1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 31, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 91:

    Which statement about the policy ID number of a firewall policy is true?

    A. It is required to modify a firewall policy using the CLI.
    B. It represents the number of objects used in the firewall policy.
    C. It changes when firewall policies are reordered.
    D. It defines the order in which rules are processed.

  • Question 92:

    Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

    Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

    A. The firewall policy performs the full content inspection on the file.
    B. The flow-based inspection is used, which resets the last packet to the user.
    C. The volume of traffic being inspected is too high for this model of FortiGate.
    D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

  • Question 93:

    Which three statements about security associations (SA) in IPsec are correct? (Choose three.)

    A. Phase 2 SAs are used for encrypting and decrypting the data exchanged through the tunnel.
    B. An SA never expires.
    C. A phase 1 SA is bidirectional, while a phase 2 SA is directional.
    D. Phase 2 SA expiration can be time-based, volume-based, or both.
    E. Both the phase 1 SA and phase 2 SA are bidirectional.

  • Question 94:

    Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

    A. The public key of the web server certificate must be installed on the browser.
    B. The web-server certificate must be installed on the browser.
    C. The CA certificate that signed the web-server certificate must be installed on the browser.
    D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

  • Question 95:

    Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

    A. Heartbeat interfaces have virtual IP addresses that are manually assigned.
    B. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
    C. Virtual IP addresses are used to distinguish between cluster members.
    D. The primary device in the cluster is always assigned IP address 169.254.0.1.

  • Question 96:

    Which two statements are correct about NGFW Policy-based mode? (Choose two.)

    A. NGFW policy-based mode does not require the use of central source NAT policy
    B. NGFW policy-based mode can only be applied globally and not on individual VDOMs
    C. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
    D. NGFW policy-based mode policies support only flow inspection

  • Question 97:

    If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

    A. A CRL
    B. A person
    C. A subordinate CA
    D. A root CA

  • Question 98:

    Which of the following SD-WAN load ç’ªalancing method use interface weight value to distribute traffic? (Choose two.)

    A. Source IP
    B. Spillover
    C. Volume
    D. Session

  • Question 99:

    Refer to the exhibit.

    In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit. What should the administrator do next to troubleshoot the problem?

    A. Run a sniffer on the web server.
    B. Capture the traffic using an external sniffer connected to port1.
    C. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10"
    D. Execute a debug flow.

  • Question 100:

    If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

    A. IP address
    B. Once Internet Service is selected, no other object can be added
    C. User or User Group
    D. FQDN address

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.