1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE 4 - FortiOS 6.4

Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jun 11, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.4 Questions & Answers

  • Question 21:

    Which two statements are true about the RPF check? (Choose two.)

    A. The RPF check is run on the first sent packet of any new session.

    B. The RPF check is run on the first reply packet of any new session.

    C. The RPF check is run on the first sent and reply packet of any new session.

    D. RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

  • Question 22:

    Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

    A. The subject field in the server certificate

    B. The serial number in the server certificate

    C. The server name indication (SNI) extension in the client hello message

    D. The subject alternative name (SAN) field in the server certificate

    E. The host field in the HTTP header

  • Question 23:

    NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

    A. Web filtering

    B. Antivirus

    C. Web proxy

    D. Application control

  • Question 24:

    Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

    A. FortiGuard web filter cache

    B. FortiGate hostname

    C. NTP

    D. DNS

  • Question 25:

    An administrator needs to increase network bandwidth and provide redundancy.

    What interface type must the administrator select to bind multiple FortiGate interfaces?

    A. VLAN interface

    B. Software Switch interface

    C. Aggregate interface

    D. Redundant interface

  • Question 26:

    Refer to the exhibit.

    The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.

    How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

    A. If there is a full-through policy in place, users will not be prompted for authentication.

    B. Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.

    C. Authentication is enforced at a policy level; all users will be prompted for authentication.

    D. Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.

  • Question 27:

    Which statement regarding the firewall policy authentication timeout is true?

    A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

    B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

    C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

    D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

  • Question 28:

    An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode selector for site B?

    A. 192.168.3.0/24

    B. 192.168.2.0/24

    C. 192.168.1.0/24

    D. 192.168.0.0/8

  • Question 29:

    An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

    A. The strict RPF check is run on the first sent and reply packet of any new session.

    B. Strict RPF checks the best route back to the source using the incoming interface.

    C. Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.

    D. Strict RPF allows packets back to sources with all active routes.

  • Question 30:

    What is the primary FortiGate election process when the HA override setting is disabled?

    A. Connected monitored ports > System uptime > Priority > FortiGate Serial number

    B. Connected monitored ports > HA uptime > Priority > FortiGate Serial number

    C. Connected monitored ports > Priority > HA uptime > FortiGate Serial number

    D. Connected monitored ports > Priority > System uptime > FortiGate Serial number

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.