Exam 6

1. Refer to the exhibit, which displays the Mail Settings page of a FortiMail device running in gateway mode. In addition to selecting Check External Domain in the MTA-STS service field, what else must an administrator do to enable MTA-STS? (Choose one answer). Enable MTA-STS in the associated TLS profile. Enable SMTPUTF8 support in the mail server settings. Enable secure authentication in the associated SMTP authentication profile. Enable MTA-STS action in the appropriate inbound recipient policy.

2. Refer to the exhibit, which shows a topology diagram of two separate email domains. Which two statements correctly describe how an email message is delivered from User A to User B? (Choose two answers). mx.example1.org will forward the email message to the MX record that has the lowest preference. User B will retrieve the email message using either POP3 or IMAP. User A's MUA will perform a DNS MX record lookup to send the email message. The DNS server will act as an intermediary MTA.

3. Refer to the exhibit, which shows a topology diagram of a FortiMail cluster deployment. Which IP address must the DNS MX record for this organization resolve to? (Choose one answer). 172.16.32.57. 172.16.32.1. 172.16.32.56. 172.16.32.55.

4. Which two factors are required for an active-active HA configuration of FortiMail in server mode? (Choose two answers). A primary must be designated to initially process email. Mail data must be stored on a NAS server. Service monitoring must be configured for remote SMTP. Devices must be deployed behind a load balancer.

5. A FortiMail device is configured with the protected domain example.com. If none of the senders is authenticated, which two envelope addresses will require an access receive rule? (Choose two answers). MAIL FROM: support@example.org RCPT TO: marketing@example.com. MAIL FROM: mis@hosted.net RCPT TO: noc@example.com. MAIL FROM: accounts@example.com RCPT TO: sales@biz.example.com. MAIL FROM: training@example.com RCPT TO: students@external.org.

6. A FortiMail administrator is concerned about cybercriminals attempting to get sensitive information from employees using phishing attacks. Which option can the administrator configure to prevent these types of attacks? (Choose one answer). Impersonation analysis. Dictionary profile with predefined smart identifiers. Bounce tag verification. Content disarm and reconstruction.

7. Which item is a supported one-time secure token for IBE authentication? (Choose one answer). FortiToken. SMS. Security question. Certificate.

8. Refer to the exhibit, which shows an inbound recipient policy. After creating the policy shown in the exhibit, an administrator discovers that clients can send unauthenticated emails using SMTP. What must the administrator do to enforce authentication? (Choose one answer). Configure an access receive rule to verify authentication status. Configure an outbound recipient policy for LDAP authentication. Configure an access delivery rule to enforce authentication. Configure a matching IP policy with the exclusive flag enabled.

9. What are two disadvantages of configuring the dictionary and DLP scan rule aggressiveness too high? (Choose two answers). It is more resource intensive. More false positives could be detected. FortiMail requires more disk space for the additional rules. High aggressiveness scan settings do not support executable file types.

10. An administrator wants to provide an administratively managed address book to all users in a multidomain FortiMail deployment. Which type of address book must they create? (Choose one answer). Domain. Global. System. Personal.

11. How does impersonation analysis identify spoofed email addresses? (Choose one answer). It uses behavior analysis to detect spoofed addresses. It uses SPF validation to detect spoofed addresses. It maps the display name to the correct recipient email address. It uses DMARC validation to detect spoofed addresses.

12. Refer to the exhibits showing the SMTP limits (Session Profile—SMTP Limits) and domain settings (Domain Settings, and Domain Settings—Other) of a FortiMail device. Which message size limit in KB will FortiMail apply to outbound email? (Choose one answer). There is no message size limit for outbound email from a protected domain. 204800. 51200. 10240.

13. Refer to the exhibit, which shows some output of a telnet command. Which configuration change must you make to prevent the banner from displaying the FortiMail serial number? (Choose one answer). Change the operation mode. Configure a local domain name. Change the host name. Add a protected domain.

14. Refer to the exhibit, which shows a few lines of FortiMail logs. Based on these log entries, which two statements describe the operational status of this FortiMail device? (Choose two answers). FortiMail is experiencing issues delivering the email to the internal.lab MTA. The FortiMail device is in gateway or transparent mode. FortiMail is experiencing issues accepting the connection from the external.lab MTA. The FortiMail device is in server mode.

