clip_image002

One more new Exam Ref to go before 2011 ends. It’s a joy to announce availability of MCITP 70-663 Exam Ref: Designing and Deploying Messaging Solutions with Microsoft® Exchange Server 2010 (ISBN 9780735658080; 448 pages), by Orin Thomas.

Our latest addition to the Microsoft Press Exam Ref series is the study guide of choice for 70-663, the Pro-level exam required for the MCITP: Enterprise Messaging Administrator 2010 certification. Getting certified is a great way to start the new year.

For a gaze inside, here’s the book’s Table of Contents and the review questions for exam 70-663 objective 3.1: Design and Deploy Messaging Security. You can get a sampler of the book, which includes the entire first chapter, here:

http://cdn.oreilly.com/oreilly/booksamplers/msp/9780735658080_sampler.pdf

Contents

Chapter 1: Planning the Exchange Server 2010 Infrastructure

· Objective 1.1: Design the Exchange Server 2010 Installation

· Objective 1.2: Design Message Routing

· Objective 1.3: Design the Mailbox Server Role

· Objective 1.4: Design Client Access

· Objective 1.5: Plan for Transition and Coexistence

· Chapter Summary

· Answers

Chapter 2: Deploying the Exchange Server 2010 Infrastructure

· Objective 2.1: Prepare the Infrastructure for Exchange Server 2010 Deployment

· Objective 2.2: Deploy Edge Transport Server Role

· Objective 2.3: Deploy Client Access Server Role

· Objective 2.4: Deploy Hub Transport Server Role

· Objective 2.5: Deploy Mailbox Server Role

· Objective 2.6: Deploy Server Roles for Coexistence and Migration

· Chapter Summary

· Answers

Chapter 3: Designing and Deploying Security for the Exchange Organization

· Objective 3.1: Design and Deploy Messaging Security

· Objective 3.2: Design and Deploy Exchange Permissions Model

· Objective 3.3: Design and Deploy Message Hygiene

· Objective 3.4: Design and Deploy Client Access Security

· Objective 3.5: Design and Deploy Exchange Object Permissions

· Chapter Summary

· Answers

Chapter 4: Designing and Deploying Exchange Server 2010 Availability and Recovery

· Objective 4.1: Design and Deploy High Availability and Disaster Recovery for Exchange Dependencies

· Objective 4.2: Design and Deploy High Availability and Disaster Recovery for CAS Role

· Objective 4.3: Design and Deploy High Availability and Disaster Recovery for Mailbox Server Role

· Objective 4.4: Design and Deploy High Availability and Disaster Recovery for Hub Transport Role

· Objective 4.5: Design and Deploy High Availability and Disaster Recovery for Edge Transport Role

· Chapter Summary

· Answers

Chapter 5: Designing and Deploying Messaging Compliance, System Monitoring, and Reporting

· Objective 5.1: Design and Deploy Auditing and Discovery

· Objective 5.2: Design and Deploy Message Archival

· Objective 5.3: Design and Deploy Transport Rules for Message Compliance

· Objective 5.4: Design and Deploy for Monitoring and Reporting

· Chapter Summary

· Answers

Objective 3.1 Review: Design and Deploy Messaging Security

Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter.

1. You have deployed Exchange 2010 in your organization and all clients are running Windows 7 with Office 2010 installed. You want users to be able to mark messages as Internal-Use-Only. The company’s information security officer must be copied on all messages marked in this manner. Which of the following Exchange features would you use to accomplish this goal? (Choose two. Each answer forms part of a complete solution.)

A. Message classification

B. Outlook protection rule

C. Moderated transport

D. Transport rule

2. The majority of users in your organization use Outlook Web App to send and receive email messages. You want to ensure that users are able to encrypt the contents of their messages so that unauthorized third parties cannot view the message content. Additionally, message recipients should be able to verify the sender’s identity. Which of the following technologies should you use to accomplish this goal?

A. BitLocker to Go

B. Encrypting File System certificates

C. S/MIME certificates

D. Transport Layer Security (TLS) certificates

3. You are in the process of deploying and configuring IRM in your Exchange 2010 organization. You want to use the following Exchange 2010 features: transport decryption, journal report decryption, IRM with OWA, and IRM for Exchange Search. Which of the following configuration steps do you need to take to accomplish this goal?

A. Add the Federation mailbox to the Organization Management security group.

B. Add the Federation mailbox to the Discovery Management security group.

C. Add the Federation mailbox to the Records Management security group.

D. Add the Federation mailbox to the AD RMS Super Users group.

4. You want to configure domain security for a partner organization fabrikam.com. You have obtained and installed the necessary TLS certificate on your organization’s Edge Transport server. No other domains are configured for domain security. Which of the following cmdlets will you need to use to configure your Exchange organization to support domain security for the fabrikam.com domain? (Choose three. Each answer forms part of a complete solution.)

A. Set-TransportConfig

B. Set-ReceiveConnector

C. Set-SendConnector

D. Set-AcceptedDomain

5. You are in the process of creating a Receive connector that will be used for secure relay with a third-party organization. You have already configured an IPsec connection between the third-party organization’s SMTP server and your organization’s Edge Transport server and created a Receive connector that uses the partner organization’s SMTP server’s IP address as the remote server. Which of the following settings should you enable on the connector to ensure that you configure secure relay correctly? (Choose two. Each answer forms part of a complete solution.)

A. Exchange Server authentication

B. Externally Secured authentication

C. Exchange Servers permissions group

D. Anonymous users permissions group

Answers

Objective 3.1: Review

1. Correct Answers: A and D

A. Correct: Message classifications allow users to manually select a classification to apply to a message. This will allow users to mark messages as Internal-Use-Only

B. Incorrect: Outlook protection rules are automatically applied to messages, rather than allowing a user to choose to manually apply the classification. Outlook protection rules are usually used with Rights Management Services.

C. Incorrect: Moderated transport requires an approval process before a message is transmitted to its eventual destination. In this case no approval is required.

D. Correct: Transport rules allow actions, such as forwarding a copy to a specific mailbox, to be performed against messages that meet certain criteria, such as having a specific classification.

2. Correct Answer: C

A. Incorrect: BitLocker To Go is a full-volume encryption technology that is used with removable devices on computers running Windows 7 and Windows Server 2008 R2. BitLocker To Go cannot be used to encrypt or digitally sign messages.

B. Incorrect: Encrypting File System (EFS) is a file-level encryption technology. Although it is possible to attach EFS encrypted files to a message sent through OWA, this file will automatically be decrypted during the attachment process. EFS cannot be used to encrypt message contents. It is also not possible to use EFS to digitally sign files.

C. Correct: S/MIME allows users to encrypt and sign email messages. This allows the sender’s identity to be verified by the recipient. S/MIME also allows the sender to encrypt the message using the recipient’s public certificate, meaning that only the recipient, who holds a corresponding private certificate, is able to view the contents of the message.

D. Incorrect: TLS Encryption can provide an encrypted tunnel for message transmission, but does not encrypt the message itself or provide a sender verification mechanism.

3. Correct Answer: D

A. Incorrect: Members of the organization management group have permissions to manage Exchange objects and their properties in the Exchange organization. To enable the required features, you need to add the Federation mailbox to the AD RMS Super Users group.

B. Incorrect: Members of the Discover Management role group can perform searches of mailboxes in the Exchange organization. To enable the required features, you need to add the Federation mailbox to the AD RMS Super Users group.

C. Incorrect: Members of the Records Management security group can configure compliance features such as message classifications and retention policy tags. To enable the required features, you need to add the Federation mailbox to the AD RMS Super Users group.

D. Correct: To enable transport decryption, journal report decryption, IRM with OWA, and IRM for Exchange Search, it is necessary to add the Federation mailbox to the AD RMS Super Users group.

4. Correct Answers: A, B, and C

A. Correct: You use the Set-TransportConfig cmdlet to configure the receive domain secure list and the send domain secure list from inside your Exchange organization.

B. Correct: You use the Set-ReceiveConnector cmdlet to enable domain security on a specific Receive connector.

C. Correct: You use the Set-SendConnector cmdlet to enable domain security on a specific Send connector.

D. Incorrect: The Set-AcceptedDomain allows you to configure the properties of an accepted domain. This command is not related to configuring domain security.

5. Correct Answers: B and C

A. Incorrect: You shouldn’t configure Exchange Server authentication when configuring external secure relay for a third-party organization. This type of authentication is often used with internal Receive connectors.

B. Correct: When configuring secure relay, you configure externally secured authentication such as IPsec.

C. Correct: When configuring secure relay, you configure the Exchange Servers permissions group.

D. Incorrect: Although you do allow anonymous relay, when configuring secure relay you do not enable the Anonymous users permissions group.