Valid 70-341 Dumps shared by PassLeader for Helping Passing 70-341 Exam! PassLeader now offer the newest 70-341 VCE dumps and 70-341 PDF dumps, the PassLeader 70-341 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader 70-341 dumps with VCE and PDF here: http://www.passleader.com/70-341.html (261 Q&As Dumps –> 272 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader 70-341 dumps from Cloud Storage: https://drive.google.com/open?id=0B-ob6L_QjGLpfjZ2U1ZfVEZvU0ZreTJkNG1xdmxjS0xUYkdHWVMxWFNRVDhOYTlyRzBjOXM
QUESTION 61
You have an Exchange Server 2013 organization that contains multiple Hub Transport servers. You need to recommend a message hygiene solution to meet the following requirements:
– Block servers that are known to send spam
– Minimize administrative effort
What should you recommend?
A. an IP Block list
B. IP Block list providers
C. recipient filtering
D. sender filtering
Answer: B
QUESTION 62
Your company has a Exchange Server 2013 organization. You plan to deploy Microsoft Office Outlook and mobile devices for remote users. You need to plan the deployment of Client Access servers to support the automatic configuration of Outlook profiles and ____. What should you include in the plan?
A. Autodiscover
B. MailTips
C. Remote Access Server
D. Unified Messaging auto attendant
Answer: A
QUESTION 63
You need to recommend a design that meets the technical requirements for communication between Fabrikam and A. Datum. Which three actions should you perform in fabrikam.com? (Each correct answer presents part of the solution. Choose three.)
A. Create a remote domain for adatum.com.
B. Exchange certificates with the administrators of adatum.com.
C. From EDGE1, create a Send connector that has an address space for adatum.com.
D. Run the Set-TransportConfigcmdlet.
E. Run the Set-TransportServercmdlet.
F. From a Mailbox server, create a Send connector that has an address space for adatum.com.
Answer: BDF
Explanation:
NOT A
Applies to: Exchange Server 2013, Exchange Online.
Remote domains are SMTP domains that are external to your Microsoft Exchange organization. You can create remote domain entries to define the settings for message transferred between your Exchange organization and specific external domains. The settings in the remote domain entry for a specific external domain override the settings in the default remote domain that normally apply to all external recipients. The remote domain settings are global for the Exchange organization. You can create remote domain entries to define the settings for message transfers between your Exchange Online organization and external domains. When you create a remote domain entry, you control the types of messages that are sent to that domain. You can also apply message format policies and acceptable character sets for messages that are sent from users in your organization to the remote domain.
NOT C
Edge1 is in the perimeter network and the send connector needs to be created on a mailbox server.
NOT E
Set-TransportServercmdlet.
Use the Set-TransportServer cmdlet to set the transport configuration options for the Transport service on Mailbox servers or for Edge Transport servers. This example sets the DelayNotificationTimeout parameter to 13 hours on server named Mailbox01. Set-TransportServer Mailbox01 -DelayNotificationTimeout 13:00:00 Need Set-TransportConfig and the TLSReceiveDomainSecureList parameter to specify the domains from which you want to receive domain secured email by using mutual Transport Layer Security (TLS) authentication.
B
To activate SSL encryption on an Exchange server, you need a server certificate on the Client Access Server in each company. The client access server is the internet facing server in an organization. An SSL certificate is a digital certificate that authenticates the identity of the exchange server and encrypts information that is sent to the server using Secure Sockets Layer (SSL) technology.
Mailbox server certificates.
One key difference between Exchange 2010 and Exchange 2013 is that the certificates that are used on the Exchange 2013 Mailbox server are self-signed certificates. Because all clients connect to an Exchange 2013 Mailbox server through an Exchange 2013 Client Access server, the only certificates that you need to manage are those on the Client Access server. The Client Access server automatically trusts the self-signed certificate on the Mailbox server, so clients will not receive warnings about a self-signed certificate not being trusted, provided that the Client Access server has a non-self-signed certificate from either a Windows certification authority (CA) or a trusted third party. There are no tools or cmdlets available to manage self-signed certificates on the Mailbox server. After the server has been properly installed, you should never need to worry about the certificates on the Mailbox server.
D
Set-TransportConfig.
Use the Set-TransportConfig cmdlet to modify the transport configuration settings for the whole Exchange organization.
EXAMPLE 1
This example configures the Exchange organization to forward all DSN messages that have the DSN codes 5.7.1, 5.7.2, and 5.7.3 to the postmaster email account.
Set-TransportConfig -GenerateCopyOfDSNFor 5.7.1,5.7.2,5.7.3
The TLSReceiveDomainSecureList parameter specifies the domains from which you want to receive domain secured email by using mutual Transport Layer Security (TLS) authentication.
F
If you want to ensure secure, encrypted communication with a partner, you can create a Send connector that is configured to enforce Transport Layer Security (TLS) for messages sent to a partner domain. TLS provides secure communication over the Internet. Use the EAC to create a Send connector to send email to a partner, with TLS applied To create a Send connector for this scenario, log in to the EAC and perform the following steps:
– In the EAC, navigate to Mail flow > Send connectors, and then click Add.
– In the New send connector wizard, specify a name for the send connector and then select Partner for the Type.
