Back to Fortinet NSE 4 Network Security Professional NSE4 questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise Fortinet NSE 4 Network Security Professional NSE4 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
NSE4
exam code
Fortinet
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related NSE4 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummulti select
Full question →

An administrator is configuring web filtering on a FortiGate. Which TWO statements about web filtering profiles are correct?

Question 2hardmulti select
Full question →

An administrator is configuring an IPS profile on FortiGate to detect and block SQL injection attacks. The profile must be applied to inbound traffic to a web server. Which TWO settings should the administrator enable to achieve this goal? (Choose two.)

Question 3hardmulti select
Read the full VPN explanation →

Which TWO are best practices for configuring IPsec VPN on FortiGate to ensure high availability and security?

Question 4hardmulti select
Full question →

A FortiGate is configured in an A-P HA cluster. The administrator wants to ensure that session failover occurs for UDP-based voice traffic. Which TWO settings must be enabled?

Question 5mediummulti select
Full question →

Which TWO actions can cause SSL inspection to fail with certificate errors on client browsers? (Choose two.)

Question 6hardmulti select
Full question →

Which TWO statements about IPS in FortiGate are true?

Question 7hardmulti select
Full question →

Which THREE factors should be considered when tuning IPS to reduce false positives?

Question 8mediummulti select
Full question →

An administrator needs to configure a FortiGate to send logs to a FortiAnalyzer. Which two configurations are required? (Choose two.)

Question 9mediummulti select
Full question →

A FortiGate administrator needs to configure NTP to ensure accurate time on the device. Which two steps are required? (Choose two.)

Question 10mediummulti select
Full question →

An admin needs to configure a FortiGate to send logs to a FortiAnalyzer. Which TWO steps must be performed? (Choose two.)

Question 11mediummulti select
Full question →

An administrator needs to integrate a FortiGate with FortiManager for centralized management. Which two steps are required? (Choose two.)

Question 12hardmulti select
Full question →

A FortiGate administrator is planning an upgrade from FortiOS 6.4 to 7.2. Which THREE steps should be performed before the upgrade? (Choose three.)

Question 13mediummulti select
Full question →

An administrator wants to use FortiManager to manage multiple FortiGates. Which three steps must be performed to establish communication between a FortiGate and FortiManager? (Choose THREE.)

Question 14mediummulti select
Full question →

An administrator wants to configure HA on two FortiGate units. Which TWO of the following must match on both units for the cluster to form? (Choose two.)

Question 15hardmulti select
Open the full VLAN trunking answer →

A FortiGate configured in transparent mode needs to allow HTTP traffic between two VLANs. The administrator has created a firewall policy. However, traffic is still blocked. Which TWO additional configurations are necessary for transparent mode operation?

Question 16mediummulti select
Review the full routing breakdown →

A company has two internet connections (WAN1 and WAN2). The administrator wants to route HTTP traffic from the internal network through WAN1, and all other traffic through WAN2. Which TWO configurations are needed?

Question 17mediummulti select
Review the full subnetting walkthrough →

An administrator is troubleshooting why traffic from a specific subnet (192.168.10.0/24) to the internet is not being matched by the expected firewall policy. The policy list shows an allow policy for this traffic at ID 10, but there is a deny policy at ID 5 for any traffic from 192.168.0.0/16. Which TWO statements are correct?

Question 18mediummulti select
Full question →

A FortiGate admin is troubleshooting a policy that should allow VoIP traffic. The admin suspects that the SIP ALG is interfering. Which TWO actions should the admin take to verify or resolve the issue?

Question 19easymulti select
Full question →

Which TWO statements about firewall policy order are true?

Question 20mediummulti select
Read the full NAT/PAT explanation →

A FortiGate administrator needs to allow inbound HTTPS traffic to a web server located at 192.168.1.10. The public IP is 203.0.113.5. The administrator wants to translate the destination to the internal server and also translate the source port to a fixed range for logging purposes. Which TWO configuration elements are required?

These NSE4 practice questions are part of Courseiva's free Fortinet certification practice question bank. Courseiva provides original exam-style NSE4 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.