Back to Fortinet NSE 4 Network Security Professional NSE4 questions

Scenario-based practice

Drag and Drop Matching Questions

Practise Fortinet NSE 4 Network Security Professional NSE4 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
NSE4
exam code
Fortinet
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related NSE4 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each Fortinet HA mode to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

One unit handles traffic; standby unit takes over on failure

Both units handle traffic simultaneously for load balancing

Multiple units act as a single logical firewall

Ensures active sessions are preserved after failover

FortiGate Clustering Protocol used for HA synchronization

Match each FortiGate NAT type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Translates private source IP to public IP for outbound traffic

Translates public destination IP to private IP for inbound traffic

Assigns a range of ports to a private IP for NAT

Translates IPv6 traffic to IPv4 and vice versa

Translates IPv4 traffic to IPv6

Question 3mediummatching
Full question →

Match each FortiGate security profile component to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Scans files for malware

Controls access to URLs and web categories

Identifies and allows/denies application traffic

Detects and blocks network attacks

Decrypts encrypted traffic for inspection

Question 4mediummatching
Full question →

Match each FortiGate firewall policy action to its result.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Allows traffic matching the policy

Blocks traffic and sends a reset or ICMP unreachable

Routes traffic into an IPsec VPN tunnel

Routes traffic into an SSL VPN tunnel

Logs traffic without enforcing action (used for learning)

Question 5mediummatching
Full question →

Match each Fortinet security feature to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Detects and prevents network intrusions

Identifies and controls application traffic

Blocks access to malicious or unauthorized websites

Scans and removes malware from traffic

Decrypts and inspects encrypted traffic

Match each FortiGate routing concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manually configured path to a destination network

Link-state routing protocol for internal networks

Path-vector routing protocol for internet and WAN

Routes traffic based on source/destination or service

Load-balances traffic across multiple routes with same cost

Question 7mediummatching
Read the full VPN explanation →

Match each FortiGate VPN type to its characteristic.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Connects two networks over the internet securely

Provides remote access via web browser or client software

Legacy VPN protocol with weaker security

Combines Layer 2 tunneling with IPsec encryption

Auto-discovery VPN that dynamically establishes shortcuts

Question 8mediummatching
Full question →

Match each FortiGate CLI command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Displays current system resource usage

Tests network connectivity to a host

Traces packet flow through the firewall

Displays the entire running configuration

Resets the device to factory defaults

Question 9mediummatching
Full question →

Match each Fortinet product to its primary role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Next-generation firewall

Security information and event management

Centralized logging and analytics

Centralized management and policy orchestration

Advanced threat detection and analysis

Question 10mediummatching
Read the full NAT/PAT explanation →

Match each FortiGate logging destination to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Stored on the FortiGate's internal memory or disk

Centralized log collector and analyzer

Standard protocol to send logs to external servers

Cloud-based log storage and management

Used for monitoring device status and performance

These NSE4 practice questions are part of Courseiva's free Fortinet certification practice question bank. Courseiva provides original exam-style NSE4 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.