FCESP - Fortinet Certified Email Security Professional

Go back to Fortinet

Example Questions

When inspecting and delivering mail messages, which of the following steps could be taken by a FortiMail unit operating in Transparent mode? Inspect for viruses. Inspect content of the message payload. Inspect for spam. Perform a routing lookup to decide the next hop MTA. Which of the following statements is true regarding Message Delivery Rules? They apply to SMTP sessions initiated by the FortiMail unit. A TLS profile can be associated to the session. How can a FortiMail administrator view or search archived emails? through POP3, IMAP or Web-based manager Which SMTP sessions are defined as outgoing? SMTP messages destined for servers that are NOT protected domains When the DomainKeys Identified Mail (DKIM) feature is used, where is the public key stored? The public key is stored in the DNS TXT record. Which of the following statements regarding User Quarantine Access is true? User Quarantine access can be enabled in Recipient-based policies only. Which of the following statements regarding SMTPs and SMTP over TLS are true? SMTPS connections are initiated on port 465. The command STARTTLS is used to initiate SMTP over TLS. In an SMTPS session, the identities of both sender and receiver are encrypted. Which of the following DNS records is commonly used to identify where to send mail for a particular domain name? MX record Which of the following is an advantage of using Banned Word scanning instead of Dictionary scanning? It is easier to configure. Which of the following statements regarding Antivirus scanning is NOT correct? Antivirus scanning is performed on incoming email traffic only. An SMTP session that matches an Access Control Rule with action Bypass is exempted by Antivirus scan. Which back-end servers can be used to provide Recipient Verification? LDAP servers SMTP servers What is the SMTP command used to initiate SMTP authentication? AUTH LOGIN According to the Message Header printed below, which antispam technique detected this email as spam: Return-Path: [email protected] (SquirrelMail authenticated user user1) by 172.16.78.8 with HTTP; X-FEAS-HASH: 6ef419f0a0608b1655xxxxe68080df3cb12fc38f1118d2f085985eeb000274d7 Sat, 18 Apr 2009 15:53:06 +0200 (CEST) Message-ID : <[email protected]> Date : Sat, 18 Apr 2009 15 :53 :06 +0200 (CEST) Subject: [SPAM] Sales From: [email protected] To: [email protected] User-Agent: SquirrelMail/1.4.10a-1.fc6 MIME-Version : 1.0 Content-Type : text/plain ;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Original-To: [email protected] Delivered-To: [email protected] Received: from fm.sub.training1.lab (fm.sub.training1.lab [192.168.11.101]) by mail.training.lab (Postfix) with ESMTP id A9160187073 for <[email protected]>; Sun, 19 Apr 2009 16:58:48 +0200 (CEST) Received: from mail.external.lab ([172.16.78.8]) by fm.sub.training1.lab with ESMTP id n3LEPHWu001093 for <[email protected]>; Tue, 21 Apr 2009 10:25:17 -0400 Received: from 172.16.78.8 (localhost [127.0.0.1]) by mail.external.lab (Postfix) with ESMTP id 247D9BF893 for <[email protected]>; Sat, 18 Apr 2009 15:53:06 +0200 (CEST) Received: from 192.168.3.101 FortiGuard checksum On a FortiMail unit, access control rules specify actions to be taken against matching email messages. Which of the following statements correctly describes the Bypass action? Accept the email message and skip all message scanning, such as antispam and antivirus. Which of the following profile types on a FortiMail unit make use of the system quarantine to isolate email messages? Content Monitor Profile Antispam Profile (Outgoing) A System Administrator is concerned by the amount of disk space being used to store quarantine email messages for non-existent accounts. Which of the following techniques can be used on a FortiMail unit to PREVENT email messages from being quarantined for non-existent accounts? Recipient Address Verification When using Sender Reputation on a FortiMail unit, which of the following actions can be taken against a source IP address generating spam or invalid email messages? Delay the email messages from that source IP address with a temporary fail. Reject the email messages from that source IP address with a permanent fail. Limit the number of email messages allowed from that source IP address. Which operational modes support High Availability? Transparent Mode Gateway Mode Server Mode A System Administrator is concerned by the amount of system resources being used to store quarantine email messages for non-existent accounts. Which of the following techniques can be used on a FortiMail unit to free up system resources? Automatic Removal of Invalid Quarantine Accounts What is the outcome of the following CLI commands executed on a FortiMail unit operating in Transparent mode? config system interface edit port2 set bridge-member disable end Interface port2 is removed from the transparent bridge. Which of the following statements regarding SMTP Authentication is true? When enabled in Recipient or IP-based policies, it is supported but not enforced. It can be enforced through Access Control Rules only. A FortiMail unit is installed in Gateway mode and is protecting a single email domain. Which of the following statements is NOT true in this scenario? An access control list entry must be configured to allow the FortiMail unit to relay incoming traffic to the protected domain. Which of the following features can be used to expand a single recipient address into a group of one or many email addresses? User Alias Which of the following statements is true regarding Recipient and IP-based policies? Recipient-based policies are applied to mail sent to specific users. IP-based policies are applied to connections by client IP address in Gateway and Server modes and both client and server IP addresses in Transparent mode. Traffic is matched against IP-based policies before being matched against Recipient-based policies. Which of the following features are available on a FortiMail unit operating in Server mode? Spam quarantine Content inspection An email message received by the FortiMail unit is subject to the Bounce Verification antispam check under which circumstances? The envelope MAIL FROM field contains a null reverse-path. A Bounce Verification key is created and activated. Which of the following parameters CANNOT be configured using the Quick Start Wizard? operation mode Which CLI command was used to generate the output shown below: Version: FortiMail-400B v4.0,build0103,091223 (GA Patch 1) Virus-DB: 11.551(03/05/2010 01:02) Serial-Number: FE400B3M09000140 BIOS version: 00010010 Log disk: Capacity 92 GB, Used 32 MB ( 0.04%), Free 92 GB Mailbox disk: Capacity 371 GB, Used 277 MB ( 0.08%) , Free 370 GB Hostname: server Operation Mode: Server HA configured mode: Off HA effective mode: Off Distribution: International Branch point: 103 System time: Fri Mar 5 15:04:04 2010 get sys status Which of the following statements is true regarding Session-based antispam techniques? SMTP commands, sender domain and IP address are checked. A FortiMail administrator must enforce the following company policy: All emails containing executable attachments must be detected. This detection must be file name independent. For example, if a user renames an executable from .exe to .txt, the file should still be detected. Which FortiMail inspection technique should the administrator apply? Content profile > File Type filtering rule to block all executable files Which default Bayesian account can be used as the recipient address to train the spam database? [email protected] Which operation is performed by the Forged IP scanning technique? DNS PTR record lookup on the sender’s IP address then A record lookup on the canonical hostname Which of the following allow a TLS profile to be used? Access Control Receive Rule Access Control Delivery Rule An administrator of a FortiMail unit operating in Server Mode has been given the requirement to configure disk quotas for all the users of a specific domain. How can the administrator achieve this requirement? Define a disk quota value in a Resource Profile. An email user reports that his mail client is unable to display correctly all emails received from a corporate remote office. The data portion is being replaced by an attachment *.p7m . Which of the following factors are likely contributing to this issue? SMIME has been implemented between remote and central office MTAs. The receiver MTA does not have the corresponding private key to decrypt the message. Which of the following FortiMail profile types apply to IP-based policies only? Session profile IP pool A FortiMail unit installed in Transparent mode protects a mail domain training1.lab on a mail server with IP address 172.16.1.1. On the protected domain, the "Use this domain's SMTP server to deliver the mail" setting is ENABLED and the "Hide the transparent box" setting is DISABLED. An email from [email protected] to [email protected] (172.16.1.1) is intercepted by the FortiMail unit. Which of the following statements is true based on this scenario? The FortiMail unit will add a received header to the email message. Which of the following statements is true regarding an Active Passive HA configuration? Different hardware models can be used to form a cluster. The mail data and MTA queues can be synchronized between master and slave units. A maximum of two FortiMail units can be used to form a cluster. Which of the following situations could explain why an email message would be in the dead mail queue on a FortiMail unit operating in Gateway mode? The sender and the recipient addresses are invalid. Which of the following features can be used to hide internal email domains and email addresses? Address Map Which of the following describe the functionality of the quarantine control account? It populates the envelope MAIL FROM field of the quarantine spam report. Email users can release quarantined emails by sending an email to this account. Examine the SMTP session below to determine which of the following statements is TRUE: 220 server.internal.lab ESMTP Smtpd; Fri, 5 Mar 2010 10:15:17 +0100 ehlo 192.168.5.192 250-server.internal.lab Hello [192.168.5.192], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 10485760 250-DSN 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250-STARTTLS 250-DELIVERBY 250 HELP mail from: <[email protected]> 250 2.1.0 <[email protected]>… Sender ok rcpt to: <[email protected]> 250 2.1.5 <[email protected]>… Recipient ok data 354 Enter mail, end with “.” on a line by itself This is a test . 250 2.0.0 o259FHGe000418-o259FHGf000418 Message accepted for delivery quit 221 2.0.0 server.internal.lab closing connection The remote MTA FQDN is server.internal.lab. The SMTP id is o259FHGe000418-o259FHGf000418. An SMTP client successfully authenticates with a FortiMail unit with no access list entries configured. Which of the following statements correctly describes the expected behavior of the FortiMail unit in this scenario? The FortiMail unit will relay all email messages from the authenticated client. In an LDAP query, which variable can be used to identify the full email address? $m Which of the following statements is true regarding oversized emails? The default maximum message size defined on the FortiMail unit is 10 MB. The session profile parameter “Cap message size” can be used to increase the maximum message size. What is the recommended procedure to identify emails encoded in a specific charset? Configure a Dictionary profile entry and associate it to the content profile section Content Monitor and Filtering. Which of the following back-end servers can NOT be used to provide Recipient Verification? POP3 servers RADIUS servers Which protection profile can be used to protect against Directory Harvest attacks? session profile Under which of the following conditions would an email be placed in the Dead Mail queue? The recipient of the email is invalid. The sender of the email is invalid. Which of the following sentences is true regarding a Config Only cluster? A maximum of 25 FortiMail units can join a Config Only cluster. A Config Only cluster is generally deployed behind a Load Balancer.