Mar-2026 Fortinet FCP_FML_AD-7.4 Actual Questions and Braindumps
FCP_FML_AD-7.4 Dumps To Pass Fortinet Exam in 24 Hours - Test4Sure
NEW QUESTION # 19
Refer to the exhibit, which displays the Mail Settings page of a FortiMail device running in gateway mode.
In addition to selecting Check External Domain in the MTA-STS service field, what else must an administrator do to enable MTA-STS?
- A. Enable SMTPUTF8 support in the mail server settings.
- B. Enable MTA-STS in the associated TLS profile.
- C. Enable secure authentication in the associated SMTP authentication profile.
- D. Enable MTA-STS action in the appropriate inbound recipient policy.
Answer: C
NEW QUESTION # 20
While reviewing logs, an administrator discovers that an incoming email was processed using policy IDs 0:4:9:INTERNAL.
Which two statements describe what this policy ID means? (Choose two.)
- A. Access control policy number 9 was used.
- B. The email was processed using IP-based policy ID 4.
- C. FortiMail is applying the default behavior for relaying inbound email.
- D. The FortiMail configuration is missing an access delivery rule.
Answer: B,C
NEW QUESTION # 21
When deploying FortiMail in transparent mode, which of the following statements are true?
(Select all that apply.)
- A. Transparent mode is suitable for organizations with complex email infrastructures
- B. Transparent mode requires changes to the mail server's IP address
- C. FortiMail acts as an intermediary for email traffic
- D. Email attachments are automatically encrypted
- E. FortiMail's functions are hidden from the email server
Answer: C,E
Explanation:
In transparent mode, FortiMail sits invisibly in the mail flow and does not require IP address changes on the mail server.
NEW QUESTION # 22
In which two ways does a transparent mode FortiMail use the build-it MTA to process email? (Choose two.)
- A. It ignores the destination set by the sender and uses its own MX record lookup.
- B. It can queue undeliverable messages and generate DSNs.
- C. The built-in MTA must connect to an external relay host to deliver email.
- D. MUAs must be configured to connect to the built-in MTA to send email.
Answer: A,D
NEW QUESTION # 23
Refer to the exhibit, which shows a few lines of FortiMail logs.
Based on these log entries, which two statements describe the operational status of this FortiMail device? (Choose two.)
- A. FortiMail is experiencing issues delivering the email to the internal.labMTA.
- B. FortiMail is experiencing issues accepting the connection from the external.labMTA.
- C. The FortiMail device is in server mode.
- D. The FortiMail device is in gateway or transparent mode.
Answer: A,D
Explanation:
The FortiMail device is in gateway or transparent mode.
The log shows FortiMail accepting mail from an external MTA (acting as a proxy) and then relaying it on to an internal MTA at 10.0.1.99, which is characteristic of gateway/transparent operation.
FortiMail is experiencing issues delivering the email to the internal.lab MTA.
The final log entry shows stat=Deferred: Connection timed out with internal.lab., indicating FortiMail successfully received the message but is unable to complete delivery to the downstream internal server.
NEW QUESTION # 24
Refer to the exhibit, which displays the domain configuration of a FortiMail device running in transparent mode.
Based on the exhibit, which two sessions are considered incoming sessions? (Choose two.) DESTINATION IP: 192.168.54.10 MAIL FROM: [email protected] RCPT TO:
- A. [email protected]
DESTINATION IP: 10.25.32.15 MAIL FROM: [email protected] RCPT TO: - B. [email protected]
DESTINATION IP: 172.16.32.56 MAIL FROM: [email protected] RCPT TO: - C. [email protected]
DESTINATION IP: 172.16.32.56 MAIL FROM: [email protected] RCPT TO: - D. [email protected]
Answer: A,B
Explanation:
The sessions that originate from SMTP clients connecting into FortiMail are:
- A client connecting to 192.168.54.10 and sending mail from [email protected] to [email protected].
- A client connecting to 10.25.32.15 and submitting mail from [email protected] to [email protected].
Both of these represent inbound SMTP traffic terminating on the FortiMail device. The other sessions are FortiMail itself relaying messages onward to the configured back-end server, so they are considered outgoing.
NEW QUESTION # 25
Refer to the exhibits showing SMTP limits (Session Profile - SMTP Limits), and domain settings (Domain Settings, andDomain Settings - Other) of a FortiMail device.
Which message size limit in KB will the FortiMail apply to outbound email?
- A. 0
- B. 1
- C. There is no message size limit for outbound email from a protected domain.
- D. 2
Answer: B
NEW QUESTION # 26
While reviewing logs, an administrator discovers that an incoming email was processed using policy IDs0:4:9:
INTERNAL.
Which two statements describe what this policy ID means? (Choose two.)
- A. Access control policy number 9 was used.
- B. The email was processed using IP-based policy ID 4.
- C. FortiMail is applying the default behavior for relaying inbound email.
- D. The FortiMail configuration is missing an access delivery rule.
Answer: B,C
NEW QUESTION # 27
Refer to the exhibit, which shows a topology diagram of a FortiMail cluster deployment.
Which IP address must the DNS MX record for this organization resolve to?
- A. 172.16.32.56
- B. 172.16.32.55
- C. 1172 16 32 57
- D. 172.16.32.1
Answer: B
NEW QUESTION # 28
A FortiMail administrator is investigating a sudden increase in DSNs being delivered to their protected domain. After searching the logs, the administrator identifies that the DSNs were not generated because of any outbound email sent from their organization.
Which FortiMail antispam technique can the administrator enable to prevent this scenario?
- A. Bounce address tag validation
- B. Spoofed header detection
- C. Spam outbreak protection
- D. FortiGuard IP Reputation
Answer: A
Explanation:
Enabling Bounce Address Tag Validation prevents FortiMail from accepting forged bounce messages (backscatter) for mail it never actually sent, stopping those unsolicited DSNs from reaching your users.
NEW QUESTION # 29
A FortiMail administrator is concerned about cyber criminals attempting to get sensitive information from employees using whaling phishing attacks. What option can the administrator configure to prevent these types of attacks?
- A. Bounce tag verification
- B. Impersonation analysis
- C. Content disarm and reconstruction
- D. Dictionary profile with predefined smart identifiers
Answer: B
NEW QUESTION # 30
A FortiMail is configured with the protected domain example.com.
On this FortiMail, which two envelope addresses are considered incoming? (Choose two.)
- A. MAIL FROM: training&external.crg RCPT TO: student30extersal.org
- B. MAIL FROM: supporteexample.com RCPT TO: [email protected]
- C. EMAIL FROM: nisGhosted.r.et RCPT 70: noceexampIe.com
- D. MAIL FROM: accountsGexample.ccm RCPT TO: [email protected]
Answer: B,D
NEW QUESTION # 31
What are Two reasons for having reliable DNS servers configured on FortiMail? (Choose two.)
- A. FortiGuard Connectivity
- B. Firmware updates
- C. HA synchronization
- D. Email transmission
Answer: A,D
NEW QUESTION # 32
Reter to the exhibits.
The exhibits display a topologydiagram of a FortiMail cluster (Topology) and the primary HA interface configuration of the Primary FortiMail (HA Interface Configuration) Which three actions are recommended when configuring the primary FortiMail HA interface? (Choose three.)
- A. In the Virtual IP action drop-down list, select Use
- B. In the Heartbeat status drop-down list, select Primary
- C. Disable Enable port monitor
- D. In the Peer IP address field, type 172.16.32.57
- E. In the Virtual IP address field, type 172.16.32.55/24
Answer: A,D,E
NEW QUESTION # 33
Refer to the exhibit, which displays a topology diagram.
Which two statements describe the built-in bridge functionality on a transparent mode FortiMail?
(Choose two.)
- A. All bridge member interfaces belong to the same subnet as the management IP.
- B. Any bridge member interface can be removed from the bridge and configured as a routed interface.
- C. The management IP is permanently tied to port1, and port1 cannot be removed from the bridge.
- D. If port1. is required to process SMTP traffic, it must be configured as a routed interface.
Answer: A,C
NEW QUESTION # 34
Which three actions does FortiSandbox perform when it is integrated with FortiMail for advanced threat protection (ATP)? (Choose three.)
