Professional Documents
Culture Documents
NSE6 - FML 6.4 2023
NSE6 - FML 6.4 2023
NSE6 - FML 6.4 2023
Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
First
QUESTION 1
Refer to the exhibit.
Which two actions did FortiMail take on this email message? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
FortiMail is configured with the protected domain example.com.
Which two envelope addresses will require an access receive rule, to relay for unauthenticated senders?
(Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
Which two FortiMail antispam techniques can you use to combat zero-day spam? (Choose two.)
A. Behavior analysis
B. Spam outbreak protection
C. IP reputation
D. DNSBL
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Refer to the exhibit.
Why was the IP address blocked by FortiMail?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
In which two places can the maximum email size be overridden on FortiMail? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
A FortiMail administrator is concerned about cyber criminals attempting to get sensitive information from
employees using whaling phishing attacks.
What option can the administrator configure to prevent these types of attacks?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit.
Which two statements about this SMTP session are true? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
While reviewing logs, an administrator discovers that an incoming email was processed using policy IDs
0:4:9:INTERNAL.
Which two scenarios will generate this policy ID? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
What are two disadvantages of setting the Dictionary and DLP scan rule aggressiveness too high? (Choose
two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
A FortiMail is configured with the protected domain example.com.
On this FortiMail, which two envelope addresses are considered incoming? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibit.
After creating the policy shown in the exhibit, an administrator discovers that clients are able to send
unauthenticated email using SMTP.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
I Think it should be C
QUESTION 12
Refer to the exhibit.
An administrator must enforce authentication on FML-1 for all outbound email from the example.com domain.
Which two settings should be used to configure the access receive rule? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
Which two features are available when you enable HA centralized monitoring on FortiMail? (Choose two.)
A. Policy configuration changes of all cluster members from the primary device.
B. Mail statistics of all cluster members on the primary device.
C. Firmware update of all cluster members from the primary device.
D. Cross-device log searches across all cluster members from the primary device.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
Refer to the exhibit.
Which statement describes the pre-registered status of the IBE user extuser2@external.lab?
A. The user account has been de-activated, and the user must register again the next time they receive an IBE
email.
B. The user was registered by an administrator in anticipation of IBE participation.
C. The user has completed the IBE registration process, but has not yet accessed their IBE email.
D. The user has received an IBE notification email, but has not accessed the HTTPS URL or attachment yet.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
Refer to the exhibit.
Which two message types will trigger this DLP scan rule? (Choose two.)
A. An email message that contains credit card numbers in the body will trigger this scan rule.
B. An email sent from sales@internal.lab will trigger this scan rule, even without matching any conditions.
C. An email that contains credit card numbers in the body, attachment, and subject will trigger this scan rule.
D. An email message with a subject that contains the term "credit card" will trigger this scan rule.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Refer to the exhibit.
Which IP address should the DNS MX record for the FortiMail active-passive cluster resolve to?
A. 172.16.32.1
B. 172.16.32.57
C. 172.16.32.55
D. 172.16.32.56
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
Refer to the exhibit.
It is recommended that you configure which three access receive settings to allow outbound email from the
example.com domain on FML-1? (Choose three.)
Explanation/Reference:
QUESTION 18
Refer to the exhibit.
Why does the last field show SYSTEM in the Policy ID column?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
Which statement about how impersonation analysis identifies spoofed email addresses is correct?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
Refer to the exhibit.
Which configuration change must you make to prevent the banner from displaying the FortiMail serial number?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
A FortiMail administrator is investigating a sudden increase in DSNs being delivered to the protected domain for
undeliverable email messages. After searching the logs, the administrator identifies that the DSNs were not
generated as a result of any outbound email sent from the protected domain.
Which FortiMail antispam technique can the administrator use to prevent this scenario?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 22
Refer to the exhibit.
Which two statements about the MTAs of the domain example.com are true? (Choose two.)
