1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 31, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 61:

    How do you format the FortiGate flash disk?

    A. Load a debug FortiOS image.
    B. Load the hardware test (HQIP) image.
    C. Execute the CLI command execute formatlogdisk.
    D. Select the format boot device option from the BIOS menu.

  • Question 62:

    Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

    A. Fabric Coverage
    B. Automated Response
    C. Security Posture
    D. Optimization

  • Question 63:

    Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

    A. diagnose wad session list
    B. diagnose wad session list | grep hook-preandandhook-out
    C. diagnose wad session list | grep hook=preandandhook=out
    D. diagnose wad session list | grep "hook=pre"and"hook=out"

  • Question 64:

    Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

    A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
    B. ADVPN is only supported with IKEv2.
    C. Tunnels are negotiated dynamically between spokes.
    D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

  • Question 65:

    Refer to the exhibit to view the firewall policy.

    Which statement is correct if well-known viruses are not being blocked?

    A. The firewall policy does not apply deep content inspection.
    B. The firewall policy must be configured in proxy-based inspection mode.
    C. The action on the firewall policy must be set to deny.
    D. Web filter should be enabled on the firewall policy to complement the antivirus profile.

  • Question 66:

    An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

    A. The administrator can register the same FortiToken on more than one FortiGate.
    B. The administrator must use a FortiAuthenticator device.
    C. The administrator can use a third-party radius OTP server.
    D. The administrator must use the user self-registration server.

  • Question 67:

    Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

    A. The subject field in the server certificate
    B. The serial number in the server certificate
    C. The server name indication (SNI) extension in the client hello message
    D. The subject alternative name (SAN) field in the server certificate
    E. The host field in the HTTP header

  • Question 68:

    Examine this FortiGate configuration:

    Examine the output of the following debug command:

    Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

    A. It is allowed, but with no inspection
    B. It is allowed and inspected as long as the inspection is flow based
    C. It is dropped.
    D. It is allowed and inspected, as long as the only inspection required is antivirus.

  • Question 69:

    Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

    A. DNS
    B. ping
    C. udp-echo
    D. TWAMP

  • Question 70:

    Which statement about the IP authentication header (AH) used by IPsec is true?

    A. AH does not provide any data integrity or encryption.
    B. AH does not support perfect forward secrecy.
    C. AH provides data integrity bur no encryption.
    D. AH provides strong data integrity but weak encryption.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.