NSE4 · topic practice

System and Network Administration practice questions

Practise Fortinet NSE 4 Network Security Professional NSE4 System and Network Administration practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: System and Network Administration

What the exam tests

What to know about System and Network Administration

System and Network Administration questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common System and Network Administration exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

System and Network Administration questions

20 questions · select your answer, then reveal the explanation

A company wants to ensure that administrative access to FortiGate is only allowed from the internal trusted network (192.168.1.0/24) and that all other access attempts are blocked. Which CLI command should the administrator configure first?

A FortiGate administrator is troubleshooting a high CPU usage issue. The 'get system performance status' command shows that the CPU usage is consistently above 80% with no traffic. Which of the following is the most likely cause?

An administrator needs to back up the FortiGate configuration to a TFTP server at 10.0.0.10. Which command should be used?

Refer to the exhibit. An administrator wants to enable SNMP access on the wan1 interface. Which of the following is the most efficient method?

Exhibit

config system interface
    edit "wan1"
        set vdom "root"
        set ip 10.0.0.1 255.255.255.0
        set allowaccess ping https ssh
        set type wan
        set role wan
        set snmp-index 1
    next
end

Which TWO of the following are valid methods to upgrade the FortiGate firmware? (Choose two.)

An administrator is troubleshooting a FortiGate that is not passing traffic. The policy allows traffic, but the session table shows no sessions. Which THREE steps should the administrator take to diagnose the issue? (Choose three.)

Question 7mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with two ISPs (WAN1 and WAN2) and uses SD-WAN for load balancing. The administrator notices that traffic to a critical SaaS application is being sent over the slower link. What should the administrator do to ensure this traffic uses the faster link?

What is the default administrative account on a FortiGate?

An administrator needs to configure a FortiGate to send logs to two different syslog servers for redundancy. Which configuration method should be used?

Refer to the exhibit. The administrator notices that traffic from internal to wan1 is being logged, but the logs do not show the original source IP. What is the most likely reason?

Exhibit

config firewall policy
    edit 1
        set srcintf "internal"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set nat enable
    next
end

Which TWO of the following are prerequisites for configuring a high availability (HA) cluster on FortiGate? (Choose two.)

Which THREE statements about FortiGate's 'config system global' settings are true? (Choose three.)

Question 13mediummultiple choice
Study the full SD-WAN breakdown →

A company has a FortiGate 200F with FortiOS 7.2 and two ISPs (WAN1: 100 Mbps, WAN2: 50 Mbps). The company uses SD-WAN to load balance outbound internet traffic. Recently, the company added a new VoIP application that requires low latency and jitter. The administrator configured an SD-WAN rule to match the VoIP traffic and set the strategy to 'best quality' with a performance SLA measuring latency and jitter. However, after testing, the VoIP traffic is still using WAN2 (the slower link) even when WAN1 has lower latency. The performance SLA shows both links meeting the SLA thresholds. What is the most likely reason?

A large enterprise is deploying a FortiGate 600F as the perimeter firewall. The security team requires that all administrative access (SSH, HTTPS, and Ping) to the FortiGate must be restricted to a dedicated management network (10.10.10.0/24). Additionally, any failed login attempt from outside the management network should be logged and the source IP should be blocked for 30 minutes. The administrator has configured a local-in policy to deny all administrative access from non-management networks and enabled logging. However, the administrator wants to automatically block the offending IPs. The FortiGate is not connected to any FortiAnalyzer or FortiManager. What should the administrator do to achieve this?

Which command is used to display the current FortiGate firmware version?

A company is deploying a FortiGate HA cluster in active-passive mode across two data centers. The network team reports that after a failover, some existing TCP sessions are dropped. Which configuration change should be applied to maintain session persistence during failover?

Question 17hardmultiple choice
Read the full NAT/PAT explanation →

A FortiGate administrator is troubleshooting a problem where users cannot access the Internet. The FortiGate has a default route pointing to the ISP gateway. The administrator runs 'execute ping 8.8.8.8' from the FortiGate CLI and it succeeds. However, internal users behind NAT are unable to reach external servers. Which is the most likely cause?

An administrator needs to configure a FortiGate to allow web traffic from the internal network to the Internet. The internal network is 192.168.1.0/24 and the WAN interface is port1 with IP 203.0.113.1. Which firewall policy is correct?

A FortiGate administrator notices that the device's disk usage is critically high, causing logging failures. The administrator wants to free up space without losing important logs. Which action should be taken first?

Question 20hardmultiple choice
Review the full routing breakdown →

Refer to the exhibit. The FortiGate has two default routes. The administrator attempts to ping 8.8.8.8 from the CLI and receives no response. What is the most likely reason?

Exhibit

Refer to the exhibit.
config router static
    edit 1
        set device port1
        set gateway 203.0.113.1
        set dst 0.0.0.0 0.0.0.0
        set distance 10
    next
    edit 2
        set device port2
        set gateway 10.0.0.1
        set dst 0.0.0.0 0.0.0.0
        set distance 20
    next
end

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused System and Network Administration sessions

Start a System and Network Administration only practice session

Every question in these sessions is drawn from the System and Network Administration domain — nothing else.

Related practice questions

Related NSE4 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the NSE4 exam test about System and Network Administration?
System and Network Administration questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just System and Network Administration questions in a focused session?
Yes — the session launcher on this page draws every question from the System and Network Administration domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other NSE4 topics?
Use the topic links above to move to related areas, or go back to the NSE4 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the NSE4 exam covers. They are not copied from any real exam or dump site.