A. The PriNS server should receive all email for the example.com domain.
B. The primary MTA for the example.com domain is mx.hosted.com.
C. The higher preference value is used to load balance more email to the mx.example.com MTA.
D. The external MTAs will send email to mx.example.com only if mx.hosted.com is unreachable.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
An organization has different groups of users with different needs in email functionality, such as address book
access, mobile device access, email retention periods, and disk quotas.
Which FortiMail feature specific to server mode can be used to accomplish this?
A. Resource profiles
B. Address book management options
C. Access profiles
D. Domain-level service settings
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24
Refer to the exhibit.
Which two statements describe the built-in bridge on a FortiMail operating in transparent mode? (Choose two.)
A. The management IP is permanently tied to port1, and port1 cannot be removed from the bridge.
B. If port1 is required to process SMTP traffic, it must be configured as a routed interface.
C. Any bridge member interface can be removed from the bridge and configured as a routed interface.
D. All bridge member interfaces belong to the same subnet as the management IP.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 25
Refer to the exhibit.
For the transparent mode FortiMail shown in the exhibit, which two sessions are considered incoming
sessions? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
Refer to the exhibit.
Which two statements about email messages sent from User A to User B are correct? (Choose two.)
A. User A's MUA will perform a DNS MX record lookup to send the email message.
B. User B will retrieve the email message using either POP3 or IMAP.
C. The DNS server will act as an intermediary MTA.
D. mx.example1.org will forward the email message to the MX record that has the lowest preference.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
Refer to the exhibit.
Which message size limit will FortiMail apply to the outbound email?
A. 51200
B. 10240
C. 1024
D. 204800
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
Which item is a supported one-time secure token for IBE authentication?
A. Certificate
B. FortiToken
C. Security question
D. SMS
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
Refer to the exhibit.
Based on the logs shown in the exhibit, which two statements are true? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
Refer to the exhibit.
What is the expected outcome of SMTP sessions sourced from FML1 and destined for FML2?
A. FML1 will successfully establish an SMTPS session with FML2.
B. FML1 will send the STARTTLS command in the SMTP session, which will be rejected by FML2.
C. FML1 will attempt to establish an SMTPS session with FML2, but revert to standard SMTP.
D. FML1 will fail to establish any sessions with FML2.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
Refer to the exhibit.
Which statement describes the impact of setting the User inactivity expiry time option to 90 days?
A. IBE user accounts will expire after 90 days of inactivity, and must register again to access new IBE email
message
B. Registered IBE users have 90 days from the time they receive a notification email message to access their
IBE email
C. After initial registration, IBE users can access the secure portal without authenticating again for 90 days
D. First time IBE users must register to access their email within 90 days of receiving the notification email
message
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
Refer to the exhibit.
Which two statements about the access receive rule are true? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
Which firmware upgrade method for an active-passive HA cluster ensures service outage is minimal, and there
are no unnecessary fail-overs?
A. Break the cluster, upgrade the units independently, and then form the cluster
B. Upgrade both units at the same time
C. Upgrade the standby unit, and then upgrade the active unit
D. Upgrade the active unit, which will upgrade the standby unit automatically
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34
Refer to the exhibit.
Which two statements about the mail server settings are true? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 35
Refer to the exhibit.
Which two statements about how the transparent mode FortiMail device routes email for the example.com
domain are true? (Choose two.)
A. If incoming email messages are undeliverable, FML-1 can queue them to retry later
B. If outgoing email messages are undeliverable, FM-1 can queue them to retry later
C. FML-1 will use the built-in MTA for outgoing sessions
D. FML-1 will use the transparent proxy for incoming sessions
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 36
Which two CLI commands, if executed, will erase all data on the log disk partition? (Choose two.)
A. execute formatmaildisk
B. execute formatmaildisk_backup
C. execute formatlogdisk
D. execute partitionlogdisk 40
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
If you are using the built-in MTA to process email in transparent mode, which two statements about FortiMail
behavior are true? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
Refer to the exhibit.