– When you select Partner, the connector is configured to allow connections only to servers that authenticate with TLS certificates. Click Next.
– Verify that MX record associated with recipient domain is selected, which specifies that the connector uses the domain name system (DNS) to route mail. Click Next.
– Under Address space, click Add . In the Add domain window, make sure SMTP is listed as the Type. For Fully Qualified Domain Name (FQDN), enter the name of your partner domain. Click Save.
– For Source server, click Add . In the Select a server window, select a Mailbox server that will be used to send mail to the Internet via the Client Access server and click Add . After you’ve selected the server, click Add .
– Click OK.
– Click Finish.
Once you have created the Send connector, it appears in the Send connector list.
Send Connector.
In Microsoft Exchange Server 2013, a Send connector controls the flow of outbound messages to the receiving server. They are configured on Mailbox servers running the Transport service. Most commonly, you configure a Send connector to send outbound email messages to a smart host or directly to their recipient, using DNS. Exchange 2013 Mailbox servers running the Transport service require Send connectors to deliver messages to the next hop on the way to their destination. Send connectors that are created on Mailbox servers are stored in Active Directory and are available to all Mailbox servers running the Transport service in the organization.
QUESTION 64
Drag and Drop Question
You are evaluating the implementation of a second Edge Transport server named EDGE2 in the Amsterdam office. You need to recommend which tasks must be performed to ensure that email messages can be sent by the organization if a single Edge Transport server fails. Which three actions should you include in the recommendation? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 65
You need to recommend which type of group must be used to create the planned department lists.
Which type of group should you recommend?
A. Universal Distribution
B. Dynamic Distribution
C. Global Security
D. Universal Security
Answer: A
Explanation:
A
Universal Distribution.
Mail-enabled universal distribution groups (also called distribution groups) can be used only to distribute messages.
NOT B
A dynamic distribution group is a distribution group that uses recipient filters and conditions to derive its membership at the time messages are sent.
http://technet.microsoft.com/en-us/library/bb123722(v=exchg.150).aspx
Use the EAC to create a dynamic distribution group. As ExamTester from Netherlands commented below. But the Fabrikam case asks that users must be able to add and remove themselves from the distribution group. This is not possible using a dynamic group since membership is dynamically calculated based on attributes.
Use this explanation for NOT B.
http://technet.microsoft.com/en-us/library/bb201680(v=exchg.150).aspx
You can’t use Exchange Server 2013 to create non-universal distribution groups. Mail-enabled non-universal groups were discontinued in Exchange Server 2007 and can exist only if they were migrated from Exchange 2003 or earlier versions of Exchange. Seems to contradict the above.
NOT CD
In Exchange, all mail-enabled groups are referred to as distribution groups, whether they have a security context or not.
QUESTION 66
You need to recommend which tasks must be performed to meet the technical requirements of the research and development (R&D) department. Which two tasks should you recommend? (Each correct answer presents part of the solution. Choose two.)
A. Create a new global address list (GAL) and a new address book policy.
B. Modify the permissions of the default global address list (GAL), and then create a new GAL.
C. Run the Update AddressList cmdlet.
D. Run the Set-Mailbox cmdlet.
E. Create an OAB virtual directory.
Answer: AD
Explanation:
NOT B
Need an address book policy.
NOT C
Update AddressList cmdlet. Use the Update-AddressList cmdlet to update the recipients included in the address list that you specify.
EXAMPLE 1
This example updates the recipients of the address list building4 and under the container All Users\Sales.
Update-AddressList -Identity “All Users\Sales\building4”
NOT E
Will not resolve the issue. Need an address book policy and to assign this policy to users.
A
Address book policies (ABPs) allow you to segment users into specific groups to provide customized views of your organization’s global address list (GAL). When creating an ABP, you assign a GAL, an offline address book (OAB), a room list, and one or more address lists to the policy. You can then assign the ABP to mailbox users, providing them with access to a customized GAL in Outlook and Outlook Web App. The goal is to provide a simpler mechanism to accomplish GAL segmentation for on-premises organizations that require multiple GALs.
D
After you create an address book policy (ABP), you must assign it to mailbox users. Users aren’t assigned a default ABP when their user account is created. If you don’t assign an ABP to a user, the global address list (GAL) for your entire organization will be accessible to the user through Outlook and Outlook Web App.
This example assigns the ABP All Fabrikam to the existing mailbox user [email protected].
Set-Mailbox -Identity [email protected] -AddressBookPolicy “All Fabrikam”
Address Book Policies: Exchange Online Help.
QUESTION 67
You are testing the planned implementation of Domain Security. You discover that users fail to exchange domain-secured email messages. You open the Exchange Management Shell and discover the output shown in the exhibit. (Click the Exhibit button.) You need to ensure that users can exchange email messages by using Domain Security. Which two parameters should you modify by using the Set-SendConnector cmdlet? (Each correct answer presents part of the solution. Choose two.)
A. tlsauthlevel
B. requiretls
C. ignorestarttls
D. tlsdomain
E. domainsecureenabled
F. smarthostauthmechanism
Answer: BE
Explanation:
Domain Security.