15. Refer to the exhibit, which shows a detailed history log view. Which two actions did FortiMail take on this email message? (Choose two answers). FortiMail rejected the message because it detected a forged source IP address. FortiMail sent the email message to User 1's personal quarantine. FortiMail replaced the virus content with a message. FortiMail modified the subject of the email message.

16. Refer to the exhibits, which show a topology diagram (Topology) and a configuration element (Access Control Rule). Which three access control settings are recommended to allow outbound email from the example.com domain on FML-1? (Choose three answers). The Sender IP/netmask must be 10.29.1.45/32. The Recipient pattern must be 10.29.1.45/24. The Status option must be disabled. The Action must be Relay. *The Sender pattern must be @example.com.

17. When configuring a FortiMail HA group consisting of different models, which two statements are true? (Choose two answers). Configurations will not synchronize between different model types. All units must have the same firmware. Group capacity is limited to the least powerful model. The most powerful model must be configured as the primary unit.

18. Refer to the exhibit which shows an nslookup output of MX records of the example.com domain. Which two MTA selection behaviors for the example.com domain are correct? (Choose two answers). The external MTAs will send email to mx.example.com only if mx.hosted.com is unreachable. mx.example.com will receive approximately twice the number of email as mx.hosted.com because of its preference value. The primary MTA for the example.com domain is mx.hosted.com. The PriNS server should receive all email for the example.com domain.

19. Refer to the exhibits, which show a topology diagram (Topology) and a configuration element (Access Control Rule). An administrator wants to configure an access receive rule to match authentication status on FML-1 for all outbound email from the example.com domain. Which two access receive rule settings must the administrator configure? (Choose two answers). The Authentication status must be set to Authenticated. A TLS profile must be configured and applied. *The Recipient pattern must be set to @example.com. The Sender IP/netmask must be set to 10.29.1.0/24.

20. Which statement correctly describes the behavior of email encryption protocols? (Choose one answer). SMTP over TLS connections are both entirely encrypted and initiated on port 465. SMTPS encrypts the identities of both the sender and receiver. SMTPS is initiated using the STARTTLS command. SMTP over TLS encrypts only the envelope of the email message.

21. What can an administrator do to reduce the performance impact caused by large quantities of spam? (Choose one answer). Enable Sender Reputation in the session profile. Increase the Maximum concurrent connections for each client in the session profile. Increase The percentage of rules used value in the heuristic scan configuration. Enable the Weighted analysis scan configuration in the antispam profile.

22. Refer to the exhibits, which display a topology diagram (Topology), the proxy configuration (Proxies), and mail settings configuration (Mail Settings) of a FortiMail device. Which two statements describe how the transparent mode FortiMail device routes email for the example.com domain? (Choose two answers). If incoming email messages are undeliverable, FML-1 can queue them to retry later. FML-1 will use the built-in MTA for outgoing sessions. If outgoing email messages are undeliverable, FML-1 can queue them to retry later. FML-1 will use the transparent proxy for incoming sessions.

23. A FortiMail administrator is investigating a sudden increase in DSNs being delivered to their protected domain. After searching the logs, the administrator identifies that the DSNs were not generated because of any outbound email sent from their organization. Which FortiMail antispam technique can the administrator enable to prevent this scenario? (Choose one answer). FortiGuard IP Reputation. Spam outbreak protection. Spoofed header detection. Bounce address tag validation.

24. Refer to the exhibit, which shows the Authentication Reputation list on a FortiMail device running in gateway mode. Why was the IP address blocked? (Choose one answer). The IP address had consecutive administrative password failures to FortiMail. The IP address had consecutive SSH login failures to FortiMail. The IP address had consecutive IMAP login failures to FortiMail. The IP address had consecutive SMTPS login failures to FortiMail.

25. In which FortiMail configuration object can you assign an outbound session profile? (Choose one answer). IP policy. Inbound recipient policy. Access delivery rule. Outbound recipient policy.