Which configuration change must you make to block an offending IP address temporarily?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
Which three statements about SMTPS and SMTP over TLS are true? (Choose three.)
A. SMTP over TLS connections are entirely encrypted and initiated on port 465
B. SMTPS encrypts the identities of both the sender and receiver
C. The STARTTLS command is used to initiate SMTP over TLS
D. SMTPS encrypts only the body of the email message
E. SMTPS connections are initiated on port 465
Explanation/Reference:
QUESTION 40
Refer to the exhibit.
An administrator has enabled the sender reputation feature in the Example_Session profile on FML-1. After a
few hours, the deferred queue on the mail server starts filling up with undeliverable email.
What two changes must the administrator make to fix this issue? (Choose two.)
A. Apply a session profile with sender reputation disabled on a separate IP policy for outbound sessions
B. Clear the sender reputation database using the CLI
C. Create an outbound recipient policy to bypass outbound email from session profile inspections
D. Disable the exclusive flag in IP policy ID 1
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Second
QUESTION 1
Examine the FortiMail topology and access receive rule shown in the exhibit; then answer the question
below.
An administrator must enforce authentication on FML-1 for all outbound email from the example.com
domain. Which of the following settings should be used to
configure the access receive rule? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
An administrator has enabled the sender reputation feature in the Example_Session profile on FML-1. After a
few hours, the deferred queue on the Mail Server started
filing up with undeliverable email. What changes should the administrator make to fix this issue? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
Which FortiMail option removes embedded code components in Microsoft Word, while maintaining the original
file format?
A. Behavior analysis
B. Impersonation analysis
C. Content disarm and reconstruction
D. Header analysis
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
While reviewing logs, an administrator discovers that an incoming email was processed using
policy IDs 0:4:9
Which two scenarios will generate this policy ID? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
FortiMail is configured with the protected domain example.com.
Which two envelope addresses will require an access receive rule, to relay for unauthenticated senders?
(Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
What two archiving actions will FortiMail take when email messages match these archive policies? (Choose
two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
What three configuration steps are required to enable DKIM signing for outbound messages on FortiMail?
(Choose three.)
Explanation/Reference:
QUESTION 8
An administrator sees that an excessive amount of storage space on a FortiMail device is being used up by
quarantine accounts for invalid users. The FortiMail is operating in transparent mode.
Which two FortiMail features can the administrator configure to tackle this issue? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
What are two expected outcomes if FortiMail applies this antivirus action profile to an email?
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
A. User 1 will use logs were generated load the email message from MTA-2
B. MTA-2 will use IMAP to receive the email message from MTA-1
C. MTA-1 will use POP3 to deliver the email message to User 1 directly
D. MTA-1 will use SMTP to deliver the email message to MTA-2
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Which two antispam techniques query FortiGuard for rating information? (Choose two.)
A. DNSBL
B. SURBL
C. IP reputation
D. URI filter
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
A FortiMail administrator is investigating a sudden increase in DSNs being delivered to the protected domain for
undeliverable email messages. After searching the logs, the administrator identifies that the DSNs were not
generated as
a result of any outbound email sent from the protected domain.
Which FortiMail antispam technique can the administrator use to prevent this scenario?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
The exhibit shows a FortiMail active-passive setup.
Which three actions are recommended when configuring the primary FortiMail HA interface?
(Choose three.)
QUESTION 14
While testing outbound MTA functionality, an administrator discovers that all outbound email is being processed
using policy IDs 1:2:0.
Which two reasons explain why the last policy ID value is 0? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
I think it should be B&C
QUESTION 15
An organization has different groups of users with different needs in email functionality, such as
address book access, mobile device access, email retention periods, and disk quotas.
Which FortiMail feature specific to server mode can be used to accomplish this?
A. Resource profiles
B. Domain-level service settings
C. Access profiles
D. Address book management options
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Examine the FortiMail topology and access receive rule shown in the exhibit; then answer the question below.
An administrator must enforce authentication on FML-1 for all outbound email from the example.com domain.
