NSE 4 – FortiGate 6.4 — Question 59

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

Answer options

• A. NGFW policy-based mode does not require the use of central source NAT policy
• B. NGFW policy-based mode can only be applied globally and not on individual VDOMs
• C. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
• D. NGFW policy-based mode policies support only flow inspection

Correct answer: C, D

Explanation

The correct answers, C and D, are accurate as NGFW policy-based mode does allow for direct creation of applications and web filtering categories in firewall policies and is focused solely on flow inspection. Options A and B are incorrect because policy-based mode does involve a central source NAT policy and can be applied on individual VDOMs.