26. Refer to the exhibit, which displays a topology diagram of FortiMail configured in transparent mode in front of a corporate mail server. Which two statements correctly describe the built-in bridge functionality on a FortiMail device running in transparent mode? (Choose two answers). Any bridge member interface can be removed from the bridge and configured as a routed interface. All bridge member interfaces belong to the same subnet as the management IP. The management IP is permanently tied to port1, and port1 cannot be removed from the bridge. If port1 is required to process SMTP traffic, it must be configured as a routed interface.

27. In which two places can the maximum email size be overridden on FortiMail? (Choose two answers). Session Profile configuration. Protected Domain configuration. Resource Profile configuration. IP Policy configuration.

28. Refer to the exhibit, which displays a list of IBE users on a FortiMail device. Which statement describes the pre-registered status of the IBE user extuser2@external.lab? (Choose one answer). The user has received an IBE notification email, but has not accessed the HTTPS URL or attachment yet. The user has completed the IBE registration process, but has not yet accessed their IBE email. The user account has been de-activated, and the user must register again the next time they receive an IBE email. The user was registered by an administrator in anticipation of IBE participation.

29. Which two features are available when you enable HA centralized monitoring on FortiMail? (Choose two answers). Mail statistics of all cluster members on the primary device. Policy configuration changes of all cluster members from the primary device. Cross-device log searches across all cluster members from the primary device. Force failover and restore of any cluster member from the primary device.

30. A FortiMail is configured with the protected domain example.com. On this FortiMail, which two envelope addresses are considered incoming? (Choose two answers). MAIL FROM: support@example.com RCPT TO: marketing@example.com. MAIL FROM: training@external.org RCPT TO: students@external.org. MAIL FROM: accounts@example.com RCPT TO: sales@external.org. MAIL FROM: mis@hosted.net RCPT TO: noc@example.com.

31. Which two FortiMail antispam techniques can you use to combat zero-day spam? (Choose two answers). DNSBL. Spam outbreak protection. IP reputation. Behavior analysis.

32. If no TLS profile is configured, what is the default TLS behavior used when FortiMail delivers emails to a next-hop receiving MTA? (Choose one answer). None. Secure. Encrypt. Preferred.

33. An organization has different groups of users with different needs in email functionality, such as address book access, mobile device access, email retention periods, and disk quotas. Which FortiMail feature specific to server mode can be used to accomplish this? (Choose one answer). Domain-level service settings. Access profiles. Email group profiles. Resource profiles.

34. Refer to the exhibit, which displays an encryption profile configuration. What happens if the attachment size of an IBE email exceeds 1024 KB? (Choose one answer). TLS will be used. The email message will not be delivered. AES 256 will be used. Pull delivery will be used.

35. Refer to the exhibits which shows a DLP scan profile configuration (DLP Scan Rule 1 and DLP Scan Rule 2) from a FortiMail device. Which two message types will trigger this DLP scan rule? (Choose two.) (Choose one answer). An email message that contains credit card numbers in the body will trigger this scan rule. An email message with a subject that contains the term "credit card" will trigger this scan rule. An email sent from sales@internal.lab will trigger this scan rule, even without matching any conditions. An email that contains credit card numbers in the body, attachment, and subject will trigger this scan rule.

36. Refer to the exhibit which shows the mail server settings of a FortiMail device. What are two ways this FortiMail device will handle connections? (Choose two answers). FortiMail will support the STARTTLS extension. FortiMail will drop any inbound plaintext SMTP connection. FortiMail will accept SMTPS connections. FortiMail will enforce SMTPS on all outbound sessions.

37. Refer to the exhibit. What does the Scan timeout value configure? (Choose one answer). How long FortiMail will wait to send a file or URI to FortiSandbox. How long FortiMail will wait for a scan result from FortiSandbox. How often FortiMail will query FortiSandbox for a scan result. How often the local scan results cache will expire on FortiMail.

38. Refer to the exhibits which show a topology diagram (Topology) and a configuration element (IP Policy). An administrator has enabled the sender reputation feature in the Example_Session profile on FML-1. After a few hours, the deferred queue on the mail server starts filling up with undeliverable email. What two changes must the administrator make to fix this issue? (Choose two answers). Apply a session profile with sender reputation disabled on a separate IP policy for outbound sessions. Create an outbound recipient policy to bypass outbound email from session profile inspections. Clear the sender reputation database using the CLI. Disable the exclusive flag in IP policy ID 1.

