NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jul 11, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 1:

    Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

    A. Root VDOM
    B. FG-traffic VDOM
    C. Customer VDOM
    D. Global VDOM

  • Question 2:

    An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode selector for site B?

    A. 192.168.3.0/24
    B. 192.168.2.0/24
    C. 192.168.1.0/24
    D. 192.168.0.0/8

  • Question 3:

    An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?

    A. Disabled
    B. On Demand
    C. Enabled
    D. On Idle

  • Question 4:

    Refer to the FortiGuard connection debug output.

    Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

    A. A local FortiManager is one of the servers FortiGate communicates with.
    B. One server was contacted to retrieve the contract information.
    C. There is at least one server that lost packets consecutively.
    D. FortiGate is using default FortiGuard communication settings.

  • Question 5:

    An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

    A. Configure Source IP Pools.
    B. Configure split tunneling in tunnel mode.
    C. Configure different SSL VPN realms.
    D. Configure host check.

  • Question 6:

    Refer to the exhibit to view the application control profile.

    Based on the configuration, what will happen to Apple FaceTime?

    A. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration
    B. Apple FaceTime will be allowed, based on the Apple filter configuration.
    C. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn
    D. Apple FaceTime will be allowed, based on the Categories configuration.

  • Question 7:

    Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

    A. System event logs
    B. Forward traffic logs
    C. Local traffic logs
    D. Security logs

  • Question 8:

    How does FortiGate act when using SSL VPN in web mode?

    A. FortiGate acts as an FDS server.
    B. FortiGate acts as an HTTP reverse proxy.
    C. FortiGate acts as DNS server.
    D. FortiGate acts as router.

  • Question 9:

    A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

    *

    All traffic must be routed through the primary tunnel when both tunnels are up

    *

    The secondary tunnel must be used only if the primary tunnel goes down

    *

    In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

    Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

    A. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
    B. Enable Dead Peer Detection.
    C. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
    D. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

  • Question 10:

    Refer to the exhibit.

    Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

    A. The session is in SYN_SENT state.
    B. The session is in FIN_ACK state.
    C. The session is in FTN_WAIT state.
    D. The session is in ESTABLISHED state.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.