1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE 4 - FortiOS 6.4

Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jun 11, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.4 Questions & Answers

  • Question 141:

    Which statement about the policy ID number of a firewall policy is true?

    A. It is required to modify a firewall policy using the CLI.

    B. It represents the number of objects used in the firewall policy.

    C. It changes when firewall policies are reordered.

    D. It defines the order in which rules are processed.

  • Question 142:

    Which scanning technique on FortiGate can be enabled only on the CLI?

    A. Heuristics scan

    B. Trojan scan

    C. Antivirus scan

    D. Ransomware scan

  • Question 143:

    Refer to the exhibit.

    Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

    A. Destination NAT is disabled in the firewall policy.

    B. One-to-one NAT IP pool is used in the firewall policy.

    C. Overload NAT IP pool is used in the firewall policy.

    D. Port block allocation IP pool is used in the firewall policy.

  • Question 144:

    Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

    A. Web filter in flow-based inspection

    B. Antivirus in flow-based inspection

    C. DNS filter

    D. Web application firewall

    E. Application control

  • Question 145:

    View the exhibit.

    A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

    A. Addicting.Games is allowed based on the Application Overrides configuration.

    B. Addicting.Games is blocked on the Filter Overrides configuration.

    C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

    D. Addcting.Games is allowed based on the Categories configuration.

  • Question 146:

    Refer to the exhibits.

    The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.

    Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

    Which part of the policy configuration must you change to resolve the issue?

    A. The SSL inspection needs to be a deep content inspection.

    B. Force access to Facebook using the HTTP service.

    C. Additional application signatures are required to add to the security policy.

    D. Add Facebook in the URL category in the security policy.

  • Question 147:

    Refer to the exhibit.

    The exhibit shows the IPS sensor configuration.

    If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

    A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.

    B. The sensor will block all attacks aimed at Windows servers.

    C. The sensor will reset all connections that match these signatures.

    D. The sensor will gather a packet log for all matched traffic.

  • Question 148:

    Refer to the exhibit.

    Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

    A. There are five devices that are part of the security fabric.

    B. Device detection is disabled on all FortiGate devices.

    C. This security fabric topology is a logical topology view.

    D. There are 19 security recommendations for the security fabric.

  • Question 149:

    Refer to the exhibit.

    The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

    The WAN (port1) interface has the IP address 10.200.1.1/24.

    The LAN (port3) interface has the IP address 10.0.1.254/24.

    A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

    Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

    Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP

    address of Remote-FortiGate (10.200.3.1)?

    A. 10.200.1.149

    B. 10.200.1.1

    C. 10.200.1.49

    D. 10.200.1.99

  • Question 150:

    Refer to the exhibit.

    According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?

    A. A user

    B. A root CA

    C. A bridge CA

    D. A subordinate

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.