39. Which license do you need to apply to a FortiMail device to enable the HA centralized monitoring features? (Choose one answer). Cloud gateway license. Enterprise license. MSSP license. Office 365 protection license.

40. Which two antispam techniques query FortiGuard for rating information? (Choose two answers). IP reputation. URL filter. DNSBL. SURBL.

41. Which three FortiSandbox deployments can be used with FortiMail? (Choose three answers). Cloud. Physical Appliance. Virtual Appliance. Dynamic Cloud.

42. While testing outbound MTA functionality, an administrator discovers that all outbound email is being processed using policy ID 1:2:0 Which two reasons explain why the third policy ID value is 0? (Choose two answers). Outbound email is being rejected. IP policy ID 2 has the exclusive flag set. There are no access delivery rules configured for outbound email. There are no outgoing recipient policies configured.

43. Which SMTP command lists the supported SMTP service extensions of the recipient MTA? (Choose one answer). HELO. VRFY. DATA. EHLO.

44. What are two reasons for having reliable DNS servers configured on FortiMail? (Choose two answers). FortiGuard Connectivity. HA synchronization. Firmware updates. Email transmission.

45. Refer to the exhibits which show an email archiving configuration (Email Archiving 1 and Email Archiving 2) from a FortiMail device. What two archiving actions will FortiMail take when email messages match these archive policies? (Choose two answers). FortiMail will save archived email in the journal account. FortiMail will exempt spam email from archiving. FortiMail will allow only the marketing@example.com account to access the archived email. FortiMail will archive email sent from marketing@example.com.

46. Which two statements correctly describe how a transparent mode FortiMail uses the built-in MTA to process email? (Choose two answers). The built-in MTA must connect to an external relay host to deliver email. It can queue undeliverable messages and generate DSNs. It ignores the destination set by the sender and uses its own MX record lookup. MUAs must be configured to connect to the built-in MTA to send email.

47. Refer to the exhibit. Which two statements about this SMTP session are true? (Choose two answers). The "Subject" is part of the message header. The "220 mx.internal.lab ESMTP Smtpd" message is part of the SMTP banner. The SMTP envelope addresses are different from the message header addresses. The "250 Message accepted for delivery" message is part of the message body.

48. While reviewing logs, an administrator discovers that an incoming email was processed using policy IDs 0:4:9. Which two scenarios will generate this policy ID? (Choose two answers). Incoming recipient policy ID 9 has the exclusive flag set. FortiMail configuration is missing an access delivery rule. Email was processed using IP policy ID 4. FortiMail applies the default behavior for relaying inbound email.

49. What are two disadvantages of setting the Dictionary and DLP scan rule aggressiveness too high? (Choose two answers). FortiGuard updates require more disk space. False positives are triggered. It is more resource intensive. It does not support executable file types.

50. Why does the last field show SYSTEM in the Policy ID column? (Choose one answer). The email matched a system-level authentication policy. It is an inbound email. The email was dropped by a system blocklist. The email did not match a recipient-based policy.

51. What is the expected outcome of SMTP sessions sourced from FML1 and destined for FML2? (Choose one answer). FML1 will attempt to establish an SMTPS session with FML2, but revert to standard SMTP. FML1 will send the STARTTLS command in the SMTP session, which will be rejected by FML2. FML1 will successfully establish an SMTPS session with FML2. FML1 will fail to establish any sessions with FML2.

52. Refer to the exhibit, which shows the IBE Encryption page of a FortiMail device. Which user account behavior can you expect from these IBE settings? (Choose one answer). First time IBE users must register to access their email within 90 days of receiving the notification email message. After initial registration, IBE users can access the secure portal without authenticating again for 90 days. IBE user accounts will expire after 90 days of inactivity and must register again to access new IBE email message. Registered IBE users have 90 days from the time they receive a notification email message to access their IBE email.

53. Which firmware upgrade method for an active-passive HA cluster ensures service outage is minimal, and there are no unnecessary fail-overs? (Choose one answer). Break the cluster, upgrade the units independently, and then form the cluster. Upgrade both units at the same time. Upgrade the standby unit, and then upgrade the active unit. Upgrade the active unit, which will upgrade the standby unit automatically.