Which of the following settings should be used to configure the access receive rule? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
Which of the following statements are true regarding the transparent mode FortiMail’s email routing for the
example.com domain? (Choose two.)
Explanation/Reference:
QUESTION 18
Examine the FortiMail archiving policies shown in the exhibit; then answer the question below.
What is the expected outcome if FortiMail applies this action profile to an email? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
Examine the FortiMail user webmail interface shown in the exhibit; then answer the question below.
Which one of the following statements is true regarding this server mode FortiMail’s configuration?
A. The protected domain-level service settings have been modified to allow access to the domain
address book
B. This user’s account has a customized access profile applied that allows access to the personal
C. The administrator has not made any changes to the default address book access privileges
D. The administrator has configured an inbound recipient policy with a customized resource profile
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
What IP address should the DNS MX record for this deployment resolve to?
A. 172.16.32.1
B. 172.16.32.57
C. 172.16.32.55
D. 172.16.32.56
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
Examine the FortiMail recipient-based policy shown in the exhibit; then answer the question below.
After creating the policy, an administrator discovered that clients are able to send unauthenticated email using
SMTP. What must be done to ensure clients cannot send unauthenticated email?
A. Configure a matching IP policy with SMTP authentication and exclusive flag enabled
B. Move the recipient policy to the top of the list
C. Configure an access receive rule to verify authentication status
D. Configure an access delivery rule to enforce authentication
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
I think it should be C
QUESTION 22
Examine the nslookup output shown in the exhibit; then answer the question below.
Identify which of the following statements is true regarding the example.com domain’s MTAs.(Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
Examine the FortiMail IBE users shown in the exhibit; then answer the question below
Which one of the following statements describes the Pre-registered status of the IBE user
krayner@external.com?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24
Examine the FortiMail active-passive cluster shown in the exhibit; then answer the question below.
Which of the following parameters are recommended for the Primary FortiMail’s HA interface configuration?
(Choose three.)
Explanation/Reference:
QUESTION 25
Examine the FortMail mail server settings shown in the exhibit; then answer the question below.
Which of the following statements is true regarding this configuration? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
Which of the following statements are true regarding FortiMail’s behavior when using the built-in MTA to
process email in transparent mode? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
Examine the FortiMail session profile and protected domain configuration shown in the exhibit; then answer the
question below.
A. 204800
B. 51200
C. 1024
D. 10240
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
Examine the FortMail mail server settings shown in the exhibit; then answer the question below.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
Examine the FortiMail topology and IP-based policy shown in the exhibit; then answer the question below.
An administrator has enabled the sender reputation feature in the Example_Session profile on FML- 1. After a
few hours, the deferred queue on the Mail Server started filing up with undeliverable email. What changes
should the
administrator make to fix this issue? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
Which two statements about the access receive rule are true? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
What are the configuration steps to enable DKIM signing for outbound messages on FortiMail?
(Choose three.)
A. Enable DKIM signing for outgoing messages in a matching session profile
B. Publish the public key as a TXT record in a public DNS server
C. Enable DKIM check in a matching session profile
D. Enable DKIM check in a matching antispam profile
E. Generate a public/private key pair in the protected domain configuration
Explanation/Reference:
QUESTION 32
Examine the configured routes shown in the exhibit; then answer the question below.
Which interface will FortiMail use to forward an email message destined for 10.1.100.252?
A. port2
B. port4
C. port3
D. port1
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
Examine the message column of a log cross search result of an inbound email shown in the exhibit; then
answer the question below
Based on logs, which of the following statements are true? (Choose two.)
A. The FortiMail is experiencing issues delivering the email to the back-end mail server
B. The logs were generated by a server mode FortiMail
C. The logs were generated by a gateway or transparent mode FortiMail
D. The FortiMail is experiencing issues accepting the connection from the remote sender
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34
Which statement describes the impact of setting the User inactivity expiry time option to 90 days?
