Newly updated NSE4_FGT-6.4 dumps exam material sharing

July 4, 2022

Choosing the right NSE4_FGT-6.4 exam material will help you save more time doing everything, so I highly recommend you to use the newly updated NSE4_FGT-6.4 dumps material to help you pass the Fortinet NSE 4 – FortiOS 6.4 certification exam with ease.
Download NSE4_FGT-6.4 dumps:, and complete the 163 exam practice questions to ensure you successfully pass the Fortinet NSE 4 – FortiOS 6.4 certification exam on your first attempt.

And, share some NSE4_FGT-6.4 dumps online practice for free

Participate in the test, the answer will be announced at the end of the article


Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A. Subject Key Identifier value
B. SMMIE Capabilities value
C. Subject value
D. Subject Alternative Name value


Refer to the exhibit.

The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions are the sensor expected to take? (Choose two.)

A. The sensor will allow attackers to match the NTP.Spoofed.KoD.DoS signature.
B. The sensor will block all attacks aimed at Windows servers.
C. The sensor will reset all connections that match these signatures.
D. The sensor will gather a packet log for all matched traffic.


Which two statements are correct about the NGFW Policy-based mode? (Choose two.)

A. NGFW policy-based mode does not require the use of central source NAT policy

B. NGFW policy-based mode can only be applied globally and not on individual VDOMs

C. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy

D. NGFW policy-based mode policies support only flow inspection


Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

A. Custom permission for Network
B. Read/Write permission for Log and Report
C. CLI diagnostics command permission
D. Read/Write permission for Firewall


If Internet Service is already selected as a Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

A. IP address
B. Once Internet Service is selected, no other object can be added
C. User or User Group
D. FQDN address


Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
How does FortiGate process the traffic sent to

A. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.
B. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.
C. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.
D. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.


Refer to the exhibits.

Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

A. Administrators can access FortiGate only through the console port.
B. FortiGate has entered conserve mode.
C. FortiGate will start sending all files to FortiSandbox for inspection.
D. Administrators cannot change the configuration.


Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

A. Change password
B. Enable restricted access to trusted hosts
C. Change Administrator profile
D. Enable two-factor authentication


A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?

A. The browser requires a software update.
B. FortiGate does not support full SSL inspection when web filtering is enabled.
C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.
D. There are network connectivity issues.


Which two types of traffic are managed only by the management VDOM? (Choose two.)

A. FortiGuard web filter queries
C. Traffic shaping


How does FortiGate act when using SSL VPN in web mode?

A. FortiGate acts as an FDS server.
B. FortiGate acts as an HTTP reverse proxy.
C. FortiGate acts as a DNS server.
D. FortiGate acts as a router.


An administrator has configured the following settings: What are the two results of this configuration? (Choose two.)

A. Device detection on all interfaces is enforced for 30 minutes.
B. Denied users are blocked for 30 minutes.
C. A session for denied traffic is created.
D. The number of logs generated by denied traffic is reduced.


Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

A. System time
B. FortiGuaid update servers
C. Operating mode
D. NGFW mode


Verify the answer:

Q13CDC: “Operating mode is per-VDOM setting. You can combine transparent mode VDOMs \’s with NAT mode VDOMs on the
same physical Fortigate.

D: “Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so
NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM”
Page 125 of FortiGate_Infrastructure_6.4_Study_Guide

[Google Drive] Download the above NSE4_FGT-6.4 dumps exam questions and answers: click here

Get full NSE4_FGT-6.4 dumps as a guarantee of passing the Fortinet NSE 4 – FortiOS 6.4 certification exam: