Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-6.4

Fortinet NSE4_FGT-6.4 Exam Questions
Fortinet NSE 4 - FortiOS 6.4 (Page 4 )

Updated On: 21-Feb-2026
Page 4 of 34
PDF with 163 Questions

Which two statements ate true about the Security Fabric rating? (Choose two.)

  1. It provides executive summaries of the four largest areas of security focus.
  2. Many of the security issues can be fixed immediately by click ng Apply where available.
  3. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
  4. The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.

Answer(s): B,C

Explanation:

FortiGate_Security_6.4_Study_Guide-Online. page 89



Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

  1. System time
  2. FortiGuaid update servers
  3. Operating mode
  4. NGFW mode

Answer(s): C,D

Explanation:

C: "Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.
D: "Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection- mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM" Page 125 of FortiGate_Infrastructure_6.4_Study_Guide



An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.

Which subnet must the administrator configure for the local quick mode selector for site B?

  1. 192.168.1.0/24
  2. 192.168.0.0/24
  3. 192.168.2.0/24
  4. 192.168.3.0/24

Answer(s): C



An administrator does not want to report the logon events of service accounts to FortiGate.
What setting on the collector agent is required to achieve this?

  1. Add the support of NTLM authentication.
  2. Add user accounts to Active Directory (AD).
  3. Add user accounts to the FortiGate group fitter.
  4. Add user accounts to the Ignore User List.

Answer(s): D



Refer to the exhibits.





The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?

  1. The SSL inspection needs to be a deep content inspection.
  2. Force access to Facebook using the HTTP service.
  3. Additional application signatures are required to add to the security policy.
  4. Add Facebook in the URL category in the security policy.

Answer(s): A






Post your Comments and Discuss Fortinet NSE4_FGT-6.4 exam dumps with other Community members:

Join the NSE4_FGT-6.4 Discussion