• Home
  • Articles
  • UPDATED [Oct 21, 2025] Pass FCP - FortiMail 7.4 Administrator Exam with Latest Questions [Q26-Q48]

UPDATED [Oct 21, 2025] Pass FCP - FortiMail 7.4 Administrator Exam with Latest Questions [Q26-Q48]

Share

UPDATED [Oct 21, 2025] Pass FCP - FortiMail 7.4 Administrator Exam with Latest Questions

FCP_FML_AD-7.4 Exam Practice Questions prepared by Fortinet Professionals


Fortinet FCP_FML_AD-7.4 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Server Mode and Transparent Mode: This section of the exam measures skills of a Network Security Administrator and explains how to deploy and manage FortiMail in different operation modes. It includes configuring server mode to handle mail directly and deploying FortiMail in transparent mode where it acts as a gateway to filter email traffic without altering the existing mail infrastructure.
Topic 2
  • Email Flow and Authentication: This section of the exam measures skills of a Messaging Security Engineer and focuses on configuring FortiMail to handle email flow securely. It includes enabling and matching authentication protocols, setting up secure MTA features, and implementing access control, IP policies, and recipient-based policies to control mail delivery and security.
Topic 3
  • Email Security: This section of the exam measures skills of a Network Security Administrator and deals with implementing security controls to filter and manage email threats. Candidates must configure session-based filtering, spam detection methods, malware protection, APT mitigation, and content filtering. The section also includes email archiving configurations for compliance and storage.
Topic 4
  • Encryption: This section of the exam measures skills of a Messaging Security Engineer and addresses the implementation of encryption methods in FortiMail. It covers traditional SMTP encryption and identity-based encryption (IBE). Candidates are expected to configure these technologies and manage IBE users for secure email communication.
Topic 5
  • Initial Deployment and Basic Configuration: This section of the exam measures skills of a Network Security Administrator and covers the foundational setup of FortiMail. It includes understanding SMTP and email flow, performing initial configurations such as selecting operation mode, system settings, and defining protected domains. It also involves deploying FortiMail in high-availability clusters to ensure service continuity.

 

NEW QUESTION # 26
While reviewing logs, an administrator discovers that an incoming email was processed using policy IDs0:4:9:
INTERNAL.
Which two statements describe what this policy ID means? (Choose two.)

  • A. FortiMail is applying the default behavior for relaying inbound email.
  • B. The email was processed using IP-based policy ID 4.
  • C. Access control policy number 9 was used.
  • D. The FortiMail configuration is missing an access delivery rule.

Answer: A,B


NEW QUESTION # 27
What are Two reasons for having reliable DNS servers configured on FortiMail? (Choose two.)

  • A. Email transmission
  • B. FortiGuard Connectivity
  • C. Firmware updates
  • D. HA synchronization

Answer: A,B


NEW QUESTION # 28
Which license must you apply to a FortiMail device to enable the HA centralized monitoring features?

  • A. Cloud gateway license
  • B. Office 365 protection license
  • C. Enterprise license
  • D. Advanced Management and MSSP license

Answer: D


NEW QUESTION # 29
While testing outbound MTA functionality, an administrator discovers that all outbound email is being processed using policy ID l: 2:0: SYSTEM. What are two possible reasons why the third policy ID value is o?
(Choose two.)

  • A. There are no access delivery rules configured for outbound email.
  • B. There are no outgoing recipient policies configured.
  • C. Outbound email is being rejected.
  • D. IP policy ID 2 has the exclusive flag set.

Answer: B,D


NEW QUESTION # 30
When configuring a FortiMail HA group consisting of different models, which two statements are true?
(Choose two.)

  • A. Group capacity is limited to the least powerful model.
  • B. Configurations will not synchronize between different model types.
  • C. All units must have the same firmware.
  • D. The most powerful model must be configured as the primary unit.

Answer: A,C


NEW QUESTION # 31
Refer to the exhibit which displays a list of IBE users on a FortiMail device.

Which statement describes the pre-registered status of the IBE [email protected]?

  • A. The user has completed the IBE registration process, but has not yet accessed their IBE email.
  • B. The user account has been de-activated, and the user must register again the next time they receive an IBE email.
  • C. The user has received an IBE notification email, but has not accessed the HTTPS URL or attachment yet.
  • D. The user was registered by an administrator in anticipation of IBE participation.

Answer: C


NEW QUESTION # 32
Refer to the exhibit.

What does the Scan timeout value configure?

  • A. How long FortiMail will wait to send a file or URI to FortiSandbox
  • B. How long FortiMail will waitfor a scan result from FortiSandbox
  • C. How often the local scan results cache will expire on FortiMail
  • D. How often FortiMail will query FortiSandbox for a scan result

Answer: B


NEW QUESTION # 33
Exhibit.

Refer to the exhibit, which shows the mail server settings of a FortiMail device. What are two ways this FortiMail device will handle connections? (Choose two.)

  • A. FortiMail will drop any inbound plaintext SMTP connection.
  • B. FortiMail will enforce SMTPS on all outbound sessions.
  • C. FortiMail will accept SMTPS connections.
  • D. FortiMail will support the STARTTLS extension.

Answer: C,D


NEW QUESTION # 34
Refer to the exhibit which shows a detailed history log view.

Which two actions did FortiMail take on this email message? (Choose two.)

  • A. FortJMail replaced the virus content with a message
  • B. FortiMail sent the email message to User 1's personal quarantine.
  • C. FortiMail forwarded the email to User 1 without scanning.
  • D. FortiMail modified the subject of the email message.

Answer: A,D


NEW QUESTION # 35
Refer to the exhibit, which displays the domain configuration of a FortiMail device running in transparent mode.

Based on the exhibit, which two sessions are considered incoming sessions? (Choose two.)

  • A. DESTINATIONIP:172.16.32.56 MAIL FROM: misfihosted.net RCPT TO: noc9example.com
  • B. DESTINATIONIP:192.163.54.10 MAIL FROM: [email protected] RCPT TO: saleseexamplc.
    com
  • C. DESTINATION IP:172.16.32.56 MAIL FROM: [email protected] RCPT TO:marketingeaxampla.com
  • D. BDESTINATION IP:10.25.32.15 MAIL FROM: [email protected] RCPT TO: students@external.
    com

Answer: B,D


NEW QUESTION # 36
An organization has different groups of users with different needs in email functionality, such as address book access, mobile device access, email retention periods, and disk quotas. Which FortiMail feature specific to server mode can be used to accomplish this?

  • A. Email group profiles
  • B. Resource profiles.
  • C. Domain-level service settings
  • D. Access profiles

Answer: B


NEW QUESTION # 37
Refer to the exhibits, which display a topology diagram (Topology) and two FortiMail device configurations (FML1 ConfigurationandFML2 Configuration).



What is the expected outcome of SMTP sessions sourced from FML1 and destined for FML2?

  • A. FML1 will fail to establish any connection with FML2.
  • B. FML1 will send the STARTTLS command in the SMTP session, which will be rejected by FML2.
  • C. FML1 will attempt to establish an SMTPS session with FML2. but fail and revert to standard SMTP.
  • D. FML1 will successfully establish an SMTPS session with FML2.

Answer: D


NEW QUESTION # 38
Refer to the exhibit, which shows the Authentication Reputation list on a FortiMail device running in gateway mode.

Why was the IP address blocked?

  • A. The IP address had consecutive SMTPS login failures to FortiMail..
  • B. The IP address had consecutive administrative password failures to FortiMail.
  • C. The IP address had consecutive IMAP login failures to FortiMail.
  • D. The IP address had consecutive SSH login failures to FortiMail.

Answer: A


NEW QUESTION # 39
Refer to the exhibit which shows a topology diagram of a FortiMail cluster deployment.

Which IP address must the DNS MX record for this organization resolve to?

  • A. 1172 16 32 57
  • B. 172.16.32.1
  • C. 172.16.32.55
  • D. 172.16.32.56

Answer: C


NEW QUESTION # 40
Refer to the exhibit, which displays an access control rule.

What are two expected behaviors for this access control rule? (Choose two.)

  • A. Senders must be authenticated to match this rule.
  • B. Email matching this rule will be relayed.
  • C. Email must originate from an example. com email address.
  • D. Emails must be sent from the 10.0.1.0/24 subnet.

Answer: A,C


NEW QUESTION # 41
Refer to the exhibit, which shows a few lines of FortiMail logs.

Based on these log entries, which two statements describe the operational status of this FortiMail device?
(Choose two.)

  • A. FortiMail is experiencing issues accepting the connection from the external. lab MTA.
  • B. FortiMail is experiencing issues delivering the email to the internal. lab MTA.
  • C. The FortiMail device is in gateway or transparent mode.
  • D. The FortiMail device is in server mode.

Answer: B,C


NEW QUESTION # 42
Refer to the exhibit which displays a topology diagram.

Which two statements describe the built-in bridge functionality on a transparent mode FortiMail? (Choose two.)

  • A. If port1. is required to process SMTP traffic, it must be configured as a routed interface.
  • B. Any bridge member interface can be removed from the bridge and configured as a routed interface.
  • C. The management IP is permanently tied to port1, and port1 cannot be removed from the bridge.
  • D. All bridge member interfaces belong to the same subnet as the management IP.

Answer: C,D


NEW QUESTION # 43
Refer to the exhibit, which displays a history log entry.

In the Policy ID column, why isthe last policy ID value SYSTEM?

  • A. The email matched a system-level authentication policy.
  • B. It is an inbound email.
  • C. The email was dropped by a system blacklist.
  • D. The email did not match a recipient-based policy.

Answer: D


NEW QUESTION # 44
Refer to the exhibit, which displays the Mail Settings page of a FortiMail device running in gateway mode.

In addition to selecting Check External Domain in the MTA-STS service field, what else must an administrator do to enable MTA-STS?

  • A. Enable MTA-STS in the associated TLS profile.
  • B. Enable MTA-STS action in the appropriate inbound recipient policy.
  • C. Enable SMTPUTF8 support in the mail server settings.
  • D. Enable secure authentication in the associated SMTP authentication profile.

Answer: D


NEW QUESTION # 45
Refer to the exhibit, which shows an inbound recipient policy.

After creating the policy shown in the exhibit, an administrator discovers that clients can send unauthenticated emails using SMTP.
What must the administrator do to enforce authentication?

  • A. Configure an access delivery rule to enforce authentication.
  • B. Configure an access receive rule toverifyauthentication status.
  • C. Move this incoming recipient policy to the top of the list.
  • D. Configure a matching IP policy with the exclusive flag enabled.

Answer: B


NEW QUESTION # 46
A FortiMail administrator is concerned about cyber criminals attempting to get sensitive information from employees using whaling phishing attacks. What option can the administrator configure to prevent these types of attacks?

  • A. Dictionary profile with predefined smart identifiers
  • B. Content disarm and reconstruction
  • C. Impersonation analysis
  • D. Bounce tag verification

Answer: C


NEW QUESTION # 47
......

FCP_FML_AD-7.4 Exam Practice Materials Collection: https://evedumps.testkingpass.com/FCP_FML_AD-7.4-testking-dumps.html

Related Articles

more
Fortinet FCP_FML_AD-7.4 Certification Practice Exam