GreatExam 70-341 braindumps including the exam questions and the answer, completed by our senior IT lecturers and the Microsoft product experts, include the current newest 70-341 exam questions.
QUESTION 51
Hotspot Question
Your network contains an Active Directory forest named contoso.com.
The forest contains two sites named Site1 and Site2.
You have an Exchange Server 2013 organization that contains two servers.
The servers are configured as shown in the following table.
An administrator creates a new Active Directory site named Site3.
The administrator creates mailboxes for the users in Site3.
All of the mailboxes of the Site3 users are located on EX1.
Site3 contains a domain controller named dc3.contoso.com.
The Site3 users report that sometimes, when they open Microsoft Outlook, it takes a long time to access their mailbox.
You need to reduce the amount of time it takes for the users to access their mailbox.
Which command should you run? (To answer, select the appropriate options in the dialog box in the answer area.)
Answer:
Explanation:
Autodiscover Service
Microsoft Exchange 2013 includes a service named the Autodiscover service. This topic gives an overview of the service and explains how it works, how it configures Outlook clients, and what options there are for deploying the Autodiscover service in your messaging environment.
The Autodiscover service does the following:
Automatically configures user profile settings for clients running Microsoft Office Outlook 2007, Outlook 2010, or Outlook 2013, as well as supported mobile phones. Phones running Windows Mobile 6.1 or a later version are supported. If your phone isn’t a Windows Mobile phone, check your mobile phone documentation to see if it’s supported.
Provides access to Exchange features for Outlook 2007, Outlook 2010, or Outlook 2013 clients that are connected to your Exchange messaging environment.
Uses a user’s email address and password to provide profile settings to Outlook 2007, Outlook 2010, or Outlook 2013 clients and supported mobile phones. If the Outlook client is joined to a domain, the user’s domain account is used.
When you install a Client Access server in Exchange 2013, a default virtual directory named Autodiscover is created under the default website in Internet Information Services (IIS). This virtual directory handles Autodiscover service requests from Outlook 2007, Outlook 2010, and Outlook 2013 clients and supported mobile phones under the following circumstances:
When a user account is configured or updated
When an Outlook client periodically checks for changes to the Exchange Web Services URLs When underlying network connection changes occur in your Exchange messaging environment Additionally, a new Active Directory object named the service connection point (SCP) is created on the server where you install the Client Access server. The SCP object contains the authoritative list of Autodiscover service URLs for the forest. You can use the Set-
ClientAccessServer cmdlet to update the SCP object. For more information, see Set-ClientAccessServer.
SECTION1
Set-ClientAccessServer EX1
Use the Set-ClientAccessServer cmdlet to set properties on specified Client Access server objects. Use the Set-ClientAccessServer cmdlet to change AutoDiscover settings.
NOT Set-ExchangeServer
Use the Set-ExchangeServer cmdlet to set Exchange attributes in Active Directory for a specified server.
NOT Set-RPCClientAccess
Use the Set-RpcClientAccess cmdlet to manage the settings for the Exchange RPC Client Access service that’s running on a Microsoft Exchange Server 2010 Client Access server.
SECTION2
-AutoDiscoverSiteScope ‘Site1;Site3’
The AutoDiscoverSiteScope parameter specifies the site for which the Autodiscover service is authoritative.
Clients that connect to the Autodiscover service by using the internal URL must belong to a listed site.
NOT -AutoDiscoverServiceInternalURI
The AutoDiscoverServiceInternalUri parameter specifies the internal URL of the Autodiscover service.
Need to specify Site3
NOT -IgnoreDefaultScope
NOT a parameter of Set-ClientAccessServer
The IgnoreDefaultScope parameter instructs the command to ignore the default recipient scope setting for the
Exchange Management Shell session and use the entire forest as the scope. This allows the command to access Active Directory objects that aren’t currently in the default scope. Using the
IgnoreDefaultScope parameter introduces the following restrictions:
You can’t use the DomainController parameter. The command uses an appropriate global catalog server automatically.
You can only use the DN for the Identity parameter. Other forms of identification, such as alias or GUID, aren’t accepted.
You can’t use the OrganizationalUnit and Identity parameters together.
You can’t use the Credential parameter.
NOT -DomainController
The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.
Will not resolve the issue.
QUESTION 52
You deploy an Active Directory forest that contains two domains named contoso.com and child.contoso.com.
You plan to deploy Exchange Server 2013 servers to the child.contoso.com domain.
You need to prepare Active Directory for the installation of the first Exchange Server 2013 servers.
Which command should you run in each domain? (To answer, drag the appropriate commands to the correct domains. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Explanation:
THE SUPPLIED ANSWER IS CORRECT.
FOR 3 STEPS USE
1. SETUP/PREPARESCHEMA
2. SETUP/PREAREAD
3. SETUP /PREPAREDOMAIN
HOWEVER THE ANSWER ONLY PROVIDES FOR 2 STEPS.
IF YOU RUN SETUP /PREPAREAD THEN THIS COMMAND CHECKS TO SEE IF THE SCHEMA EXTENSIONS HAVE BEEN INSTALLED
AND IF NOT THEN IT PROCEEDS TO INSTALL THEM.
HENCE SETUP /PREPAREAD IS CORRECT
A TRICK QUESTION FROM MICROSOFT TO CHECK IF YOU KNOW HOW SETUP
/PREPAREAD ACTUALLY OPERATES.
QUESTION 53
You have an Exchange Server 2013 organization.
Your company has a Service Level Agreement (SLA) stating that you must be able to reconnect disconnected mailboxes to user accounts for up to 365 days.
After 365 days, disconnected mailboxes must be deleted permanently.
You need to recommend a solution to meet the SLA .
What should you include in the recommendation?
A. Create a retention policy and apply the policy to all mailboxes.
B. Configure the deleted mailbox retention setting for all databases.
C. Configure the deleted item retention setting for all databases.
D. Implement a database availability group (DAG) that contains a lagged copy.
Answer: B
Explantion:
Recoverable Items Folder Exchange 2013
The Recoverable Items folder replaces the feature known as the dumpster in Exchange Server 2007.
The Recoverable Items folder is used by the following Exchange features:
– Deleted item retention
– Single item recovery
– In-Place Hold
– Litigation hold
– Mailbox audit logging
– Calendar logging
– Disconnected Mailboxes
Each Microsoft Exchange mailbox consists of an Active Directory user account and the mailbox data stored in the Exchange mailbox database. All configuration data for a mailbox is stored in the Exchange attributes of the Active Directory user object. The mailbox database contains the mail data that’s in the mailbox associated with the user account.
The following figure shows the components of a mailbox.
A disconnected mailbox is a mailbox object in the mailbox database that isn’t associated with an Active Directory user account.
There are two types of disconnected mailboxes:
Disabled mailboxes
When a mailbox is disabled or deleted in the Exchange Administration Center (EAC) or using the Disable-Mailbox or Remove-Mailbox cmdlet in the Exchange Management Shell, Exchange retains the deleted mailbox in the mailbox database, and switches the mailbox to a disabled state. This is why mailboxes that are either disabled or deleted are referred to as disabled mailboxes. The difference is that when you disable a mailbox, the Exchange attributes are removed from the corresponding Active Directory user account, but the user account is retained. When you delete a mailbox, both the Exchange attributes and the Active Directory user account are deleted.
Disabled and deleted mailboxes are retained in the mailbox database until the deleted mailbox retention period expires, which is 30 days by default. After the retention period expires, the mailbox is permanently deleted (also called purged). If a mailbox is deleted using the Remove-Mailbox cmdlet, it’s also retained for the duration of the retention period.
Important:
If a mailbox is deleted using the Remove-Mailbox cmdlet and either the Permanent or StoreMailboxIdentity parameter, it will be immediately deleted from the mailbox database. To identify the disabled mailboxes in your organization, run the following command in the Shell.
Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisconnectReason -eq “Disabled” } | ft
DisplayName,Database,DisconnectDate
Soft-deleted mailboxes
When a mailbox is moved to a different mailbox database, Exchange doesn’t fully delete the mailbox from the source mailbox database when the move is complete. Instead, the mailbox in the source mailbox database is switched to a soft-deleted state. Like disabled mailboxes, soft-deleted mailboxes are retained in the source database either until the deleted mailbox retention period expires or until the Remove-StoreMailbox cmdlet is used to purge the mailbox.
Run the following command to identify soft-deleted mailboxes in your organization. Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisconnectReason -eq “SoftDeleted” } | ft
DisplayName,Database,DisconnectDate
NOT A
Need to modify the deleted mailbox retention settings
NOT C
Not related to an item but to databases
NOT D
Need to modify the deleted mailbox retention settings.
DAG with a lagged copy is not modifying the mailbox retention policy settings.
B
Disabled and deleted mailboxes are retained in the mailbox database until the deleted mailbox retention period expires, which is 30 days by default.
This example configures a deleted item retention period of 365 days for the mailbox database MDB2.
Set-MailboxDatabase -Identity MDB2 -DeletedItemRetention 365
Content can be retained using a variety of built-in functions such as:
Journaling: With journaling, the organization can have exact copies of content captured and retained in a separate database (a “journaling database”) to ensure the content has not been tampered with and is available for legal search and review at a future time Retention Policy: Content within an Exchange environment can be set to be retained (or purged) based on policies set on the Exchange databases, so either configured through the Exchange Admin console or through a PowerShell command like Set-MailboxDatabase -Identity MDB4 -eletedItemRetention 365 to hold content from being deleted off the Exchange server
Personal Archives: Each user in Exchange can have their primary mailbox and an Archive mailbox where the archive mailbox can have content drag/dropped to the archive box for long term storage, similar to what users have historically used Personal Store (PST) files in the past. Unlike a PST file that is almost completely unmanaged by the organization (yet is still considered legal evidence), the Personal Archive in Exchange is part of the Exchange environment with content that can be searched, set for long term retention, and put on legal hold.
QUESTION 54
A user fails to connect to his mailbox by using Outlook Anywhere.
The user successfully connects to the mailbox by using an Exchange ActiveSync-enabled mobile device and Outlook Web App.
You need to identify what prevents the users from connecting to the mailbox by using Outlook Anywhere.
Which tool should you use?
A. Microsoft Outlook
B. Microsoft Exchange Server Deployment Assistant
C. Microsoft Exchange RPC Extractor
D. Microsoft Exchange Server Profile Analyzer
E. Microsoft Exchange Server User Monitor
F. Microsoft Exchange Load Generator
G. Exchange Remote Connectivity Analyzer
H. Exchange Server MAPI Editor
Answer: G
Explanation:
G
Exchange Remote Connectivity Analyzer (ExRCA
The Exchange Remote Connectivity Analyzer (ExRCA) is a web-based tool designed to test connectivity with a variety of Exchange protocols. You can access the ExRCA
https://www.testexchangeconnectivity.com/.
The Microsoft Exchange Remote Connectivity Analyzer (ExRCA) can help you confirm that connectivity for your Exchange servers is configured correctly and diagnose any connectivity issues. The Remote Connectivity
Analyzer website offers tests for Microsoft Exchange ActiveSync, Exchange Web Services, Microsoft Outlook, and Internet email.
