Mail Security

Refer to the exhibit, which displays the domain configuration of a FortiMail device running in transparent mode. Based on the exhibit, which two sessions are considered incoming sessions? (Choose two.). DESTINATION IP: 192.168.54.10 MAIL FROM: accounts@example.com RCPT TO: sales@example.com. DESTINATION IP: 10.25.32.15 MAIL FROM: training@example.com RCPT TO: students@external.com. DESTINATION IP: 172.16.32.56 MAIL FROM: mis@hosted.net RCPT TO: noc@example.com. DESTINATION IP: 172.16.32.56 MAIL FROM: support@example.com RCPT TO: marketing@example.com.

Refer to the exhibits, which show a topology diagram (Topology) and a configuration element (IP Policy): An administrator has enabled the sender reputation feature in the Example_Session profile on FML-1. After a few hours, the deferred queue on the mail server starts filling up with undeliverable email. Which two changes must the administrator make to fix this issue? (Choose two.). Disable the exclusive flag in IP policy ID 1. Clear the sender reputation database using the CLI. Apply a session profile with sender reputation disabled on a separate IP policy for outbound sessions. Create an outbound recipient policy to bypass outbound email from session profile inspections.

Refer to the exhibit, which shows the Authentication Reputation list on a FortiMail device running in gateway mode. image4 Why was the IP address blocked?. The IP address had consecutive administrative password failures to FortiMail. The IP address had consecutive SSH login failures to FortiMail. The IP address had consecutive IMAP login failures to FortiMail. The IP address had consecutive SMTPS login failures to FortiMail.

Refer to the exhibits, which show an email archiving configuration (Email Archiving 1 and Email Archiving 2) from a FortiMail device. What two archiving actions will FortiMail take when email messages match these archive policies? (Choose two.). FortiMail will archive email sent from marketing@example.com. FortiMail Will allow only the marketing@example.com account to access the archived email. FortiMail will exempt spam email from archiving. FortiMail will save archived email in the journal account.

Refer to the exhibit, which displays a history log entry. image7 In the Policy ID column, why is the last policy ID value SYSTEM?. It is an inbound email. The email matched a system-level authentication policy. The email was dropped by a system blocklist. The email did not match a recipient-based policy.

A FortiMail is configured with the protected domain example.com. On this FortiMail, which two envelope addresses are considered incoming? (Choose two.). MAIL FROM: support@example.com RCPT TO: marketing@example.com. MAIL FROM: accounts@example.com RCPT TO: sales@external.org. MAIL FROM: training@external.org RCPT TO: students@external.org. MAIL FROM: mis@hosted.net RCPT TO: noc@example.com.

Refer to the exhibit, which shows a few lines of FortiMail logs. Based on these log entries, which two statements describe the operational status of this FortiMail device? (Choose two.). FortiMail is experiencing issues accepting the connection from the external.lab MTA. The FortiMail device is in server mode. The FortiMail device is in gateway or transparent mode. FortiMail is experiencing issues delivering the email to the internal.lab MTA.

A FortiMail administrator is investigating a sudden increase in DSNs being delivered to their protected domain. After searching the logs, the administrator identifies that the DSNs were not generated because of any outbound email sent from their organization. Which FortiMail antispam technique can the administrator enable to prevent this scenario?. Spam outbreak protection. Bounce address tag validation. Spoofed header detection. FortiGuard IP Reputation.

An organization has different groups of users with different needs in email functionality, such as address book access, mobile device access, email retention periods, and disk quotas. Which FortiMail feature specific to server mode can be used to accomplish this?. Access profiles. Domain-level service settings. Resource profiles. Email group profiles.

A FortiMail device is configured with the protected domain example.com. If senders are not authenticated, which two envelope addresses will require an access receive rule? (Choose two.). MAIL FROM: training@example.com RCPT TO: students@external.org. MAIL FROM: accounts@example.com RCPT TO: sales@biz.example.com. MAIL FROM: mis@hosted.net RCPT TO: noc@example.com. MAIL FROM: support@example.org RCPT TO: marketing@example.com.

A mail user wants the ability to subscribe or publish to and from their FortiMail calendar using Thunderbird as their mail user agent (MUA). What information does this mail user need from their webmail User Preferences section?. Free busy URL. Message tags. Service URLs. Secondary account configurations.

Which SMTP command lists the supported SMTP service extensions of the recipient MTA?. VRFY. HELO. DATA. EHLO.

Refer to the exhibit. What does the Scan timeout value configure?. How often the local scan results cache will expire on FortiMail. How often FortiMail will query FortiSandbox for a scan result. How long FortiMail will wait for a scan result from FortiSandbox. How long FortiMail will wait to send a file or URI to FortiSandbox.

While testing outbound MTA functionality, an administrator discovers that all outbound email is being processed using policy ID 1:2:0:SYSTEM. What are two possible reasons why the third policy ID value is 0? (Choose two.). Outbound email is being rejected. There are no access delivery rules configured for outbound email. There are no outgoing recipient policies configured. IP policy ID 2 has the exclusive flag set.

Refer to the exhibit, which displays an encryption profile configuration. image10 What happens if the attachment size of an IBE email exceeds 1024 KB?. AES 256 will be used. TLS will be used. Pull delivery will be used. The email message will not be delivered.

Which two antispam techniques query FortiGuard for rating information? (Choose two.). SURBL. URL filter. IP reputation. DNSBL.

Refer to the exhibit, which displays an access control rule. image11 What are two expected behaviors for this access control rule? (Choose two.). Senders must be authenticated to match this rule. Emails must be sent from the 10.0.1.0/24 subnet. Email matching this rule will be relayed. Email must originate from an example.com email address.

Refer to the exhibit, which shows a partial antispam profile configuration. What will happen to an email that triggers Spam outbreak protection?. The email is logged. The email is rejected. The email is held in a deferred queue for a period of time. The email is marked as clean and released to the recipient.

In which two ways does a transparent mode FortiMail use the build-it MTA to process email? (Choose two.). The built-in MTA must connect to an external relay host to deliver email. It ignores the destination set by the sender and uses its own MX record lookup. MUAs must be configured to connect to the built-in MTAto send email. It can queue undeliverable messages and generate DSNs.

Refer to the exhibit, which shows an inbound recipient policy. After creating the policy, an administrator discovers that clients can send Inbound Recipient Policy unauthenticated emails using SMTP. What must the administrator do to enforce authentication?. Configure an access delivery rule to enforce authentication. Configure a matching IP policy with the exclusive flag enabled. Configure an outbound recipient policy for LDAP authentication. Configure an access receive rule to verify authentication status.

What are two reasons for having reliable DNS servers configured on FortiMail? (Choose two.). Firmware updates. FortiGuard Connectivity. HA synchronization. Email transmission.

Refer to the exhibit, which shows the output of an email transmission using a telnet session. What are two correct observations about this SMTP session? (Choose two.). The "250 Message accepted for delivery" message is part of the message body. The SMTP envelope addresses are different from the message header addresses. The "220 mx.internal.lab ESMTP Smtpd" message is part of the SMTP banner. The "Subject" is part of the message header.

Refer to the exhibit, which shows the mail server settings of a FortiMail device: What are two ways this FortiMail device will handle connections? (Choose two.). FortiMail will drop any inbound plaintext SMTP connection. FortiMail will accept SMTPS connections. FortiMail will enforce SMTPS on all outbound sessions. FortiMail will support the STARTTLS extension.

Refer to the exhibit, which displays the Mail Settings page of a FortiMail device running in gateway mode. In addition to selecting Check External Domain in the MTA-STS service field, what else must an administrator do to enable MTA-STS?. Enable MTA-STS action in the appropriate inbound recipient policy. Enable secure authentication in the associated SMTP authentication profile. Enable MTA-STS in the associated TLS profile. Enable SMTPUTF8 support in the mail server settings.

