1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 31, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 41:

    Refer to the exhibit.

    The exhibit shows the IPS sensor configuration.

    If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

    A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.
    B. The sensor will block all attacks aimed at Windows servers.
    C. The sensor will reset all connections that match these signatures.
    D. The sensor will gather a packet log for all matched traffic.

  • Question 42:

    Refer to the exhibit.

    The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

    The WAN (port1) interface has the IP address 10.200.1.1/24.

    The LAN (port3) interface has the IP address 10.0.1.254/24.

    A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

    Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

    Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

    A. 10.200.1.149
    B. 10.200.1.1
    C. 10.200.1.49
    D. 10.200.1.99

  • Question 43:

    Refer to the exhibit.

    The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.

    An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.

    The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database.

    Users will be prompted for authentication.

    How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

    A. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.
    B. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.
    C. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.
    D. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

  • Question 44:

    Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

    A. The collector agent uses a Windows API to query DCs for user logins.
    B. NetAPI polling can increase bandwidth usage in large networks.
    C. The collector agent must search security event logs.
    D. The NetSession Enum function is used to track user logouts.

  • Question 45:

    What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

    A. It limits the scope of application control to the browser-based technology category only.
    B. It limits the scope of application control to scan application traffic based on application category only.
    C. It limits the scope of application control to scan application traffic using parent signatures only
    D. It limits the scope of application control to scan application traffic on DNS protocol only.

  • Question 46:

    Consider the topology:

    Application on a Windows machine <--{SSL VPN}-->FGT--> Telnet to Linux server.

    An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to

    increase or disable this timeout.

    The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

    What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

    A. Set the maximum session TTL value for the TELNET service object.
    B. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.
    C. Create a new service object for TELNET and set the maximum session TTL.
    D. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

  • Question 47:

    In an explicit proxy setup, where is the authentication method and database configured?

    A. Proxy Policy
    B. Authentication Rule
    C. Firewall Policy
    D. Authentication scheme

  • Question 48:

    Refer to the exhibit showing a debug flow output.

    Which two statements about the debug flow output are correct? (Choose two.)

    A. The debug flow is of ICMP traffic.
    B. A firewall policy allowed the connection.
    C. A new traffic session is created.
    D. The default route is required to receive a reply.

  • Question 49:

    Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

    A. System time
    B. FortiGuaid update servers
    C. Operating mode
    D. NGFW mode

  • Question 50:

    If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

    A. The Services field prevents SNAT and DNAT from being combined in the same policy.
    B. The Services field is used when you need to bundle several VIPs into VIP groups.
    C. The Services field removes the requirement to create multiple VIPs for different services.
    D. The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.