1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE 4 - FortiOS 6.4

Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jun 11, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.4 Questions & Answers

  • Question 81:

    Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

    A. Firewall policy

    B. Policy rule

    C. Security policy

    D. SSL inspection and authentication policy

  • Question 82:

    Which two statements are true about collector agent standard access mode? (Choose two.)

    A. Standard mode uses Windows convention-NetBios: Domain\Username.

    B. Standard mode security profiles apply to organizational units (OU).

    C. Standard mode security profiles apply to user groups.

    D. Standard access mode supports nested groups.

  • Question 83:

    By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.

    Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)

    A. set fortiguard anycast disable

    B. set protocol udp

    C. set webfilter-force-off disable

    D. set webfilter-cache disable

  • Question 84:

    Which three statements are true regarding session-based authentication? (Choose three.)

    A. HTTP sessions are treated as a single user.

    B. IP sessions from the same source IP address are treated as a single user.

    C. It can differentiate among multiple clients behind the same source IP address.

    D. It requires more resources.

    E. It is not recommended if multiple users are behind the source NAT

  • Question 85:

    An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

    A. Add the support of NTLM authentication.

    B. Add user accounts to Active Directory (AD).

    C. Add user accounts to the FortiGate group fitter.

    D. Add user accounts to the Ignore User List.

  • Question 86:

    Which of the following SD-WAN load ç’ªalancing method use interface weight value to distribute traffic? (Choose two.)

    A. Source IP

    B. Spillover

    C. Volume

    D. Session

  • Question 87:

    Which two statements are true when FortiGate is in transparent mode? (Choose two.)

    A. By default, all interfaces are part of the same broadcast domain.

    B. The existing network IP schema must be changed when installing a transparent mode.

    C. Static routes are required to allow traffic to the next hop.

    D. FortiGate forwards frames without changing the MAC address.

  • Question 88:

    What devices form the core of the security fabric?

    A. Two FortiGate devices and one FortiManager device

    B. One FortiGate device and one FortiManager device

    C. Two FortiGate devices and one FortiAnalyzer device

    D. One FortiGate device and one FortiAnalyzer device

  • Question 89:

    Consider the topology:

    Application on a Windows machine <--{SSL VPN}-->FGT--> Telnet to Linux server.

    An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.

    The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

    What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

    A. Set the maximum session TTL value for the TELNET service object.

    B. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

    C. Create a new service object for TELNET and set the maximum session TTL.

    D. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

  • Question 90:

    In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

    A. The IP version of the sources and destinations in a firewall policy must be different.

    B. The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.

    C. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.

    D. The IP version of the sources and destinations in a policy must match.

    E. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.