A. IBE user accounts will expire after 90 days of inactivity, and must register again to access new IBE email
message
B. Registered IBE users have 90 days from the time they receive a notification email message to access their
IBE email
C. After initial registration, IBE users can access the secure portal without authenticating again for 90 day
D. First time IBE users must register to access their email within 90 days of receiving the notification email
message
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 35
Refer to the exhibit
A. Clients cannot send email to more that five recipients every 30 minutes
B. A client cannot establish more than 1200 connections during a 30 minute period
C. Email will be delayed for 30 minutes if a connection remains idle for more than 20 seconds
D. if a client establishes more than five concurrent connections they will be delayed for 10 seconds
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 36
A FortiMail administrator is concerned about cyber criminals attempting to get sensitive information from
employees using whaling phishing attacks.
What option can the administrator configure to prevent these types of attacks?
A. Impersonation analysis
B. Bounce tag verification
C. Content disarm and reconstruction
D. Dictionary profile with predefined smart identifiers
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
Refer to the exhibit.
For the transparent mode FortiMail shown in the exhibit, which two sessions are considered incoming
sessions? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
An administrator wants to maintain a centralized backup for mail data in config-only HA mode
Which option can the administrator configure on FortiMail to achieve this outcome?
A. Enable backup mail data directories in the HA configuration for each member of the cluster
B. Configure each member of the cluster to send the mail data to the primary FortiMail
C. Configure each member of the cluster to store data on a NAS server that supports NFS connections
D. Enable backup MTA queue directories in the HA configuration for each member of the cluster
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
Refer to the exhibit.
Which statement describes the impact of the maximum size (KB) for push method value?
A. If the IBE attachment size exceeds the maximum size value pull delivery will be used
B. If the IBE attachment size exceeds the maximum size value AES 256 will be used
C. If the IBE attachment size exceeds the maximum size value TLS will be used
D. If the IBE attachment size exceeds the maximum size value the email message will not be delivered
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 40
Refer to the exhibit.
Which configuration change must you make to block an offending IP address temporarily?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 41
Which FortiMail antispam technique can you use to combat zero-day spam?(Choose two)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 42
Refer to the exhibit.
It is recommended that you configure which three access receive settings to allow outbound email from the
example.com domain on FML-1? (Choose three.)
Explanation/Reference:
QUESTION 43
Refer to the exhibit.
Which two statements about the access receive rule are true? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 44
Refer to the exhibit
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 45
Refer to the exhibit.
Which statement describes the pre-registered status of the IBE user extuser2@external.lab?
A. The user has received an IBE notification email, but has not accessed the HTTPS URL or attachment yet.
B. The user account has been de-activated, and the user must register again the next time they receive an IBE
email.
C. The user was registered by an administrator in anticipation of IBE participation
D. The user has completed the IBE registration process, but has not yet accessed their IBE email.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
An organization has different groups of users with different needs in email functionality, such as
address book access, mobile device access, email retention periods, and disk quotas.
Which FortiMail feature specific to server mode can be used to accomplish this?
A. Resource profiles
B. Domain-level service settings
C. Access profiles
D. Address book management options
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
I Think it should be A
QUESTION 47
Refer to the exhibit.
Which two message types will trigger this DLP scan rule? (Choose two.)
A. An email message with a subject that contains the term “credit card” will trigger this scan rule
B. An email that contains credit card numbers in the body, attachment, and subject will trigger this scan rule
C. An email message that contains credit card numbers in the body will trigger this scan rule
D. An email sent from sales@internal.lab will trigger this scan rule, even without matching any conditions
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 48
Refer to the exhibit.
Which two statements about email messages sent from User A to User B are correct? (Choose two.)
A. User A's MUA will perform a DNS MX record lookup to send the email message.
B. mx.example1.org will forward the email message to the MX record that has the lowest preference
C. The DNS server will act as an intermediary MTA
D. User B will retrieve the email message using either POP3 or IMAP
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 49
Examine the message column of a log cross search result of an inbound email shown in the exhibit; then
answer the question below
Based on logs, which of the following statements are true? (Choose two.)
A. The FortiMail is experiencing issues delivering the email to the back-end mail server
B. The logs were generated by a server mode FortiMail
C. The logs were generated by a gateway or transparent mode FortiMail
D. The FortiMail is experiencing issues accepting the connection from the remote sender
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 50
While testing outbound MTA functionality, an administrator discovers that all outbound email is being processed
using policy IDs 1:2:0.
Which two reasons explain why the last policy ID value is 0? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
I think it should be B and C
QUESTION 51
Which statement about how impersonation analysis identifies spoofed email addresses is correct?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 52
Refer to the exhibit.
A. The management IP is permanently tied to port1, and port1 cannot be removed from the bridge.
B. If port1 is required to process SMTP traffic, it must be configured as a routed interface.
C. Any bridge member interface can be removed from the bridge and configured as a routed interface.
D. All bridge member interfaces belong to the same subnet as the management IP.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 53
Refer to the Exhibit
Which two actions did FortiMail take on this email message ?(Choose two)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 54
Refer to the exhibit
What does the Scan timeout value specify
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 55
Refer to the exhibit
Which two statements about email messages sent from User A to User B are correct? (Choose two)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
I think it should be C and D
QUESTION 56
Which statement about how impersonation analysis identifies spoofed email addresses is correct?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 57
Refer to the exhibit
Which two statements describe the built-in bridge on a FortiMail operating in transparent mode? (Choose two)
A. All bridge member interfaces belong to the same subnet as the management IP
B. If port1 is required to process SMTP traffic , it must be configured as a routed interface
C. The management IP is permanently tied to port1 , and port1 cannot be removed from the bridge
D. Any bridge member interface can be removed from the bridge and configured as a routed interface
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 58
Refer to the exhibit
Which two statements about this SMTP session are true?(Choose two)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 59
Refer to the exhibit
Which configuration change must you make to prevent the banner from displaying the ForiMail serial number
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 60
Refer to the exhibit
What is the expected outcome of SMTP sessions sourced from FML1 and destined for FML2 ?
A. FML1 will attempt to establish an SMTPS session with FML2 but revert to standard SMTP
B. FML1 will faild to establish any sessions with FML2
C. FML1 will successfully establish an SMTPS session with FML2
D. FML1 will send the STARTTLS command in the SMTP session, which will be rejected by FML2
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 61
An organization has different groups of users with different needs in email functionality, such as
address book access, mobile device access, email retention periods, and disk quotas.
Which FortiMail feature specific to server mode can be used to accomplish this?
A. Resource profiles
B. Domain-level service settings
C. Access profiles
D. Address book management options
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Third
QUESTION 1
Examine the nslookup output shown in the exhibit; then answer the question below.
Identify which of the following statements is true regarding the example.com domain's MTAs. (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
A FortiMail is configured with the protected domain "example.com". For this FortiMail, which of the following
envelope addresses are considered incoming?
(Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
Which of the following CLI commands, if executed, will erase all data on the log disk partition? (Choose two.)
A. execute formatmaildisk
B. execute formatmaildisk_backup
C. execute formatlogdisk
D. execute partitionlogdisk 40
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
FortiMail is configured with the protected domain "example.com". Identify which of the following envelope
addresses will require an access receive rule to relay for unauthenticated senders? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
I think it should be B and C
QUESTION 5
Refer to the exhibit.
Which IP address should the DNS MX record for the FortiMail active-passive cluster resolve to?
A. 172.16.32.57
B. 172.16.32.1
C. 172.16.32.55
D. 172.16.32.56
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
Which two statements about this SMTP session are true? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
A FortiMail administrator is investigating a sudden increase in DSNs being delivered to the protected domain for
undeliverable email messages. After searching the logs, the administrator identifies that the DSNs were not
generated as
a result of any outbound email sent from the protected domain.
Which FortiMail antispam technique can the administrator use to prevent this scenario?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
Examine the FortiMail recipient-based policy shown in the exhibit; then answer the question below.
After creating the policy, an administrator discovered that clients are able to send unauthenticated email using
SMTP. What must be done to ensure clients cannot send unauthenticated email?
A. Configure a matching IP policy with SMTP authentication and exclusive flag enabled
B. Move the recipient policy to the top of the list
C. Configure an access receive rule to verify authentication status
D. Configure an access delivery rule to enforce authentication
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
Examine the FortiMail session profile and protected domain configuration shown in the exhibit; then answer the
question below.
A. 204800
B. 51200
C. 1024
D. 10240
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
Refer to the exhibit.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
I think it should be D
QUESTION 11
An administrator wants to maintain a centralized backup for mail data in config-only HA mode
Which option can the administrator configure on FortiMail to achieve this outcome ?
A. Enable backup mail data directories in the HA configuration for each member of the cluster
B. Configure each member of the cluster to send the mail data to the primary FortiMail
C. Configure each member of the cluster to store mail data on a NAS server that supports NFS connections
D. Enable backup MTA queue directories in the HA configuration for each member of the cluster
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
Refer to the exhibit.
Why was the IP address blocked by FortiMail?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
Examine the exhibit; then answer the question below.
MTA 1 is delivering an email intended for User 1 to MTA 2. Which of the following statements about protocol
usage between the devices are true? (Choose two.)
A. MTA 2 will use IMAP to receive the email message from MTA 1
B. MTA 1 will use SMTP to deliver the email message to MTA 2
C. User 1 will use IMAP to download the email message from MTA 2
D. MTA 1 will use POP3 to deliver the email message to User 1 directly
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
Refer to the exhibit
which statement describes the impact of the maximum size (KB) for push method value if the IBE attachment
size exceeds the maximum size value?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
Which license do you need to apply to a FortiMail device to enable the HA centralized monitoring features ?
A. MSSP license
B. Cloud gateway license
C. Enterprise License
D. Office 365 protection License
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Refer to the exhibit.
Which two statements about how the transparent mode FortiMail device routes email for the example.com
domain are true? (Choose two.)
A. If incoming email messages are undeliverable, FML-1 can queue them to retry later
B. If outgoing email messages are undeliverable, FM-1 can queue them to retry later
C. FML-1 will use the built-in MTA for outgoing sessions
D. FML-1 will use the transparent proxy for incoming sessions
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
Refer to the exhibit.
An administrator has enabled the sender reputation feature in the Example_Session profile on FML-1. After a
few hours, the deferred queue on the Mail Server started filing up with undeliverable email. What changes
should the administrator make to fix this issue? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
I think it should be A and D
QUESTION 18
Refer to the exhibit
What will happen to an email that triggers spam outbreak protection?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
Refer to the exhibit.
Which two message types will trigger this DLP scan rule? (Choose two.)
A. An email message with a subject that contains the term “credit card” will trigger this scan rule
B. An email that contains credit card numbers in the body, attachment, and subject will trigger this scan rule
C. An email message that contains credit card numbers in the body will trigger this scan rule
D. An email sent from sales@internal.lab will trigger this scan rule, even without matching any conditions
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
Which two antispam techniques query FortiGuard for rating information? (Choose two.)
A. DNSBL
B. SURBL
C. IP reputation
D. URL filter
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
What are two reasons for having reliable DNS servers configured on FortiMail?(Choose two)
A. Email transmission
B. FortiGuard Connectivity
C. HA synchronization
D. Firmware updates
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 22
7 What three configuration steps are required to enable DKIM signing for outbound messages on FortiMail?
(Choose three.)
Explanation/Reference:
QUESTION 23
Refer to the exhibit.
The exhibit shows a FortiMail active-passive setup.
Which three actions are recommended when configuring the primary FortiMail HA interface? (Choose three.)
