1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 31, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 101:

    Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

    A. Warning
    B. Exempt
    C. Allow
    D. Learn

  • Question 102:

    Which two statements are true about collector agent advanced mode? (Choose two.)

    A. Advanced mode uses Windows convention--NetBios: Domain\Username.
    B. FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate
    C. Advanced mode supports nested or inherited groups
    D. Security profiles can be applied only to user groups, not individual users.

  • Question 103:

    A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

    A. Implement a web filter category override for the specified website
    B. Implement a DNS filter for the specified website.
    C. Implement web filter quotas for the specified website
    D. Implement web filter authentication for the specified website.

  • Question 104:

    Refer to the exhibit.

    The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.

    The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10 .0.1.254. /24.

    The first firewall policy has NAT enabled using IP Pool.

    The second firewall policy is configured with a VIP as the destination address.

    Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

    A. 10.200.1.1
    B. 10.200.3.1
    C. 10.200.1.100
    D. 10.200.1.10

  • Question 105:

    Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

    A. Log downloads from the GUI are limited to the current filter view
    B. Log backups from the CLI cannot be restored to another FortiGate.
    C. Log backups from the CLI can be configured to upload to FTP as a scheduled time
    D. Log downloads from the GUI are stored as LZ4 compressed files.

  • Question 106:

    Refer to the exhibit, which contains a session diagnostic output.

    Which statement is true about the session diagnostic output?

    A. The session is a UDP unidirectional state.
    B. The session is in TCP ESTABLISHED state.
    C. The session is a bidirectional UDP connection.
    D. The session is a bidirectional TCP connection.

  • Question 107:

    Refer to the exhibit, which contains a static route configuration.

    An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?

    A. get router info routing-table all
    B. get internet service route list
    C. get router info routing-table database
    D. diagnose firewall proute list

  • Question 108:

    Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

    A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
    B. FortiGate supports pre-shared key and signature as authentication methods.
    C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
    D. A certificate is not required on the remote peer when you set the signature as the authentication method.

  • Question 109:

    View the exhibit.

    A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

    A. Addicting.Games is allowed based on the Application Overrides configuration.
    B. Addicting.Games is blocked on the Filter Overrides configuration.
    C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
    D. Addcting.Games is allowed based on the Categories configuration.

  • Question 110:

    Refer to the exhibit.

    Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

    A. There are five devices that are part of the security fabric.
    B. Device detection is disabled on all FortiGate devices.
    C. This security fabric topology is a logical topology view.
    D. There are 19 security recommendations for the security fabric.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.