NSE4 · topic practice

High Availability and Diagnostics practice questions

Practise Fortinet NSE 4 Network Security Professional NSE4 High Availability and Diagnostics practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: High Availability and Diagnostics

What the exam tests

What to know about High Availability and Diagnostics

High Availability and Diagnostics questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common High Availability and Diagnostics exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

High Availability and Diagnostics questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full MPLS explanation →

A network engineer is configuring an SD-WAN rule to steer voice traffic to the MPLS link with the lowest latency. The SLA target is set to latency < 50 ms and jitter < 10 ms. However, the MPLS link occasionally exceeds the latency threshold. What should the engineer do to ensure voice traffic uses the best available link without manual intervention?

An administrator has two FortiGate units in an active-passive HA cluster. The cluster is configured to use the heartbeat interface port3. During a failover test, the primary unit fails but the secondary does not take over. What is the most likely cause?

Question 3hardmultiple choice
Study the full SD-WAN breakdown →

A company has two remote sites connected via an SD-WAN overlay. The headquarters uses a FortiGate with two WAN links: Fiber (priority 1) and LTE (priority 2). The SD-WAN rule for business-critical traffic uses the 'best quality' strategy with SLA targets for latency and jitter. The fiber link occasionally experiences high jitter but low latency. The engineer notices that traffic is not failing over to LTE even when jitter exceeds the threshold. What is the most likely reason?

In an active-active HA cluster, which of the following must be identical on both FortiGate units?

Question 5mediummultiple choice
Read the full MPLS explanation →

An SD-WAN rule is configured with a 'manual' strategy and multiple members. The engineer wants to ensure that voice traffic always uses the MPLS link as long as it meets the SLA, otherwise use the broadband link. Which configuration is required?

Which TWO statements about FortiGate HA heartbeat interfaces are correct?

Question 7hardmulti select
Study the full SD-WAN breakdown →

Which THREE statements about SD-WAN rules are correct?

Refer to the exhibit. An administrator has configured HA on two FortiGate units. During a failover test, the secondary unit does not take over when the primary fails. What is the most likely cause?

Exhibit

Refer to the exhibit.

config system ha
    set group-name "HA_Cluster"
    set mode a-p
    set hbdev "port3" 50
    set session-pickup enable
    set session-pickup-connectionless enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port1"
            set gateway 10.0.1.1
        next
    end
    set override disable
    set priority 100
end
Question 9mediummultiple choice
Study the full SD-WAN breakdown →

Refer to the exhibit. An SD-WAN rule for voice traffic uses the SLA strategy with sla-match-mode 'any'. SLA 'sla1' measures ping to 8.8.8.8. If wan1 has latency 90 ms and jitter 10 ms, and wan2 has latency 110 ms and jitter 5 ms, which link will be selected for voice traffic?

Exhibit

Refer to the exhibit.

config system sdwan
    set status enable
    config members
        edit 1
            set interface "wan1"
            set gateway 10.0.0.254
            set source 10.0.0.1
        next
        edit 2
            set interface "wan2"
            set gateway 10.0.1.254
            set source 10.0.1.1
        next
    end
    config performance-sla
        edit 1
            set name "sla1"
            set server "8.8.8.8"
            set protocol "ping"
            set probe-packets 5
            set latency-threshold 100
            set jitter-threshold 20
        next
    end
    config service
        edit 1
            set name "voice"
            set mode sla
            set sla-match-mode any
            config sla
                edit "sla1"
                    set id 1
                next
            end
            set priority-members 1 2
        next
    end
end
Question 10hardmultiple choice
Open the full VLAN trunking answer →

A company has two FortiGate 100F units in an active-passive HA cluster with firmware version 7.2.5. The cluster is configured with session pickup and all interfaces are monitored. The network consists of three VLANs: VLAN10 (Users), VLAN20 (Servers), and VLAN30 (DMZ). The cluster is connected to two ISPs: ISP1 (port1) and ISP2 (port2). The internal network uses a single aggregated link (port3 and port4) as a LAG to the core switch. One day, the primary FortiGate experiences a hardware failure and the secondary takes over. After the primary is replaced and rejoins the cluster, the administrator notices that traffic passing through the cluster is intermittently dropping for a few seconds every minute. The administrator checks the cluster status and sees that the new primary (previously secondary) is in 'primary' state and the old primary (newly replaced) is in 'secondary' state. What is the most likely cause of the intermittent traffic drops?

