• Home
  • Blogs
  • Latest Apr-2026 Fortinet FCP_FML_AD-7.4 Dumps Updated 65 Questions [Q14-Q36]

Latest Apr-2026 Fortinet FCP_FML_AD-7.4 Dumps Updated 65 Questions [Q14-Q36]

Share

Latest Apr-2026 Fortinet FCP_FML_AD-7.4 Dumps Updated 65 Questions

PDF Download Free of FCP_FML_AD-7.4 Valid Practice Test Questions


Fortinet FCP_FML_AD-7.4 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Initial Deployment and Basic Configuration: This section of the exam measures skills of a Network Security Administrator and covers the foundational setup of FortiMail. It includes understanding SMTP and email flow, performing initial configurations such as selecting operation mode, system settings, and defining protected domains. It also involves deploying FortiMail in high-availability clusters to ensure service continuity.
Topic 2
  • Encryption: This section of the exam measures skills of a Messaging Security Engineer and addresses the implementation of encryption methods in FortiMail. It covers traditional SMTP encryption and identity-based encryption (IBE). Candidates are expected to configure these technologies and manage IBE users for secure email communication.
Topic 3
  • Email Security: This section of the exam measures skills of a Network Security Administrator and deals with implementing security controls to filter and manage email threats. Candidates must configure session-based filtering, spam detection methods, malware protection, APT mitigation, and content filtering. The section also includes email archiving configurations for compliance and storage.
Topic 4
  • Email Flow and Authentication: This section of the exam measures skills of a Messaging Security Engineer and focuses on configuring FortiMail to handle email flow securely. It includes enabling and matching authentication protocols, setting up secure MTA features, and implementing access control, IP policies, and recipient-based policies to control mail delivery and security.
Topic 5
  • Server Mode and Transparent Mode: This section of the exam measures skills of a Network Security Administrator and explains how to deploy and manage FortiMail in different operation modes. It includes configuring server mode to handle mail directly and deploying FortiMail in transparent mode where it acts as a gateway to filter email traffic without altering the existing mail infrastructure.

 

NEW QUESTION # 14
Which two antispam techniques query FortiGuard for rating information? (Choose two.)

  • A. DNSBL
  • B. SURBL
  • C. URL filter
  • D. IP reputation

Answer: C,D


NEW QUESTION # 15
Refer to the exhibit, which displays the Mail Settings page of a FortiMail device running in gateway mode.

In addition to selecting Check External Domain in the MTA-STS service field, what else must an administrator do to enable MTA-STS?

  • A. Enable MTA-STS action in the appropriate inbound recipient policy.
  • B. Enable secure authentication in the associated SMTP authentication profile.
  • C. Enable SMTPUTF8 support in the mail server settings.
  • D. Enable MTA-STS in the associated TLS profile.

Answer: D

Explanation:
You must enable MTA-STS in whatever TLS profile your outbound IP policy uses-only then will FortiMail honor the "Check External Domain" setting.


NEW QUESTION # 16
Refer to the exhibit, which shows a partial antispam profile configuration.

What will happen to an email that triggers Spam outbreak protection?

  • A. The email is marked as clean and released to the recipient.
  • B. The email is held in a deferred queue for a period of time.
  • C. The email is rejected.
  • D. The email is logged.

Answer: D


NEW QUESTION # 17
Refer to the exhibit.

What does the Scan timeout value configure?

  • A. How long FortiMail will wait to send a file or URI to FortiSandbox
  • B. How long FortiMail will waitfor a scan result from FortiSandbox
  • C. How often the local scan results cache will expire on FortiMail
  • D. How often FortiMail will query FortiSandbox for a scan result

Answer: B


NEW QUESTION # 18
Refer to the exhibit. What does the Scan timeout value configure?

  • A. How long FortiMail will wait to send a file or URI to FortiSandbox
  • B. How long FortiMail will wait for a scan result from FortiSandbox
  • C. How often the local scan results cache will expire on FortiMail
  • D. How often FortiMail will query FortiSandbox for a scan result

Answer: B

Explanation:
The Scan timeout setting specifies how long FortiMail will wait for FortiSandbox to return a verdict before treating the analysis as timed-out.