Domain Security is a feature of Exchange Server (both 2010 and 2013) that can secure SMTP traffic between two Exchange organizations. It is implemented on server level, and it works without configuring any options on user (sender or recipient) side. Domain Security uses mutual TLS authentication to provide session-based authentication and encryption. Mutual TLS authentication is different from TLS as it’s usually implemented. Usually, when you implement TLS, client will verify the server certificate, and authenticate the server, before establishing a connection. With mutual TLS authentication, each server verifies the connection with the other server by validating a certificate that’s provided by that other server, so clients are not included at all. We establish secure SMTP channel between two Exchange Servers, usually over the Internet. Clients, Outlook and Outlook Web App, will be aware that Domain Security is established. Green icon with check mark will be shown on each messages exchanged between servers on which Domain Security is implemented.
Set-SendConnector.
Use the Set-SendConnector cmdlet to modify a Send connector.
EXAMPLE 1
This example makes the following configuration changes to the Send connector named Contoso.com Send Connector:
Sets the maximum message size limit to 10 MB.
Changes the connection inactivity time-out to 15 minutes.
Set-SendConnector “Contoso.com Send Connector” -MaxMessageSize 10MB -ConnectionInactivityTimeOut
00:15:00
PARAMETERS
Requiretls.
The RequireTLS parameter specifies whether all messages sent through this connector must be transmitted using TLS. The default value is $false.
Domainsecureenabled.
The DomainSecureEnabled parameter is part of the process to enable mutual Transport Layer Security (TLS) authentication for the domains serviced by this Send connector. Mutual TLS authentication functions correctly only when the following conditions are met:
– The value of the DomainSecureEnabled parameter must be $true.
– The value of the DNSRoutingEnabled parameter must be $true.
– The value of the IgnoreStartTLS parameter must be $false.
– The wildcard character (*) is not supported in domains that are configured for mutual TLS authentication.
– The same domain must also be defined on the corresponding Receive connector and in the TLSReceiveDomainSecureList attribute of the transport configuration.
The default value for the DomainSecureEnabled parameter is $false for the following types of Send connectors:
– All Send connectors defined in the Transport service on a Mailbox server.
– User-created Send connectors defined on an Edge server.
The default value for the DomainSecureEnabled parameter is $true for default Send connectors defined on an Edge server.
NOT TLSAUTHLEVEL.
The TlsAuthLevel parameter specifies the TLS authentication level that is used for outbound TLS connections established by this Send connector. Valid values are:
– EncryptionOnly: TLS is used only to encrypt the communication channel. No certificate authentication is performed.
– CertificateValidation: TLS is used to encrypt the channel and certificate chain validation and revocation lists checks are performed.
– DomainValidation: In addition to channel encryption and certificate validation, the Send connector also verifies that the FQDN of the target certificate matches the domain specified in the TlsDomain parameter. If no domain is specified in the TlsDomain parameter, the FQDN on the certificate is compared with the recipient’s domain.
You can’t specify a value for this parameter if the IgnoreSTARTTLS parameter is set to $true, or if the RequireTLS parameter is set to $false.
NOT IgnoreStarttls.
The IgnoreSTARTTLS parameter specifies whether to ignore the StartTLS option offered by a remote sending server. This parameter is used with remote domains. This parameter must be set to $false if the RequireTLS parameter is set to $true. Valid values for this parameter are $true or $false.
NOT TlsDomain.
The TlsDomain parameter specifies the domain name that the Send connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is used only if the TlsAuthLevel parameter is set to DomainValidation. A value for this parameter is required if:
– The TLSAuthLevel parameter is set to DomainValidation.
– The DNSRoutingEnabled parameter is set to $false (smart host Send connector).
NOT SmartHostAuthMechanism.
The SmartHostAuthMechanism parameter specifies the smart host authentication mechanism to use for authentication with a remote server. Use this parameter only when a smart host is configured and the DNSRoutingEnabled parameter is set to $false. Valid values are None, BasicAuth, BasicAuthRequireTLS, ExchangeServer, and ExternalAuthoritative. All values are mutually exclusive. If you select BasicAuth or BasicAuthRequireTLS, you must use the AuthenticationCredential parameter to specify the authentication credential.
QUESTION 68
You need to recommend which recovery solution will restore access to all of the mailboxes in AccountingDB if EX1 fails. The solution must restore access to email messages as quickly as possible. Which recovery solution should you recommend?
A. On EX2, create a new mailbox database.
Restore the database files, and then mount the database.
Run the New-MailboxRestoreRequest cmdlet for all of the mailboxes in the database.
B. On EX2, create a new mailbox database.
Restore the database files, and then mount the database.
Run the Set-Mailbox cmdlet for all of the mailboxes in the database.
C. On replacement hardware, run setup /mode:recoverserver.
Restore the database files, and then mount the database.
Run the Set-Mailbox cmdlet.
D. On replacement hardware, run setup /mode:recoverserver.
Restore the database files, and then mount the database.
Run the New-MailboxRestoreRequest cmdlet for all of the mailboxes in the database.
Answer: A
Explanation:
Restore Data Using a Recovery Database.
Create a Recovery Database.
http://technet.microsoft.com/en-us/library/ee332351%28v=exchg.150%29.aspx
QUESTION 69
Drag and Drop Question
You have an Exchange Server 2013 organization that contains two servers. The servers are configured as shown in the following table.
