NEW QUESTION 1

Examine the access receive rule shown in the exhibit; then answer the question below.

Which of the following statements are true? (Choose two.)

• A. Email from any host in the 10.0.1.0/24 subnet can match this rule
• B. Senders must be authenticated to match this rule
• C. Email matching this rule will be relayed
• D. Email must originate from an example.com email address to match this rule

Answer: CD

NEW QUESTION 2

An organization has different groups of users with different needs in email functionality, such as address book access, mobile device access, email retention periods, and disk quotas.
Which FortiMail feature specific to server mode can be used to accomplish this?

• A. Resource profiles
• B. Domain-level service settings
• C. Access profiles
• D. Address book management options

Answer: C

NEW QUESTION 3

Refer to the exhibit.

Which two statements about the access receive rule are true? (Choose two.)

• A. Email matching this rule will be relayed
• B. Email must originate from an example.com email address to match this rule
• C. Senders must be authenticated to match this rule
• D. Email from any host in the 10.0.1.0/24 subnet can match this rule

Answer: AB

NEW QUESTION 4

Refer to the exhibit.

Which statement describes the impact of setting the User inactivity expiry time option to 90 days?

• A. IBE user accounts will expire after 90 days of inactivity, and must register again to access new IBE email message
• B. Registered IBE users have 90 days from the time they receive a notification email message to access their IBE email
• C. After initial registration, IBE users can access the secure portal without authenticating again for 90 days
• D. First time IBE users must register to access their email within 90 days of receiving the notification email message

Answer: A

Explanation:
Reference: https://docs.fortinet.com/document/fortimail/6.4.0/cli-reference/813529/system-encryption- ibe#config_3733402351_2450215

NEW QUESTION 5

Which of the following statements are true regarding FortiMail’s behavior when using the built-in MTA to process email in transparent mode? (Choose two.)

• A. FortiMail can queue undeliverable messages and generate DSNs
• B. If you disable the built-in MTA, FortiMail will use its transparent proxies to deliver email
• C. FortiMail ignores the destination set by the sender and uses its own MX record lookup to deliver email
• D. MUAs need to be configured to connect to the built-in MTA to send email

Answer: BC

NEW QUESTION 6

A FortiMail is configured with the protected domain example.com.
On this FortiMail, which two envelope addresses are considered incoming? (Choose two.)

• A. MAIL FROM: accounts@example.com RCPT TO: sales@external.org
• B. MAIL FROM: support@example.com RCPT TO: marketing@example.com
• C. MAIL FROM: training@external.org RCPT TO: students@external.org
• D. MAIL FROM: mis@hosted.net RCPT TO: noc@example.com

Answer: CD

Explanation:
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9aa62d26-858d-11ea-9384-00505692583a/FortiMail-6.4.0-Administration_Guide.pdf (30)

NEW QUESTION 7

Examine the FortiMail user webmail interface shown in the exhibit; then answer the question below.

Which one of the following statements is true regarding this server mode FortiMail’s configuration?

• A. The protected domain-level service settings have been modified to allow access to the domain address book
• B. This user’s account has a customized access profile applied that allows access to the personal address book
• C. The administrator has not made any changes to the default address book access privileges
• D. The administrator has configured an inbound recipient policy with a customized resource profile

Answer: A

NEW QUESTION 8

Examine the FortiMail active-passive cluster shown in the exhibit; then answer the question below.


Which of the following parameters are recommended for the Primary FortiMail’s HA interface configuration? (Choose three.)

• A. Enable port monitor: disable
• B. Peer IP address: 172.16.32.57
• C. Heartbeat status: Primary
• D. Virtual IP address: 172.16.32.55/24
• E. Virtual IP action: Use

Answer: CDE

NEW QUESTION 9

FortiMail is configured with the protected domain example.com.
Which two envelope addresses will require an access receive rule, to relay for unauthenticated senders? (Choose two.)

• A. MAIL FROM: accounts@example.com RCPT TO: sales@external.org
• B. MAIL FROM: support@example.com RCPT TO: marketing@example.com
• C. MAIL FROM: training@external.org RCPT TO: students@external.org
• D. MAIL FROM: mis@hosted.net RCPT TO: noc@example.com

Answer: BD

NEW QUESTION 10

Examine the message column of a log cross search result of an inbound email shown in the exhibit; then answer the question below

Based on logs, which of the following statements are true? (Choose two.)

• A. The FortiMail is experiencing issues delivering the email to the back-end mail server
• B. Thelogs were generatedby a server mode FortiMail
• C. The logs were generated by a gateway or transparent mode FortiMail
• D. The FortiMail is experiencing issues accepting the connection from the remote sender

Answer: BD

NEW QUESTION 11

While reviewing logs, an administrator discovers that an incoming email was processed using policy IDs 0:4:9.
Which two scenarios will generate this policy ID? (Choose two.)

• A. Email was processed using IP policy ID 4
• B. Incoming recipient policy ID 9 has the exclusive flag set
• C. FortiMail applies the default behavior for relaying inbound email
• D. FortiMail configuration is missing an access delivery rule

Answer: CD

NEW QUESTION 12

Examine the FortiMail topology and access receive rule shown in the exhibit; then answer the question below.


An administrator must enforce authentication on FML-1 for all outbound email from the example.com domain. Which of the following settings should be used to configure the access receive rule? (Choose two.)

• A. The Sender IP/netmask should be set to 10.29.1.0/24
• B. The Authentication status should be set to Authenticated
• C. The Recipient pattern should be set o *@example.com
• D. The Action should be set to Reject

Answer: AB

NEW QUESTION 13

Refer to the exhibit.

What two archiving actions will FortiMail take when email messages match these archive policies? (Choose two.)

• A. FortiMail will save archived email in the journal account
• B. FortiMail will allow only the marketing@example.com account to access the archived email
• C. FortiMail will exempt spam email from archiving
• D. FortiMail will archive email sent from marketing@example.com

Answer: AB

NEW QUESTION 14

Refer to the exhibit.

An administrator has enabled the sender reputation feature in the Example_Session profile on FML-1. After a few hours, the deferred queue on the mail server starts filling up with undeliverable email. What two changes must the administrator make to fix this issue? (Choose two.)

• A. Apply a session profile with sender reputation disabled on a separate IP policy for outbound sessions
• B. Clear the sender reputation database using the CLI
• C. Create an outbound recipient policy to bypass outbound email from session profile inspections
• D. Disable the exclusive flag in IP policy ID 1

Answer: AD

NEW QUESTION 15

Refer to the exhibit.

Which two message types will trigger this DLP scan rule? (Choose two.)

• A. An email message with a subject that contains the term “credit card” will trigger this scan rule
• B. An email that contains credit card numbers in the body, attachment, and subject will trigger this scan rule
• C. An email message that contains credit card numbers in the body will trigger this scan rule
• D. An email sent from sales@internal.lab will trigger this scan rule, even without matching any conditions

Answer: BC

NEW QUESTION 16
......