Exchange Remote Connectivity Analyzer Tool
QUESTION 55
Drag and Drop Question
You have an Exchange Server 2013 organization that contains a database availability group (DAG).
There are four copies of every mailbox database.
One of the copies is a lagged copy configured to have a replay lag time of 14 days.
All mailboxes have single item recovery enabled.
All databases are configured to have a deleted item retention period of seven days.
A company executive reports that an email message, which was deleted 10 days ago, must be restored.
You need to ensure that you can recover the email message from the lagged copy of the mailbox database.
The solution must preserve the lagged copy of the mailbox database.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Run the Suspend-MailboxDatabaseCopy cmdlet.
Run the vssadmin command.
Run the eseutil.exe command.
vssadmin
Displays current volume shadow copy backups and all installed shadow copy writers and providers in the command window.
There could be VSS errors causing the datasources not to enumerate. If so, verify that all Exchange Node and Exchange VSS components are functional. Ensure all databases are mounted and healthy Run vssadmin list writers Move-ActiveMailboxDatabase
Use the Move-ActiveMailboxDatabase cmdlet to perform a database or server switchover. This example performs a switchover of the database DB2 to the Mailbox server MBX1. When the command completes, MBX1 hosts the active copy of DB2.
Because the MountDialOverride parameter is set to None, MBX1 mounts the database using its own defined database auto mount dial settings.
Move-ActiveMailboxDatabase DB2 -ActivateOnServer MBX1 -MountDialOverride:
None The SkipLagChecks parameter specifies whether to allow a copy to be activated that has replay and copy queues outside of the configured criteria.
eseutil.exe
The key to matching log files and databases is the signature. You can view log file signatures by using the
Exchange Server Database Utilities (Eseutil.exe) tool and viewing the log file header with the command Eseutil/ml [log filename].
You can view database (.edb) and streaming database (.stm) file signatures by viewing the file header with Eseutil /mh [database filename].edb.
A typical log file or database file signature looks like this:
Signature: Create time:12/17/2002 18:1:44 Rand:81060559 Computer:
Activating and recovering a lagged mailbox database copy is an easy process if you want the database to replay all log files and make the database copy current. If you want to replay log files up to a specific point in time, it’s a more difficult operation because you manually manipulate log files and run Exchange Server Database Utilities (Eseutil.exe). Suspend-MailboxDatabaseCopy Use the Suspend-MailboxDatabaseCopy cmdlet to block replication and replay activities (log copying and replay) or activation for a database configured with two or more database copies.
For a variety of reasons, such as performing planned maintenance, it may be necessary to suspend and resume continuous replication activity for a database copy. In addition, some administrative tasks, such as seeding, require you to first suspend a database copy. We recommend that all replication activity be suspended when the path for the database or its log files is being changed.
You can suspend and resume database copy activity by using the EAC, or by running the Suspend-MailboxDatabaseCopy and Resume-MailboxDatabaseCopy cmdlets in the Shell.
EXAMPLE 1
This example suspends replication and replay activity for the copy of the database DB1 hosted on the Mailbox server MBX3. An optional administrative reason for the suspension is specified. Suspend-MailboxDatabaseCopy -Identity DB1\MBX3 -SuspendComment “Maintenance on MBX3” NOT Move-ActiveMailboxDatabase
Not attempting to make a passive or lagged database active. You need to ensure that you can recover the email message from the lagged copy of the mailbox database.
The solution must preserve the lagged copy of the mailbox database.
STEPS
No need to use Move-ActiveMailboxDatabase
1. First Use the Suspend-MailboxDatabaseCopy cmdlet to block replication and replay activities (log copying and replay)
2. 2nd use vssadmin to check that there could be VSS errors causing the datasources not to enumerate.
3. 3rd Run Exchange Server Database Utilities (Eseutil.exe).
THIS LAST STEP NEEDS CLARIFYING
QUESTION 56
Your company has four regional offices and 20 branch offices.
The regional offices connect to each other by using a 30-Mbps WAN link.
Each branch office connects to its nearest regional office by using a 1-Mbps WAN link.
The network contains an Active Directory forest.
The forest contains a domain controller in each office.
Each office maps to an Active Directory site.
Each branch office site connects to the nearest regional office site by using an Active Directory site link.
You have an Exchange Server 2013 organization that contains one server in each office.
You need to implement a messaging solution to meet the following requirements:
– The users in the branch offices must only be able to send email messages that are up to 2 MB to the users in the other offices.
– The users in the regional offices must be prevented from sending email messages that are larger than 5 MB to the users in any of the regional offices.
Which cmdlet should you run?
A. Set-TransportRule
B. Set-ADSite
C. Set-AdSiteLink
D. Set-RoutingGroupConnector
Answer: C
Explanation:
NOT A
Does not relate to message size
Set-TransportRule
Use the Set-TransportRule cmdlet to modify an existing transport rule in your organization. For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example modifies the Sales Team Disclaimer transport rule. Modifying the value of one predicate doesn’t affect other predicates used in the rule’s conditions or exceptions and doesn’t affect actions on the same rule.
This example sets the FromMemberOf parameter to a value of Sales-Group, which specifies that the rule is applied if the sender of the message is a member of the Sales- Group distribution group.
Set-TransportRule “Sales Team Disclaimer” -FromMemberOf “Sales-Group”
NOT B
Does not relate to message size
Set-ADSite
Use the Set-AdSite cmdlet to configure the Exchange settings of Active Directory sites.
EXAMPLE 1
This example configures the Active Directory site named Default-First-Site-Name as a hub site.
