration method should be used?

A large enterprise is deploying a FortiGate 600F as the perimeter firewall. The security team requires that all administrative access (SSH, HTTPS, and Ping) to the FortiGate must be restricted to a dedicated management network (10.10.10.0/24). Additionally, any failed login attempt from outside the management network should be logged and the source IP should be blocked for 30 minutes. The administrator has configured a local-in policy to deny all administrative access from non-management networks and enabled logging. However, the administrator wants to automatically block the offending IPs. The FortiGate is not connected to any FortiAnalyzer or FortiManager. What should the administrator do to achieve this?

Which TWO actions can cause SSL inspection to fail with certificate errors on client browsers? (Choose two.)

Question 23mediummultiple choice
Read the full NAT/PAT explanation →

An administrator has configured the policy shown in the exhibit. Traffic to the web server at 10.0.1.10 over HTTPS is allowed, but users complain that they cannot access the web server's login page. The IPS sensor 'High_Security_Sensor' has a signature that blocks SQL injection attempts. The application list 'Block_Social_Media' blocks Facebook and Twitter. What is the most likely cause of the issue?

Exhibit

Refer to the exhibit.

config firewall policy
    edit 1
        set name "Web-Server"
        set srcintf "port1"
        set dstintf "port2"
        set srcaddr "all"
        set dstaddr "10.0.1.10"
        set action accept
        set schedule "always"
        set service "HTTPS"
        set utm-status enable
        set ips-sensor "High_Security_Sensor"
        set application-list "Block_Social_Media"
    next
end

Which TWO statements about IPS in FortiGate are true?

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these NSE4 questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

CPU questions test socket types, core count, clock speed, and cooling methods for NSE4.

Identify CPU socket types and compatibility with motherboards.

Distinguish between 32-bit and 64-bit processor architectures.

Recognize hyperthreading and multi-core processor features.

Select appropriate cooling methods: air vs liquid cooling.

These NSE4 practice questions are part of Courseiva's free Fortinet certification practice question bank. Courseiva provides original exam-style NSE4 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.