NSE 4 – FortiGate 7.0 — Question 40

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

Answer options

• A. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy.
• B. NGFW policy-based mode can only be applied globally and not on individual VDOMs.
• C. NGFW policy-based mode does not require the use of central source NAT policy.
• D. NGFW policy-based mode policies support only flow inspection.

Correct answer: A, D

Explanation

Option A is correct because NGFW policy-based mode indeed allows for the creation of application and web filtering categories directly in the firewall policy. Option D is also correct as it states that NGFW policy-based mode policies are restricted to flow inspection. Options B and C are incorrect because NGFW policy-based mode can be applied to individual VDOMs and can utilize a central source NAT policy if needed.