Set-AdSite Default-First-Site-Name -HubSiteEnabled $true
NOT D
Does not relate to message size
Set-RoutingGroupConnector
With routing groups and Routing Group connectors you can consolidate communication between servers by designating bridgehead servers that act as communication points between routing groups. For example, your organization may have a remote site connected through a wide-area-network (WAN) link to your main office. In this example, you can use a Routing Group connector to route Exchange traffic between a server at your main office and a server at your remote site.
C
The only command that deals with message size.
Set-AdSiteLink
Use the Set-AdSiteLink cmdlet to assign an Exchange-specific cost to an Active Directory IP site link. You can also use this cmdlet to configure the maximum message size that can pass across an Active Directory IP site link.
EXAMPLE 1
This example assigns an Exchange-specific cost of 25 to the IP site link DEFAULT_IP_SITE_LINK and configures a maximum message size limit of 10 MB on the IP site link.
Set-AdSiteLink DEFAULT_IP_SITE_LINK -ExchangeCost 25 -MaxMessageSize 10MB
Case Study 5: Fabrikam, Inc (QUESTION 57 ~ QUESTION 68)
Overview
Fabrikam, Inc., is a pharmaceutical company located in Europe. The company has 5,000 users. The company is finalizing plans to deploy an Exchange Server 2013 organization. The company has offices in Paris and Amsterdam.
Existing Environment
Active Directory Environment
The network contains an Active Directory domain named fabrikam.com.
An Active Directory site exists for each office.
Network Infrastructure
The roles and location of each server are configured as shown in the following table.
Client computers run either Windows 7 or Windows 8 and have Microsoft Office 2010 installed. The Paris office uses the 192.168.1.0/24 IP range. The Amsterdam office uses the 192.168.2.0/24 IP range. The offices connect to each other by using a high-speed, low-latency WAN link. Each office has a 10-Mbps connection to the Internet.
Planned Exchange Infrastructure
The company plans to deploy five servers that run Exchange Server.
The servers will be configured as shown in the following table.
The company plans to have mailbox databases replicated in database availability groups (DAGs). The mailbox databases and DAGs will be configured as shown in the following table.
DAG1 will use FS1 as a file share witness. DAG2 will use FS3 as a file share witness.
You plan to create the following networks on each DAG:
– A dedicated replication network named DAGNET1
– A MAPI network named DAGNET2
All replication traffic will run on DAGNET1. All client connections will run on DAGNET2. Client connections must never occur on DAGNET1. Replication traffic must only occur on DAGNET2 if DAGNET1 is unavailable. Each Exchange Server 2013 Mailbox server will be configured to have two network adapters.
The following two mailbox databases will not be replicated as part of the DAGs:
– A mailbox database named AccountingDB that is hosted on EX1
– A mailbox database named TempStaffDB that is hosted on EX4 EDGE1 will have an Edge Subscription configured, with both EX1 and EX2 as targets.
Requirements
Planned Changes
An external consultant reviews the Exchange Server 2013 deployment plan and identifies the following areas of concern:
– The DAGs will not be monitored.
– Multiple Edge Transport servers are required to prevent the potential for a single point of failure.
Technical Requirements
Fabrikam must meet the following technical requirements:
– Email must be evaluated for SPAM before the email enters the internal network.
– Production system patching must minimize downtime to achieve the highest possible service to users.
– Users must be able to use the Exchange Control Panel to autonomously join and disjoin their department’s distribution lists.
– Users must be able to access all Internet-facing Exchange Server services by using the names of mail.fabrikam.com and autodiscover.fabrikam.com.
The company establishes a partnership with another company named A. Datum Corporation. A. Datum uses the SMTP suffix adatum.com for all email addresses. Fabrikam plans to exchange sensitive information with A. Datum and requires that the email messages sent between the two companies be encrypted. The solution must use Domain Security. Users in the research and development (R&D) department must be able to view only the mailboxes of the users in their department from Microsoft Outlook. The users in all of the other departments must be prevented from viewing the mailboxes of the R&D users from Outlook. Administrators plan to produce HTML reports that contain information about recent status changes to the mailbox databases. Fabrikam is evaluating whether to abort its plan to implement an Exchange Server 2010 Edge Transport server and to implement a Client Access server in the Paris office instead. The Client Access server will have anti-spam agents installed.
QUESTION 57
Hotspot Question
You need to recommend which configurations must be set for each network.
Which configurations should you recommend? To answer, select the appropriate configurations for each network in the answer area.
Answer:
QUESTION 58
An administrator recommends removing EDGE1 from the implementation plan and adding a new Client Access server named CAS-8 instead.
You need to identify which anti-spam feature will NOT be available on CAS-8.
Which anti-spam feature should you identify?
A. Connection Filtering
B. Sender Filtering
C. Content Filtering
D. Recipient Filtering
Answer: A
Explanation:
EDGE1 is an exchange server 2010
CAS-8 would be an exchange server 2013
Typically, you would enable the anti-spam agents on a mailbox server if your organization doesn’t have an Edge Transport server, or doesn’t do any prior anti-spam filtering before accepting incoming messages.
Connection Filtering agent is only available on the Edge Transport server role. Exchange 2013 does not have an Edge Transport server role yet.
The Connection Filter agent and the Attachment Filter agent are only available on an Edge Transport server.
Connection Filtering on Edge Transport Servers: Exchange 2013 Help
Anti-spam agents on Legacy Edge Transport servers
If your organization has an Exchange 2007 or Exchange 2010 Edge Transport server installed in the perimeter network, all of the anti-spam agents that are available on a Mailbox server are installed and enabled by default on the Edge Transport server. However, the following anti-spam agents are only available on an Edge Transport server.
