1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE 4 - FortiOS 6.4

Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jun 11, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.4 Questions & Answers

  • Question 11:

    Examine the network diagram shown in the exhibit, then answer the following question:

    Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

    A. 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]

    B. 0.0.0.0/0 [20/0] via 10.4.200.2, port2

    C. 10.4.200.0/30 is directly connected, port2

    D. 172.16.32.0/24 is directly connected, port1

  • Question 12:

    Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

    A. DNS

    B. ping

    C. udp-echo

    D. TWAMP

  • Question 13:

    Refer to the exhibit.

    The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme,

    users, and firewall address.

    An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.

    The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a

    form-based authentication scheme for the FortiGate local user database.

    Users will be prompted for authentication.

    How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP

    10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

    A. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

    B. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

    C. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

    D. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

  • Question 14:

    Refer to the exhibit.

    In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.

    What should the administrator do next to troubleshoot the problem?

    A. Run a sniffer on the web server.

    B. Capture the traffic using an external sniffer connected to port1.

    C. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10"

    D. Execute a debug flow.

  • Question 15:

    Which of statement is true about SSL VPN web mode?

    A. The tunnel is up while the client is connected.

    B. It supports a limited number of protocols.

    C. The external network application sends data through the VPN.

    D. It assigns a virtual IP address to the client.

  • Question 16:

    Refer to the exhibit.

    A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the preshared key on both FortiGate devices to make sure they match.

    Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

    A. On HQ-FortiGate, set IKE mode to Main (ID protection).

    B. On both FortiGate devices, set Dead Peer Detection to On Demand.

    C. On HQ-FortiGate, disable Diffie-Helman group 2.

    D. On Remote-FortiGate, set port2 as Interface.

  • Question 17:

    Examine this output from a debug flow:

    Why did the FortiGate drop the packet?

    A. The next-hop IP address is unreachable.

    B. It failed the RPF check.

    C. It matched an explicitly configured firewall policy with the action DENY.

    D. It matched the default implicit firewall policy.

  • Question 18:

    What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

    A. Full Content inspection

    B. Proxy-based inspection

    C. Certificate inspection

    D. Flow-based inspection

  • Question 19:

    Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

    A. FortiCache

    B. FortiSIEM

    C. FortiAnalyzer

    D. FortiSandbox

    E. FortiCloud

  • Question 20:

    Refer to the exhibits.

    Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

    A. Administrators can access FortiGate only through the console port.

    B. FortiGate has entered conserve mode.

    C. FortiGate will start sending all files to FortiSandbox for inspection.

    D. Administrators cannot change the configuration.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.