You need to create a new database availability group (DAG) that contains EX1 and EX2. Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 70
You have an Exchange Server 2013 organization that contains one Client Access server. The Client Access server is accessible from the Internet by using a network address translation (NAT) device. You deploy an additional Client Access server. You also deploy an L4 hardware load balancer between the Client Access servers and the NAT device. After deploying the hardware load balancer, you discover that all of the Exchange Server traffic is directed to a single Client Access server. You need to ensure that the hardware load balancer distributes traffic evenly across both Client Access servers. What should you do?
A. Change the default route of the Client Access servers to point to the hardware load balancer.
B. Configure the NAT device to pass the original source IP address of all connections from the Internet.
C. Configure the Client Access servers to have a second IP address and web site.
Create the Exchange virtual directories in the new sites.
D. Configure SSL offloading on the hardware load balancer and the Client Access servers.
Answer: B
Explanation:
When using source NAT, the client IP address is not passed to the load balanced server. The insertion of the Client IP address into the header allows the exchange servers to see the IP that made the connection. Level 4 Load Balancer: A load balancer is a server computer with a very specialized operating system tuned to manage network traffic using user-created rules. Enterprises and hosting companies rely on load-balancing devices to distribute traffic to create highly available services L4 load balancing is fairly simple, two servers sharing the same IP address. You get redirected to the less-busy server. The most popular Layer 4 load balancing techniques are:
– round-robin
– weighted round-robin
– least connections
– weighted least connections
NOT A
http://pdfs.loadbalancer.org/Microsoft_Exchange_2013_Deployment_Guide.pdf
If there was no NAT device and the load balancer was completing the NAT translation then there maybe some merit in this answer option. B is a better answer given this scenario.
NOT C
No need to configure the Client Access servers to have a second IP address.
NOT D
Not required in this scenario. SSL offloading relieves a Web server of the processing burden of encrypting and/or decrypting traffic sent via SSL, the security protocol that is implemented in every Web browser. The processing is offloaded to a separate device designed specifically to perform SSL acceleration or SSL termination.
B
When using source NAT, the client IP address is not passed to the load balanced server. The insertion of the Client IP address into the header allows the exchange servers to see the IP that made the connection.
http://pdfs.loadbalancer.org/Microsoft_Exchange_2013_Deployment_Guide.pdf
QUESTION 71
You need to recommend a solution to resolve the issue for the London office users. What should you do?
A. Modify the properties of the OAB virtual directory.
B. Create a new address book policy.
C. Modify the properties of the default offline address book (OAB).
D. Create a new arbitration mailbox.
Answer: D
Explanation:
NOT A
Will not resolve the issue. Need to create a new arbirtration mailbox.
NOT B
Will not resolve the issue. Need to create a new arbirtration mailbox.
NOT C
Will not resolve the issue. Need to create a new arbirtration mailbox.
D
Exchange Server 2013 CAS role proxies the OAB download request to a “nearest” mailbox server hosting an active Organization Mailbox. Both London and New York host a mailbox server and a client access server. Therefore you need to create a new active Organization Mailbox Administrators can create additional Organization Mailboxes for fault tolerance or for serving users in a geographically disbursed Exchange deployment.
The Organization Mailbox.
The Organization Mailbox is a new type of arbitration mailbox introduced with Exchange 2013. The arbitration mailbox with persisted capability OrganizationCapabilityOABGen is referred to as Organization Mailbox. It plays a crucial role in OAB generation, storage and distribution. Each Exchange Server 2013 mailbox role hosting an Organization Mailbox will generate all Exchange 2013 OAB’s defined in the environment. The OAB is generated in the Organization Mailbox first and later copied to the disk.
http://technet.microsoft.com/en-us/library/aa997663(v=exchg.150).aspx
QUESTION 72
You have an Exchange Server 2013 organization that contains five servers. All users connect to their mailbox by using a mobile device. All of the users in the finance department are in an organizational unit (OU) named OU1. You need to prevent the finance users from accessing the extended storage on their mobile device. What should you do?
A. Create a new mobile device mailbox policy, and then run the Set-CasMailbox cmdlet.
B. Create a new device access rule, and then run the Set-Mailbox cmdlet.
C. Create a new mobile device mailbox policy, and then run the Set-Mailbox cmdlet.
D. Create a new device access rule, and then run the Set-CasMailbox cmdlet.
Answer: A
Explanation:
Set-CASMailbox cmdlet.
Use the Set-CASMailbox cmdlet to set attributes related to client access for Microsoft Exchange ActiveSync, Microsoft Office Outlook Web App, POP3, and IMAP4 for a specified user. The Set-CASMailbox cmdlet operates on one mailbox at a time. You can configure properties for Outlook Web App, Exchange ActiveSync, POP3, and IMAP4 by using this cmdlet. You can configure a single property or multiple properties by using one statement.
Set-Mailbox cmdlet.
Use the Set-Mailbox cmdlet to modify the settings of an existing mailbox. You can use this cmdlet for one mailbox at a time.
Mobile device mailbox policy.
In Microsoft Exchange Server 2013, you can create mobile device mailbox policies to apply a common set of policies or security settings to a collection of users. After you deploy Exchange ActiveSync in your Exchange 2013 organization, you can create new mobile device mailbox policies or modify existing policies. When you install Exchange 2013, a default mobile device mailbox policy is created. All users are automatically assigned this default mobile device mailbox policy.
Device access rule.
Use device access rules to allow users to synchronize their mailboxes with specific mobile device families or models.
NOT BC
Use the Set-CASMailbox cmdlet to set attributes related to client access for Microsoft Exchange ActiveSync, Microsoft Office Outlook Web App, POP3, and IMAP4 for a specified user.
NOT D
In Microsoft Exchange Server 2013, you can create mobile device mailbox policies to apply a common set of policies or security settings to a collection of users.
QUESTION 73
You have an Exchange Server 2013 server that has a single mailbox database named DB1. You need to move the transaction log files of DB1. Which cmdlet should you run?
A. Move-DatabasePath
B. Move-Mailbox
C. Set-ExchangeServer
D. Set-MailboxDatabase
Answer: A
QUESTION 74
You have an Exchange Server 2013 organization named contoso.com. Your company is Investigating a user named User1. You need to prevent User1 from permanently deleting the items in his mailbox. What should you run?
A. Set-Mailbox User1 -LitigationHoldEnabled $true
B. Set-Mailbox User1 -ModerationEnabled $true
C. Set-Mailbox User1 -RetainDeletedItemsUntilBackup $true
D. Set-Mailbox User1 -RetentionHoldEnabled $true
Answer: A
QUESTION 75
You have an Exchange 2013 organization. You have an administrative user named Admin1. You need to ensure that Admin1 can move mailboxes in the organization. The solution must assign the minimum amount of permissions to Admin1. What should you do?
A. Create a local move request.
B. Create a custom Management role. Assign the role to Admin1.
C. Add Admin1 to the Organization Management role group.
D. Add Admin1 to the Recipient Management security group.
Answer: B
QUESTION 76
Hotspot Question
Your company has two offices. The offices are configured as shown in the following table.
The offices connect to each other by using a WAN link that has a latency of more than 700 ms. You plan to deploy an Exchange Server 2013 organization to meet the following requirements:
– Ensure that users can access their mailbox if the WAN link fails.
– Ensure that users can access their mailbox if a single server fails.
– Ensure that users can access their mailbox if a single database fails.
You recommend deploying one or more database availability groups (DAGs) and mailbox database copies. You need to identify which design meets the requirements for the planned deployment. Which design should you identify? To answer, select the appropriate design in the answer area.
Answer:
Explanation:
File Share Witness.
The file share witness is used to establish a majority node set. This is done by create a share on a server that gets a little file place into it automatically. The server hosting the cluster resource (which in the DAG I think is the Primary Activation Manager server) keeps an open file lock on this file. The other servers see this open file lock and interpret this as meaning another cluster node is online, healthy, and available. A file share witness is used when the DAG contains an even number of servers within it. When you initially create the DAG you must specify the server and file location that will act as the file share witness regardless of how many servers are in the DAG (0 to start) to ensure that if you do add an even number of DAG members the FSW will be properly used.
Database Availability Group.
A database availability group (DAG) is a set of up to 16 Microsoft Exchange Server 2013 Mailbox servers that provide automatic database-level recovery from a database, server, or network failure. When a Mailbox server is added to a DAG, it works with the other servers in the DAG to provide automatic, database-level recovery from database, server, and network failures. DAGs use continuous replication and a subset of Windows failover clustering technologies to provide high availability and site resilience. Mailbox servers in a DAG monitor each other for failures. When a Mailbox server is added to a DAG, it works with the other servers in the DAG to provide automatic, database-level recovery from database failures. When you create a DAG, it’s initially empty, and a directory object is created in Active Directory that represents the DAG. The directory object is used to store relevant information about the DAG, such as server membership information. When you add the first server to a DAG, a failover cluster is automatically created for the DAG. In addition, the infrastructure that monitors the servers for network or server failures is initiated. The failover cluster heartbeat mechanism and cluster database are then used to track and manage information about the DAG that can change quickly, such as database mount status, replication status, and last mounted location. Witness server and witness directory The witness server is a server outside the DAG that acts as a quorum voter when the DAG contains an even number of members. The witness directory is a directory created and shared on the witness server for use by the system in maintaining a quorum.
Lagged copy of a mailbox database.
A Lagged Mailbox Database Copy is a mailbox database copy configured with a replay lag time value greater than 0. A lagged database copy is one that is not updated by replaying transactions as they become available. Instead, the transaction logs are kept for a certain period and are then replayed. The lagged database copy is therefore maintained at a certain remove to the active database and the other non-lagged database copies. If you are planning to have more than two passive database copies of a database, think about a lagged copy also as an additional protection against unpredicted situations Lagged copies aren’t considered highly available copies. Instead, they are designed for disaster recovery purposes, to protect against store logical corruption. The greater the replay lag time set, the longer the database recovery process. Depending on the number of log files that need to replayed during recovery, and the speed at which your hardware can replay them, it may take several hours or more to recover a database.
The above configuration provides a symmetrical design. All four servers have the same four databases all hosted on a single disk per server. The key is that the number of copies of each database that you have should be equal to the number of database copies per disk. In the above example, there are four copies of each database: one active copy, two passive copies, and one lagged copy. Because there are four copies of each database, the proper configuration is one that has four copies per volume. In addition, activation preference is configured so that it’s balanced across the DAG and across each server. For example, the active copy will have an activation preference value of 1, the first passive copy will have an activation preference value of 2, the second passive copy will have an activation preference value of 3, and the lagged copy will have an activation preference value of 4.
