1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

NSE4_FGT-6.4 Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 31, 2026

Fortinet NSE4_FGT-6.4 Online Questions & Answers

  • Question 81:

    Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

    A. Shut down/reboot a downstream FortiGate device.
    B. Disable FortiAnalyzer logging for a downstream FortiGate device.
    C. Log in to a downstream FortiSwitch device.
    D. Ban or unban compromised hosts.

  • Question 82:

    Refer to the exhibits.

    The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.

    Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

    Which part of the policy configuration must you change to resolve the issue?

    A. The SSL inspection needs to be a deep content inspection.
    B. Force access to Facebook using the HTTP service.
    C. Additional application signatures are required to add to the security policy.
    D. Add Facebook in the URL category in the security policy.

  • Question 83:

    By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.

    Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)

    A. set fortiguard anycast disable
    B. set protocol udp
    C. set webfilter-force-off disable
    D. set webfilter-cache disable

  • Question 84:

    What devices form the core of the security fabric?

    A. Two FortiGate devices and one FortiManager device
    B. One FortiGate device and one FortiManager device
    C. Two FortiGate devices and one FortiAnalyzer device
    D. One FortiGate device and one FortiAnalyzer device

  • Question 85:

    Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

    A. To detect intermediary NAT devices in the tunnel path.
    B. To dynamically change phase 1 negotiation mode aggressive mode.
    C. To encapsulation ESP packets in UDP packets using port 4500.
    D. To force a new DH exchange with each phase 2 rekey.

  • Question 86:

    View the exhibit:

    Which the FortiGate handle web proxy traffic rue? (Choose two.)

    A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
    B. port-VLAN1 is the native VLAN for the port1 physical interface.
    C. C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
    D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

  • Question 87:

    Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

    A. The firmware image must be manually uploaded to each FortiGate.
    B. Only secondary FortiGate devices are rebooted.
    C. Uninterruptable upgrade is enabled by default.
    D. Traffic load balancing is temporally disabled while upgrading the firmware.

  • Question 88:

    Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

    A. Antivirus engine
    B. Intrusion prevention system engine
    C. Flow engine
    D. Detection engine

  • Question 89:

    View the exhibit.

    Which of the following statements are correct? (Choose two.)

    A. This setup requires at least two firewall policies with the action set to IPsec.
    B. Dead peer detection must be disabled to support this type of IPsec setup.
    C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
    D. This is a redundant IPsec setup.

  • Question 90:

    Refer to the exhibit.

    The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

    A. Change password
    B. Enable restrict access to trusted hosts
    C. Change Administrator profile
    D. Enable two-factor authentication

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.