Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jul 10, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.4 Questions & Answers

  • Question 31:

    Refer to the exhibit.

    Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

    A. The port3 default route has the highest distance.

    B. The port3 default route has the lowest metric.

    C. There will be eight routes active in the routing table.

    D. The port1 and port2 default routes are active in the routing table.

  • Question 32:

    Refer to the exhibit.

    An administrator is running a sniffer command as shown in the exhibit.

    Which three pieces of information are included in the sniffer output? (Choose three.)

    A. Interface name

    B. Ethernet header

    C. IP header

    D. Application header

    E. Packet payload

  • Question 33:

    Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

    A. Root VDOM

    B. FG-traffic VDOM

    C. Customer VDOM D. Global VDOM

  • Question 34:

    You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.

    What is the default behavior when the local disk is full?

    A. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

    B. No new log is recorded until you manually clear logs from the local disk.

    C. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

    D. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

  • Question 35:

    Which statement about the IP authentication header (AH) used by IPsec is true?

    A. AH does not provide any data integrity or encryption.

    B. AH does not support perfect forward secrecy.

    C. AH provides data integrity bur no encryption.

    D. AH provides strong data integrity but weak encryption.

  • Question 36:

    An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

    A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

    B. Create a new service object for HTTP service and set the session TTL to never

    C. Set the TTL value to never under config system-ttl

    D. Set the session TTL on the HTTP policy to maximum

  • Question 37:

    Refer to the exhibit.

    The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.

    Which interface will be selected as an outgoing interface?

    A. port2

    B. port4

    C. port3

    D. port1

  • Question 38:

    Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

    A. It always authorizes the traffic without requiring authentication.

    B. It drops the traffic.

    C. It authenticates the traffic using the authentication scheme SCHEME2.

    D. It authenticates the traffic using the authentication scheme SCHEME1.

  • Question 39:

    Refer to the exhibit.

    The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)

    A. FortiGate SN FGVM010000065036 HA uptime has been reset.

    B. FortiGate devices are not in sync because one device is down.

    C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

    D. FortiGate SN FGVM010000064692 has the higher HA priority.

  • Question 40:

    Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

    A. FG-traffic

    B. Mgmt

    C. FG-Mgmt

    D. Root

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.