Lagged mailbox database copy.
A passive mailbox database copy that has a log replay lag time greater than zero.
Crossed Lines
DAG Replication 1 and 2
Circled Areas
Site 1 and Site 2 (or DataCenter1 and DataCenter2)
WAN LINK between Site1 and Site2
High Availability with Site Resiliency Exchange 2010 Example.
http://jaworskiblog.com/2011/05/17/exchange-2010-design-principles-for-high-availability-and-site-resiliency/
FSW is the File Share Witness.
ASIDE
Windows NLB is not supported across sites. It is not recommended to use an HLB to load balance across sites.
PICTURE1 OFFERS THE BEST DESIGN IN ORDER TO MEET THE SPECIFIED CRITERIA. MORE FAULTS WITH THE OTHERS. PICTURE1 HOWEVER DOES NOT OFFER SITE RESILIENCY.
– Ensure that users can access their mailbox if the WAN link fails.
– Ensure that users can access their mailbox if a single server fails.
– Ensure that users can access their mailbox if a single database fails.
Picture1
The DAG is NOT extended across multiple data centers in a site resilience configuration. The design offers high availability within each site. However if a node fails or the wan link fails the respective file share witness for each DAG is still available unlike the other 3 configurations.
Picture2
The DAG is extended across multiple data centers in a site resilience configuration. No high availability within each site. If the wan link is unavailable the file share witness for Site2 would be unavailable This is a split brain scenario, both sites believe that they are the rightful owner of the database, and thus would mount their respective DB’s. This would cause a divergence in data. Email could be sent to either database leaving to a difference between the databases on the respective mailbox servers.
Picture3
The DAG is extended across multiple data centers in a site resilience configuration. FSW on Site2 in the event of a wan failure means that the servers cannot contact a FSW Even number of nodes on the respective site with an inability to contact the FSW. This is a split brain scenario, both sites believe that they are the rightful owner of the database, and thus would mount their respective DB’s. This would cause a divergence in data. Email could be sent to either database leaving to a difference between the databases on the respective mailbox servers. A file share witness is used when the DAG contains an even number of servers within it. A Node Majority quorum model is used for DAGs with an odd number of members. A Node and File Share Majority quorum is used for DAGs with an even number of members. The DAG needs to be able to make Quorum. When 1 node fails in Site1 and the wan link is down,1 out of 2 nodes left is not a majority. Need to be able to connect to the file share witness to obtain a majority.
Picture4
DAG 1 across both sites provides site resiliency but FSW on Site1 in the event of a wan failure means that the servers cannot contact a FSW A file share witness is used when the DAG contains an even number of servers within it. Even number of nodes on the respective site with an inability to contact the FSW. This is a split brain scenario, both sites believe that they are the rightful owner of the database, and thus would mount their respective DB’s. This would cause a divergence in data. Email could be sent to either database leaving to a difference between the databases on the respective mailbox servers. A file share witness is used when the DAG contains an even number of servers within it. A Node Majority quorum model is used for DAGs with an odd number of members. A Node and File Share Majority quorum is used for DAGs with an even number of members.
QUESTION 77
You deploy a server that has the Exchange Server 2013 Mailbox server role and Client Access server role installed. You need to configure anti-spam to meet the following requirements:
– Email messages sent from the Internet to a distribution list named Executives must be rejected.
– Email messages that contain the words casino and jackpot must be rejected, unless they were sent to [email protected].
Which three cmdlets should you run? (Each correct answer presents part of the solution. Choose three.)
A. Add ContentFilterPhrase
B. Set-ContentFilterConfig
C. Set-TransportConfig
D. Set-SenderReputationConfig
E. Set-RecipientFilterConfig
Answer: ABE
Explanation:
Add ContentFilterPhrase.
The Add-ContentFilterPhrase cmdlet adds phrases to the Allow or Block phrases list. Use the Add-ContentFilterPhrase cmdlet to define custom words for the Content Filter agent. A custom word is a word or phrase that the administrator sets for the Content Filter agent to evaluate the content of an e-mail message and apply appropriate filter processing.
Syntax
Examples:
EXAMPLE 1
This example adds the phrase Free credit report to the Block phrase list. Any messages that contain this phrase will be marked as spam by the Content Filtering agent. Add-ContentFilterPhrase -Phrase “Free credit report” -Influence BadWord Set-ContentFilterConfig
Use the Set-ContentFilterConfig cmdlet to modify the content filter configuration on a Mailbox server or an Edge Transport server.
Syntax
Set-ContentFilterConfig [-BypassedRecipients <MultiValuedProperty>] [-BypassedSenderDomains <MultiValuedProperty>] [-BypassedSenders <MultiValuedProperty>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Enabled <$true | $false>] [-ExternalMailEnabled <$true | $false>] [-InternalMailEnabled <$true | $false>] [-OutlookEmailPostmarkValidationEnabled <$true | $false>] [-QuarantineMailbox <SmtpAddress>] [-RejectionResponse <AsciiString>] [-SCLDeleteEnabled <$true | $false>]
[-SCLDeleteThreshold <Int32>] [-SCLQuarantineEnabled <$true | $false>] [-SCLQuarantineThreshold <Int32>]
[-SCLRejectEnabled <$true | $false>] [-SCLRejectThreshold <Int32>] [-WhatIf [<SwitchParameter>]]
EXAMPLE 1
This example specifies the sender domain woodgrovebank.com as a bypassed domain. Messages received from that domain bypass the Content Filter agent.