- A. It updates FortiGuard databases
- B. It submits objects for sandbox scanning
- C. It assigns and returns a rating for analyzed objects
- D. It analyzes file and URI objects
- E. It queues email during analysis
Answer: A,C,D
Explanation:
FortiSandbox analyzes files and URLs, rates them, and shares intelligence through FortiGuard.
Email queuing and submission are handled by FortiMail.
NEW QUESTION # 35
Refer to the exhibit, which displays a list of IBE users on a FortiMail device.
Which statement describes the pre-registered status of the IBE user [email protected]?
- A. The user has received an IBE notification email, but has not accessed the HTTPS URL or attachment yet.
- B. The user account has been de-activated, and the user must register again the next time they receive an IBE email.
- C. The user has completed the IBE registration process, but has not yet accessed their IBE email.
- D. The user was registered by an administrator in anticipation of IBE participation.
Answer: A
NEW QUESTION # 36
What are two benefits of enabling the header manipulation feature? (Choose two.)
- A. It detects spoofed SMTP header addresses
- B. It detects common spamming techniques
- C. It reduces overall message size by removing header content
- D. It hides internal network information
Answer: C,D
Explanation:
Header manipulation can remove or rewrite sensitive headers, hiding internal infrastructure details and reducing message size.
NEW QUESTION # 37
Which three configuration steps must you set to enable DKIM signing for outbound messages on FortiMail? (Choose three.)
- A. Enable the DKIM checker in a matching antispam profile.
- B. Enable the DKIM checker in a matching session profile.
- C. Publish the public key as a TXT record in a public DNS server.
- D. Generate a public/private key pair in the protected domain configuration.
- E. Enable DKIM signing for outgoing messages in a matching session profile.
Answer: C,D,E
Explanation:
You must enable DKIM signing for outgoing messages in the session profile (or IP policy) that handles your outbound flow.
After generating your key pair, you publish the public key as a DNS TXT record so receivers can verify signatures.
In the protected-domain settings you generate a DKIM key pair (private key for signing and public key for DNS).
NEW QUESTION # 38
Which two statements describe the push delivery method used by IBE? (Choose two.)
- A. FortiMail encrypts the email and adds it to a notification email as an HTML attachment
- B. FortiMail generates a notification email message with an embedded HTTPS URL
- C. The recipient accesses the HTTPS link and logs in to the FortiMail secure message portal
- D. Decrypted email is displayed using the HTTPS webmail interface
Answer: A,D
Explanation:
In push mode, FortiMail encrypts the message and delivers it directly (often as an HTML attachment), which can be viewed securely through a web interface.
NEW QUESTION # 39
In which two places can the maximum email size be overridden on FortiMail? (Choose two.)
- A. Protected Domain configuration
- B. IP Policy configuration
- C. Session Profile configuration
- D. Resource Profile configuration
Answer: A,D
NEW QUESTION # 40
Refer to the exhibit, which displays the domain configuration of a FortiMail device running in transparent mode.
Based on the exhibit, which two sessions are considered incoming sessions? (Choose two.)
- A. DESTINATION IP:172.16.32.56 MAIL FROM: [email protected] RCPT TO:marketingeaxampla.com
- B. DESTINATIONIP:172.16.32.56 MAIL FROM: misfihosted.net RCPT TO: noc9example.com
- C. DESTINATIONIP:192.163.54.10 MAIL FROM: [email protected] RCPT TO: saleseexamplc.
com - D. BDESTINATION IP:10.25.32.15 MAIL FROM: [email protected] RCPT TO: students@external.
com
Answer: C,D
NEW QUESTION # 41
Exhibit.
Refer to the exhibit, which shows the mail server settings of a FortiMail device. What are two ways this FortiMail device will handle connections? (Choose two.)
- A. FortiMail will support the STARTTLS extension.
- B. FortiMail will accept SMTPS connections.
- C. FortiMail will drop any inbound plaintext SMTP connection.
- D. FortiMail will enforce SMTPS on all outbound sessions.
Answer: A,B
NEW QUESTION # 42
......
Fortinet FCP_FML_AD-7.4 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
Download the Latest FCP_FML_AD-7.4 Dump - 2026 FCP_FML_AD-7.4 Exam Question Bank: https://freecert.test4sure.com/FCP_FML_AD-7.4-exam-materials.html