1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE 4 - FortiOS 6.4

Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jun 11, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.4 Questions & Answers

  • Question 131:

    Refer to the exhibit to view the application control profile.

    Based on the configuration, what will happen to Apple FaceTime?

    A. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration

    B. Apple FaceTime will be allowed, based on the Apple filter configuration.

    C. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn

    D. Apple FaceTime will be allowed, based on the Categories configuration.

  • Question 132:

    Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

    A. diagnose sys top

    B. execute ping

    C. execute traceroute

    D. diagnose sniffer packet any

    E. get system arp

  • Question 133:

    Which three methods are used by the collector agent for AD polling? (Choose three.)

    A. FortiGate polling

    B. NetAPI

    C. Novell API

    D. WMI

    E. WinSecLog

  • Question 134:

    Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

    A. Proxy-based inspection

    B. Certificate inspection

    C. Flow-based inspection

    D. Full Content inspection

  • Question 135:

    Which two statements are correct about SLA targets? (Choose two.)

    A. You can configure only two SLA targets per one Performance SLA.

    B. SLA targets are optional.

    C. SLA targets are required for SD-WAN rules with a Best Quality strategy.

    D. SLA targets are used only when referenced by an SD-WAN rule.

  • Question 136:

    Refer to the web filter raw logs.

    Based on the raw logs shown in the exhibit, which statement is correct?

    A. Social networking web filter category is configured with the action set to authenticate.

    B. The action on firewall policy ID 1 is set to warning.

    C. Access to the social networking web filter category was explicitly blocked to all users.

    D. The name of the firewall policy is all_users_web.

  • Question 137:

    Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

    A. Heartbeat interfaces have virtual IP addresses that are manually assigned.

    B. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

    C. Virtual IP addresses are used to distinguish between cluster members.

    D. The primary device in the cluster is always assigned IP address 169.254.0.1.

  • Question 138:

    Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

    A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password

    B. FortiGate supports pre-shared key and signature as authentication methods.

    C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.

    D. A certificate is not required on the remote peer when you set the signature as the authentication method.

  • Question 139:

    A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.

    What is the reason for the failed virus detection by FortiGate?

    A. Application control is not enabled

    B. SSL/SSH Inspection profile is incorrect

    C. Antivirus profile configuration is incorrect

    D. Antivirus definitions are not up to date

  • Question 140:

    View the exhibit:

    Which the FortiGate handle web proxy traffic rue? (Choose two.)

    A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.

    B. port-VLAN1 is the native VLAN for the port1 physical interface.

    C. C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.

    D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.