Set-ContentFilterConfig -BypassedSenderDomains woodgrovebank.com Set-RecipientFilterConfig
Use the Set-RecipientFilterConfig cmdlet to enable and configure the Recipient Filter agent.
Syntax
Set-RecipientFilterConfig [-BlockedRecipients <MultiValuedProperty>] [-BlockListEnabled <$true | $false>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Enabled <$true | $false>] [-ExternalMailEnabled<$true | $false>] [-InternalMailEnabled <$true | $false>] [-RecipientValidationEnabled <$true | $false>] [-WhatIf
[<SwitchParameter>]]
EXAMPLE 1
This example modifies the Recipient Filter agent configuration so that recipient validation is enabled.
Set-RecipientFilterConfig -RecipientValidationEnabled $true
EXAMPLE 2
This example makes the following changes to the Recipient Filter agent configuration:
Enables the Blocked Recipients list.
Adds two users to the Blocked Recipients list.
Set-RecipientFilterConfig -BlockListEnabled $true lockedRecipients [email protected],[email protected]
NOT C
Set-TransportConfig.
Use the Set-TransportConfig cmdlet to modify the transport configuration settings for the whole Exchange organization. This example configures the Exchange organization to redirect all journaling reports that can’t be delivered to the journaling mailbox to the email account [email protected].
Set-TransportConfig -JournalingReportNdrTo [email protected]
NOT D
Set-SenderReputationConfig.
Use the Set-SenderReputationConfig cmdlet to modify the sender reputation configuration on a Mailbox server or an Edge Transport server. Sender reputation is part of the Exchange anti-spam functionality that blocks messages according to many characteristics of the sender. Sender reputation relies on persisted data about the sender to determine what action, if any, to take on an inbound message. The Protocol Analysis agent is the underlying agent for sender reputation functionality. When you configure anti-spam agents on an Exchange server, the agents act on messages cumulatively to reduce the number of unsolicited messages that enter the organization.
Syntax
EXAMPLE 1
This example makes the following modifications to the sender reputation configuration:
It sets the sender reputation action to block all senders whose sender reputation level (SRL) rating exceeds the SRL threshold. It sets the SRL blocking threshold to 6. It sets the number of hours that senders are put on the blocked senders list to 36 hours.
Set-SenderReputationConfig -SenderBlockingEnabled $true -SrlBlockThreshold 6 -SenderBlockingPeriod 36
QUESTION 78
Your company named Contoso, Ltd., has an Exchange Server 2013 organization named contoso.com. The network contains an Active Directory domain. The domain contains an organizational unit (OU) named SalesOU. SalesOU contains two users named User1 and User2. Contoso purchases a domain name adatum.com. You need to change the primary SMTP address of all the users in SalesOU to use the SMTP suffix of adatum.com. The solution must not remove the contoso.com email address. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a new email address policy and apply the policy to the users in SalesOU.
B. Change the default email address policy to include adatum.com.
C. Create a new remote domain for adatum.com.
D. Create a new accepted domain for adatum.com and set the domain type to Authoritative Domain.
E. Create a new accepted domain for adatum.com and set the domain type to External RelayDomain.
Answer: AD
Explanation:
Email Address Policies.
Applies to: Exchange Server 2013.
Recipients (which include users, resources, contacts, and groups) are any mail-enabled object in Active Directory to which Microsoft Exchange can deliver or route messages. For a recipient to send or receive email messages, the recipient must have an email address. Email address policies generate the primary and secondary email addresses for your recipients so they can receive and send email. By default, Exchange contains an email address policy for every mail-enabled user. This default policy specifies the recipient’s alias as the local part of the email address and uses the default accepted domain. The local part of an email address is the name that appears before the at sign (@). However, you can change how your recipients’ email addresses will display. For example, you can specify that the addresses display as [email protected]. Furthermore, if you want to specify additional email addresses for all recipients or just a subset, you can modify the default policy or create additional policies. For example, the user mailbox for David Hamilton can receive email messages addressed to [email protected] and [email protected]. Looking for management tasks related to email address policies See Email Address Policy Procedures.
NOT B
No need to change the default email policy. Create a new email address policy.
NOT C
No need for a remote domain. You can create remote domain entries to define the settings for message transfer between the Microsoft Exchange Server 2013 organization and domains outside your Exchange organization. When you create a remote domain entry, you control the types of messages that are sent to that domain. You can also apply message format policies and acceptable character sets for messages that are sent from users in your organization to the remote domain. The settings for remote domains are global configuration settings for the Exchange organization. The remote domain settings are applied to messages during categorization in the Transport service on Mailbox servers. When recipient resolution occurs, the recipient domain is matched against the configured remote domains. If a remote domain configuration blocks a specific message type from being sent to recipients in that domain, the message is deleted. If you specify a particular message format for the remote domain, the message headers and content are modified. The settings apply to all messages that are processed by the Exchange organization.
