1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 31, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 121:

    An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?

    A. auth-on-demand
    B. soft-timeout
    C. idle-timeout
    D. new-session
    E. hard-timeout

  • Question 122:

    In which two ways can RPF checking be disabled? (Choose two )

    A. Enable anti-replay in firewall policy.
    B. Disable the RPF check at the FortiGate interface level for the source check
    C. Enable asymmetric routing.
    D. Disable strict-arc-check under system settings.

  • Question 123:

    Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

    A. FortiGate points the collector agent to use a remote LDAP server.
    B. FortiGate uses the AD server as the collector agent.
    C. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
    D. FortiGate queries AD by using the LDAP to retrieve user group information.

  • Question 124:

    FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating for the home page? (Choose two.)

    A. www.example.com:443
    B. www.example.com
    C. example.com
    D. www.example.com/index.html

  • Question 125:

    Refer to the exhibit.

    A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.

    Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

    A. On HQ-FortiGate, enable Auto-negotiate.
    B. On Remote-FortiGate, set Seconds to 43200.
    C. On HQ-FortiGate, enable Diffie-Hellman Group 2.
    D. On HQ-FortiGate, set Encryption to AES256.

  • Question 126:

    You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior when the local disk is full?

    A. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.
    B. No new log is recorded until you manually clear logs from the local disk.
    C. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.
    D. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

  • Question 127:

    Refer to the exhibit.

    The exhibits show a network diagram and the explicit web proxy configuration.

    In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy?

    A. `host 192.168.0.2 and port 8080'
    B. `host 10.0.0.50 and port 80'
    C. `host 192.168.0.1 and port 80'
    D. `host 10.0.0.50 and port 8080'

  • Question 128:

    FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

    A. Antivirus scanning
    B. File filter
    C. DNS filter
    D. Intrusion prevention

  • Question 129:

    Refer to the exhibit.

    Examine the intrusion prevention system (IPS) diagnostic command.

    Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

    A. The IPS engine was inspecting high volume of traffic.
    B. The IPS engine was unable to prevent an intrusion attack.
    C. The IPS engine was blocking all traffic.
    D. The IPS engine will continue to run in a normal state.

  • Question 130:

    Refer to the exhibit.

    The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

    A. If there is a full-through policy in place, users will not be prompted for authentication.
    B. Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.
    C. Authentication is enforced at a policy level; all users will be prompted for authentication.
    D. Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.