Ensurepass

Overview

Fabrikam, Inc., is a pharmaceutical company located in Europe. The company has 5,000 users. The company is finalizing plans to deploy an Exchange Server 2013 organization. The company has offices in Paris and Amsterdam.

 

Existing Environment

Active Directory Environment

The network contains an Active Directory domain named fabrikam.com. An Active Directory site exists for each office.

 

Network Infrastructure

The roles and location of each server are configured as shown in the following table.

 

clip_image001

 

Client computers run either Windows 7 or Windows 8 and have Microsoft Office 2010 installed. The Paris office uses the 192.168.1.0/24 IP range. The Amsterdam office uses the 192.168.2.0/24 IP range. The offices connect to each other by using a high-speed, low- latency WAN link. Each office has a 10-Mbps connection to the Internet.

 

Planned Exchange Infrastructure

The company plans to deploy five servers that run Exchange Server. The servers will be configured as shown in the following table.

 

clip_image002

 

The company plans to have mailbox databases replicated in database availability groups (DAGs). The mailbox databases and DAGs will be configured as shown in the following table.

 

clip_image003

 

DAG1 will use FS1 as a file share witness. DAG2 will use FS3 as a file share witness. You plan to create the following networks on each DAG:

 

– A dedicated replication network named DAGNET1

– A MAPI network named DAGNET2

 

All replication traffic will run on DAGNET1. All client connections will run on DAGNET2. Client connections must never occur on DAGNET1. Replication traffic must only occur on DAGNET2 if DAGNET1 is unavailable. Each Exchange Server 2013 Mailbox server will be configured to have two network adapters.

The following two mailbox databases will not be replicated as part of the DAGs:

– A mailbox database named AccountingDB that is hosted on EX1

– A mailbox database named TempStaffDB that is hosted on EX4 EDGE1 will have an Edge Subscription configured, with both EX1 and EX2 as targets.

 

Requirements

Planned Changes

An external consultant reviews the Exchange Server 2013 deployment plan and identifies the following areas of concern:

– The DAGs will not be monitored.

– Multiple Edge Transport servers are required to prevent the potential for a single point of failure.

 

Technical Requirements

Fabrikam must meet the following technical requirements:

– Email must be evaluated for SPAM before the email enters the internal network.

– Production system patching must minimize downtime to achieve the highest possible service to users.

– Users must be able to use the Exchange Control Panel to autonomously join and disjoin their department’s distribution lists.

– Users must be able to access all Internet-facing Exchange Server services by using the names of mail.fabrikam.com and autodiscover.fabrikam.com.

 

The company establishes a partnership with another company named A. Datum Corporation. A. Datum uses the SMTP suffix adatum.com for all email addresses. Fabrikam plans to exchange sensitive information with A. Datum and requires that the email messages sent between the two companies be encrypted. The solution must use Domain Security. Users in the research and development (R&D) department must be able to view only the mailboxes of the users in their department from Microsoft Outlook. The users in all of the other departments must be prevented from viewing the mailboxes of the R&D users from Outlook. Administrators plan to produce HTML reports that contain information about recent status changes to the mailbox databases. Fabrikam is evaluating whether to abort its plan to implement an Exchange Server 2010 Edge Transport server and to implement a Client Access server in the Paris office instead. The Client Access server will have anti-spam agents installed.

 

 

QUESTION 57

Hotspot Question

You need to recommend which configurations must be set for each network. Which configurations should you recommend?

To answer, select the appropriate configurations for each network in the answer area.

 

clip_image004

 

Correct Answer:

 

clip_image005

 

 

QUESTION 58

An administrator recommends removing EDGE1 from the implementation plan and adding a new Client Access server named CAS-8 instead. You need to identify which anti-spam feature will NOT be available on CAS-8. Which anti-spam feature should you identify?

 

A.

Connection Filtering

B.

Sender Filtering

C.

Content Filtering

D.

Recipient Filtering

 

Correct Answer: A

Explanation:

A

You can’t enable the anti-spam agents on an Exchange 2013 Client Access server.