Question 11mediummultiple choice
Read the full MPLS explanation →

A network engineer is configuring SD-WAN on a FortiGate with two WAN links: MPLS (port1) and Internet (port2). The MPLS link has lower latency and jitter. The engineer wants to route all VoIP traffic (SIP and RTP) over the MPLS link unless it is unavailable. Which SD-WAN rule configuration should be used?

A FortiGate is configured in an A-P HA cluster. The administrator wants to ensure that session failover occurs for UDP-based voice traffic. Which TWO settings must be enabled?

Refer to the exhibit. The HA cluster has been operational for 5 days. The primary unit suddenly loses power. Which of the following will happen?

Exhibit

Refer to the exhibit.

config system ha
    set group-name "HA_Group"
    set mode a-p
    set hbdev "port1" 100
    set session-pickup enable
    set session-pickup-connectionless enable
    set priority 200
end

diagnose sys ha status

HA Health Status: OK
Model: FortiGate-100E
Group: HA_Group
Mode: A-P
Group ID: 0
Debug: 0

Cluster Uptime: 5 days 2 hours 15 mins

Cluster Members:

Member 1 (FGT100E3G17012345)
    Role: Primary
    Serial: FGT100E3G17012345
    Priority: 200
    Heartbeat interface: port1 (10.0.0.1)
    Heartbeat status: OK

Member 2 (FGT100E3G17012346)
    Role: Secondary
    Serial: FGT100E3G17012346
    Priority: 100
    Heartbeat interface: port1 (10.0.0.2)
    Heartbeat status: OK

Drag and drop the steps to configure HA (High Availability) on a FortiGate pair into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 15mediummatching
Review the full routing breakdown →

Match each FortiGate routing concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manually configured path to a destination network

Link-state routing protocol for internal networks

Path-vector routing protocol for internet and WAN

Routes traffic based on source/destination or service

Load-balances traffic across multiple routes with same cost

An administrator has configured an active-passive HA cluster. During a failover test, the standby unit becomes active but existing user sessions are lost, requiring users to re-establish connections. Which configuration change would prevent this behavior?

A network administrator runs the following CLI command on a FortiGate to capture traffic for troubleshooting: 'diagnose sniffer packet any "host 10.0.1.100" 4'. What does the '4' at the end of the command specify?

In an active-active HA cluster, the administrator notices that traffic is not being load-balanced evenly across both units. What is the most likely cause?

An administrator executes 'diagnose debug flow' for a specific session and sees the output: 'id=20085 trace_id=10 func=print_pkt_detail line=5567 msg="vd-root:0 received packet via port1".' Later, the trace shows 'msg="Deny by policy"'. What is the most likely next step the administrator should take?

A FortiGate administrator needs to send logs to an external FortiAnalyzer for centralized monitoring. Which log configuration step is required?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused High Availability and Diagnostics sessions

Start a High Availability and Diagnostics only practice session

Every question in these sessions is drawn from the High Availability and Diagnostics domain — nothing else.

Related practice questions

Related NSE4 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the NSE4 exam test about High Availability and Diagnostics?
High Availability and Diagnostics questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just High Availability and Diagnostics questions in a focused session?
Yes — the session launcher on this page draws every question from the High Availability and Diagnostics domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other NSE4 topics?
Use the topic links above to move to related areas, or go back to the NSE4 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the NSE4 exam covers. They are not copied from any real exam or dump site.