Proofpoint TPAD01 Exam Questions

The correct answer is B. Add the partner's domain to the TLS Domains list with a setting of ''Always.'' Proofpoint's TLS guidance explains that opportunistic TLS is the default behavior for SMTP unless stricter policy is configured for specific destinations. To require secure transport to a specific partner domain, the administrator must explicitly enforce TLS for that domain rather than merely allowing it when available. Proofpoint describes TLS as a mechanism to encrypt messages in transit between sending and receiving mail servers, and that requirement becomes mandatory only when policy is configured to insist on TLS for the target domain.

Option A is incorrect because ''If Available'' still allows mail to be delivered without TLS if the remote server does not negotiate it, which does not satisfy the requirement to ensure secure delivery. Option C changes general protocol posture but does not by itself force TLS for one specific partner domain. Option D is also not the normal administrative control used for outbound partner enforcement in Proofpoint's course context. In the Threat Protection Administrator course, secure partner delivery is handled through domain-specific TLS enforcement settings, and the tested answer is to require TLS by setting the domain entry to Always. That ensures the Proofpoint system attempts secure SMTP and does not simply fall back to unencrypted transport for that external partner.

The correct answer is D. TLS is opportunistic for all SMTP communications. Proofpoint's TLS feature references and general mail-transport behavior align with standard SMTP TLS practice: by default, TLS is opportunistic, meaning the sending and receiving systems attempt to use TLS if the remote side supports it, but mail can still proceed if TLS is not available unless stricter policy has been configured. This is also why a separate domain-specific TLS enforcement setting such as ''Always'' exists for partners where encrypted delivery is mandatory. (proofpoint.com)

The other choices are incorrect for different reasons. Failed TLS negotiation does not fall back to plain HTTP, because SMTP transport is not replaced by HTTP in this scenario. TLS is not limited to internal communications within the server; it is specifically relevant to SMTP connections between mail systems. Also, the message is not rejected by default merely because TLS fails, since that would describe a mandatory TLS posture rather than opportunistic TLS. In the Threat Protection Administrator course, understanding this default behavior is important because administrators must know the difference between general TLS enablement and enforced secure-delivery policy for selected domains or partners. Therefore, the verified and course-aligned answer is D: TLS is opportunistic for all SMTP communications. (proofpoint.com)

The correct answer is A. Viewing and releasing emails from the quarantine. In Proofpoint's end-user experience, the End User Web Interface is designed primarily to let users interact with quarantined mail and manage a limited set of personal message-handling preferences. Proofpoint customer-facing material notes that users can manage quarantine settings and related sender preferences themselves, which aligns directly with the ability to view and release quarantined messages.

This fits the Threat Protection Administrator course because the End User Web Interface is not intended to function as a full administrative console. End users are not expected to build inbox-routing logic there, customize corporate branding assets, or administer platform-wide presentation elements. Those are administrative or separate product capabilities rather than a standard end-user quarantine task. The course's Quarantine and End User Web sections emphasize that users can review messages held by policy, determine whether a message appears legitimate, and request or perform a release depending on how the environment is configured. That is why quarantine visibility and release are the most common web-interface functions associated with end users.

Although encrypted-message reading may exist in other Proofpoint experiences or adjacent products, that is not the core answer this question is testing. The tested and course-aligned capability for the end-user web interface is viewing and releasing emails from quarantine, making A the correct answer.

The correct answer is C. A setting that defines email routing policies. In Proofpoint administration, SMTP-related profiles are used as configuration objects that shape how mail is handled in transport, including route behavior and SMTP service characteristics. The course question's correct answer aligns with the operational role of SMTP profiles in governing routing and transport behavior, not quarantine personalization or encryption-key generation. Proofpoint's general SMTP and relay documentation frames SMTP configuration around how messages are relayed, routed, and delivered between systems, which supports this answer. (proofpoint.com)

The incorrect options do not fit the function of an SMTP Profile. A block list of email addresses would be part of filtering or policy controls, not SMTP profile definition. A Proofpoint-generated encryption key belongs to cryptographic or secure message workflows, not to SMTP profile configuration. A user-defined quarantine setting is part of end-user or administrative quarantine handling and is unrelated to transport profile architecture. In the Threat Protection Administrator course, Mail Flow focuses heavily on routing, relay behavior, and delivery path control, and this question sits squarely in that domain. So when the course asks what an SMTP Profile is in Proofpoint, the best verified answer is that it is a setting that defines email routing policies. (proofpoint.com)

The correct answer is C. Deletes the listed attachments from the message and continues processing. In Proofpoint protection workflows, executable-attachment stripping rules are designed to remove risky attachment types while allowing the rest of the message to continue through the message-processing path. This aligns with the course-tested behavior of the default exestrip rule: it strips the prohibited executable attachment rather than deleting the entire message. Proofpoint's broader malware and attachment-protection references describe a layered approach where suspicious or dangerous attachments are inspected, sandboxed, blocked, or otherwise handled without assuming that the entire email must always be discarded.

That distinction matters operationally. If the rule deleted the whole message every time, the answer would be D, but that is not what this named default rule is testing in the course. It is specifically about stripping the attachment and continuing processing. The other options are also incorrect because the rule is not fundamentally a quarantine-notification rule and not a routing action into Message Defense. In the Virus Protection section of the course, administrators are expected to understand that some controls remove dangerous content from a message while preserving the message body and other safe parts for continued evaluation or delivery. Therefore, the verified and course-aligned answer is C.