Refer to the exhibit.
Which two statements about the mail server settings are true? (Choose two.)
- A . FortiMail will support the STARTTLS extension
- B . FortiMail will accept SMTPS connections
- C . FortiMail will drop any inbound plaintext SMTP connection
- D . FortiMail will enforce SMTPS on all outbound sessions
A FortiMail is configured with the protected domain example.com.
On this FortiMail, which two envelope addresses are considered incoming? (Choose two.)
- A . MAIL FROM: accounts@example.com RCPT TO: sales@external.org
- B . MAIL FROM: support@example.com RCPT TO: marketing@example.com
- C . MAIL FROM: training@external.org RCPT TO: students@external.org
- D . MAIL FROM: mis@hosted.net RCPT TO: noc@example.com
C,D
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9aa62d26-858d-
11ea- 9384-00505692583a/FortiMail-6.4.0-Administration_Guide.pdf (30)
Which FortiMail option removes embedded code components in Microsoft Word, while maintaining the original file format?
- A . Behavior analysis
- B . Impersonation analysis
- C . Content disarm and reconstruction
- D . Header analysis
C
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/8c063dd3-bafe-
11e9- a989-00505692583a/fortimail-admin-620.pdf (435)
Refer to the exhibit.
An administrator must enforce authentication on FML-1 for all outbound email from the example.com domain.
Which two settings should be used to configure the access receive rule? (Choose two.)
- A . The Recipient pattern should be set to *@example.com
- B . The Authentication status should be set to Authenticated
- C . The Sender IP/netmask should be set to 10.29.1.0/24
- D . The Action should be set to Reject
Refer to the exhibit.
Which two statements about the MTAs of the domain example.com are true? (Choose two.)
- A . The external MTAs will send email to mx.example.com only if mx.hosted.com is unreachable
- B . The PriNS server should receive all email for the example.com domain
- C . The primary MTA for the example.com domain is mx.hosted.com
- D . The higher preference value is used to load balance more email to the mx.example.com MTA
An administrator sees that an excessive amount of storage space on a FortiMail device is being used up by quarantine accounts for invalid users. The FortiMail is operating in transparent mode.
Which two FortiMail features can the administrator configure to tackle this issue? (Choose two.)
- A . Automatic removal of quarantine accounts
- B . Recipient address verification
- C . Bounce address tag verification
- D . Sender address rate control
A,D
Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9aa62d26-858d-11ea- 9384-00505692583a/FortiMail-6.4.0-Administration_Guide.pdf (322, 323)
If you are using the built-in MTA to process email in transparent mode, which two statements about FortiMail behavior are true? (Choose two.)
- A . MUAs need to be configured to connect to the built-in MTA to send email
- B . If you disable the built-in MTA, FortiMail will use its transparent proxies to deliver email
- C . FortiMail can queue undeliverable messages and generate DSNs
- D . FortiMail ignores the destination set by the sender, and uses its own MX record lookup to deliver email
Refer to the exhibit.
Which statement describes the impact of setting the User inactivity expiry time option to 90 days?
- A . IBE user accounts will expire after 90 days of inactivity, and must register again to access new IBE email message
- B . Registered IBE users have 90 days from the time they receive a notification email message to access their IBE email
- C . After initial registration, IBE users can access the secure portal without authenticating again for 90 days
- D . First time IBE users must register to access their email within 90 days of receiving the notification email message
A
Explanation:
Reference: https://docs.fortinet.com/document/fortimail/6.4.0/cli-reference/813529/system-encryption- ibe#config_3733402351_2450215
Which two antispam techniques query FortiGuard for rating information? (Choose two.)
- A . DNSBL
- B . SURBL
- C . IP reputation
- D . URI filter
A,B
Explanation:
Reference: https://docs.fortinet.com/document/fortimail/6.4.0/administration-guide/352990/configuring- antispam-profiles-and-antispam-action-profiles
While reviewing logs, an administrator discovers that an incoming email was processed using policy IDs 0:4:9.
Which two scenarios will generate this policy ID? (Choose two.)
- A . Email was processed using IP policy ID 4
- B . Incoming recipient policy ID 9 has the exclusive flag set
- C . FortiMail applies the default behavior for relaying inbound email
- D . FortiMail configuration is missing an access delivery rule
Refer to the exhibit.
An administrator has enabled the sender reputation feature in the Example_Session profile on FML-1. After a few hours, the deferred queue on the mail server starts filling up with undeliverable email.
What two changes must the administrator make to fix this issue? (Choose two.)
- A . Apply a session profile with sender reputation disabled on a separate IP policy for outbound sessions
- B . Clear the sender reputation database using the CLI
- C . Create an outbound recipient policy to bypass outbound email from session profile inspections
- D . Disable the exclusive flag in IP policy ID 1
While testing outbound MTA functionality, an administrator discovers that all outbound email is being processed using policy IDs 1:2:0.
Which two reasons explain why the last policy ID value is 0? (Choose two.)
- A . Outbound email is being rejected
- B . IP policy ID 2 has the exclusive flag set
- C . There are no outgoing recipient policies configured
- D . There are no access delivery rules configured for outbound email
Which firmware upgrade method for an active-passive HA cluster ensures service outage is minimal, and there are no unnecessary failovers?
- A . Break the cluster, upgrade the units independently, and then form the cluster
- B . Upgrade both units at the same time
- C . Upgrade the standby unit, and then upgrade the active unit
- D . Upgrade the active unit, which will upgrade the standby unit automatically
B
Explanation:
Reference: https://docs.fortinet.com/document/fortimail/6.2.0/administration-guide/725928/upgrading-firmware- on-ha-units
Refer to the exhibit.
MTA-1 is delivering an email intended for User 1 to MTA-2.
Which two statements about protocol usage between the devices are true? (Choose two.)
- A . User 1 will use logs were generated load the email message from MTA-2
- B . MTA-2 will use IMAP to receive the email message from MTA-1
- C . MTA-1 will use POP3 to deliver the email message to User 1 directly
- D . MTA-1 will use SMTP to deliver the email message to MTA-2
What three configuration steps are required to enable DKIM signing for outbound messages on FortiMail? (Choose three.)
- A . Generate a public/private key pair in the protected domain configuration
- B . Enable DKIM check in a matching session profile
- C . Enable DKIM check in a matching antispam profile
- D . Publish the public key as a TXT record in a public DNS server
- E . Enable DKIM signing for outgoing messages in a matching session profile