1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE 4 - FortiOS 6.4

Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jun 11, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.4 Questions & Answers

  • Question 71:

    Examine the two static routes shown in the exhibit, then answer the following question.

    Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

    A. FortiGate will load balance all traffic across both routes.

    B. FortiGate will use the port1 route as the primary candidate.

    C. FortiGate will route twice as much traffic to the port2 route

    D. FortiGate will only actuate the port1 route in the routing table

  • Question 72:

    Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

    A. This is known as many-to-one NAT.

    B. Source IP is translated to the outgoing interface IP.

    C. Connections are tracked using source port and source MAC address.

    D. Port address translation is not used.

  • Question 73:

    Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

    A. By default, FortiGate uses WINS servers to resolve names.

    B. By default, the SSL VPN portal requires the installation of a client's certificate.

    C. By default, split tunneling is enabled.

    D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.

  • Question 74:

    Refer to the exhibit showing a debug flow output.

    Which two statements about the debug flow output are correct? (Choose two.)

    A. The debug flow is of ICMP traffic.

    B. A firewall policy allowed the connection.

    C. A new traffic session is created.

    D. The default route is required to receive a reply.

  • Question 75:

    Which two statements are correct about NGFW Policy-based mode? (Choose two.)

    A. NGFW policy-based mode does not require the use of central source NAT policy

    B. NGFW policy-based mode can only be applied globally and not on individual VDOMs

    C. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy

    D. NGFW policy-based mode policies support only flow inspection

  • Question 76:

    How does FortiGate act when using SSL VPN in web mode?

    A. FortiGate acts as an FDS server.

    B. FortiGate acts as an HTTP reverse proxy.

    C. FortiGate acts as DNS server.

    D. FortiGate acts as router.

  • Question 77:

    What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

    A. It limits the scope of application control to the browser-based technology category only.

    B. It limits the scope of application control to scan application traffic based on application category only.

    C. It limits the scope of application control to scan application traffic using parent signatures only

    D. It limits the scope of application control to scan application traffic on DNS protocol only.

  • Question 78:

    Which two statements are true about collector agent advanced mode? (Choose two.)

    A. Advanced mode uses Windows convention--NetBios: Domain\Username.

    B. FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate

    C. Advanced mode supports nested or inherited groups

    D. Security profiles can be applied only to user groups, not individual users.

  • Question 79:

    Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

    A. Shut down/reboot a downstream FortiGate device.

    B. Disable FortiAnalyzer logging for a downstream FortiGate device.

    C. Log in to a downstream FortiSwitch device.

    D. Ban or unban compromised hosts.

  • Question 80:

    An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

    Which DPD mode on FortiGate will meet the above requirement?

    A. Disabled

    B. On Demand

    C. Enabled

    D. On Idle

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.