54. Which of the following CLI commands, if executed, will erase all data on the log disk partition? (Choose two answers). execute formatmaildisk. execute formatmaildisk_backup. execute formatlogdisk. execute partitionlogdisk 40.

55. If you are using the built-in MTA to process email in transparent mode, which two statements about FortiMail behavior are true? (Choose two answers). MUAs need to be configured to connect to the built-in MTA to send email. If you disable the built-in MTA, FortiMail will use its transparent proxies to deliver email. FortiMail can queue undeliverable messages and generate DSNs. FortiMail ignores the destination set by the sender, and uses its own MX record lookup to deliver email.

56. Refer to the exhibit. Which configuration change must you make to block an offending IP address temporarily? (Choose one answer). Add the offending IP address to the system block list. Add the offending IP address to the user block list. Add the offending IP address to the domain block list. Change the authentication reputation setting status to Enable.

57. Which three statements about SMTPS and SMTP over TLS are true? (Choose three answers). SMTP over TLS connections are entirely encrypted and initiated on port 465. SMTPS encrypts the identities of both the sender and receiver. The STARTTLS command is used to initiate SMTP over TLS. SMTPS encrypts only the body of the email message. SMTPS connections are initiated on port 465.

58. Which FortiMail option removes embedded code components in Microsoft Word, while maintaining the original file format? (Choose one answer). Behavior analysis. Impersonation analysis. Content disarm and reconstruction. Header analysis.

59. What three configuration steps are required to enable DKIM signing for outbound messages on FortiMail? (Choose three answers). Generate a public/private key pair in the protected domain configuration. Enable DKIM check in a matching session profile. Enable DKIM check in a matching antispam profile. Publish the public key as a TXT record in a public DNS server. Enable DKIM signing for outgoing messages in a matching session profile.

60. An administrator sees that an excessive amount of storage space on a FortiMail device is being used up by quarantine accounts for invalid users. The FortiMail is operating in transparent mode. Which two FortiMail features can the administrator configure to tackle this issue? (Choose two answers). Automatic removal of quarantine accounts. Recipient address verification. Bounce address tag verification. Sender address rate control.

61. Refer to the exhibit. What are two expected outcomes if FortiMail applies this antivirus action profile to an email? (Choose two answers). Virus content will be removed from the email. A replacement message will be added to the email. The sanitized email will be sent to the recipient's personal quarantine. The administrator will be notified of the virus detection.

62. Examine the FortiMail user webmail interface shown in the exhibit; then answer the question below. Which one of the following statements is true regarding this server mode FortiMail's configuration? (Choose one answer). The protected domain-level service settings have been modified to allow access to the domain address book. This user's account has a customized access profile applied that allows access to the personal. The administrator has not made any changes to the default address book access privileges. The administrator has configured an inbound recipient policy with a customized resource profile.

63. Examine the FortiMail active-passive cluster shown in the exhibit; then answer the question below. Which of the following parameters are recommended for the Primary FortiMail's HA interface configuration? (Choose three answers). Enable port monitor: disable. Peer IP address: 172.16.32.57. Heartbeat status: Primary. Virtual IP address: 172.16.32.55/24. Virtual IP action: Use.

64. Which FortiSandbox type can be configured on FortiMail, to guarantee dedicated FortiSandbox service and high performance? (Choose one answer). Cloud. Dynamic Cloud. Premium Cloud. Enhanced Cloud.

65. Which two statements about the access receive rule are true? (Choose two answers). Email matching this rule will be relayed. Email must originate from an example.com email address to match this rule. Senders must be authenticated to match this rule. Email from any host in the 10.0.1.0/24 subnet can match this rule.

66. Refer to the exhibits. The exhibits display a topology diagram of a FortiMail cluster (Topology) and the primary HA interface configuration of the Primary FortiMail (HA Interface Configuration). Which three actions are recommended when configuring the primary FortiMail HA interface? (Choose three answers). In the Virtual IP address field, type 172.16.32.55/24. In the Heartbeat status drop-down list, select Primary. Disable Enable port monitor. In the Virtual IP action drop-down list, select Use. In the Peer IP address field, type 172.16.32.57.