Therefore, the only way to get the Connection Filtering agent is to install an Exchange 2010 or Exchange 2007 Edge Transport server in the perimeter network

Connection Filtering agent is only available on the Edge Transport server role. Exchange 2013 does not have an Edge Transport server role yet.

NOT B C D

Only need to identify 1 and this is connection filtering.

 

 

QUESTION 59

You need to recommend which task is required to prepare Active Directory for the planned Exchange Server 2013 implementation. What should you recommend?

 

A.

On any domain controller in the Paris office, run setup.exe /preparead.

B.

On any domain controller in the Amsterdam office, run setup.exe /preparead.

C.

On any domain controller in the Paris office, run setup.exe /preparealldomains.

D.

On any domain controller in the Amsterdam office, run setup.exe /preparedomain.

 

Correct Answer: B

Explanation:

B

The schema master is in the Amsterdam office.

Before you install the release to manufacturing (RTM) version of Microsoft Exchange Server 2013 or later cumulative updates (CU) on any servers in your organization, you must prepare Active Directory and domains.

Run  setup.exe /preparead on the schema master.

NOT A  C

The schema master is in the Amsterdam office.

Run  setup.exe /preparead on the schema master.

NOT D

Fabrikam has a single domain.

In order to prepare a domain, run the following command from an elevated command prompt after browsing to the Exchange 2013 DVD/ISO.

Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

If you have a single domain environment, you dont have to prepare the domain as the local domain is prepared for 2013 as part of preparing the AD. But, if you have a multi-domain environment, all other domains (except the one on which the AD was prepared) has to be ready for 2013.

You can prepare all the domains in one go by running the command below.

Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms (you will need Enterprise Admin rights).

 

 

QUESTION 60

Drag and Drop Question

You need to recommend to a solution to deploy the Outlook app. Which three actions should you recommend performing in sequence?

 

clip_image007

 

Correct Answer:

 

clip_image009

 

 

QUESTION 61

You have an Exchange Server 2013 organization that contains multiple Hub Transport servers.

You need to recommend a message hygiene solution to meet the following requirements:

 

– Block servers that are known to send spam

– Minimize administrative effort

 

What should you recommend?

 

A.

an IP Block list

B.

IP Block list providers

C.

recipient filtering

D.

sender filtering

 

Correct Answer: B

 

 

QUESTION 62

Your company has a Exchange Server 2013 organization.

You plan to deploy Microsoft Office Outlook and mobile devices for remote users.

You need to plan the deployment of Client Access servers to support the automatic configuration of Outlook profiles and ——–.

What should you include in the plan?

 

A.

Autodiscover

B.

MailTips

C.

Remote Access Server

D.

Unified Messaging auto attendant

 

Correct Answer: A


QUESTION 63

You need to recommend a design that meets the technical requirements for communication between Fabrikam and A. Datum. Which three actions should you perform in fabrikam.com? (Each correct answer presents part of the solution. Choose three.)

 

A.

Create a remote domain for adatum.com.

B.

Exchange certificates with the administrators of adatum.com.

C.

From EDGE1, create a Send connector that has an address space for adatum.com

D.

Run the Set-TransportConfigcmdlet.

E.

Run the Set-TransportServercmdlet.

F.

From a Mailbox server, create a Send connector that has an address space for adatum.com.

 

Correct Answer: BDF

Explanation:

NOT A

Applies to: Exchange Server 2013, Exchange Online

Remote domains are SMTP domains that are external to your Microsoft Exchange organization. You can create remote domain entries to define the settings for message transferred between your Exchange organization and specific external domains. The settings in the remote domain entry for a specific external domain override the settings in the default remote domain that normally apply to all external recipients. The remote domain settings are global for the Exchange organization.

You can create remote domain entries to define the settings for message transfers between your Exchange Online organization and external domains. When you create a remote domain entry, you control the types of messages that are sent to that domain. You can also apply message format policies and acceptable character sets for messages that are sent from users in your organization to the remote domain.

NOT C

Edge1 is in the perimeter network and the send connector needs to be created on a mailbox server

NOT E

Set-TransportServercmdlet.

Use the Set-TransportServer cmdlet to set the transport configuration options for the Transport service on Mailbox servers or for Edge Transport servers.

This example sets the DelayNotificationTimeout parameter to 13 hours on server named Mailbox01.

