NSE4 Question #11: Real Exam Question with Answer & Explanation

The correct answer is B: Proxy-based.. Proxy-based and Flow-based web filtering inspection modes both allow for the inspection of the full URL in HTTP/HTTPS traffic.

Submitted by viktor_hu· Apr 18, 2026Security Profiles and Content Inspection

Question

Which two web filtering inspection modes inspect the full URL? (Choose two.)

Options

ADNS-based.
BProxy-based.
CFlow-based.
DURL-based.

Explanation

Proxy-based and Flow-based web filtering inspection modes both allow for the inspection of the full URL in HTTP/HTTPS traffic.

Common mistakes.

A. DNS-based web filtering inspects only DNS queries, not the full HTTP/HTTPS URL. It blocks access to malicious domains before the connection is established based on the domain name resolved.
D. URL-based is not a standard inspection mode in the context of FortiGate web filtering; rather, it describes the object or criteria being filtered, which can be applied within proxy or flow modes.

Concept tested. FortiGate web filtering inspection modes and URL inspection

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/522100/web-filtering-inspection-modes

Topics

#Web Filtering#Inspection Modes#Full URL Inspection#Security Profiles

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions