An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?
A. Configure Source IP Pools.In which two ways can RPF checking be disabled? (Choose two )
A. Enable anti-replay in firewall policy.Which two statements are true about the FGCP protocol? (Choose two.)
A. FGCP elects the primary FortiGate device.Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)
A. Shut down/reboot a downstream FortiGate device.Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
A. Log downloads from the GUI are limited to the current filter viewRefer to the exhibits.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW). What must the administrator do to synchronize the address object?
A. Change the csf setting on ISFW (downstream) to set configuration-sync local.Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
A. On HQ-FortiGate, enable Auto-negotiate.Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A. The IPS engine was inspecting high volume of traffic.Refer to the exhibits.


The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook .
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?
A. Make SSL inspection needs to be a deep content inspection.Which of statement is true about SSL VPN web mode?
A. The tunnel is up while the client is connected.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-7.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.