Connection Filtering agent Connection filtering inspects the IP address of the remote server that’s trying to send messages to determine what action, if any, to take on an inbound message. The remote IP address is available to the Connection Filtering agent as a byproduct of the underlying TCP/IP connection that’s required for the SMTP session. Connection filtering uses a variety of IP Block lists, IP Allow lists, as well as IP Block List provider services or IP Allow List provider services to determine whether the connection from the specific IP should be blocked or allowed in the organization. For more information about connection filtering in Exchange
2010, see <fwlink to http://technet.microsoft.com/library/bb124320(v=exchg.141).aspx>. Attachment Filter agent Attachment filtering filters messages based on attachment file name, file name extension, or file MIME content type. You can configure attachment filtering to block a message and its attachment, to strip the attachment and allow the message to pass through, or to silently delete the message and its attachment.
For more information about attachment filtering in Exchange 2010,
see <fwlink to http://technet.microsoft.com/library/bb124399(v=exchg.141).aspx>
What’s Discontinued in Exchange 2013
http://technet.microsoft.com/en-us/library/jj619283(v=exchg.150).aspx
Feature
Anti-spam agent management in the EMC
In Exchange 2010, when you enabled the anti-spam agents on the Hub Transport server, you could manage the anti-spam agents in the Exchange Management Console (EMC). In Exchange 2013, when you enable the anti-spam agents in the Transport service on a Mailbox server, you can’t manage the agents in the Exchange admin center (EAC). You can only use the Exchange Management Shell. For information about how to enable the anti-spam agents on a Mailbox server, see Enable Anti-Spam Functionality on a Mailbox Server.
Connection Filtering agent on Hub Transport servers
In Exchange 2010, when you enabled the anti-spam agents on a Hub Transport server, the Attachment Filter agent was the only anti-spam agent that wasn’t available. In Exchange 2013, when you enable the antispam agents in the Transport service on a Mailbox server, the Attachment Filter agent and the Connection Filtering agent aren’t available. The Connection Filtering agent provides IP Allow List and IP Block List capabilities. For information about how to enable the anti-spam agents on a Mailbox server, see Enable Anti-Spam Functionality on a Mailbox Server.
Note:
You can’t enable the anti-spam agents on an Exchange 2013 Client Access server. Therefore, the only way to get the Connection Filtering agent is to install an Exchange 2010 or Exchange 2007 Edge Transport server in the perimeter network. For more information, see Use an Edge Transport Server in Exchange 2013.
Sender Filter agent
Sender filtering compares the sender on the MAIL FROM: SMTP command to an administrator-defined list of senders or sender domains who are prohibited from sending messages to the organization to determine what action, if any, to take on an inbound message.
Content Filter agent
Content filtering assesses the contents of a message.
Spam quarantine is a feature of the Content Filter agent that reduces the risk of losing legitimate messages that are incorrectly classified as spam. Spam quarantine provides a temporary storage location for messages that are identified as spam and that shouldn’t be delivered to a user mailbox inside the organization. For more information, Recipient Filter agent
Recipient filtering compares the message recipients on the RCPT TO: SMTP command to an administrator defined Recipient Block list. If a match is found, the message isn’t permitted to enter the organization.
You can’t enable the anti-spam agents on an Exchange 2013 Client Access server. Therefore, the only way to get the Connection Filtering agent is to install an Exchange 2010 or Exchange 2007 Edge Transport server in the perimeter network Connection Filtering agent is only available on the Edge Transport server role. Exchange 2013 does not have an Edge Transport server role yet.
NOT B C D
Only need to identify 1 and this is connection filtering.
QUESTION 59
You need to recommend which task is required to prepare Active Directory for the planned Exchange Server 2013 implementation.
What should you recommend?
A. On any domain controller in the Paris office, run setup.exe /preparead.
B. On any domain controller in the Amsterdam office, run setup.exe /preparead.
C. On any domain controller in the Paris office, run setup.exe /preparealldomains.
D. On any domain controller in the Amsterdam office, run setup.exe /preparedomain.
Answer: B
Explanation:
B
The schema master is in the Amsterdam office.
Before you install the release to manufacturing (RTM) version of Microsoft Exchange Server 2013 or later cumulative updates (CU) on any servers in your organization, you must prepare Active Directory and domains.
Run setup.exe /preparead on the schema master.
NOT A C
The schema master is in the Amsterdam office.
Run setup.exe /preparead on the schema master.
NOT D
Fabrikam has a single domain.
In order to prepare a domain, run the following command from an elevated command prompt after browsing to the Exchange 2013 DVD/ISO.
Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
If you have a single domain environment, you don’t have to prepare the domain as the local domain is prepared for 2013 as part of preparing the AD. But, if you have a multi-domain environment, all other domains (except the one on which the AD was prepared) has to be ready for 2013.
You can prepare all the domains in one go by running the command below.
Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms (you will need Enterprise Admin rights).
QUESTION 60
Drag and Drop Question
You need to recommend to a solution to deploy the Outlook app.
Which three actions should you recommend performing in sequence?
Answer:
QUESTION 61
You have an Exchange Server 2013 organization that contains multiple Hub Transport servers.
You need to recommend a message hygiene solution to meet the following requirements:
– Block servers that are known to send spam
– Minimize administrative effort
What should you recommend?
A. an IP Block list
B. IP Block list providers
C. recipient filtering
D. sender filtering
Answer: B
QUESTION 62
Your company has a Exchange Server 2013 organization.
You plan to deploy Microsoft Office Outlook and mobile devices for remote users.
You need to plan the deployment of Client Access servers to support the automatic configuration of Outlook profiles and ——–.
What should you include in the plan?
A. Autodiscover
B. MailTips
C. Remote Access Server
D. Unified Messaging auto attendant
Answer: A
QUESTION 63
You need to recommend a design that meets the technical requirements for communication between Fabrikam and A. Datum.
Which three actions should you perform in fabrikam.com? (Each correct answer presents part of the solution. Choose three.)
A. Create a remote domain for adatum.com.
B. Exchange certificates with the administrators of adatum.com.
C. From EDGE1, create a Send connector that has an address space for adatum.com
D. Run the Set-TransportConfigcmdlet.
E. Run the Set-TransportServercmdlet.
F. From a Mailbox server, create a Send connector that has an address space for adatum.com.
Answer: BDF
Explanation:
NOT A
Applies to: Exchange Server 2013, Exchange Online
Remote domains are SMTP domains that are external to your Microsoft Exchange organization. You can create remote domain entries to define the settings for message transferred between your Exchange organization and specific external domains. The settings in the remote domain entry for a specific external domain override the settings in the default remote domain that normally apply to all external recipients. The remote domain settings are global for the Exchange organization.
You can create remote domain entries to define the settings for message transfers between your Exchange Online organization and external domains. When you create a remote domain entry, you control the types of messages that are sent to that domain. You can also apply message format policies and acceptable character sets for messages that are sent from users in your organization to the remote domain.
NOT C
Edge1 is in the perimeter network and the send connector needs to be created on a mailbox server
NOT E
Set-TransportServercmdlet.
Use the Set-TransportServer cmdlet to set the transport configuration options for the Transport service on Mailbox servers or for Edge Transport servers. This example sets the DelayNotificationTimeout parameter to 13 hours on server named Mailbox01. Set-TransportServer Mailbox01 -DelayNotificationTimeout 13:00:00 Need Set-TransportConfig and the TLSReceiveDomainSecureList parameter to specify the domains from which you want to receive domain secured email by using mutual Transport Layer Security (TLS) authentication.
B
To activate SSL encryption on an Exchange server, you need a server certificate on the Client Access Server in each company. The client access server is the internet facing server in an organization.
An SSL certificate is a digital certificate that authenticates the identity of the exchange server and encrypts information that is sent to the server using Secure Sockets Layer (SSL) technology
Mailbox server certificates
One key difference between Exchange 2010 and Exchange 2013 is that the certificates that are used on the Exchange 2013 Mailbox server are self-signed certificates. Because all clients connect to an Exchange 2013 Mailbox server through an Exchange 2013 Client Access server, the only certificates that you need to manage are those on the Client Access server.
The Client Access server automatically trusts the self-signed certificate on the Mailbox server, so clients will not receive warnings about a self-signed certificate not being trusted, provided that the Client Access server has a non-self-signed certificate from either a Windows certification authority (CA) or a trusted third party.
There are no tools or cmdlets available to manage self-signed certificates on the Mailbox server. After the server has been properly installed, you should never need to worry about the certificates on the Mailbox server.
D
Set-TransportConfig.
Use the Set-TransportConfig cmdlet to modify the transport configuration settings for the whole
Exchange organization.
EXAMPLE 1
This example configures the Exchange organization to forward all DSN messages that have the DSN codes
5.7.1, 5.7.2, and 5.7.3 to the postmaster email account.
Set-TransportConfig -GenerateCopyOfDSNFor 5.7.1,5.7.2,5.7.3
The TLSReceiveDomainSecureList parameter specifies the domains from which you want to receive domain secured email by using mutual Transport Layer Security (TLS) authentication.
F
If you want to ensure secure, encrypted communication with a partner, you can create a Send connector that is configured to enforce Transport Layer Security (TLS) for messages sent to a partner domain. TLS provides secure communication over the Internet.
Use the EAC to create a Send connector to send email to a partner, with TLS applied To create a Send connector for this scenario, log in to the EAC and perform the following steps:
In the EAC, navigate to Mail flow > Send connectors, and then click Add .
In the New send connector wizard, specify a name for the send connector and then select Partner for the Type.
When you select Partner, the connector is configured to allow connections only to servers that authenticate with TLS certificates. Click Next.
Verify that MX record associated with recipient domain is selected, which specifies that the connector uses the domain name system (DNS) to route mail. Click Next.
Under Address space, click Add . In the Add domain window, make sure SMTP is listed as the Type. For Fully Qualified Domain Name (FQDN), enter the name of your partner domain. Click Save.
For Source server, click Add . In the Select a server window, select a Mailbox server that will be used to send mail to the Internet via the Client Access server and click Add . After you’ve selected the server, click Add .
Click OK.
Click Finish.
Once you have created the Send connector, it appears in the Send connector list.
Send Connector
In Microsoft Exchange Server 2013, a Send connector controls the flow of outbound messages to the receiving server.
They are configured on Mailbox servers running the Transport service. Most commonly, you configure a Send connector to send outbound email messages to a smart host or directly to their recipient, using DNS.
Exchange 2013 Mailbox servers running the Transport service require Send connectors to deliver messages to the next hop on the way to their destination.
Send connectors that are created on Mailbox servers are stored in Active Directory and are available to all Mailbox servers running the Transport service in the organization.
QUESTION 64
Drag and Drop Question
You are evaluating the implementation of a second Edge Transport server named EDGE2 in the Amsterdam office.
You need to recommend which tasks must be performed to ensure that email messages can be sent by the organization if a single Edge Transport server fails.
Which three actions should you include in the recommendation? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 65
You need to recommend which type of group must be used to create the planned department lists.
Which type of group should you recommend?
A. Universal Distribution
B. Dynamic Distribution
C. Global Security
D. Universal Security
Answer: A
Explanation:
A
Universal Distribution
Mail-enabled universal distribution groups (also called distribution groups) can be used only to distribute messages.
NOT B
A dynamic distribution group is a distribution group that uses recipient filters and conditions to derive its membership at the time messages are sent.
http://technet.microsoft.com/en-us/library/bb123722(v=exchg.150).aspx
Use the EAC to create a dynamic distribution group
As ExamTester from Netherlands commented below
But the Fabrikam case asks that users must be able to add and remove themselves from the distribution group. This is not possible using a dynamic group since membership is dynamically calculated based on attributes
Use this explanation for NOT B
http://technet.microsoft.com/en-us/library/bb201680(v=exchg.150).aspx
You can’t use Exchange Server 2013 to create non-universal distribution groups.
Mail-enabled non-universal groups were discontinued in Exchange Server 2007 and can exist only if they were migrated from Exchange 2003 or earlier versions of Exchange.
Seems to contradict the above.
NOT C D
In Exchange, all mail-enabled groups are referred to as distribution groups, whether they have a security context or not.
QUESTION 66
You need to recommend which tasks must be performed to meet the technical requirements of the research and development (R&D) department.
Which two tasks should you recommend? (Each correct answer presents part of the solution. Choose two.)
A. Create a new global address list (GAL) and a new address book policy.
B. Modify the permissions of the default global address list (GAL), and then create a new GAL.
C. Run the Update AddressList cmdlet.
D. Run the Set-Mailbox cmdlet.
E. Create an OAB virtual directory.
Answer: AD
Explanation:
NOT B
Need an address book policy
NOT C
Update AddressList cmdlet
Use the Update-AddressList cmdlet to update the recipients included in the address list that you specify.
EXAMPLE 1
This example updates the recipients of the address list building4 and under the container All Users\Sales.
Update-AddressList -Identity “All Users\Sales\building4”
NOT E
Will not resolve the issue
Need an address book policy and to assign this policy to users.
A
Address book policies (ABPs) allow you to segment users into specific groups to provide customized views of your organization’s global address list (GAL).
When creating an ABP, you assign a GAL, an offline address book (OAB), a room list, and one or more address lists to the policy.
You can then assign the ABP to mailbox users, providing them with access to a customized GAL in Outlook and Outlook Web App.
The goal is to provide a simpler mechanism to accomplish GAL segmentation for on-premises organizations that require multiple GALs.
D
After you create an address book policy (ABP), you must assign it to mailbox users. Users aren’t assigned a default ABP when their user account is created.
If you don’t assign an ABP to a user, the global address list (GAL) for your entire organization will be accessible to the user through Outlook and Outlook Web App.
This example assigns the ABP All Fabrikam to the existing mailbox user [email protected].
Set-Mailbox -Identity [email protected] -AddressBookPolicy “All Fabrikam”
Address Book Policies: Exchange Online Help
QUESTION 67
You are testing the planned implementation of Domain Security.
You discover that users fail to exchange domain-secured email messages.
You open the Exchange Management Shell and discover the output shown in the exhibit. (Click the Exhibit button.)
You need to ensure that users can exchange email messages by using Domain Security.
Which two parameters should you modify by using the Set-SendConnector cmdlet? (Each correct answer presents part of the solution. Choose two.)
A. tlsauthlevel
B. requiretls
C. ignorestarttls
D. tlsdomain
E. domainsecureenabled
F. smarthostauthmechanism
Answer: BE
Explanation:
Domain Security
Domain Security is a feature of Exchange Server (both 2010 and 2013) that can secure SMTP traffic between two Exchange organizations.
It is implemented on server level, and it works without configuring any options on user (sender or recipient) side. Domain Security uses mutual TLS authentication to provide session-based authentication and encryption.
Mutual TLS authentication is different from TLS as it’s usually implemented. Usually, when you implement TLS, client will verify the server certificate, and authenticate the server, before establishing a connection.
With mutual TLS authentication, each server verifies the connection with the other server by validating a certificate that’s provided by that other server, so clients are not included at all.
We establish secure SMTP channel between two Exchange Servers, usually over the Internet.
Clients, Outlook and Outlook Web App, will be aware that Domain Security is established. Green icon with check mark will be shown on each messages exchanged between servers on which Domain
Security is implemented.
Set-SendConnector
Use the Set-SendConnector cmdlet to modify a Send connector.
EXAMPLE 1
This example makes the following configuration changes to the Send connector named Contoso.com Send Connector:
Sets the maximum message size limit to 10 MB.
Changes the connection inactivity time-out to 15 minutes.
Set-SendConnector “Contoso.com Send Connector” -MaxMessageSize 10MB -ConnectionInactivityTimeOut
00:15:00
PARAMETERS
Requiretls
The RequireTLS parameter specifies whether all messages sent through this connector must be transmitted using TLS. The default value is $false.
Domainsecureenabled
The DomainSecureEnabled parameter is part of the process to enable mutual Transport Layer Security (TLS) authentication for the domains serviced by this Send connector.
Mutual TLS authentication functions correctly only when the following conditions are met:
The value of the DomainSecureEnabled parameter must be $true.
The value of the DNSRoutingEnabled parameter must be $true.
The value of the IgnoreStartTLS parameter must be $false.
The wildcard character (*) is not supported in domains that are configured for mutual TLS authentication.
The same domain must also be defined on the corresponding Receive connector and in the TLSReceiveDomainSecureList attribute of the transport configuration.
The default value for the DomainSecureEnabled parameter is $false for the following types of Send connectors:
All Send connectors defined in the Transport service on a Mailbox server.
User-created Send connectors defined on an Edge server.
The default value for the DomainSecureEnabled parameter is $true for default Send connectors defined on an Edge server.
NOT TLSAUTHLEVEL
The TlsAuthLevel parameter specifies the TLS authentication level that is used for outbound TLS connections established by this Send connector. Valid values are:
EncryptionOnly: TLS is used only to encrypt the communication channel. No certificate authentication is performed.
CertificateValidation: TLS is used to encrypt the channel and certificate chain validation and revocation lists checks are performed.
DomainValidation: In addition to channel encryption and certificate validation, the Send connector also verifies that the FQDN of the target certificate matches the domain specified in the TlsDomain parameter. If no domain is specified in the TlsDomain parameter, the FQDN on the certificate is compared with the recipient’s domain.
You can’t specify a value for this parameter if the IgnoreSTARTTLS parameter is set to $true, or if the RequireTLS parameter is set to $false.
NOT ignorestarttls
The IgnoreSTARTTLS parameter specifies whether to ignore the StartTLS option offered by a remote sending server.
This parameter is used with remote domains. This parameter must be set to $false if the RequireTLS parameter is set to $true. Valid values for this parameter are $true or $false.
NOT tlsdomain The TlsDomain parameter specifies the domain name that the Send connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection.
This parameter is used only if the TlsAuthLevel parameter is set to DomainValidation.
A value for this parameter is required if:
The TLSAuthLevel parameter is set to DomainValidation.
The DNSRoutingEnabled parameter is set to $false (smart host Send connector).
NOT smarthostauthmechanism
The SmartHostAuthMechanism parameter specifies the smart host authentication mechanism to use for authentication with a remote server.
Use this parameter only when a smart host is configured and the DNSRoutingEnabled parameter is set to $false.
Valid values are None, BasicAuth, BasicAuthRequireTLS, ExchangeServer, and
ExternalAuthoritative.
All values are mutually exclusive. If you select BasicAuth or BasicAuthRequireTLS, you must use the AuthenticationCredential parameter to specify the authentication credential.
QUESTION 68
You need to recommend which recovery solution will restore access to all of the mailboxes in AccountingDB if EX1 fails.
The solution must restore access to email messages as quickly as possible.
Which recovery solution should you recommend?
A. On EX2, create a new mailbox database.
Restore the database files, and then mount the database.
Run the New-MailboxRestoreRequest cmdlet for all of the mailboxes in the database.
B. On EX2, create a new mailbox database.
Restore the database files, and then mount the database.
Run the Set-Mailbox cmdlet for all of the mailboxes in the database.
C. On replacement hardware, run setup /mode:recoverserver.
Restore the database files, and then mount the database.
Run the Set-Mailbox cmdlet.
D. On replacement hardware, run setup /mode:recoverserver.
Restore the database files, and then mount the database.
Run the New-MailboxRestoreRequest cmdlet for all of the mailboxes in the database.
Answer: A
Explanation:
Restore Data Using a Recovery Database
Create a Recovery Database
http://technet.microsoft.com/en-us/library/ee332351%28v=exchg.150%29.aspx
QUESTION 69
Drag and Drop Question
You have an Exchange Server 2013 organization that contains two servers.
The servers are configured as shown in the following table.
You need to create a new database availability group (DAG) that contains EX1 and EX2.
Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 70
You have an Exchange Server 2013 organization that contains one Client Access server.
The Client Access server is accessible from the Internet by using a network address translation (NAT) device.
You deploy an additional Client Access server.
You also deploy an L4 hardware load balancer between the Client Access servers and the NAT device.
After deploying the hardware load balancer, you discover that all of the Exchange Server traffic is directed to a single Client Access server.
You need to ensure that the hardware load balancer distributes traffic evenly across both Client Access servers.
What should you do?
A. Change the default route of the Client Access servers to point to the hardware load balancer.
B. Configure the NAT device to pass the original source IP address of all connections from the Internet.
C. Configure the Client Access servers to have a second IP address and web site.
Create the Exchange virtual directories in the new sites.
D. Configure SSL offloading on the hardware load balancer and the Client Access servers.
Answer: B
Explanation:
When using source NAT, the client IP address is not passed to the load balanced server.
The insertion of the Client IP address into the header allows the exchange servers to see the IP that made the connection.
Level 4 Load Balancer:
A load balancer is a server computer with a very specialized operating system tuned to manage network traffic using user-created rules. Enterprises and hosting companies rely on load-balancing devices to distribute traffic to create highly available services L4 load balancing is fairly simple, two servers sharing the same IP address.
You get redirected to the less-busy server.
The most popular Layer 4 load balancing techniques are:
– round-robin
– weighted round-robin
– least connections
– weighted least connections
NOT A
http://pdfs.loadbalancer.org/Microsoft_Exchange_2013_Deployment_Guide.pdf If there was no NAT device and the load balancer was completing the NAT translation then there maybe some merit in this answer option. B is a better answer given this scenario.
NOT C
No need to configure the Client Access servers to have a second IP address.
NOT D
Not required in this scenario
SSL offloading relieves a Web server of the processing burden of encrypting and/or decrypting traffic sent via SSL, the security protocol that is implemented in every Web browser. The processing is offloaded to a separate device designed specifically to perform SSL acceleration or SSL termination.
Correct Answer B
When using source NAT, the client IP address is not passed to the load balanced server. The insertion of the Client IP address into the header allows the exchange servers to see the IP that made the connection.
http://pdfs.loadbalancer.org/Microsoft_Exchange_2013_Deployment_Guide.pdf
If you use GreatExam braindump as your 70-341 exam prepare material, we guarantee your success in the first attempt. GreatExam 70-341 practice test provides you everything you will need to take your 70-341 Exam.