NOT E
Do not want to use a relay server. When you configure an external relay domain, messages are relayed to an email server that’s outside your Exchange organization and outside the organization’s network perimeter. Typically, most Internet-facing messaging servers are configured to not allow for other domains to be relayed through them. However, there are scenarios where you may want to let partners or subsidiaries relay email through your Exchange servers. In Exchange 2013, you can configure accepted domains as relay domains. Your organization receives the email messages and then relays the messages to another email server. You can configure a relay domain as an internal relay domain or as an external relay domain. These two relay domain types are described in the following sections.
A
Need to create a new email address policy.
D
There are three types of accepted domains: authoritative, internal relay, and external relay. Configure an Accepted Domain within Your Exchange Organization as Authoritative Applies to: Exchange Server 2013 If a domain belonging to your organization hosts mailboxes for all the recipients within an SMTP namespace, that domain is considered to be authoritative. By default, one accepted domain is configured as authoritative for the Exchange organization. If your organization has more than one SMTP namespace, you can configure more than one accepted domain as authoritative.
Configure an Accepted Domain within Your Exchange Organization as Authoritative: Exchange 2013 Help.
QUESTION 79
Drag and Drop Question
You have an Exchange Server 2013 organization named Contoso. The organization is configured to apply a disclaimer to all email messages sent to external recipients. Your company works with a partner company named A. Datum Corporation. A. Datum has an SMTP domain named adatum.com. You need to ensure that email messages sent to adatum.com meet the following compliance requirements:
– Messages sent to adatum.com must NOT include the disclaimer.
– Messages that contain credit card numbers must NOT be sent to adatum.com.
– If a user writes a message that contains a credit card number and the message is addressed to a recipient at adatum.com, the user must receive a notification before the message is sent.
What should you configure for each requirement? To answer, drag the appropriate configuration to the correct requirement in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
Box 1: A transport rule exception
Box 2: A data loss prevention policy
Box 3: a Policy Tip
Note:
– Each transport rule can have exceptions that specify what to exclude from the condition. Exceptions typically determine a subset of criteria identified in the condition. If you use transport rules, you can specify what information you don’t want to enter or leave the organization, which individuals or groups shouldn’t be able to communicate with one another, how messages are handled based on how they are classified by the sender, and more.
– The Data loss prevention (DLP) feature in the new Exchange will help you identify, monitor, and protect sensitive information in your organization through deep content analysis. DLP is increasingly important for enterprise message systems because business critical email includes sensitive data that needs to be protected. It’s the financial information, personally identifiable information (PII) and intellectual property data that can be accidently sent to unauthorized users that keeps the CSO up all night.
– Policy Tip notification messages are displayed to users in Outlook while they are composing an email message. Policy Tip notification messages only show up if something about the sender’s email message seems to violate a DLP policy that you have in place and that policy includes a rule to notify the sender when the conditions that you establish are met.
– Incorrect: MailTips are evaluated every time a sender adds a recipient to a message.
Reference: Introducing Data Loss Prevention in the New Exchange; Policy Tips
QUESTION 80
Drag and Drop Question
You have an Exchange Server 2013 organization that contains three servers named EX1, EX2, and EX3. The servers are members of a database availability group (DAG) named DAG1. A mailbox database named DB1 is replicated to all the members of DAG1. EX3 experiences a complete hardware failure. You need to restore EX3 on a new server. You reset the computer account for EX3. Which three actions should you perform next? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Note: Use Setup /m:RecoverServer to recover a server.
Retrieve any replay lag or truncation lag settings for any mailbox database copies that exist on the server being recovered by using the Get-MailboxDatabase cmdlet.
(Box 1) Remove any mailbox database copies that exist on the server being recovered by using theRemove-MailboxDatabaseCopy cmdlet.
(Box 1) Remove the failed server’s configuration from the DAG by using the Remove-DatabaseAvailabilityGroupServer cmdlet.
Reset the server’s computer account in Active Directory. For detailed steps, see Reset a Computer Account.
(Box 2) Open a Command Prompt window. Using the original Setup media, run the following command:
Setup /m:RecoverServer
(Box 3) When the Setup recovery process is complete, add the recovered server to the DAG by using the Add-DatabaseAvailabilityGroupServer cmdlet.
(Box 3) After the server has been added back to the DAG, you can reconfigure mailbox database copies by using the Add-MailboxDatabaseCopy cmdlet.
* You can recover a lost server by using the Setup /m:RecoverServer switch in Microsoft Exchange Server 2013. Most of the settings for a computer running Exchange 2013 are stored in Active Directory. The /m:RecoverServer switch rebuilds an Exchange server with the same name by using the settings and other information stored in Active Directory.
Reference: Recover a Database Availability Group Member Server
Get the newest PassLeader 70-341 VCE dumps here: http://www.passleader.com/70-341.html (261 Q&As Dumps –> 272 Q&As Dumps)
And, DOWNLOAD the newest PassLeader 70-341 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=0B-ob6L_QjGLpfjZ2U1ZfVEZvU0ZreTJkNG1xdmxjS0xUYkdHWVMxWFNRVDhOYTlyRzBjOXM