NSE4 Question #390: Real Exam Question with Answer & Explanation

The correct answer is C: Sandbox. Files exceeding the configured oversized limit for Antivirus inspection are typically forwarded to a sandbox for detonation and analysis, as they cannot be processed by the FortiGate's local AV engine.

Submitted by noor.lb· Apr 18, 2026Security Profiles and Content Inspection

Question

Files that are larger than the oversized limit are subjected to which Antivirus check?

Options

AGrayware
BVirus
CSandbox
DHeuristic

Explanation

Files exceeding the configured oversized limit for Antivirus inspection are typically forwarded to a sandbox for detonation and analysis, as they cannot be processed by the FortiGate's local AV engine.

Common mistakes.

A. Grayware detection is a specific type of AV scanning performed by the FortiGate's local engine, which is bypassed if the file is oversized.
B. Direct virus scanning by the FortiGate's AV engine is skipped for oversized files due to resource limitations.
D. Heuristic scanning is a detection method used by the FortiGate's local AV engine and would not be applied to files exceeding the oversized limit.

Concept tested. FortiGate Antivirus oversized file handling

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/990641/oversized-files

Topics

#Antivirus#FortiSandbox#Oversized files#Content Inspection

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions