Q1. HOTSPOT - (Topic 6)
You have an Exchange Server 2013 organization.
You need to create a single transport rule that prevents users in a group named Group1
from exchanging messages with users in a group named Group2.
Which two options should you use?
To answer, select the two appropriate options in the answer area.
Answer:
Q2. DRAG DROP - (Topic 2)
You need to recommend a solution to meet the compliance requirements for the research department and the statutory holidays.
What should you recommend configuring?
To answer, drag the appropriate object to the correct location in the answer area. Each object may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Q3. (Topic 6)
You have an Exchange Server 2013 organization.
The human resources (HR) department has a custom form used to enter the personal information of employees. The form uses the Microsoft Word format.
You need to encrypt the contents of the form automatically when users in the HR department send the form to users outside the organization.
You deploy an Active Directory Rights Management Services (AD RMS) template.
Which two of the following should you create next? Each correct answer presents a complete solution.
A. an Outlook protection rule.
B. a Mail Tip
C. a DLP policy template.
D. a Policy Tip.
Answer: A,C
Q4. (Topic 6)
You have an Exchange Server organization that contains five servers. The servers are configured as shown in the following table.
You deploy Microsoft Lync Server 2010. You need to create a Lync Server SIP Unified
Messaging (UM) dial plan to enable voice integration between Lync Server and Exchange Server.
Which three Exchange servers should you associate to the UM dial plans? (Each correct answer presents part of the solution. Choose three.)
A. Server1
B. Server2
C. Server3
D. Server4
E. Server5
Answer: A,B,E
Explanation:
A: You can enable Unified Messaging (UM) in Microsoft Exchange Server 2010. You must enable the Exchange computer running the Unified Messaging server role before the Unified Messaging server can process calls for UM-enabled Exchange 2010 recipients in your Exchange organization. However, the Unified Messaging server also must be added to a UM dial plan before it can process calls for Unified Messaging.
B, E:
* Requirements and Recommendations Client Access and Mailbox. In Microsoft Exchange Server 2013, Exchange UM runs as a service on these servers.
* Deploy the Exchange Mailbox server roles in each Exchange Unified Messaging (UM) forest where you want to enable users for Exchange UM.
Reference: Configuring Unified Messaging on Microsoft Exchange Server to Work with Lync Server 2013
Q5. (Topic 6)
You plan to deploy 20 Client Access servers that will have Exchange Server 2013 installed.
You need to prepare the certificate required for the planned deployment. The solution must ensure that the same certificate can be used on all of the Client Access servers.
What should you do first?
A. From the Exchange Admin Center, create a new certificate request.
B. On each Client Access server, start the Certificates console and run the Certificate Import Wizard.
C. On all of the Client Access servers, delete the default self-signed certificates.
D. On one of the Client Access servers, run the Remove-ExchangeCertificate cmdlet.
Answer: A
Explanation:
You can use the EAC to generate certificate requests that work with most certificate
issuers.
Note:
To prevent clients from receiving errors regarding untrusted certificates, the certificate
that's used by your Exchange server must be issued by someone that the client trusts.
Although most clients can be configured to trust any certificate or certificate issuer, it's
simpler to use a trusted third-party certificate on your Exchange server. This is because most clients already trust their root certificates. There are several third-party certificate issuers that offer certificates configured specifically for Exchange.
Q6. (Topic 6)
You have an Exchange Server 2013 organization.
A distribution group named Sales_Reports is used to distribute confidential information to all of the senior managers in your company.
You need to recommend a solution to ensure that all unencrypted messages sent to the Sales_Reports group are encrypted on the server automatically before they are stored in the mailboxes of the managers.
Which two technologies should you include in the recommendation? Each correct answer presents part of the solution.
A. A transport rule
B. S/MIME
C. Active Directory Certificate Services (AD CS)
D. Active Directory Rights Management Services (AD RMS)
E. TLS
Answer: A,B
Explanation:
A: As an administrator, you can create transport rules to enable Microsoft Office 365 Message Encryption. This service lets you encrypt outgoing email messages and remove encryption from incoming encrypted replies to those messages, depending on conditions defined in the rule.
B: Encrypted e-mail messages Messages that are encrypted using S/MIME. Transport rules can access envelope headers contained in encrypted messages and process messages based on predicates that inspect them. Rules with predicates that require inspection of message content, or actions that modify content, can't be processed.
Reference: Understanding How Transport Rules Are Applied
https://technet.microsoft.com/en-us/library/bb124703%28v=exchg.141%29.aspx
Q7. (Topic 6)
You have a server named Server1 that has Exchange Server 2013 installed.
Users access their mailbox by using Microsoft Outlook 2010 and Outlook Web App.
You need to identify when a mailbox is accessed by someone other than the owner of the mailbox.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Review the security event log.
B. Enable audit logging for all mailboxes.
C. Export the administrator audit log.
D. Run an administrator role group report.
E. Run a non-owner mailbox access report.
Answer: B,E
Explanation:
You have to enable mailbox audit logging for each mailbox that you want to run a non-owner mailbox access report.
The Non-Owner Mailbox Access Report in the Exchange Administration Center (EAC) lists the mailboxes that have been accessed by someone other than the person who owns the mailbox. When a mailbox is accessed by a non-owner, Microsoft Exchange logs information about this action in a mailbox audit log that’s stored as an email message in a hidden folder in the mailbox being audited. Entries from this log are displayed as search results and include a list of mailboxes accessed by a non-owner, who accessed the mailbox and when, the actions performed by the non-owner, and whether the action was successful.
Reference: Run a non-owner mailbox access report
https://technet.microsoft.com/en-us/library/jj150575(v=exchg.150).aspx
Q8. (Topic 2)
You deploy a new certificate to a Client Access server.
You test the new certificate by using Outlook Anywhere from the Internet.
The test generates certificate errors.
You need to prevent the errors from reoccurring.
To which two stores should you add the root CA certificate? (Each correct answer presents part of the solution. Choose two.)
A. the personal store on the client computers
B. the personal store on the Client Access server
C. the personal store on the Mailbox servers
D. the Trusted Root Certification Authorities store on the client computers
E. the Trusted Root Certification Authorities store on the Client Access server
F. the Trusted Root Certification Authorities store on the Mailbox servers
Answer: D,E
Explanation:
D: Outlook Anywhere won't work with a self-signed certificate on the Client Access server. Self-signed certificates must be manually copied to the trusted root certificate store on the client computer or mobile device. When a client connects to a server over SSL and the server presents a self-signed certificate, the client will be prompted to verify that the certificate was issued by a trusted authority. The client must explicitly trust the issuing authority. If the client confirms the trust, then SSL communications can continue.
E: If you are providing external access to Autodiscover by using Outlook Anywhere you must install a valid SSL certificate on the Client Access server.