1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 31, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 51:

    Which two statements are true about the FGCP protocol? (Choose two.)

    A. Not used when FortiGate is in Transparent mode
    B. Elects the primary FortiGate device
    C. Runs only over the heartbeat links
    D. Is used to discover FortiGate devices in different HA groups

  • Question 52:

    Refer to the exhibit.

    The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check. Which interface will be selected as an outgoing interface?

    A. port2
    B. port4
    C. port3
    D. port1

  • Question 53:

    Which three statements are true regarding session-based authentication? (Choose three.)

    A. HTTP sessions are treated as a single user.
    B. IP sessions from the same source IP address are treated as a single user.
    C. It can differentiate among multiple clients behind the same source IP address.
    D. It requires more resources.
    E. It is not recommended if multiple users are behind the source NAT

  • Question 54:

    The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

    A. DNS-based web filter and proxy-based web filter
    B. Static URL filter, FortiGuard category filter, and advanced filters
    C. Static domain filter, SSL inspection filter, and external connectors filters
    D. FortiGuard category filter and rating filter

  • Question 55:

    Which two types of traffic are managed only by the management VDOM? (Choose two.)

    A. FortiGuard web filter queries
    B. PKI
    C. Traffic shaping
    D. DNS

  • Question 56:

    Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

    A. diagnose sys top
    B. execute ping
    C. execute traceroute
    D. diagnose sniffer packet any
    E. get system arp

  • Question 57:

    Refer to the exhibit, which contains a radius server configuration.

    An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option. What will be the impact of using Include in every user group option in a RADIUS configuration?

    A. This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.
    B. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.
    C. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.
    D. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

  • Question 58:

    Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

    A. Subject Key Identifier value
    B. SMMIE Capabilities value
    C. Subject value
    D. Subject Alternative Name value

  • Question 59:

    Refer to the exhibit.

    The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)

    A. FortiGate SN FGVM010000065036 HA uptime has been reset.
    B. FortiGate devices are not in sync because one device is down.
    C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
    D. FortiGate SN FGVM010000064692 has the higher HA priority.

  • Question 60:

    Refer to the exhibit.

    A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

    Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

    A. On HQ-FortiGate, set IKE mode to Main (ID protection).
    B. On both FortiGate devices, set Dead Peer Detection to On Demand.
    C. On HQ-FortiGate, disable Diffie-Helman group 2.
    D. On Remote-FortiGate, set port2 as Interface.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.