Set-TransportServer Mailbox01 -DelayNotificationTimeout 13:00:00

Need Set-TransportConfig   and the TLSReceiveDomainSecureList parameter  to specify the domains from which you want to receive domain secured email by using mutual Transport Layer Security (TLS) authentication.

B

To activate SSL encryption on an Exchange server, you need a server certificate on the Client Access Server in each company. The client access server is the internet facing server in an organization.

An SSL certificate is a digital certificate that authenticates the identity of the exchange server and encrypts information that is sent to the server using Secure Sockets Layer (SSL) technology

Mailbox server certificates

One key difference between Exchange 2010 and Exchange 2013 is that the certificates that are used on the Exchange 2013 Mailbox server are self-signed certificates.

Because all clients connect to an Exchange 2013 Mailbox server through an Exchange 2013 Client Access server, the only certificates that you need to manage are those on the Client Access server.

The Client Access server automatically trusts the self-signed certificate on the Mailbox server, so clients will not receive warnings about a self-signed certificate not being trusted, provided that the Client Access server has a non-self-signed certificate from either a Windows certification authority (CA) or a trusted third party. There are no tools or cmdlets available to manage self-signed certificates on the Mailbox server. After the server has been properly installed, you should never need to worry about the certificates on the Mailbox server.

D

Set-TransportConfig.

Use the Set-TransportConfig cmdlet to modify the transport configuration settings for the whole Exchange organization.

EXAMPLE 1

This example configures the Exchange organization to forward all DSN messages that have the DSN codes 5.7.1, 5.7.2, and 5.7.3 to the postmaster email account.

Set-TransportConfig -GenerateCopyOfDSNFor 5.7.1,5.7.2,5.7.3

The TLSReceiveDomainSecureList parameter specifies the domains from which you want to receive domain secured email by using mutual Transport Layer Security (TLS) authentication.

F

If you want to ensure secure, encrypted communication with a partner, you can create a Send connector that is configured to enforce Transport Layer Security (TLS) for messages sent to a partner domain. TLS provides secure communication over the Internet.

 

 

QUESTION 64

Drag and Drop Question

You are evaluating the implementation of a second Edge Transport server named EDGE2 in the Amsterdam office. You need to recommend which tasks must be performed to ensure that email messages can be sent by the organization if a single Edge Transport server fails. Which three actions should you include in the recommendation?

To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 

clip_image011

Correct Answer:

 

clip_image013

 

 

QUESTION 65

You need to recommend which type of group must be used to create the planned department lists.

Which type of group should you recommend?

 

A.

Universal Distribution

B.

Dynamic Distribution

C.

Global Security

D.

Universal Security

 

Correct Answer: A

Explanation:

A

Universal Distribution

Mail-enabled universal distribution groups (also called distribution groups) can be used only to distribute messages.

NOT B

A dynamic distribution group is a distribution group that uses recipient filters and conditions to derive its membership at the time messages are sent.

http://technet.microsoft.com/en-us/library/bb123722(v=exchg.150).aspx

Use the EAC to create a dynamic distribution group

As ExamTester from Netherlands commented below

But the Fabrikam case asks that users must be able to add and remove themselves from the distribution group. This is not possible using a dynamic group since membership is dynamically calculated based on attributes

Use this explanation for NOT B

http://technet.microsoft.com/en-us/library/bb201680(v=exchg.150).aspx

You can’t use Exchange Server 2013 to create non-universal distribution groups.

Mail-enabled non-universal groups were discontinued in Exchange Server 2007 and can exist only if they were migrated from Exchange 2003 or earlier versions of Exchange.

Seems to contradict the above.

NOT C D

In Exchange, all mail-enabled groups are referred to as distribution groups, whether they have a security context or not.

 

 

QUESTION 66

You need to recommend which tasks must be performed to meet the technical requirements of the research and development (R&D) department. Which two tasks should you recommend? (Each correct answer presents part of the solution. Choose two.)

 

A.

Create a new global address list (GAL) and a new address book policy.

B.

Modify the permissions of the default global address list (GAL), and then create a new GAL.

C.

Run the Update AddressList cmdlet.