NEW QUESTION # 19
An organization has different groups of users with different needs in email functionality, such as address book access, mobile device access, email retention periods, and disk quotas.
Which FortiMail feature specific to server mode can be used to accomplish this?

  • A. Resource profiles
  • B. Domain-level service settings
  • C. Access profiles
  • D. Email group profiles

Answer: A

Explanation:
In FortiMail's server mode, Resource Profiles let you group mailboxes by things like disk-quota limits and message-retention periods, while corresponding Access Profiles control services such as address-book and mobile (ActiveSync) access. By defining different resource profiles for each user class, you can give each group its own quota and retention settings (and pair them with matching access profiles for service access).


NEW QUESTION # 20
Exhibit.

Reter to the exhibit, which shows the IBE Encryption page of a FortiMail device. Which user account behavior can you expect from these IBE settings?

  • A. After initial registration. IBE users can access the secure portal without authenticating again for 90 days.
  • B. IBE user accounts will expire after 90 days of inactivity and must register again to access new IBE email message.
  • C. First time IBE users must register to access their email within 90 days of receiving the notification email message
  • D. Registered IBE users have 90 days from the time they receive a notification email message to access their IBE email.

Answer: B


NEW QUESTION # 21
Which two antispam techniques query FortiGuard for rating information? (Choose two.)

  • A. DNSBL
  • B. SURBL
  • C. URL filter
  • D. IP reputation

Answer: C,D

Explanation:
URL filter: Queries FortiGuard's constantly updated web-rating database to check URLs in messages.
IP reputation: Uses FortiGuard's reputation service to look up sender IP addresses.


NEW QUESTION # 22
Which two factors are required for an active-active HA configuration of FortiMail in server mode?
(Choose two.)

  • A. A primary must be designated to initially process email.
  • B. Devices must be deployed behind a load balancer.
  • C. Mail data must be stored on a NAS server.
  • D. Service monitoring must be configured for remote SMTP.

Answer: B,C

Explanation:
FortiMail in server-mode active-active requires a shared mail store (e.g. NAS) so both units see the same data, and an external load-balancer (or DNS round-robin) to distribute SMTP sessions across the pair.


NEW QUESTION # 23
A FortiMail administrator is investigating a sudden increase in DSNs being delivered to their protected domain. After searching the logs, the administrator identifies that the DSNs werenotgenerated because of any outbound email sent from their organization.
Which FortiMail antispam technique can the administrator use to prevent this scenario?

  • A. Bounce address tag validation
  • B. Spoofed header detection
  • C. FortiGuard IP Reputation
  • D. Spam outbreak protection

Answer: A


NEW QUESTION # 24
When deploying FortiMail in transparent mode, which of the following statements are true?
(Select all that apply.)

  • A. Transparent mode requires changes to the mail server's IP address
  • B. Email attachments are automatically encrypted
  • C. Transparent mode is suitable for organizations with complex email infrastructures
  • D. FortiMail's functions are hidden from the email server
  • E. FortiMail acts as an intermediary for email traffic

Answer: D,E

Explanation:
In transparent mode, FortiMail sits invisibly in the mail flow and does not require IP address changes on the mail server.


NEW QUESTION # 25
Refer to the exhibit which shows a topology diagram of a FortiMail cluster deployment.

Which IP address must the DNS MX record for this organization resolve to?

  • A. 172.16.32.1
  • B. 172.16.32.55
  • C. 1172 16 32 57
  • D. 172.16.32.56

Answer: B


NEW QUESTION # 26
Which two features are available when you enable HA centralized monitoring on FortiMail?
(Choose two.)

  • A. Cross-device log searches across all cluster members from the primary device.
  • B. Firmware update of all cluster members from the primary device
  • C. Policy configuration changes of all cluster members from the primary device.
  • D. Mail statistics of all cluster members on the primary device.

Answer: A,D


NEW QUESTION # 27
Refer to the exhibit, which displays a history log entry.

In the Policy ID column, why is the last policy ID value SYSTEM?

  • A. It is an inbound email.
  • B. The email did not match a recipient-based policy.
  • C. The email was dropped by a system blocklist.
  • D. The email matched a system-level authentication policy.

Answer: B

Explanation:
Because no recipient-based policy matched the message, FortiMail fell back to the built-in
"SYSTEM" policy, which is why you see SYSTEM in the Policy ID field rather than a user-defined policy.


NEW QUESTION # 28
What are two benefits of having authentication reputation tracking enabled on FortiMail? (Choose two.)

  • A. Tracks offending IP addresses attempting brute force attacks
  • B. Temporarily locks out an attacker
  • C. Detects spoofed SMTP header addresses
  • D. Enforces SMTP authentication

Answer: A,B

Explanation:
Authentication reputation tracking monitors repeated authentication failures and can track malicious IPs and temporarily block attackers.


NEW QUESTION # 29
Refer to the exhibits, which display a topology diagram (Topology) and two FortiMail device configurations (FML1 Configuration and FML2 Configuration).



What is the expected outcome of SMTP sessions sourced from FML1 and destined for FML2?

  • A. FML1 will successfully establish an SMTPS session with FML2.
  • B. FML1 will fail to establish any connection with FML2.
  • C. FML1 will attempt to establish an SMTPS session with FML2. but fail and revert to standard SMTP.
  • D. FML1 will send the STARTTLS command in the SMTP session, which will be rejected by FML2.

Answer: A


NEW QUESTION # 30
What are Two reasons for having reliable DNS servers configured on FortiMail? (Choose two.)

  • A. Firmware updates
  • B. HA synchronization
  • C. FortiGuard Connectivity
  • D. Email transmission

Answer: C,D


NEW QUESTION # 31
When the domain keys identified mail (DKIM) feature is used, where is the public key stored?

  • A. The public key is stored in a DNS server as a TXT record
  • B. The public key is distributed during the SMTP session establishment
  • C. The public key is stored in the local FortiMail flash memory
  • D. The public key is stored in a DNS server as a PTR record

Answer: A

Explanation:
DKIM uses a public key published in DNS as a TXT record so receiving servers can verify message signatures.


NEW QUESTION # 32
Refer to the exhibit, which shows the Authentication Reputation list on a FortiMail device running in gateway mode.

Why was the IP address blocked?

  • A. The IP address had consecutive administrative password failures to FortiMail.
  • B. The IP address had consecutive IMAP login failures to FortiMail.
  • C. The IP address had consecutive SMTPS login failures to FortiMail..
  • D. The IP address had consecutive SSH login failures to FortiMail.

Answer: C


NEW QUESTION # 33
Refer to the exhibit, which shows the Authentication Reputation list on a FortiMail device running in gateway mode.

Why was the IP address blocked?

  • A. The IP address had consecutive SMTPS login failures to FortiMail.
  • B. The IP address had consecutive administrative password failures to FortiMail.
  • C. The IP address had consecutive IMAP login failures to FortiMail.
  • D. The IP address had consecutive SSH login failures to FortiMail.

Answer: A

Explanation:
Because the device's Authentication Reputation list shows a "Mail" violation and is blocking mail access (along with CLI and Web), it indicates repeated failures of the mail-protocol login. In gateway mode FortiMail only tracks SMTP (SMTPS) authentication failures under the "Mail" category, not IMAP, so consecutive SMTPS login failures triggered the block.


NEW QUESTION # 34
Refer to the exhibit, which shows the output of an email transmission using a telnet session.

What are two correct observations about this SMTP session? (Choose two.)

  • A. The SMTP envelope addresses are different from the message header addresses.
  • B. The "Subject" is part of the message header.
  • C. The"220 mx. internal, lab ESMTPSmtpd" message is part of the SMTP banner.
  • D. The "250Message accepted for delivery" message is part ofthe message body.

Answer: B,C


NEW QUESTION # 35
Which two FortiMail antispam techniques can you use to combat zero-day spam? (Choose two.)

  • A. DNSBL
  • B. Behavior analysis
  • C. Spam outbreak protection
  • D. IP reputation

Answer: C,D


NEW QUESTION # 36
......

FCP_FML_AD-7.4 Test Engine files, FCP_FML_AD-7.4 Dumps PDF: https://certblaster.prep4away.com/Fortinet-certification/braindumps.FCP_FML_AD-7.4.ete.file.html

Related Blogs

more
Fortinet FCP_FML_AD-7.4 Certification Practice Exam