NSE4 Question #190: Real Exam Question with Answer & Explanation

The correct answer is A: The traffic is blocked.. If no firewall policy is explicitly configured between two FortiGate interfaces, all traffic attempting to flow between them will be implicitly blocked.

Submitted by priya_blr· Apr 18, 2026Firewall Policies and Authentication

Question

If no firewall policy is specified between two FortiGate interfaces and zones are not used, which of the following statements describes the action taken on traffic flowing between these interfaces?

Options

AThe traffic is blocked.
BThe traffic is passed.
CThe traffic is passed and logged.
DThe traffic is blocked and logged.

Explanation

If no firewall policy is explicitly configured between two FortiGate interfaces, all traffic attempting to flow between them will be implicitly blocked.

Common mistakes.

B. Traffic is not passed by default; an explicit firewall policy is always required to allow traffic to flow between interfaces.
C. Traffic is not passed by default, and logging of implicitly denied traffic is not enabled without specific configuration; the fundamental action is to block.
D. While the traffic is blocked, logging of implicitly denied traffic is not enabled by default and requires separate configuration; the primary action is the block.

Concept tested. FortiGate implicit deny firewall behavior

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/209193/about-firewall-policies

Topics

#firewall policy#implicit deny#default action#traffic blocking

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions