Proofpoint TPAD01 Exam - Topic 5 Question 10 Discussion

The correct answer is B. Add the partner's domain to the TLS Domains list with a setting of ''Always.'' Proofpoint's TLS guidance explains that opportunistic TLS is the default behavior for SMTP unless stricter policy is configured for specific destinations. To require secure transport to a specific partner domain, the administrator must explicitly enforce TLS for that domain rather than merely allowing it when available. Proofpoint describes TLS as a mechanism to encrypt messages in transit between sending and receiving mail servers, and that requirement becomes mandatory only when policy is configured to insist on TLS for the target domain.

Option A is incorrect because ''If Available'' still allows mail to be delivered without TLS if the remote server does not negotiate it, which does not satisfy the requirement to ensure secure delivery. Option C changes general protocol posture but does not by itself force TLS for one specific partner domain. Option D is also not the normal administrative control used for outbound partner enforcement in Proofpoint's course context. In the Threat Protection Administrator course, secure partner delivery is handled through domain-specific TLS enforcement settings, and the tested answer is to require TLS by setting the domain entry to Always. That ensures the Proofpoint system attempts secure SMTP and does not simply fall back to unencrypted transport for that external partner.