Which license must you apply to a FortiMail device to enable the HA centralized monitoring features?. Office 365 protection license. Enterprise license. Advanced Management and MSSP license. Cloud gateway license.

Which two factors are required for an active-active HA configuration of FortiMail in server mode? (Choose two.). A primary must be designated to initially process email. Mail data must be stored on a NAS server. Service monitoring must be configured for remote SMTP. Devices must be deployed behind a load balancer.

Refer to the exhibit, which shows the IBE Encryption page of a FortiMail device. Which user account behavior can you expect from these IBE settings?. IBE user accounts will expire after 90 days of inactivity and must register again to access new IBE email message. First time IBE users must register to access their email within 90 days of receiving the notification email message. Registered IBE users have 90 days from the time they receive a notification email message to access their IBE email. After initial registration, IBE users can access the secure portal without authenticating again for 90 days.

Refer to the exhibit, which shows an antivirus action profile. What are two expected outcomes if FortiMail applies this antivirus action profile to an email? (Choose two.). A replacement message will be added to the email. The original email will be sent to the system quarantine. The sanitized email will be sent to the recipient's personal quarantine. Virus content will be removed from the email.

Refer to the exhibit, which shows a topology diagram of two MTAs. MTA-1 is delivering an email intended for User 1 to MTA-2. User 1 uses Outlook as an email client. Which two statements about protocol usage between these devices are correct? (Choose two.). User 1 will use IMAP or POP3 to download the email message from MTA-2. MTA-1 will use POP3 to deliver the email message to User 1 directly. MTA-1 will use SMTP to deliver the email message to MTA-2. MTA-2 will use IMAP to download the email message from MTA-1.

Refer to the exhibits, which shows a DLP scan profile configuration (DLP Scan Rule 1 and DLP Scan Rule 2) from a FortiMail device. Which two message types will trigger this DLP scan rule? (Choose two.). An email message with a subject that contains the term “credit card” will trigger this scan rule. An email message that contains credit card numbers in the body will trigger this scan rule. An email that contains credit card numbers in the body, attachment, and subject will trigger this scan rule. An email sent from sales@internal.lab will trigger this scan rule, even without matching any conditions.

Refer to the exhibits. The exhibits display a topology diagram of a FortiMail cluster (Topology) and the primary HA interface configuration of the Primary FortiMail (HA Interface Configuration). Which three actions are recommended when configuring the primary FortiMail HA interface? (Choose three.). In the Virtual IP action drop-down list, select Use. Disable Enable port monitor. In the Heartbeat status drop-down list, select Primary. In the Virtual IP address field, type 172.16.32.55/24. In the Peer IP address field, type 172.16.32.57.

Which three configuration steps must you set to enable DKIM signing for outbound messages on FortiMail? (Choose three.). Enable DKIM signing for outgoing messages in a matching session profile. Enable the DKIM checker in a matching antispam profile. Enable the DKIM checker in a matching session profile. Publish the public key as a TXT record in a public DNS server. Generate a public/private key pair in the protected domain configuration.

When configuring a FortiMail HA group consisting of different models, which two statements are true? (Choose two.). All units must have the same firmware. Configurations will not synchronize between different model types. The most powerful model must be configured as the primary unit. Group capacity is limited to the least powerful model.

Refer to the exhibits, which show a topology diagram (Topology) and a configuration element (Access Control Rule). An administrator wants to configure an access receive rule to match authentication status on FML-1 for all outbound email from the example.com domain. Which two access receive rule settings must the administrator configure? (Choose two.). The Sender IP/netmask must be set to 10.29.1.0/24. ATLS profile must be configured and applied. The Recipient pattern must be set to *@example.com. The Authentication status must be set to Authenticated.