D.

Run the Set-Mailbox cmdlet.

E.

Create an OAB virtual directory.

 

Correct Answer: AD

Explanation:

NOT B

Need an address book policy

NOT C

Update AddressList cmdlet

Use the Update-AddressList cmdlet to update the recipients included in the address list that you specify.

EXAMPLE 1

This example updates the recipients of the address list building4 and under the container All UsersSales.

Update-AddressList -Identity “All UsersSalesbuilding4”

NOT E

Will not resolve the issue

Need an address book policy and to assign this policy to users.

A

Address book policies (ABPs) allow you to segment users into specific groups to provide customized views of your organizations global address list (GAL).

When creating an ABP, you assign a GAL, an offline address book (OAB), a room list, and one or more address lists to the policy.

You can then assign the ABP to mailbox users, providing them with access to a customized GAL in Outlook and Outlook Web App.

The goal is to provide a simpler mechanism to accomplish GAL segmentation for on-premises organizations that require multiple GALs.

D

After you create an address book policy (ABP), you must assign it to mailbox users. Users arent assigned a default ABP when their user account is created.

If you don’t assign an ABP to a user, the global address list (GAL) for your entire organization will be accessible to the user through Outlook and Outlook Web App.

This example assigns the ABP All Fabrikam to the existing mailbox user joe@fabrikam.com.

Set-Mailbox -Identity joe@fabrikam.com -AddressBookPolicy “All Fabrikam”

 

QUESTION 67

You are testing the planned implementation of Domain Security. You discover that users fail to exchange domain-secured email messages. You open the Exchange Management Shell and discover the output shown in the exhibit. (Click the Exhibit button.)

 

clip_image015

 

You need to ensure that users can exchange email messages by using Domain Security. Which two parameters should you modify by using the Set-SendConnector cmdlet? (Each correct answer presents part of the solution. Choose two.)

 

A.

tlsauthlevel

B.

requiretls

C.

ignorestarttls

D.

tlsdomain

E.

domainsecureenabled

F.

smarthostauthmechanism

 

Correct Answer: BE

Explanation:

NOT TLSAUTHLEVEL

The TlsAuthLevel parameter specifies the TLS authentication level that is used for outbound TLS connections established by this Send connector. Valid values are:

EncryptionOnly: TLS is used only to encrypt the communication channel. No certificate authentication is performed.

CertificateValidation: TLS is used to encrypt the channel and certificate chain validation and revocation lists checks are performed.

DomainValidation: In addition to channel encryption and certificate validation, the Send connector also verifies that the FQDN of the target certificate matches the domain specified in the TlsDomain parameter. If no domain is specified in the TlsDomain parameter, the FQDN on the certificate is compared with the recipient’s domain.

You can’t specify a value for this parameter if the IgnoreSTARTTLS parameter is set to $true, or if the RequireTLS parameter is set to $false.

NOT ignorestarttls

The IgnoreSTARTTLS parameter specifies whether to ignore the StartTLS option offered by a remote sending server.

This parameter is used with remote domains. This parameter must be set to $false if the RequireTLS parameter is set to $true. Valid values for this parameter are $true or $false.

NOT tlsdomain

The TlsDomain parameter specifies the domain name that the Send connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection.

This parameter is used only if the TlsAuthLevel parameter is set to DomainValidation.

A value for this parameter is required if:

The TLSAuthLevel parameter is set to DomainValidation.

The DNSRoutingEnabled parameter is set to $false (smart host Send connector).

NOT smarthostauthmechanism

The SmartHostAuthMechanism parameter specifies the smart host authentication mechanism to use for authentication with a remote server.

Use this parameter only when a smart host is configured and the DNSRoutingEnabled parameter is set to $false.

Valid values are None, BasicAuth, BasicAuthRequireTLS, ExchangeServer, and ExternalAuthoritative.

All values are mutually exclusive. If you select BasicAuth or BasicAuthRequireTLS, you must use the AuthenticationCredential parameter to specify the authentication credential.

 

Instant Access to Download Testing Software & PDF File for Microsoft 70-341 Real Exam

Instant Access to Try Microsoft 70-341 Free Demo

Comments are closed.