Question 761 of 1,000
System and Network AdministrationhardMultiple ChoiceObjective-mapped

Quick Answer

The answer is to execute 'config system interface', edit wan1, and set allowaccess ping https ssh snmp. This is correct because the allowaccess parameter under config system interface explicitly controls which management protocols—such as ping, HTTPS, SSH, and SNMP—are permitted on a specific FortiGate interface, and adding snmp to that list enables SNMP access without altering the interface’s role or type. On the Fortinet NSE 4 Network Security Professional NSE4 exam, this tests your understanding of interface-level access control, a common configuration task that often appears in multiple-choice or CLI-based scenarios; a frequent trap is confusing this with global SNMP settings or assuming a separate SNMP interface is required. Remember the mnemonic “P-H-S-S” for the typical allowaccess order (ping, HTTPS, SSH, SNMP) to quickly recall which protocols are managed per interface.

NSE4 System and Network Administration Practice Question

This NSE4 practice question tests your understanding of system and network administration. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

config system interface
    edit "wan1"
        set vdom "root"
        set ip 10.0.0.1 255.255.255.0
        set allowaccess ping https ssh
        set type wan
        set role wan
        set snmp-index 1
    next
end

Refer to the exhibit. An administrator wants to enable SNMP access on the wan1 interface. Which of the following is the most efficient method?

Exhibit

config system interface
    edit "wan1"
        set vdom "root"
        set ip 10.0.0.1 255.255.255.0
        set allowaccess ping https ssh
        set type wan
        set role wan
        set snmp-index 1
    next
end

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Execute 'config system interface' and edit wan1, then set allowaccess ping https ssh snmp.

Option A is correct because the 'allowaccess' parameter under 'config system interface' controls which management protocols (ping, https, ssh, snmp, etc.) are permitted on a given interface. By adding 'snmp' to the allowaccess list for wan1, the administrator enables SNMP access on that interface without changing its role or type.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Execute 'config system interface' and edit wan1, then set allowaccess ping https ssh snmp.

    Why this is correct

    Adding 'snmp' to allowaccess enables SNMP on that interface.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Change the interface type to 'management' to allow SNMP.

    Why it's wrong here

    Changing type does not enable SNMP access.

  • Execute 'config system interface' and edit wan1, then set snmp-index 1.

    Why it's wrong here

    snmp-index already exists; it does not enable SNMP access.

  • Configure an SNMP community under 'config system snmp community'.

    Why it's wrong here

    Community is needed but not sufficient; interface must allow snmp.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates often confuse configuring an SNMP community (which defines who can query) with enabling SNMP access on an interface (which allows the SNMP agent to listen on that interface); both are required, but the question asks for the most efficient method to enable SNMP access on wan1, which is setting 'allowaccess snmp' on that interface.

Detailed technical explanation

How to think about this question

The 'allowaccess' setting controls which management daemons (e.g., HTTPS, SSH, SNMP, Ping, TELNET) listen on that interface's IP address. Without 'snmp' in the allowaccess list, the SNMP agent will not respond on that interface even if a valid community is configured. This is a common source of troubleshooting issues when SNMP queries fail despite correct community settings.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security administrator must allow nursing staff to reach a patient records server while blocking access from the guest Wi-Fi VLAN. After applying an extended ACL, traffic is still blocked from nursing workstations. The ACL was applied outbound instead of inbound on the wrong interface. Questions like this test ACL direction and placement rules.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related NSE4 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free NSE4 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this NSE4 question test?

System and Network Administration — This question tests System and Network Administration — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Execute 'config system interface' and edit wan1, then set allowaccess ping https ssh snmp. — Option A is correct because the 'allowaccess' parameter under 'config system interface' controls which management protocols (ping, https, ssh, snmp, etc.) are permitted on a given interface. By adding 'snmp' to the allowaccess list for wan1, the administrator enables SNMP access on that interface without changing its role or type.

What should I do if I get this NSE4 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More NSE4 practice questions

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This NSE4 practice question is part of Courseiva's free Fortinet certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the NSE4 exam.