1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 31, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 151:

    Which two statements are correct about a software switch on FortiGate? (Choose two.)

    A. It can be configured only when FortiGate is operating in NAT mode
    B. Can act as a Layer 2 switch as well as a Layer 3 router
    C. All interfaces in the software switch share the same IP address
    D. It can group only physical interfaces

  • Question 152:

    Refer to the exhibit to view the application control profile.

    Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is true?

    A. Apple FaceTime belongs to the custom monitored filter.
    B. The category of Apple FaceTime is being monitored.
    C. Apple FaceTime belongs to the custom blocked filter.
    D. The category of Apple FaceTime is being blocked.

  • Question 153:

    Refer to the exhibit.

    Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

    A. Custom permission for Network
    B. Read/Write permission for Log and Report
    C. CLI diagnostics commands permission
    D. Read/Write permission for Firewall

  • Question 154:

    An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

    A. A phase 2 configuration is not required.
    B. This VPN cannot be used as part of a hub-and-spoke topology.
    C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
    D. The IPsec firewall policies must be placed at the top of the list.

  • Question 155:

    A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

    A. Static IP Address
    B. Dialup User
    C. Dynamic DNS
    D. Pre-shared Key

  • Question 156:

    When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

    A. Log ID
    B. Universally Unique Identifier
    C. Policy ID
    D. Sequence ID

  • Question 157:

    Refer to the web filter raw logs.

    Based on the raw logs shown in the exhibit, which statement is correct?

    A. Social networking web filter category is configured with the action set to authenticate.
    B. The action on firewall policy ID 1 is set to warning.
    C. Access to the social networking web filter category was explicitly blocked to all users.
    D. The name of the firewall policy is all_users_web.

  • Question 158:

    An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.

    Which subnet must the administrator configure for the local quick mode selector for site B?

    A. 192.168.1.0/24
    B. 192.168.0.0/24
    C. 192.168.2.0/24
    D. 192.168.3.0/24

  • Question 159:

    An administrator must disable RPF check to investigate an issue.

    Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

    A. Enable asymmetric routing, so the RPF check will be bypassed.
    B. Disable the RPF check at the FortiGate interface level for the source check.
    C. Disable the RPF check at the FortiGate interface level for the reply check.
    D. Enable asymmetric routing at the interface level.

  • Question 160:

    Refer to the exhibit.

    The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.

    An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.

    Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

    A. Disable match-vip in the Deny policy.
    B. Set the Destination address as Deny_IP in the Allow-access policy.
    C. Enable match vip in the Deny policy.
    D. Set the Destination address as Web_server in the Deny policy.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.