Explanation/Reference:
I think it should be B, C and D
QUESTION 24
Examine the FortiMail recipient-based policy shown in the exhibit; then answer the question below.
After creating the policy, an administrator discovered that clients are able to send unauthenticated email using
SMTP. What must be done to ensure clients cannot send unauthenticated email?
A. Configure a matching IP policy with SMTP authentication and exclusive flag enabled
B. Move the recipient policy to the top of the list
C. Configure an access receive rule to verify authentication status
D. Configure an access delivery rule to enforce authentication
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
I think it should be C
QUESTION 25
Refer to the exhibit.
Which two statements about the mail server settings are true? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
A FortiMail is configured with the protected domain example.com.
On this FortiMail, which two envelope addresses are considered incoming? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
Examine the message column of a log cross search result of an inbound email shown in the exhibit; then
answer the question below
Based on logs, which of the following statements are true? (Choose two.)
A. The FortiMail is experiencing issues delivering the email to the back-end mail server
B. The logs were generated by a server mode FortiMail
C. The logs were generated by a gateway or transparent mode FortiMail
D. The FortiMail is experiencing issues accepting the connection from the remote sender
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
Refer to the exhibit
what does the scan timeout value specify?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
Refer to the exhibit.
What two archiving actions will FortiMail take when email messages match these archive policies?
(Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
Refer to the exhibit.
Why does the last field show system in the policy id column?
A. It is an inbound email
B. The email was dropped by a system blocklist
C. The email did not match a recipient-based policy
D. The email matched a system-level authentication policy
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
Refer to the exhibit.
Which two statements about the access receive rule are true? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
Refer to the exhibit.
An administrator must enforce authentication on FML-1 for all outbound email from the example.com domain.
Which two settings should be used to configure the access receive rule?
(Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
An organization has different groups of users with different needs in email functionality, such as
address book access, mobile device access, email retention periods, and disk quotas.
Which FortiMail feature specific to server mode can be used to accomplish this?
A. Resource profiles
B. Domain-level service settings
C. Access profiles
D. Address book management options
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34
A FortiMail administrator is investigating a sudden increase in DSNs being delivered to the protected domain for
undeliverable email messages. After searching the logs, the administrator identifies that the DSNs were not
generated as
a result of any outbound email sent from the protected domain.
Which FortiMail antispam technique can the administrator use to prevent this scenario?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 35
If you are using the built-in MTA to process email in transparent mode, which two statements about FortiMail
behavior are true? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
I think it should be C and D
QUESTION 36
Which FortiSandbox type can be configured on FortiMail, to guarantee dedicated FortiSandbox service and
high performance?
A. Cloud
B. Dynamic Cloud
C. Premium Cloud
D. Enhanced Cloud
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
Refer to the exhibit.
Which statement describes the impact of setting the User inactivity expiry time option to 90 days?
A. IBE user accounts will expire after 90 days of inactivity, and must register again to access new IBE email
message
B. Registered IBE users have 90 days from the time they receive a notification email message to access their
IBE email
C. After initial registration, IBE users can access the secure portal without authenticating again for 90 days
D. First time IBE users must register to access their email within 90 days of receiving the notification email
message
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
Refer to the exhibit.
What are two expected outcomes if FortiMail applies this antivirus action profile to an email?
(Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
FortiMail is configured with the protected domain example.com.
Which two envelope addresses will require an access receive rule, to relay for unauthenticated senders?
(Choose two.)
Explanation/Reference:
I think it should be A and C
QUESTION 40
While testing outbound MTA functionality, an administrator discovers that all outbound email is being processed
using policy IDs 1:2:0.
Which two reasons explain why the last policy ID value is 0? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
I think it should be B and C
QUESTION 41
Which statement about SMTPS and SMTP over TLS are true?
A. SMTP over TLS connections are entirely encrypted and initiated on port 465
B. SMTPS encrypts the identities of both the sender and receiver
C. The STARTTLS command is used to initiate SMTP over TLS
D. SMTPS encrypts only the body of the email message
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference: