(WWW Mcseccna Com) 70-663 by Mandy PDF

CertifyMe
Number: 70-663
Passing Score: 800
Time Limit: 120 min
File Version: 8.0
CertifyMe - 70-663
Sections
1. Planning the Exchange Server 2010 Infrastructure
2. Deploying the Exchange Server 2010 Infrastructure
3. Designing and Deploying Security for the Exchange Organization
4. Designing and Deploying Exchange Server 2010 Availability and Recovery
5. Designing and Deploying Messaging Compliance, System Monitoring, and Reporting
6. Powershell
7. Drag and Drop
8. testlet case study
Exam A
QUESTION 1
You work as the enterprise Exchange administrator for the Nutex Corporation. The CIO of the company
instructs you to create a database availability group (DAG). She wants to ensure that the DAG has the
fastest and most reliable performance.
A. Recommend SATA hard disks in a storage area network (SAN).

B. Recommend Internet SCSI (iSCSI) storage area network (SAN).
C. Recommend SATA hard disks in a direct attached storage (DAS).
D. Recommend Internet SCSI (iSCSI) in a direct attached storage (DAS).
Answer: B
Section: Planning the Exchange Server 2010 Infrastructure
Explanation/Reference:
Answer:
Recommend Internet SCSI (iSCSI) storage area network (SAN).
Explanation:
You should recommend Internet SCSI (iSCSI) storage area network (SAN). A SAN is more expensive than
a DAS, but is more reliable. An iSCSI SAN has faster disk performance than SATA drives in a SAN,
although SATA drives are less expensive than iSCSI drives.
Exchange 2010 and Exchange 2010 SP1 reduce disk input/output over previous versions of Exchange
server. Exchange 2010 allows most disk operations to be performed in sequential order instead of random
order. Because of the reduced I/O requirements, you can use inexpensive disks such as Serial ATA (SATA)
disks. You could also use just a bunch of disks (JBOD) rather than a more expensive solution of Redundant
Array of Independents Disks (RAID). However, to ensure maximum performance and reliability, you should
use iSCSI in a storage area network (SAN).
Direct attached storage (DAS) is less expensive than using a storage area network (SAN). SAN may
provide better performance and is more reliable than a DAS. You should not recommend SATA disks in any
configuration instead of iSCSI because iSCSI is faster than SATA disks.
Objective:
Planning the Exchange Server 2010 Infrastructure
Sub-Objective:
Design the mailbox server role
QUESTION 2
You are the enterprise Exchange administrator for the Nutex Corporation in their headquarters in Atlanta.
Nutex has an Active Directory forest that contains a single domain named nutex.com. Nutex has five other
branch offices in different locations that are configured as Active Directory sites. All offices are connected to
the Atlanta office via a fractional T1 connection, and all offices are connected to the Internet via a T1
connection.
The CIO requires that the following conditions be met:
All e-mail messages from the branch offices should use the Internet connection of the Hub Transport
server
All e-mail messages from the branch offices to the Atlanta office must use the fractional T1 connection
Administrative overhead should be reduced.
A. Create a SMTP Receive connector to accept anonymous connections on the Internet interface of the
Hub Transport server.
Create a SMTP Send connector with an address space of * on the Internet interface of the Hub
Transport server.
B. Create a SMTP Receive connector to accept anonymous connections on the Internet interface of the
Transport server.
Create a SMTP Send connector with an address space of nutex.com on the internal interface of the
C. Create a SMTP Receive connector to accept anonymous connections on the Internet interface of the
Create a SMTP Receive connector to accept connections from nutex.com on the internal interface of
the Hub Transport server.
Transport server.
D. Create a SMTP Receive connector to accept anonymous connections on the Internet interface of the
Transport server.
Answer: A
Answer:
Create a SMTP Receive connector to accept anonymous connections on the Internet interface of the Hub
Transport server. Create a SMTP Send connector with an address space of * on the Internet interface of
Explanation:
You should do the following:
Create a SMTP Receive connector to accept anonymous connections on the Internet interface of the
Transport server.
In this scenario, the Hub Transport server in each branch office is an Internet-facing server that is used to
send and receive e-mail to and from the Internet via the T1 link. Normally, you may use an Edge Transport
server to send and receive e-mail from the Internet. To configure the Hub Transport server to enable
inbound and outbound Internet mail flow, you must configure an SMTP Receive connector to accept
anonymous connections on port 25 from the Internet-facing interface. To enable outbound e-mail flow to the
Internet, you must configure an SMTP
Send connector with an address space of "*" that uses DNS to send messages to the Internet.
You should not do the following:
Transport server.
You do not have to create any connectors for mail flow between Hub Transport servers. Implicit connectors
exist between the Hub Transport servers in the Nutex Exchange organization. The path that the connectors
use to send an e-mail message will be based on the on the Active Directory site structure of nutex.com.
Create a SMTP Receive connector to accept connections from nutex.com on the Internal interface of
Transport server.
You do not have to do the following:
Transport server.
Objective:
Sub-Objective:
Design message routing
QUESTION 3
You administer the Exchange 2010 SP1 organization for the Nutex Corporation. Nutex has an Active
Directory forest that contains a single domain, named nutex.com.
Nutex has a partner company named Verigon. Nutex plans to purchase Verigon in the next six months.
After the purchase is complete, the verigon.com domain will be integrated into the same Active Directory
Forest as nutex.com. Verigon currently has an Exchange 2010 SP1 organization.
Since all users in the verigon.com domain use Microsoft Office 2010, your CIO wants the users in the
verigon.com domain to share their availability (free/busy) information for scheduling meetings and detailed
calendar information with the users in nutex.com. This should be accomplished with the least amount of
effort.
A. Create a two-way transitive trust from nutex.com to verigon.com.

B. Create a one-way transitive trust from nutex.com to verigon.com.
C. Use the Inter-Organization Replication tool to replicate public folders between the Exchange
organizations.
D. Create a federated delegation from the Exchange organizations to the Microsoft Federation Gateway.
Answer: D
Answer:
Create a federated delegation from the Exchange organizations to the Microsoft Federation Gateway.
Explanation:
You should create a federated delegation between the Exchange organizations. You must have a federation
delegation established to share availability (free/busy) information for scheduling meetings and detailed
calendar information with users in different Exchange organization without creating an Active Directory trust.
You can use federated sharing to share a contact list as well. Federated sharing uses a trust broker called
the Microsoft Federation Gateway that is hosted by Microsoft as the trust broker between two federated
organizations. The organizations you want to share information between must only establish a federated
delegation with the Microsoft Federation Gateway once, and not with each other. Once a federated
delegation is established, you can share information through either an organizational relationship or a
sharing policy.
You should not create a two-way transitive trust or a one-way transitive trust from nutex.com to verigon.
com.
You can use Active Directory trusts and tools such as GALSync to synchronize one Exchange
organization's recipients with recipients from another organization, but you would have to manage
credentials and give permissions after creating the appropriate trusts. You can use federated sharing in
Exchange 2010 to share availability (free/busy) information for scheduling meetings and detailed calendar
information without creating cumbersome Active Directory trusts that can affect Active Directory replication.
You should not use the Inter-Organization Replication tool to replicate public folders between Exchange
organizations. The Inter-Organization Replication tool was required in previous versions of Exchange to
replicate public folders between Exchange organizations after you created Active Directory trusts between
the different
domains. This is not required in Exchange 2010.
Objective:
Sub-Objective:
Design client access
QUESTION 4
You administer an Exchange 2010 SP1 organization for the Nutex Corporation in their headquarters in
Atlanta. Nutex has purchased two different competitors. These competitors both have Exchange 2003
organizations. Each competitor will be a separate Organizational Unit (OU) in the nutex.com domain.
None of the newly acquired Exchange 2003 servers will support Exchange 2010 SP1. The CIO asks you to
plan the move of mailboxes from the Exchange 2003 servers of the purchased companies onto your
Exchange 2010 SP1 servers.
What must you do FIRST?
A. Ensure that each company's forest is set to Windows Server 2003 functional level
B. Ensure that all Exchange 2003 servers are running Exchange 2003 SP2
C. Upgrade all Exchange 2003 servers to Exchange 2007 SP2
D. Ensure that the schema master of each company is on a 64-bit Windows Server 2008 domain controller
Answer: B
Answer:
Ensure that all Exchange 2003 servers are running Exchange 2003 SP2
Explanation:
You must ensure that each Exchange 2003 server has Exchange 2003 Service Pack 2 (SP2) applied. You
can move mailboxes from an existing Exchange 2003 server to an Exchange 2010 or Exchange 2010 SP1
Mailbox server if the Exchange 2003 server has SP2 applied. The move process must be performed offline,
and end users will not be able to access their mailboxes until the move has been completed.
Once the service pack is applied, you can use the New-MoveRequest cmdlet to move a mailbox from an
Exchange 2003 server to an Exchange 2010 SP1 Mailbox server. You do not have to ensure that each
company's forest functional level is set to Windows Server 2003. If you were
to migrate from Exchange 2003 to Exchange 2010 SP1, you would have to bring the Active Directory forest
and domains to at least Windows Server 2003 functional level. In this scenario, the servers will not coexist
for any significant time frame. You only want to move the mailboxes from the Exchange 2003 servers to the
Exchange 2010 SP1 mailbox servers. Also, for a true migration from Exchange 2003 to Exchange 2010
SP1, you would still have to upgrade all Exchange 2003 Servers with Service Pack 2 before bringing the
Active Directory forest and
domains to the Windows Server 2003 functional level. You do not have to upgrade all Exchange 2003
servers to Exchange 2007 SP2 to move the mailboxes to the Exchange 2010 SP1 mailbox servers. You
only need to apply SP2 to the existing Exchange 2003 servers.
You do not have to ensure that the schema master of each company is on a 64-bit Windows 2008 domain
controller. A schema master for the forest of the Exchange 2010 SP1 organization can be on a domain
controller running 32-bit Windows Server 2003 with SP1 or higher. In this scenario, the forest and domains
of the acquired companies will not be retained. Their mailboxes will be moved to Exchange 2010 SP1
mailbox servers in the Exchange 2010 SP1 organizations. Each of the former companies will be an OU in
the nutex.com domain.
Objective:
Sub-Objective:
Plan for transition and coexistence
QUESTION 5
You are the enterprise Exchange administrator for an Exchange Server 2003 organization at the Nutex
Corporation. Nutex has an Active Directory forest that contains a single domain named nutex.com. The
company
has three locations:
Atlanta - Site A
Boston - Site B
Charlotte -Site C
You will be installing Exchange Server 2010 SP1 in the Atlanta location. You plan to install Exchange Server
2010 SP1 in the Boston and Charlotte locations in a few months. You must ensure coexistence between
Exchange 2010 SP1 and Exchange 2003.
What should you do? (Choose two. Each correct answer is part of the solution.)
A. You should specify an Exchange 2003 Mailbox server for the first routing group connector that is
created during the setup of Exchange 2010 SP1 in the Atlanta office.
B. You should specify an Exchange 2003 bridgehead server for the first routing group connector that is
C. You should set up new routing group connectors as well as changing the default routing group
connector so that every Exchange 2003 routing group has at least one connector to another routing
group before you install Exchange 2010 SP1 in Atlanta.
D. You should set up multiple Active Directory SMTP site links with at least two SMTP connections before
you install Exchange 2010 SP1 in Atlanta.
E. You should set up multiple X400 connectors to Atlanta office before you install Exchange 2010 SP1 in
Atlanta.
Answer: BC
Answer:
You should specify an Exchange 2003 bridgehead server for the first routing group connector that is
You should set up new routing group connectors as well as changing the default routing group connector so
that every Exchange 2003 routing group has at least one connector to another routing group before you
install Exchange 2010 SP1 in Atlanta.
Explanation:
You should specify an Exchange 2003 bridgehead server for the first routing group connector that is
created during the setup of Exchange 2010 SP1 in the Atlanta office. An Exchange 2003 bridgehead server
must be the connection point for the routing group named Exchange Routing Group
(DWBGZMFD01QNBJR) that is created. You should also set up new routing group connectors as well as
changing the default routing group connector so that every Exchange 2003 routing group has at least one
connector to another routing group before you install
Exchange 2010 SP1. All Exchange 2003 routing groups must have at least one connector to any other
Exchange 2003 routing groups before you install the first Exchange 2010 SP1 server. Installing Exchange
2010 SP1 will create the routing group named Exchange Routing Group (DWBGZMFD01QNBJR).
You should not specify an Exchange 2003 Mailbox server for the first routing group connector that is
created during the setup of Exchange 2010 SP1. You should only specify an Exchange bridgehead server
as the connection point of the routing group connector.
You do not have to set up multiple Active Directory SMTP site links with at least two SMTP connections
before you install Exchange 2010 SP1 in Atlanta. Exchange 2010 SP1 uses IP site links, not SMTP site
links, to determine the closest site to which to send the message if a site link fails. If multiple paths exist
between the Exchange 2010 routing group and the Exchange Server 2003 routing groups, you should
suppress link state updates to make sure that message looping does not occur when a route is
recalculated. You should not set up multiple X.400 connectors to Atlanta office install Exchange 2010 SP1
in Atlanta. X.400 connectors are not used to connect the Exchange 2010 routing group to any Exchange
2003 routing groups.
Objective:
Sub-Objective:
QUESTION 6
You work as the enterprise Exchange administrator for the Nutex Corporation. The CIO wants to add more
mailboxes. You need to plan for LUN capacity requirements.
The size of the dataset that includes the database, transaction logs, content index, and recovery space
is 5GB.
You have a free space requirement of 20 percent.
What should the LUN capacity be?
A. 5000 MB
B. 2500 MB
C. 4000 MB
D. 6250 MB
Answer: D
Answer:
6250 MB
Explanation:
You should plan for a LUN that is 6250 MB. The formula for computing the LUN capacity is as follows:
In this scenario, the entire dataset is 5 GB. If you divide 5 GB by 80% (1 - 20% free space requirement), you
will get a LUN capacity of at least 6250 MB.
All other answers are incorrect.
Objective:
Sub-Objective:
QUESTION 7
You administer an Exchange 2010 SP1 organization and an Active Directory forest that contains a single
domain, named nutex.com. You need to set up calendar sharing between the on-premise Exchange 2010
SP1 organization and an Exchange Online (Office 365) organization.
What must you configure? (Choose two. Each correct answer is part of the solution.)
A. Configure a manual realm trust between Microsoft Federation Gateway and the on-premise organization
B. Configure a manual federation trust between Microsoft Federation Gateway and the on-premise
organization
C. Configure a manual Active Directory trust between Microsoft Federation Gateway and the on-premise
organization
D. Modify the default sharing policy
E. Modify the default managed folder mailbox policy
Answer: BD
Answer:
Configure a manual federation trust between Microsoft Federation Gateway and the on-premise
organization
Modify the default sharing policy
Explanation:
Configure a manual federation trust between Microsoft Federation Gateway and the on-premise
organization.
Modify the default sharing policy.
The Microsoft Federation Gateway automatically establishes a trust with the Exchange Online (Office 365).
You can use the Exchange Management Console (EMC) or the Exchange Management Shell to create a
federation trust. You must add a text (TXT) record in the nutex.com zone. A TXT record is required when
configuring a federation trust. The TXT record is used as proof of ownership of a registered domain in a
federation trust. Once the TXT record is available, you can use the Set-FederatedOrganizationIdentifier
cmdlet or the Manage
Federation wizard in the EMC complete the federation trust.
Sharing policies specify what data users in a federation trust can share on an ad-hoc basis with users in an
external organization. A sharing policy is required for the following actions:
Allow sharing of availability information

Allow sharing of availability information with subject
Allow sharing of availability information with subject and body
Allow sharing of contacts
A sharing policy contains names of both domains and the shared actions that are allowed between users of
those domains. The following limits can be applied to an external domain in a sharing policy:
Contacts sharing only

Calendar sharing with free/busy information only
Calendar sharing with free/busy information, plus subject and location
Calendar sharing with free/busy information plus subject, location and body
Calendar sharing with free/busy information, plus contacts sharing
Calendar sharing with free/busy information, plus subject and location, and contacts sharing
Calendar sharing with free/busy information plus subject, location, and body, and contacts sharing
You should not configure a manual Active Directory trust or realm trust between Microsoft Federation
Gateway and the on-premise organization. An Active Directory trust is used to configure a relationship
between domains in the same Active Directory forest or between domains in different Active Directory
forest. A realm trust is used configure a relationship between an Active Directory domain and any non-
Windows Kerberos V5 realm. These trusts are used to allow users to be able to access resources outside
their own forest or own realm by using the
same userid and password.
You should not modify the managed folder mailbox policy. A managed folder mailbox policy may archive
messages. A managed folder mailbox policy helps prevent a mailbox from becoming too large. A managed
folder mailbox policy will not allow you to share calendars.
Objective:
Sub-Objective:
QUESTION 8
The Nutex Corporation recently acquired a company named Verigon. The CIO of the company has the
following requirements for your Exchange 2010 SP1 organization:
The Exchange organization must accept e-mail from an authoritative domain named verigon.com.
The domain verigon.com has three subdomains: corp.verigon.com, tech.verigon.com, and sales.
verigon.com.
Each subdomain name will be used in an e-mail address policy.
What must you configure as the BEST option?
A. The best option is to add TXT records to DNS and create remote domains
B. The best option is to add MX records to DNS and create remote domains
C. The best option is to add TXT records to DNS and create remote domains
D. The best option is to add MX records to DNS and create accepted domains
Answer: D
Answer:
The best option is to add MX records to DNS and create accepted domains
Explanation:
The best option is to add MX records to DNS and create accepted domains. An accepted domain is any
SMTP namespace that your Exchange organization sends or receives mail as. You will have to create one
MX resource record for verigon.com and for each subdomain. You must create a MX resource record for
each SMTP domain on the DNS server that will accept e-mail from the Internet.
In this scenario, each subdomain of verigon.com will be used in the e-mail address policy. You should
therefore create a MX resource record for verigon.com, corp.verigon.com, tech.verigon.com, and
sales.verigon.com. You should not create remote domains. Remote domain entries can be used to define
message transfer settings between your Exchange 2010 SP1 organization and domains in a separate
Active Directory forest. You can create remote domain entries for specific domains that can specify
message format polices. This can be used to
block specific message types, such as out-of-office messages, auto-reply messages, non-delivery reports
(NDRs), and meeting forward notifications, or allow them to be sent to recipients in a domain. In this
scenario, you need to create accepted domains for the domains for which the Exchange organization is
authoritative.
You should not create a TXT resource record for either verigon.com or its subdomains. A TXT record is
required when configuring a federation trust. The TXT record is used as proof of ownership of a registered
domain in a federation trust. A TXT record is not used to specify an authoritative accepted domain.
Objective:
Sub-Objective:
QUESTION 9
You are the enterprise Exchange administrator. The CIO instructs you to ensure that a database availability
group (DAG) is implemented within the organization to meet the high availability and site resiliency
conditions that were part of the agreement signed with the creditors.
Since financial resources are at a minimum, what is the minimum disk configuration that you can propose
for the DAG?

B. Recommend iSCSI hard disks in a storage area network (SAN).
D. Recommend iSCSI hard disks in a direct attached storage (DAS).
Answer: C
Answer:
Recommend SATA hard disks in a direct attached storage (DAS).
Explanation:
You should recommend SATA hard disks in a direct attached storage (DAS). Exchange 2010 and
Exchange 2010 SP1 reduce disk input/output over previous versions of Exchange server. Exchange 2010
allows most disk operations to be performed in sequential order instead of random order. Because of the
reduced I/O requirements, you can use inexpensive disks such as Serial ATA (SATA) disks. You could also
use just a bunch of disks (JBOD) rather than a more expensive solution of Redundant Array of
Independents Disks (RAID).
DAS is less expensive than using a storage area network (SAN). In this scenario, cost reduction is a must
because the company is on the edge of bankruptcy. SAN may perform better than a DAS and is more
reliable, but since a database availability group (DAG) does not require very reliable storage, the DAS disks
can be a low-cost option.
You should not recommend iSCSI disks instead of SATA disks because iSCSI disks are more expensive.
Objective:
Sub-Objective:
QUESTION 10
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex has an Exchange Server
2010 SP1 organization and an Active Directory forest that contains a single domain named nutex.com. You
are planning to deploy new mailbox servers on a different server and storage platform. You configure the
mailbox servers in a test environment. You want to test the performance and the stability of the disk
subsystem before the mailbox servers are placed in the production environment.
Which of the following is the best tool to measure performance and stability?
A. the Exchange Server Load Generator (LoadGen) 2010 tool

B. the Performance Monitor tool in the Toolbox of the Exchange Management Console
C. the Performance Troubleshooter tool in the Toolbox of the Exchange Management Console
D. the Exchange Server Jetstress 2010 tool
Answer: D
Answer:
the Exchange Server Jetstress 2010 tool
Explanation:
You should use the Exchange Server Jetstress 2010 tool to test the performance and the stability of the
disk subsystem on the mailbox servers. The Exchange Server Jetstress 2010 tool simulates the Exchange
disk Input/Output (I/O) load by simulating a database and log file loads of a specified number of users. You
can use monitoring tools such as Event Viewer, Performance Monitor, and ESEUTIL to monitor the load
that Jetstress has placed on your disk subsystem and see if the disk subsystem meets the performance
criteria and is adequately sized for a production environment.
You should not use the Exchange Server Load Generator (LoadGen) 2010 tool to test the mailbox servers.
LoadGen is a simulation tool that measures e-mail loads on a server brought by MAPI, OWA, IMAP, POP,
and SMTP clients. LoadGen tests are performed on the client computers to send multiple message
requests to an Exchange server. These tests can be used to size servers so that you can know how many
resources to apply to the server to handle a typical load or heavy load from MAPI, OWA, IMAP, POP, and
SMTP clients. LoadGen will
not test a disk subsystem.
You should not use the Performance Monitor tool in the Toolbox of the Exchange Management Console to
test the mailbox servers. Performance Monitor is tool that can be used to measure memory, disk, network,
or processor activity on a Windows computer. Performance Monitor will not simulate a disk I/O load,
although it can monitor Jetstress to allow you to track the performance criteria being generated by that tool.
You should not use the Performance Troubleshooter tool in the Toolbox of the Exchange Management
Console to test the mailbox servers. The Performance Troubleshooter tool can be used to troubleshoot
performance issues, mail flow issues, or database issues. The Performance Troubleshooter tool allows you
to choose the symptom that your server has and offer a solution. This tool will not simulate a disk I/O load.
Objective:
Sub-Objective:
Design the Exchange Server 2010 installation
QUESTION 11
You administer the Exchange 2010 SP1 organization for the Nutex Corporation. Nutex has an Active
Directory forest that contains a single domain, named nutex.com. Nutex has a partner company named
Verigon. Nutex plans to purchase Verigon in the next six months. After the
purchase is complete, the verigon.com domain will be integrated into the same Active Directory Forest as
nutex.com. Verigon currently has an Exchange 2010 SP1 organization. At present, each organization
shares a federation trust that has been created with the Microsoft Federation Gateway (MFG).
The CIO instructs you to ensure that only engineers from both Nutex and Verigon should be able to
establish adhoc sharing relationships with each other to share contacts and to have calendar sharing with
free/busy information only. Non-engineering department users in both organizations should NOT be able to
share contact or calendar information.
What should you propose as the BEST option?
A. Create a one-way transitive trust between Nutex and Verigon. Assign permissions to resources only to
global groups that contain only engineers
B. Create a two-way transitive trust between Nutex and Verigon. Assign permissions to resources only to
universal groups that contain only engineers.
C. Create a sharing policy.
D. Create an organizational relationship.
Answer: C
Answer:
Create a sharing policy.
Explanation:
Because a federated trust already exists, the best option is to create a sharing policy. Sharing policies
specify what data users in a federated trust can share on an ad-hoc basis with users in an external
organization. A
sharing policy is required for the following actions:


You should not create an organizational relationship. Organizational relationships allow collaborating
organizations to enable the delivery of e-mail between the two organizations. Organization relationships, like
sharing polices, are created to collaborate with external organizations Sharing policies specify what
information your users can share with users in external organizations, including organizations that may or
may not have an organization relationship your organization.
You should not create an Active Directory trust relationship between Verigon and Nutex. In older versions of
Exchange, a two-way trust was required between Active Directory domains in order to share availability
information. In Exchange 2007, you could use Exchange Web Services (EWS) to replicate public folder
free/busy data, but you still needed a trust between the domains or to provide credential information to
make free/busy information to an external organization. You can use Active Directory Domains and Trusts
to create a one-way or
two-way trust. Neither type of trust is required in Exchange 2010. Since a federated trust currently exists
between the two organizations and Microsoft Federated Gateway (MFG), you can create a sharing policy to
assign users in one organization that need to collaborate with users in the other organization.
Objective:
Sub-Objective:
QUESTION 12
Nutex has an Exchange 2010 organization and an Active Directory forest that contains a single domain
named nutex.com. You want to do the following:
Migrate 600 out of 2200 mailboxes to Exchange Online (Office 365)

Migrate distribution groups and mail-enabled users to Exchange Online (Office 365)
Have message tracking, MailTips, and multi-mailbox search available in both the on-premises
deployment and the cloud deployment
What type of migration should you use?
A. Hybrid deployment
B. Cutover Exchange migration
C. IMAP e-mail migration
D. Staged Exchange migration
Answer: A
Answer:
Hybrid deployment
Explanation:
You should use a hybrid deployment. A hybrid deployment allows you to migrate some mailboxes into the
cloud, but allows you to keep some mailboxes in the on-premises organization. You can use the Mailbox
Replication Service (MRS) to move on-premises mailboxes to the cloud.
You can share free/busy and calendars between on-premise and cloud based organizations with a hybrid
deployment. You can also have message tracking, MailTips, and multi-mailbox search on-premises
deployment and the cloud deployment.
You cannot use a cutover Exchange migration. A cutover migration, previously referred to as a simple
Exchange migration moves the entire e-mail on-premise organization to the cloud. In this scenario, you
want to have onpremise and cloud based mailboxes. Another obsolete term is "simple coexistence."
You cannot use an IMAP e-mail migration. An IMAP e-mail migration migrates mailboxes from an IMAP
messaging system to a cloud deployment. IMAP e-mail migration creates mailboxes in a cloud-based
organization by importing Exchange users with a CSV file. You can import Exchange 2007 or Exchange
2010 users and users from Non-Exchange servers. An IMAP e-mail migration does not provide free/busy
and calendar sharing between on-premises and cloud-based organizations or message tracking, MailTips,
and multi-mailbox search between onpremises and cloud-based organizations.
You should not use a staged Exchange migration. You cannot use a staged Exchange migration to migrate
Exchange 2010 mailboxes. You can migrate user mailboxes and resource mailboxes only of previous
Exchange versions, but cannot migrate other recipient types, such as distribution groups, contacts, or mail-
enabled users.
Objective:
Sub-Objective:
QUESTION 13
Nutex has an Exchange 2010 SP1 organization and an Active Directory forest that contains a single domain
named nutex.com. You have 800 mailboxes in the organization. You plan to implement Microsoft Office 365
to form an on-premises messaging system for your cloud-based organization. After the migration is
completed, the following must be accomplished:
All mailboxes should be cloud-based mailboxes

Office 2010 clients should be able to access their mailboxes
What should you do? (Choose two.)
A. Perform a cutover migration

B. Perform a hybrid deployment
C. Update the organization's MX record in the DNS servers that contain the nutex.com zone
D. Update the organization's CNAME record in the DNS servers that contain the nutex.com zone
E. Create a GPO that specifies the appropriate mail server in Outlook 2010. Link the GPO to the Domain
Users group.
F. Create a GPO that specifies the appropriate mail server in Outlook 2010. Filter the GPO to the Domain
Users group.
Answer: AC
Answer:
Perform a cutover migration
Update the organization's MX record in the DNS servers that contain the nutex.com zone
Explanation:
Perform a cutover migration

Update the organizations MX record in the DNS servers that contain the nutex.com zone
A cutover migration, formerly referred to as a simple migration, migrates all of your on-premise mailboxes to
cloud-based e-mail organization. A cutover migration allows you to migrate up to 1000 mailboxes. If you
need to migrate non-Exchange 2010 mailboxes, you should implement a hybrid deployment.
You must update the organization's MX record in the DNS servers that contain the nutex.com zone. The
organization's MX record must point to their cloud-based e-mail organization so that Outlook 2010 clients
can communicate with their cloud-based mailboxes. Typically it can take up to 72 hours from an updated
MX record to be propagated to DNS servers in an organization that has many different Active Directory
sites. You should ensure that all e-mail is being routed directly to the cloud-based mailboxes before
removing the on-premise email
organization. Specifically, you should change the DNS Time-to-Live (TTL) setting on your MX record to a
shorter interval. If you set the TTL record of MX record to a shorter interval than the default such as 3600
seconds (one hour), the updated MX record will propagate more quickly.
You do not need to update the organization's CNAME record in the DNS servers that contain the nutex.
com zone. A CNAME record is an alias record in DNS for another Host (A) record. The Exchange
organization does not use or need alias records.
You should not implement a hybrid deployment. A hybrid deployment keeps mailboxes on-premise and in
the cloud. In this scenario, you wanted to migrate all 800 mailboxes in the Exchange 2010 SP1 organization
to the cloud.
Create a GPO that specifies the appropriate mail server in Outlook 2010 and link the GPO to the
Domain Users group.
Create a GPO that specifies the appropriate mail server in Outlook 2010 and filter the GPO to the
Domain Users group.
You cannot link a GPO to a group. You can only link a GPO to an Active Directory container such as a site,
a domain, and an Organizational Unit (OU). You can filter a GPO by a group, but for a GPO to be effective,
it must be linked to a site, a domain, and an Organizational Unit (OU).
QUESTION 14
You are the enterprise Exchange administrator for a company that installs turnkey email and phone
solutions for customer service departments. Your Active Directory forest contains a single domain and an
Exchange Server 2010 SP1 organization.
One of your customers plans to support thousands of clients simultaneously. You will install the Exchange
organization for the customer. You must ensure that the new Mailbox server in the client's organization will
support 2000 simultaneous MAPI, OWA, IMAP, POP, and SMTP client connections to the Mailbox servers.
You need to test 2000 simultaneous client connections in order to ensure the solution meets the customer's
expectations.
What is the BEST tool should you use to measure performance for your solution?
A. The best option is to use the Exchange Server Load Generator (LoadGen) 2010 tool.
B. The best option is to use the Performance Monitor tool in the Toolbox of the Exchange Management
Console.
C. The best option is to use the Performance Troubleshooter tool in the Toolbox of the Exchange
Management Console.
D. The best option is to use the Exchange Server Jetstress 2010 tool.
Answer: A
Answer:
The best option is to use the Exchange Server Load Generator (LoadGen) 2010 tool.
Explanation:
You should use the Exchange Server Load Generator (LoadGen) 2010 tool to test the 2000 simultaneous
MAPI, OWA, IMAP, POP, and SMTP client connections to the Mailbox servers. LoadGen is a simulation
tool that measures e-mail loads on a server brought by MAPI, OWA, IMAP, POP, and SMTP clients.
LoadGen tests are performed on the client computers to send multiple message requests to an Exchange
server. These tests can be used to size servers so that you can know how many resources to apply to the
server to handle a typical load or
heavy load from MAPI, OWA, IMAP, POP, and SMTP clients. LoadGen should only be used in a test
environment and not in a production environment.
You should not use the Exchange Server Jetstress 2010 tool to test 2000 simultaneous MAPI, OWA, IMAP,
POP, and SMTP client connections to the Mailbox servers. The Exchange Server Jetstress 2010 tool
simulates Exchange disk Input/Output load by simulating database and log file loads generated by a
specified number of users. You can use monitoring tools such as Event Viewer, Performance Monitor, and
ESEUTIL to monitor the load that Jetstress has placed on your disk subsystem to ensure it meets
performance criteria, and is adequately
sized for a production environment. Jetstress is not used to test the simulation of sending multiple
messages.
check if your design meets the client's requirements. Performance Monitor can be used to measure
memory, disk, network, or processor activity on a Windows computer. Performance Monitor will not test the
simulation of sending multiple messages.
You should not use the use the Performance Troubleshooter tool in the Toolbox of the Exchange
Management Console to check if your design meets the client's requirements. The Performance
Troubleshooter tool can be used to troubleshooting performance issues, mail flow issues, or database
issues. The Performance Troubleshooter tool allows you to choose the symptom that your server has and
offer a solution. This tool will not test the simulation of sending multiple messages.
Objective:
Sub-Objective:
QUESTION 15
Nutex has an Exchange 2010 SP1 organization and an Active Directory forest that contains a single domain
named nutex.com. Nutex has three other branch offices in Boston, Dallas, and Chicago that are also
configured as Active Directory sites. Not all locations have mailbox servers. All links are connected with 512
Kb/s links. Click the Exhibit(s) button to view the site structure of nutex.com in the Exchange organization.
The Nutex Corporation recently made an agreement with its creditors to avoid bankruptcy. The company
therefore cannot upgrade the network bandwidth between sites with high-speed links and place a mailbox
server in each location. The CIO has instructed you to ensure that all Nutex users in all offices have
uninterrupted access to information in public folders. The information in the public folder changes fairly
frequently.
What should you propose?
Exhibit:
A. Change the Exchange cost of the Boston to Atlanta site link and the Boston to Dallas site link to 50.
B. Change the AD site link cost of the Boston to Atlanta site link and the Boston to Dallas site link to 50.
C. Enable public folder referrals.
D. Enable public folder replication.
Answer: C
Answer:
Enable public folder referrals.
Explanation:
You should enable public folder referrals if network bandwidth is limited and you do not have a mailbox
server in each location. Public folder referrals should be used for data in public folders that changes on a
frequent basis. In this scenario, the WAN links between locations have not been upgraded to high-speed
links and you cannot put a mailbox server in each location.
You should not use public folder replication. Public folder replication should be used if the speed of the
WAN connection between links is not an issue and the information in the public folder does not change
frequently. The network utilization for public folder replication can be calculated by determining how much
new content is added to the public folder on a daily basis. The result will be the network traffic that is
created if you enable public folder replication. In this scenario, the information in the public folder changes
very often and the network bandwidth has
not been upgraded.
Changing the Active Directory site link cost or the Exchange site link cost will speed up access to
information in public folders using public folder referrals. For users to access information in the public
folders, the users need to access the information on the public folder database where the public folder was
created, unless the public folder was replicated to other public folder databases. Microsoft Outlook on a
client's computer will try to find a replica of the public folder in the same Active Directory site as the user's
mailbox. If a replica of the public folder is not found
in the site, the user will be connected to replica of the public folder in another Active Directory site. This
process is called public folder referral, and it is enabled by default between sites in Exchange 2010. If a
public folder replica is located in more than one additional site, the Exchange server will refer the client to a
replica site that is chosen based on the lowest IP site link costs between the referring and target sites. In
this scenario, you are actually increasing the costs to 50, instead of lowering the costs, which will not
improve the referral process.
Objective:
Sub-Objective:
QUESTION 16
Nutex has an Active Directory forest that contains a single domain named nutex.com and several
locations. Three other branch offices in Boston, Dallas, and Chicago are configured as Active Directory
sites. Click the Exhibit(s) button to view the site structure of nutex.com in the Exchange 2010 SP1
organization.
The company has recently upgraded the network bandwidth between sites to incorporate high-speed links,
so that there is no issue with bandwidth availability. Each location has a Mailbox server.
The CIO has instructed you to provide quick access for Nutex users who require access to information in
public folders. The information in the public folders consists mostly of Human Resources material that only
changes once a year.
What solution should you propose?
Exhibit:
A. Enable public folder referrals.
B. Enable public folder replication.
C. Change the Exchange costs of the Boston to Atlanta site link and the Boston to Dallas site link to 10.
D. Change the Active Directory site link costs of the Boston to Atlanta site link and the Boston to Dallas site
link to 10.
Answer: B
Answer:
Enable public folder replication.
Explanation:
You should enable public folder replication. In this scenario, the network bandwidth between locations has
been upgraded so that bandwidth is not an issue, and each location has its own Mailbox server. The
network utilization for public folder replication can be calculated by determining how much new content is
added to the public folder on a daily basis. The result is the network traffic that will be created if you enable
public folder replication. In this scenario, the information in the public folder is not changing very often. To
provide quick access for branch office
users in the Nutex organization to the public folder, you should enable public folder replication. To calculate
the amount of public folder replication is used, you should determine the amount of new content that is
added to the public folder on a daily basis. You should schedule public folder replication during non-peak
hours.
You should not enable public folder referrals. Public folder referrals should be used for public folders
holding data that changes on a frequent basis. Public folder referrals should also be used if the WAN
connection between locations is not large enough to support the network bandwidth generated by public
folder replication.
Changing the Active Directory site link cost or the Exchange site link cost will speed up access to
information in public folders using public folder referrals. For users to access information in the public
folders, the users need to access the information on the public folder database where the public folder was
created, unless the public folder was replicated to other public folder databases. Microsoft Outlook on a
client's computer will try to find a replica of the public folder in the same Active Directory site as the user's
mailbox. If a replica of the public folder is not found
in the site, the user will be connected to replica of the public folder in another Active Directory site. This
process is called public folder referral, and it is enabled by default between sites in Exchange 2010. If a
public folder replica is located in more than one other site, the Exchange server refers the client to the
replica site based on the lowest IP site link costs between the sites. In this scenario, you should use public
folder replication instead of public folder referrals because bandwidth is not an issue.
Objective:
Sub-Objective:
QUESTION 17
You plan to move the Exchange 2010 organization to the cloud. You want to initially move 600 out of 1200
mailboxes to the cloud-based organization. All users with mailboxes in the cloud should use their existing on
premises Active Directory credentials to access both cloud and on-premises resources.
What must you deploy? (Choose two.)
A. Install Active Directory Rights Management Services (AD RMS) on a server(s) in your on-premises
organization
B. Install Active Directory Federation Services (AD FS) on a server(s) in your on-premises organization
C. Install Network Policy and Access Server (NPS) on a server(s) in your on-premises organization
D. Microsoft Online Services Directory Synchronization tool
E. Exchange ActiveSync mailbox policy
Answer: BD
Answer:
Install Active Directory Federation Services (AD FS) on a server(s) in your on-premises organization
Microsoft Online Services Directory Synchronization tool
Explanation:
You should use the Microsoft Online Services Directory Synchronization (DirSync) tool synchronizes the
Exchange global address list. This tool is used to provide single sign-on for a hybrid deployment. This tool
synchronizes messaging-related user data back into the on-premises Active Directory so you can manage
users from your on-premises Active Directory for the long term.
You should ensure that Active Directory Federation Services (AD FS) is installed on a server(s) in your on
premises organization. The Federation Services component of AD FS allows your organization to share
calendar information and free/busy information with other companies outside your Active Directory forest.
AD FS is required to provide single sign-on for a hybrid deployment.
You do not have to install Active Directory Rights Management Services (AD RMS) on a server(s) in your on
premises organization. AD RMS is used to secure documents in organization. You can create RMS
templates to prevent certain actions on messages such as preventing a message from being forwarded
outside your organization or prevent a message from being printed. AD RMS is not required to configure
single sign-on.You do not have to install Network Policy and Access Server (NPS) on a server(s) in your on-
premises
organization. NPS is Microsoft's version of a RADIUS server which provides central authentication,
authorization, and accounting for network access. NPS is not required to configure single sign-on.
You do not have to deploy an Exchange ActiveSync mailbox policy. An Exchange ActiveSync mailbox policy
contains, including password settings, attachment settings, and device settings that are used to govern
mobile devices and phones that are connecting to an Exchange 2010 organization. An Exchange
ActiveSync mailbox policy is not required for single sign-on for a hybrid deployment.
Objective:
Sub-Objective:
QUESTION 18
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex has an Active Directory
forest that contains a single domain named nutex.com. You recently upgraded the Nutex Exchange Server
2007 organization. to Exchange Server 2010 SP1.
Nutex has purchased another company, named Verigon. The company will be added to the Active Directory
forest as a subdomain of the nutex.com domain, named verigon.nutex.com. The verigon.nutex.com
domain will be in a separate site from the root domain.
You run the setup /PrepareDomain command in the verigon.nutex.com domain. You want another user,
named Dave, to install Exchange 2010 SP1 in the verigon.nutex.com domain. You want to ensure that
installation errors will be avoided.
What group is created by setup /PrepareDomain to avoid installation errors?
A. The Windows Authorization Access group

B. The Exchange Install Domain Servers group
C. The ExchangeLegacyInterop group
D. The ExchangeServers group
Answer: B
Answer:
The Exchange Install Domain Servers group
Explanation:
The Exchange Install Domain Servers group is added by setup /PrepareDomain to avoid installation
errors. This group is created when you run setup /PrepareDomain or setup /PrepareAllDomains. The
Exchange Install Domain Servers group is placed in the Microsoft Exchange System Objects container.
When installing Exchange 2010 SP1 into a separate domain that is in a separate site, installation errors can
occur if group memberships have not replicated to the child domain. The Exchange Install Domain Servers
group avoids installation errors if replication of the groups has not completed.
The ExchangeLegacyInterop universal security group is not added by setup /PrepareDomain to avoid
installation errors. This group is used to ensure interoperability with Exchange 2003 servers within the same
forest. This group is not used to install Exchange 2010 SP1 servers into a child domain.
The ExchangeServers group is not added by setup /PrepareDomain to avoid installation errors. This
group contains Exchange servers in the domain. This group is not used to install Exchange 2010 SP1
servers into a child domain. Also, you should not confuse the ExchangeServers group with the built-in
Exchange Servers management role, which is part of Role Based Access Control (RBAC) in Exchange
Server 2010. Membership in the Exchange Servers management role allows administrators to do the
following:
Modify the configuration of all server roles

View the general Exchange server configuration for each server role
Add and remove database availability groups
Modify the content filtering configuration on Hub Transport servers.
The Windows Authorization Access group is not added by setup /PrepareDomain to avoid installation
errors. Members of this group can read the computed tokenGroupsGlobalAndUniversal attribute of a
user object. This group is not used to install Exchange 2010 SP1 servers into a child domain.
Objective:
Sub-Objective:
QUESTION 19
You work as the enterprise Exchange administrator for the Nutex Corporation. The Nutex Corporation
recently purchased the Verigon Corporation after the Verigon Corporation was forced into bankruptcy. The
Verigon Corporation will be integrated into Active Directory as a separate forest named verigon.com. The
verigon.com will have three child domains.
The CIO wants the following requirements to be met:
Message types such as out-of-office messages, auto-reply messages, non-delivery reports (NDRs), and
meeting forward notifications should be allowed to be sent to the verigon.com domain.
meeting forward notifications should NOT be allowed to be sent to the nutex.com domain.
What is the BEST option?
A. configure remote domains

B. configure e-mail address policies
C. configure accepted domains
D. use federation services
Answer: A
Answer:
configure remote domains
Explanation:
The best option is to configure remote domains. Remote domains can be used to define message transfer
settings between your Exchange 2010 SP1 organization and domains located in a separate Active Directory
forest. You can create remote domain entries for specific domains that can specify message format polices.
You can block or allow specific message types, such as out-of-office messages, auto-reply messages, non-
delivery reports (NDRs), and meeting forward notifications. The blocked message is deleted.
All other choices are incorrect because they do not block certain type of messages.
You should not create e-mail address policies. An e-mail address policy allows recipients to have more than
one e-mail address. An accepted domain is any SMTP namespace that your Exchange organization sends
or receives mail as. For example, nutex.com may send and receive e-mail as another name, such as
nutexshoes.com.
Federation services allows your organization to share calendar information and free/busy information with
other companies outside your Active Directory forest.
Objective:
Sub-Objective:
QUESTION 20
Nutex has an Active Directory forest that contains a single domain named nutex.com. Nutex has three
other branch offices in different locations that are configured as Active Directory sites. Click the Exhibit(s)
button to view the site structure of nutex.com.
The network connection between Chicago and Dallas is a low bandwidth connection. The CIO requires the
following:
The Dallas to Chicago link should be used for Active Directory replication and not used for message
routing.
Active Directory replication should remain unaffected in the rest of the topology.
What should you do?
Exhibit:
A. The best option is to configure an Exchange cost of 5 for the Dallas to Chicago link.
B. The best option is to configure an IP site link cost of 5 for the Dallas to Chicago link.
C. The best option is to configure an Exchange cost of 100 for the Dallas to Chicago link.
D. The best option is to configure an IP site link cost of 100 for the Dallas to Chicago link.
Answer: C
Answer:
The best option is to configure an Exchange cost of 100 for the Dallas to Chicago link.
Explanation:
The best option is to configure is to configure an Exchange cost of 100 for the Dallas to Chicago. In
Exchange Server 2010, relationships between Active Directory sites are defined by Internet Protocol (IP)
site links. The IP site link joins two or more Active Directory sites. The properties of the IP site link include a
cost assignment, a schedule, and an interval. The schedule and interval properties are used only for
determining Active Directory replication frequency, and the cost assignment is used to determine the
lowest-cost route for traffic to follow when
multiple paths exist to the destination.
You can use the Set-AdSiteLink cmdlet to configure an Exchange-specific cost to an Active Directory IP
site link. The Exchange-specific cost is a separate attribute that is used instead of the Active Directory-
assigned cost to determine the Exchange routing path. Configuring an Exchange-specific cost is useful
when Active Directory IP site link costs do not result in an optimal Exchange message routing topology. You
can use the ExchangeCost parameter with the Set-AdSiteLink cmdlet to assign an Exchange-specific
cost to the IP site link. In this scenario, to ensure that messages are not routed over the Dallas to Chicago
link, you should set a high Exchange cost on the Dallas to Chicago link.
If the Dallas site becomes unavailable, the least-cost routing path is used.
You should not configure an Exchange cost of 5 for the Dallas to Chicago site link. This will make the Dallas
to Chicago link be the optimal route for message routing when using the least-cost routing path.
You should not configure an IP site link cost of 5 for the Dallas to Chicago link. This may change the least-
cost routing path for Active Directory replication, but will not change the current least-cost routing path. The
Dallas to Chicago link will still have the least-cost routing path. You will have to set a higher Exchange cost
on the Dallas to Chicago link to remove the link from the least-cost routing path.
You should not configure an IP site link cost of 100 for the Dallas to Chicago link. This will change the least-
cost routing path for Exchange. The Dallas to Chicago link will not be in the least-cost routing path for
message routing. However, changing the IP site link cost to 100 will change the Active Directory replication
topology of nutex.com.
Objective:
Sub-Objective:
QUESTION 21
You administer an Exchange Server 2003 organization for the Nutex Corporation. Nutex has an Active
Directory forest that contains a single domain named nutex.com.
You begin transitioning to Exchange Server 2010 SP1. The CIO instructs you to plan for an Exchange 2010
SP1 Hub Transport server to receive e-mail from the Exchange 2003 bridgehead server in the same forest.
What must you do?
A. Create SMTP connectors to Exchange 2003 routing groups

B. Create routing group connectors
C. Create Receive connectors
D. Create Send connectors
Answer: B
Answer:
Create routing group connectors
Explanation:
The best option is to create routing group connectors. In order for a Hub Transport server to receive e-mail
from an Exchange 2003 bridgehead server in the same forest, you must have two-way routing group
connectors configured. An Exchange 2003 bridgehead server must be the connection point for the routing
group named Exchange Routing Group (DWBGZMFD01QNBJR) that is created when you install Exchange
2010 SP1. You should also set up new routing group connectors, as well as changing the default routing
group connector so that
every Exchange 2003 routing group has at least one connector to another routing group before you install
Exchange 2010 SP1 in Atlanta.
All Exchange 2003 routing groups must have at least one connector to any other Exchange 2003 routing
groups before you install the first Exchange 2010 SP1 server, which will create the routing group named
Exchange Routing Group (DWBGZMFD01QNBJR).
You do not have to create SMTP connectors to Exchange 2003 routing groups. Connectivity to Exchange
2003 is done with routing group connectors. You must have routing group connectors in place for an
Exchange 2010 SP1 Hub Transport server to receive e-mail from the Exchange 2003 bridgehead server in
the same forest.
You should not have to create Send connectors or Receive connectors. The Receive connectors required
for internal mail flow are created by default on the Hub Transport server. When you install the Edge
Transport server, the Receive connector that can receive mail from an internal Hub Transport server and
the Internet is created. Once the Edge Transport server has been subscribed to the Active Directory site by
using the Edge Subscription process, end-to-end mail flow will occur. If you choose to use an Internet-
facing Hub Transport server instead of
an Edge Transport server to receive mail from the Internet, you will have to create a manual Receive
connector to establish end -to-end mail flow. In this scenario, you do not have to create a send or Receive
connector for an Exchange 2010 SP1 Hub Transport server to receive e-mail from the Exchange 2003
bridgehead server in the same forest.
Objective:
Sub-Objective:
QUESTION 22
You are the enterprise Exchange administrator for an Exchange 2010 SP1 organization. The CIO has
asked you to determine which mobile devices are connecting to your organization to retrieve mail.
What should you do?
A. Ensure that IIS logging is enabled

B. Ensure that object access auditing is enabled in the local policy
C. Ensure that Account Logon event auditing is enabled in the local policy
D. Ensure that circular logging is enabled
Answer: A
Answer:
Ensure that IIS logging is enabled
Explanation:
You must ensure that Internet Information Services (IIS) log files have been created for Exchange
ActiveSync to compile into reports. Information about ActiveSync usage is stored in the IIS log files. You
can use the Export- ActiveSyncLog cmdlet to create a file about ActiveSync usage. You can also use the
Get- ActiveSyncDeviceStatistics cmdlet to return a list of statistics about the mobile phones configured to
synchronize with a user's mailbox.
You should not enable object access auditing in a local policy to determine which mobile devices are
connecting to retrieve mail. Object access auditing can be used to audit access to files, directories, and the
registry. Event information will be displayed in the security log on the server. Enabling object access
auditing will not determine which mobile devices are connecting to retrieve mail.
You should not enable Account Logon event auditing in a local policy to determine which mobile devices are
connecting to retrieve mail. Account Logon event auditing generates events in the security log for credential
validation. Events are generated on the server that is authoritative for the credentials of the account
attempting to logon. If the server is a domain controller, than any domain account that logs in will have an
entry in the security log. If the server is a member server, only local accounts on that server will generate
entries in the security log. Account Logon auditing will not register events if a user attempt connect with a
mobile device and use a domain account.
You do not have to enable circular logging to determine which mobile devices are connecting to retrieve
mail. Circular logging is enabled by default. Circular logging saves disk space by overwriting older
transaction logs. Exchange transaction logs do not keep a list of mobile devices that connect to the server;
this information is stored in the IIS log of the Client Access server.
Objective:
Sub-Objective:
QUESTION 23
You are the enterprise administrator for the Nutex Corporation. Nutex has an Active Directory forest that
contains a single domain named nutex.com.
Nutex plans to evaluate Exchange 2010 SP1 before implementing it in your organization. You are instructed
by the CIO to install Exchange 2010 SP1 in a test environment and use a different namespace. The users
in the IT department will test Exchange 2010 SP1. Once the testing is completed and is satisfactory, the
test servers will be deactivated and reformatted, and new Exchange 2010 SP1 servers will be installed in
the nutex.com namespace.
You will be able to install all server roles in the Exchange 2010 SP1 environment. You will have to install an
Internet-facing Edge Transport server to receive messages from the Internet. Since Exchange 2010 SP1
will be deployed in a test environment, the CIO has instructed you not to use the EdgeSync synchronization.
To accomplish this you need to design a plan to ensure the delivery of e-mail messages from the Internet to
Exchange 2010 SP1 in the test environment.
A. On the Hub Transport server, modify the settings of the default Receive connector and create an
additional Receive connector. On the new Receive connector, select Internal as the connector usage
type.
B. On the Hub Transport server, modify the settings of the default Receive connector and create an
additional Receive connector. On the new Receive connector, select Internet as the connector usage
type.
C. On the Edge Transport server, modify the settings of the default Receive connector and create an
type.
D. On the Edge Transport server, modify the settings of the default Receive connector and create an
type.
E. On the Hub Transport server, create a Send connector configured to send messages to the Internet and
a Send connector configured to send messages to the Exchange organization.
F. On the Edge Transport server, create a Send connector configured to send messages to the Internet
and a Send connector configured to send messages to the Exchange organization.
Answer: CF
Answer:
On the Edge Transport server, modify the settings of the default Receive connector and create an additional
Receive connector. On the new Receive connector, select Internal as the connector usage type.
On the Edge Transport server, create a Send connector configured to send messages to the Internet and a
Send connector configured to send messages to the Exchange organization.
Explanation:
In this scenario, you should modify the default Receive connector of the Edge Transport server and create a
new Receive connector on the Edge Transport server that has Internal selected as the connector usage
type. When you use the Edge Subscription process in a typical installation, the Edge Subscription
configures permissions and authentication. In this scenario, the CIO has instructed you to not use
EdgeSync. You will have to create a Receive connector on the Edge Transport server that only accepts
messages from the Hub Transport server.
You will also have to create a Send connector on the Edge Transport server that will be configured to send
messages to the Internet. You will have to create a second Send connector on the Edge Transport server
that will be configured to send messages to the Exchange organization. The Send connector that is
configured to send messages to the Internet would have the usage type of Internet and have the address
space of * for all domains. The second Send connector that is configured to send messages to the
Exchange organization would have the
usage type of Internal and have the address space of the accepted domain of the Exchange organization in
the test environment.
You will not have to select Internet as the type on the new Receive connector of the Edge Transport server.
Since the new Receive connector will be configured to accept messages from the Exchange organization,
the usage type of the Receive connector should be Internal.
You do not have modify the settings of the default Receive connector and create an additional Receive
connector on the Hub Transport server. Two Receive connectors when a Hub Transport server is installed
that can accept messages from an Edge Transport server. You do not have to modify the Receive
connectors.
You should not create a Send connector configured to send messages to the Internet on the Hub Transport
server and create a Send connector on the Hub Transport server configured to send messages to the
Exchange organization. The Edge Transport server will be the Internet-facing server that will accept
messages from the Internet, not the Hub Transport server. However, you should create a single Send
connector to send outgoing messages to the Edge Transport server.
Objective:
Sub-Objective:
QUESTION 24
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex plans to evaluate
Exchange 2010 SP1 before implementing it in your organization.
You are instructed by the CIO to install Exchange 2010 SP1 in a test environment. Nutex has an Active
Directory forest that contains a single domain named nutex.com. The CIO says that you will use a different
name space than nutex.com, and the users in the IT department will test Exchange 2010 SP1. Once the
testing is complete and is satisfactory, the test servers will be deactivated and reformatted and new
Exchange 2010 SP1 servers will be installed in the nutex.com namespace.
You will be able to install all server roles in the Exchange 2010 SP1 environment, except the Edge
Transport server role. You will have to install an Internet-facing Hub Transport server to receive messages
from the Internet.
To accomplish this you need to design a plan for the delivery of e-mail messages from the Internet to
What should you do?
A. Change the e-mail address policies.

B. Change the accepted domains.
C. Change the Receive connectors.
D. Change the Send connectors.
Answer: C
Answer:
Change the Receive connectors.
Explanation:
You should change the Receive connectors. A Receive connector allows inbound connections to an
Exchange organization. Normally the Receive connector from an Edge Transport server will allow inbound
connections from the Internet. Receive connectors that are required for internal mail flow are created by
default on the Hub Transport server. When you install the Edge Transport server, the Receive connector
that can receive mail from an internal Hub Transport server and the Internet is created. Once the Edge
Transport server has been
subscribed to the Active Directory site by using the Edge Subscription process, end-to-end mail flow will
occur. However, in this scenario, you choose to use an Internet-facing Hub Transport server instead of an
Edge Transport server to receive mail from the Internet. You will have to create and manually configure a
Receive connector to establish end -to-end mail flow.
You should not change the Send connectors. A Receive connector listens for inbound connections. A Send
connector listens for outbound connections. A Receive connector is required to receive messages from the
Internet, not a Send connector.
You should not change the e-mail address policies. E-mail polices are used to generate primary and
secondary email addresses for users in the organization. You do need to have secondary e-mail addresses
for uses in the test environment. After the test has been concluded, the test environment server will be
deactivated and Exchange 2010 SP1 will be installed in the current namespace if the company elects to
move to Exchange 2010 SP1. You should not change the accepted domains. An accepted domain is a
domain that the company is authoritative
for and has SMTP name space. You do need to have an accepted domain for the test environment. After
the test has been concluded, the test environment server will be deactivated and Exchange 2010 SP1 will
be installed in the current namespace if the company elects to move to Exchange 2010 SP1.
Objective:
Sub-Objective:
QUESTION 25
You administer an Exchange 2007 organization for the Nutex Corporation in their main office in Atlanta.
button to view the site structure of nutex.com in the Exchange organization.
You are in the second month of a six-month upgrade from Exchange 2007 to Exchange 2010 SP1. You
have both Exchange 2007 and Exchange 2010 SP1 mailbox servers in your organization because, due to
hardware lease issues, some user mailboxes may have to be moved back to Exchange 2007 Mailbox
servers until new servers arrive that will host an Exchange 2010 SP1 Mailbox server.
The CIO wants to ensure that any messages that are sent to the e-mail address of board members of
Nutex Corporation with a nutex.com address are subject to an approval process. Recently, the company's
board members have received harsh criticism on several decisions made over the past year. You are
tasked with ensuring that messages sent to board members are moderated.
Exhibit:
A. Ensure that all Mailbox servers are upgraded to Exchange 2010 SP1 before moderating the e-mail
addresses of the board members.
B. Ensure that all Hub Transport servers are upgraded to Exchange 2010 SP1 before moderating the e-
mail addresses of the board members.
C. Ensure that all global catalog servers are upgraded to Windows Server 2008 R2 before moderating the
email addresses of the board members.
D. Ensure that all Edge Transport servers are upgraded to Exchange 2010 SP1 before moderating the e-
mail addresses of the board members.
Answer: A
Answer:
Ensure that all Mailbox servers are upgraded to Exchange 2010 SP1 before moderating the e-mail
addresses of the board members.
Explanation:
You should ensure that all Mailbox servers are upgraded to Exchange 2010 SP1 before moderating the e-
mail addresses of the board members. You can moderate specific recipients on an Exchange 2010 SP1
Mailbox server. Any mailboxes that have been moderated cannot be moved temporarily back to an
Exchange 2007 Mailbox server.
You do not have to ensure that all Hub Transport servers are upgraded to Exchange 2010 SP1 before
moderating the e-mail addresses of the board members. You can use a Hub Transport server as an
expansion server for moderated distribution groups, which can be approved when the distribution group is
expanded on an Exchange 2010 SP1 Hub Transport server. However, in this scenario you are not
moderating distribution groups but individual e-mail recipients. You can only moderate mailboxes of
recipients that are on Exchange 2010 SP1 Mailbox servers.
You do not have to ensure all Edge Transport servers are upgraded to Exchange 2010 SP1 before
moderating the e-mail addresses of the board members. An Edge Transport server is a server that normally
handles all Internet-facing mail flow. However, in this scenario you are moderating individual recipients, and
you can only moderate mailboxes of recipients that are on Exchange 2010 SP1 Mailbox servers.
You do not have to ensure all global catalog servers are upgraded to Windows Server 2008 R2 before
moderating the e-mail addresses of the board members. You must have a global catalog server in every
Active Directory site in which you plan to install Exchange 2010 SP1. However, the server that contains the
global catalog server does not have to be running Windows Server 2008 R2. The server could run Windows
Server 2003 SP1, Windows Server 2008, or Windows Server 2008 R2.
Objective:
Sub-Objective:
QUESTION 26
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex has an Exchange 2010
SP1 organization and an Active Directory forest that contains a single domain named nutex.com. Your
organization plans to move to the Outlook Live cloud-based service. You plan to use Outlook Live on the
livemail.nutex.com and the on-premise installation of Exchange 2010 on the nutex.com domain.
You do the following:
Configure the Autodiscover service for the on-premise domain to use DNS names
Configure the Autodiscover service for the Outlook Live domain to use DNS names
Users complain that when they try to access free/busy information or share calendar information between
the on premise
domain and the cloud, they receive "permission denied" errors.
What should you do so that both on-premises users and Outlook Live users can see each other?s free/busy
and share calendars (and contacts)?
A. Set up a new federation trust using a trusted certificate

B. Set up a new federation trust using a self-signed certificate of the first mailbox server on the on-premise
domain
C. Right-click Organization Configuration in Exchange Management console to set up organizational
relationships for the on-premise organization relationship and the Outlook Live organizational
relationship
D. Use the Set-OrganizationRelationship cmdlet to set up the on-premise organization relationship and
the Outlook Live organizational relationship
E. Use the Set-SharingPolicy cmdlet to change the default sharing policy
F. Right-click the Recipient Configuration in the Exchange Management console to change the default
sharing policy
Answer: ACE
Answer:
Set up a new federation trust using a trusted certificate
Right-click Organization Configuration in Exchange Management console to set up organizational
relationships for the on-premise organization relationship and the Outlook Live organizational relationship
Use the Set-SharingPolicy cmdlet to change the default sharing policy
Explanation:
Set up a new federation trust using a trusted certificate

Right-click Organization Configuration in Exchange Management console to set up organizational
relationships for the on-premise organization relationship and the Outlook Live organizational
relationship
Use the Set-SharingPolicy cmdlet to change the default sharing policy
You must set a federated trust for use with Outlook Live. You must have a certificate from an approved
certificate authority to create a federated trust. You cannot use a self-signed certificate to create a federated
trust with Outlook Live, even though you can use self-signed certificates with Exchange 2010 SP1.
Federated sharing is a function of Federation Services, which allows your organization to share calendar
information and free/busy information with other companies outside your Active Directory forest. To create
an organizational relationship, you can right-click Organization Configuration in Exchange Management
console and choose New Organizational Relationship to configure a relationship for the on-premise
organization relationship and the Outlook Live organizational relationship. You can also use the New-
OrganizationRelationship cmdlet to set up the on-premise organization relationship and the Outlook Live
organizational relationship. The following configures the on-premise organizational relationship:
Get-FederationInformation livemail.nutex.com | New-OrganizationRelationship -

Name
"Outlook Live" -FreeBusyAccessEnabled:$true -FreeBusyAccessLevel:LimitedDetails
The following configures the Outlook Live organizational relationship:
Get-FederationInformation nutex.com | New-OrganizationRelationship -Name "On-

Premise" -FreeBusyAccessEnabled:$true -FreeBusyAccessLevel:LimitedDetails
You will need to replace the domains list in the default sharing policy for the on-premise organization and
the Outlook Live organization. You will need to add the Outlook Live domain to the on-premise default
sharing policy, and add the on-premise domain to the Outlook Live domain default sharing policy. You can
use the Set- SharingPolicy cmdlet to change the domain list in the default sharing policy. You can also use
the Exchange Management console by expanding Organization Configuration. Then double click on
Mailbox. On the Sharing
Policies tab, right-click the default sharing policy and then choose Properties. You cannot right-click on the
Recipient Configuration in the Exchange Management console to change the default sharing policy.
Sharing policies specify what data users in a federated trust can share on an ad-hoc basis with users in an
external organization. A sharing policy is required for the following actions:


Objective:
Sub-Objective:
QUESTION 27
You administer an Exchange Server 2003 organization at the Nutex Corporation. Nutex has an Active
Directory forest that contains a single domain named nutex.com. The company has three locations:
Atlanta - Site A
Boston - Site B
Charlotte - Site C
You will be installing Exchange Server 2010 SP1 in the Atlanta location. You will install an Edge Transport
server first as a smart host and SMTP relay server for the Exchange Server 2003 organization. You plan to
install Exchange Server 2010 SP1 in the Boston and Charlotte locations in a few months. You must ensure
coexistence between Exchange 2010 SP1 and Exchange 2003 during the transition period.
A. Create a Receive connector to the Edge Transport server from the Internet.
B. Create a Send connector from the Edge Transport server to the Internet.
C. Create additional routing group connectors between Exchange 2003 and Exchange 2010 to optimize
mail flow.
D. Create additional SMTP links between Exchange 2003 and Exchange 2010 to optimize mail flow.
E. Create additional X.400 connectors between Exchange 2003 and Exchange 2010 to optimize mail flow.
Answer: BC
Answer:
Create a Send connector from the Edge Transport server to the Internet.
Create additional routing group connectors between Exchange 2003 and Exchange 2010 to optimize mail
flow.
Explanation:
You should create a Send connector from the Edge Transport server to the Internet. You can use an Edge
Transport server to provide anti-span, antivirus and transport rules processing for an Exchange 2010 SP1
organization. You can use an Edge Transport server to act as a smart host for an existing Exchange Server
2003 organization. The Send connector and the Receive connector are needed to configure mail flow. A
default Receive connector is configured on the Edge Transport server to receive mail from the Internet.
You should also create additional routing group connectors between Exchange 2003 and Exchange 2010
SP1 to optimize mail flow. You must set up new routing group connectors as well as changing the default
routing group connector so that every Exchange 2003 routing group has at least one connector to another
routing group before you install Exchange 2010 SP1 in Atlanta. All Exchange 2003 routing groups must
have at least one connector to any other Exchange 2003 routing groups before you install the first
Exchange 2010 SP1 server that will create the
routing group named Exchange Routing Group (DWBGZMFD01QNBJR).
You do not have to a Receive connector to the Edge Transport server from the Internet. A Receive
connector is created by default that is configured to receive mail from the Internet. You do not have to
create additional SMTP links between Exchange 2003 and Exchange 2010 SP1 to optimize mail flow.
Exchange 2010 uses IP site links not SMTP site links to determine the closest site at which to send the
message if a site link fails. If multiple paths exist between the Exchange 2010 routing group and any
Exchange Server 2003 routing groups, you should suppress link state updates to make sure that message
looping does not occur when a route is recalculated.
You should not set additional X.400 connectors between Exchange 2003 and Exchange 2010 SP1 to
optimize mail flow. X.400 connectors are not used to connect the Exchange 2010 routing group to any
Exchange 2003 routing groups.
Objective:
Sub-Objective:
QUESTION 28
has an Active Directory forest that contains a single domain, named nutex.com. Nutex has three other
branch offices in different locations that are configured as Active Directory sites. Click the Exhibit(s) button
to view the site structure of nutex.com in the Exchange 2010 SP1 organization.
All locations are separated from the Internet by a firewall. You receive instruction from the CIO to ensure
that salespeople who have an Internet connection can use the following services:
Outlook Anywhere and RPC over HTTP

Outlook Web App (OWA)
Exchange ActiveSync
POP3 over Secure Sockets Layer (SSL)
What ports do you propose to open?
Exhibit:
A. You should consider opening TCP port 143, TCP port 443, and TCP port 995
B. You should consider opening TCP port 25, TCP port 143, TCP port 443, and TCP port 993
C. You should consider opening TCP port 80, TCP port 443, and TCP port 993
D. You should consider opening TCP port 80, TCP port 443, and TCP port 995
Answer: D
Answer:
You should consider opening TCP port 80, TCP port 443, and TCP port 995
Explanation:
You should open TCP port 80, TCP port 443, and TCP port 995 on the firewall. You should open TCP port
80 and TCP port 443 for the Outlook Web application, the Autodiscover service, the Availability service,
Outlook Anywhere (formerly known as RPC over HTTP), and Exchange ActiveSync application. You will
need to open TCP port 995 for POP3 over SSL.
You should not choose the option of opening TCP port 25, TCP port 143, TCP port 443, and TCP port 993.
Although you may want to open TCP port 25 for SMTP communication for Hub Transport server to an Edge
Transport server or to another Hub Transport server, you should not open TCP port 143 or TCP port 993.
TCP port 143 is used for used for IMAP4. TCP port 993 is used for IMAP4 over SSL. The scenario wanted
you to support POP3 over SSL.
Objective:
Sub-Objective:
QUESTION 29
You administer an Exchange Server 2003 organization and an Active Directory forest that contains a
multiple domains named nutex.com . You plan to move the organization to Exchange Server 2010 SP1.
You want a user named Dave to prepare legacy Exchange permissions in south. nutex.com by running the
setup /PrepareLegacyExchangePermissions south.nutex.com command. You need to add Dave to the
appropriate roles and groups to perform the task, while granting him the least administrative permissions.
What should you do?
A. Add Dave to the Exchange Install Domain Servers group.

B. Add Dave to the Enterprise Admins group.
C. Add Dave to the Organization Management role group and to Domain Admins group.
D. Add Dave to the Organization Management role group and the Server Operators group.
Answer: C
Answer:
Add Dave to the Organization Management role group and to Domain Admins group.
Explanation:
You should add Dave to the built-in Organization Management role group and the Domain Admins group
to prepare legacy Exchange permissions in the south.nutex.com domain. If the forest has only one
domain, or if you want the user to prepare legacy permissions in only one of the domains in the forest, you
can add the user to the Organization Management role group and to the Domain Admins group to meet the
requirement. You must run the setup /PrepareLegacyExchangePermissions south.nutex.com
command in the same domain and in
the same Active Directory site as the schema master.
The Organization Management role assignment is part of the Role Based Access Control (RBAC)
permissions model in Microsoft Exchange Server 2010. You must be a member of the default Active
Directory security group Domain Admins on the domain to have permissions to run setup and otherwise
prepare the domain. You do not have to add Dave to the Enterprise Admins group to prepare legacy
Exchange permissions in the south.nutex.com domain. A member of the Enterprise Admins group can
grant itself all permissions in the
forest and run the setup /PrepareLegacyExchangePermissions south.nutex.com command in all
domains in the forest. However, there is only one domain in the forest in the scenario. You should add Dave
to the Domain Admins group, which has lower permissions than the Enterprise Admins group, to prepare
legacy Exchange permissions in the south.nutex.com domain.
You should not add Dave to the Exchange Install Domain Servers group. This group is used to install
Exchange 2010 SP1 into a child domain of the root domain. You would add Dave to this group if you were
planning to install Exchange 2010 SP1 into a subdirectory of south.nutex.com.
You should not add Dave to the Organization Management role group and the Server Operators group.
The Server Operators group is a group that appears on a domain controller. This group can create shares,
manage disk functions, and can run performance monitoring. This group cannot be used to prepare legacy
Exchange permissions in a domain.
Objective:
Sub-Objective:
QUESTION 30
button to view the site structure of nutex.com and a partial list of Exchange servers in the Exchange
organization.
The CIO of Nutex wants to ensure that any messages that go through distribution groups must be approved
by a moderator. You need to propose hardware changes to the CIO that will support moderated distribution
groups.
What solution should you propose that would use the least amount of resources?
exhibit6 (exhibit):
exhibit7 (exhibit):
A. Use Exch1-Chi as an expansion server.
B. Upgrade Exch1-Bos and all Client Access servers to Exchange 2010 SP1 and use Exch1-Bos as an
expansion server.
C. Upgrade Exch1-Atl and all Hub Transport servers to Exchange 2010 SP1 and use Exch1-Chi as an
expansion server.
D. Use Edge1-Dallas as an expansion server.
Answer: C
Answer:
Upgrade Exch1-Atl and all Hub Transport servers to Exchange 2010 SP1 and use Exch1-Chi as an
expansion server.
Explanation:
You should upgrade Exch1-Atl and all Hub Transport servers to Exchange 2010 SP1 and use Exch1-Chi
as an expansion server. Moderated distribution groups can be approved when the distribution group is
expanded on an Exchange 2010 Hub Transport server. It is Microsoft's recommendation that you wait until
all your Hub Transport servers are upgraded to Exchange 2010 SP1 before using moderated distribution
groups.
You should not use Exch1-Chi as an expansion server until all other Hub Transport servers in the
Exchange organization are upgraded to Exchange 2010 SP1.
You should not upgrade Exch1-Bos and all Client Access servers to Exchange 2010 SP1 and use Exch1-
Bos as an expansion server. You may want to upgrade the Client Access servers to Exchange 2010 SP1 to
take advantages of improved client access connectivity and integration with Microsoft Office 2010.
However, an expansion server for moderated distribution groups must be a Hub Transport server, not a
Client Access server. You should not use Edge1-Dallas as an expansion server. An Edge Transport server
is a server that normally
handles all Internet-facing mail flow. However, an expansion server for moderated distribution groups must
be a Hub Transport server, not an Edge Transport Server.
Objective:
Sub-Objective:
QUESTION 31
You work as the enterprise administrator for the Nutex Corporation. Nutex has an Exchange 2010 SP1
organization and an Active Directory forest that contains a single domain named nutex.com. Nutex has
three other branch offices in Dallas, Miami, and Boston locations that are configured as Active Directory
sites. Each different location of Nutex is a separate division that produces a different product. The Dallas
office produces automobiles. The Miami office manufactures engines. The Boston office manufactures
transmissions.
The CIO instructs you to accomplish the following:
Make it easier for Nutex employees to find e-mail information for recipients who exist in a different
division than their own.
You solution should not prohibit finding a recipient if you do not know what division that the recipient
works at.
External users should be able to find recipients and send e-mail to recipients even if they are not
themselves connected to the Nutex domain.
What should you do? (Choose two to create a complete solution.)
A. Set up three accepted domains

B. Set up three remote domains
C. Set up three address lists
D. Set up three global address lists
E. Set up three e-mail address policies.
F. Set up three offline address books (OAB)
G. Set up three managed folder mailbox policies
Answer: CF
Section: Deploying the Exchange Server 2010 Infrastructure
Answer:
Set up three address lists
Set up three offline address books (OAB)
Explanation:
You should set up three new address lists and three offline address books (OABs). You can create
separate address lists for each division for employees to find recipients who exist only in their division. A
custom address list can be created for each recipient that is in each separate division. Even if you create
separate custom address lists, you can still find a recipient in the Global Address list if you do not know
what division or address list the recipient may be in. You could also create an offline address book (OAB)
for each address list so that a Nutex
user can access recipient information from the custom address list while disconnected from the server.
You should not create three accepted domains. An accepted domain is a SMTP namespace that the
Exchange organization sends or receives e-mail. An accepted domain is used for namespaces that the
Exchange 2010 SP1 organization is authoritative for. However, an accepted domain is not used to retrieve a
list of recipients by internal or external users. You should not create three address policies. You can use e-
mail address policies to apply more than one e-mail address to a user. An address policy cannot be used to
retrieve a list of recipients by internal or external users.
You should not set up three remote domains. A remote domain entry is used to specify message transfer
settings from your Exchange organization to and from domains outside your Active Directory forest. In this
scenario, all divisions are in the same Active Directory forest and same domain. A remote domain is not
used to retrieve a list of recipients by internal or external users.
You should not set up three managed folder mailbox policies. A managed folder policy is used to specify
retention settings for default folders such as Inbox, Deleted Items, and Sent Items. A managed folder
mailbox policy is not used to retrieve a list of recipients by internal or external users.
Objective:
Deploying the Exchange Server 2010 Infrastructure
Sub-Objective:
Deploy mailbox server role
QUESTION 32
You are the enterprise Exchange administrator for the Nutex Corporation. You plan to migrate mailboxes
from your Exchange 2010 SP1 on-premise organization to the cloud. You plan to have the on-premise
organization Outlook 2010 clients share calendars with the cloud-based organization by creating a sharing
policy after the migration is complete.
You do the following:
Before migrating mailboxes, change the DNS TTL setting on your current MX record to a shorter
interval, such as 3600 seconds (one hour).
Change your MX record to point to your cloud-based e-mail organization after all mailboxes are migrated
Create a CSV import file to provision users that requires users to change their password.
After the migration is complete, you need to provide users with their sign-in credentials and auto generated
password for their new cloud-based accounts.
What should you do?
A. Create a welcome message using the mail merge process in Microsoft Outlook and the CSV import file
used to provision users
B. Create a welcome message using the mail merge process in Microsoft Office Word and the CSV import
file used to provision users
C. Create a welcome message in Microsoft Outlook with the CSV file embedded in the message
D. Create a welcome message in SharePoint 2010. Have Microsoft Outlook use the CSV file as the
datasource.
Answer: B
Answer:
Create a welcome message using the mail merge process in Microsoft Office Word and the CSV import file
used to provision users
Explanation:
You should leverage the mail merge process in Microsoft Office Word and CSV import file that you used to
provision users. It is not unusual for users to not use their new account if they do not receive instructions on
how to use it. You can create a welcome message that contains information for users on step by step
instructions on how to sign in for the first time. User specific information such as first name, last name from
the CSV file can be added to the message. User specific information such as the Windows Live ID and
password is included in the
CSV file. You can specify in the CSV file that users are required to change their password. You can also
use the CustomAttributeN property in the CSV file to store any alternate e-mail addresses for each new
user.
You use mail merge the information in the CSV import file with Microsoft Outlook. Microsoft Outlook does
not support mail merge. The mail merge feature is a function of Microsoft Word, not Outlook. You can
perform a mail merge with SharePoint 2010 or SharePoint Online, but you must have Microsoft Word
perform the mail merge and specify the CSV file as the datasource.
You should not create a welcome message in Microsoft Outlook with the CSV file embedded in the
message. Sending a welcome message with the contents of the CSV file in the message will confuse users
who are not familiar with the structure or function of the CSV file.
Objective:
Sub-Objective:
Deploy server roles for coexistence and migration
QUESTION 33
You administer an Exchange 2010 SP1 organization for the Nutex Corporation. Nutex has purchased
another company called Verigon. Verigon has an Exchange 2003 organization and will be integrated as a
separate domain in the nutex.com tree. All Verigon domain controllers run the 32-bit version of Windows
Server 2003 SP2 and all of the Verigon Exchange servers run Exchange 2003 SP2.
The CIO asks you to plan the move of mailboxes from Verigon's old Exchange 2003 servers to your
Exchange 2010 SP1 organization.
What must you do FIRST?
A. Upgrade the schema master of Verigon to a 64-bit version of Windows Server 2008
B. Upgrade all Verigon Exchange servers to Exchange 2007 SP2
C. Ensure the forest and domain level of Verigon are set to Windows Server 2003 functional level
D. Upgrade at least one global catalog server in the Verigon forest to Windows Server 2008
Answer: C
Answer:
Ensure the forest and domain level of Verigon are set to Windows Server 2003 functional level
Explanation:
You should ensure the forest and domain levels of Verigon are set to Windows Server 2003 functional level
in order to migrate mailboxes from Exchange 2003 to Exchange 2010 SP1. In this scenario, Verigon will
eventually be integrated into the nutex.com forest. You must move the mailboxes from Verigon's Exchange
2003 servers to Exchange 2010 SP1 servers in the Nutex organization. To begin a sequenced migration
from Exchange 2003 to Exchange 2010 SP1, you must bring the Exchange 2003 organization to Exchange
Native mode. The Exchange
2003 servers must be running Exchange 2003 SP2. You should then bring the Active Directory forest and
domain of the Exchange 2003 organization to Windows Server 2003 functional level or higher.
You should not upgrade the schema master of Verigon to a 64-bit version of Windows Server 2008, or
upgrade at least one global catalog server in the Verigon forest to Windows Server 2008. The global
catalog servers and the Active Directory schema master need to be at a minimum level of Windows Server
2003 SP1 for coexistence between Exchange 2003 and Exchange 2010 SP1 in order to transfer mailboxes
from Exchange 2003 to Exchange 2010 SP1.
You do not have to upgrade all Verigon Exchange servers to Exchange 2007 SP2. The Exchange servers
only have an Exchange 2003 Service Pack 2 applied.
Objective:
Sub-Objective:
Prepare the infrastructure for Exchange Server 2010 deployment
QUESTION 34
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. Nutex
has purchased several companies in different countries. These companies have been integrated into the
nutex.com forest, and are now new divisions within the company.
Each new division has a separate domain as follows:
nutex.com, asia.nutex.com, europe.nutex.com, and northamerica.nutex.com.
The CIO wants outbound e-mail messages from the asia.nutex.com, europe.nutex.com, and
northamerica.nutex.com domains to be rewritten to appear as if they all originate from a single domain
named nutex.com.
What should you plan to do?
A. Plan to add Address Rewriting agents on the Receive connector and Send connector of the Edge
Transport server role.
B. Plan to add Address Rewriting agents on the Receive connector and Send connector of the Hub
C. Plan to add transport rules agent on the Hub Transport server role.
D. Plan to add transport rules agent on the Edge Transport server role.
Answer: A
Answer:
Plan to add Address Rewriting agents on the Receive connector and Send connector of the Edge Transport
server role.
Explanation:
You should plan to add and configure Address Rewriting agents on the Receive and Send connectors of the
Edge Transport server role. Address rewriting allows you to re-route inbound messages to internal
recipients at a different address, or to alter the appearance of the e-mail address on outbound messages so
that it appears to come from a different domain. Address rewriting will enable replies to messages that were
originally from users in the asia.nutex.com domain, but were configured to appear from the nutex.com
domain, to be correctly routed
back to the original sender in the asia.nutex.com domain. These outbound messages are rewritten as they
passed to the Internet by the Edge Transport server.
Inbound messages to nutex.com are passed from the Internet to the Edge Transport server and then to
the Hub Transport server. For example, an inbound message that is sent to Ann@nutex.com is passed to
the internal Hub Transport server, which determines the correct mailbox to send the message to by using
the proxy address that is configured on the recipient's e-mail account.
You should not configure Address Rewriting agents on the Receive connector and Send connector of the
Hub Transport server role. The Address Rewriting agents must be configured on the Edge Transport server
role. You should not configure the Transport rules agent on the Hub Transport Server role or the Edge
Transport server role. The transport rules agent helps you apply compliance and policy-based rules to
messages. The transport rules agent will not rewrite an SMTP address. The transport rules agent is
installed on the Hub Transport Server role.
Objective:
Sub-Objective:
Deploy Edge transport server role
QUESTION 35
You are the Exchange administrator for the Nutex Corporation's Exchange organization. All Mailbox servers
are either Exchange 2007 SP2 or Exchange 2010 SP1.
You have clients that will need to access public folders via Outlook Web App. You also have clients with
mailboxes on Exchange 2007 mailbox servers that access their messages with Outlook Web App. Nutex
recipients must be able to have a copy of the offline address book available when they are disconnected
from the server.
The CIO asks you to install an ISA Server 2006 in the perimeter network as a non-domain server in order to
secure access. What must you configure on the ISA server?
A. Create the Autodiscover, Microsoft-Server-ActiveSync, and OAB Web publishing rules for the
corresponding virtual directories
B. Create the Autodiscover, Unified Messaging, and OAB Web publishing rules for the corresponding
virtual directories
C. Create the OWA, Autodiscover, Public, and OAB Web publishing rules for the corresponding virtual
directories
D. Create the OWA, Autodiscover, Microsoft-Server-ActiveSync, and OAB Web publishing rules for the
corresponding virtual directories
Answer: C
Answer:
Create the OWA, Autodiscover, Public, and OAB Web publishing rules for the corresponding virtual
directories
Explanation:
You should create Web publishing rules for the /owa virtual directory, the /Autodiscover virtual directory,
and the /OAB virtual directory. You should only create Web publishing rules for services that you will use.
The /owa virtual directory is used by Outlook Web app for clients to access their mailboxes that may be on
either Exchange 2007 or Exchange 2010 SP1 mailbox servers. The /Autodiscover virtual directory is used
for the Autodiscover service which provides access to Exchange features for Outlook clients. The /public
directory is a virtual directory
used by Outlook Web App so that users can access public folders that are located on Exchange 2003,
Exchange 2007, Exchange 2010, or Exchange 2010 SP1 servers. The /OAB virtual directory is used by
Outlook clients to download a copy of an address book that can be used when the Outlook client is
disconnected for the server. All answers are incorrect because you should not be creating Web publishing
rules for services that will not be used.
You do not have to create a Web publishing rule for the /Microsoft-Server-ActiveSync virtual directory.
ActiveSync in Exchange 2007 and Exchange 2010 is used by users to retrieve mail with remote devices. In
the scenario, the ActiveSync service was not mentioned.
You should not create Web publishing rules for the /UnifiedMessaging virtual directory. The /
UnifiedMessaging virtual directory is used for access to Unified Messaging, but the Unified Messaging
service was not mentioned in the scenario.
Objective:
Sub-Objective:
Deploy client access server role
QUESTION 36
You are the Exchange administrator for the Nutex Corporation. Nutex has merged with a competitor and will
be changing to a new authoritative SMTP domain name.
The CIO has requested the following conditions be met:
The new e-mail address will be the default e-mail address displayed on all e-mail messages sent by
employees.
Recipients should continue to accept e-mail sent to the old e-mail addresses for a period of seven
months so customers will be able to send mail messages to previous e-mail addresses.
What should you configure?
A. Plan to have a remote domain and configure address rewriting on a Hub Transport server
B. Plan to have an accepted domain and configure address rewriting on a Hub Transport server
C. Plan to have an accepted domain and configure an e-mail address policy
D. Plan to have a remote domain and configure an e-mail address policy
Answer: C
Answer:
Plan to have an accepted domain and configure an e-mail address policy
Explanation:
You should plan to have an accepted domain, and you should configure an e-mail address policy. You
should create an accepted domain for an SMTP domain that the organization is authoritative for. In this
scenario, Nutex will be changing to a new authoritative SMTP domain name. You should create a new
accepted domain and ensure that you select E-mail is delivered to a recipient in this Exchange
Organization.
You should also configure an e-mail address policy for the authoritative domain. You should set the new e-
mail address to be the primary e-mail address and the old e-mail address to be the secondary e-mail
address. You should not plan to have a remote domain and configure address rewriting on a Hub Transport
server. Remote domains are used to define settings for message transfer between your Exchange
organization and domains that are not in your forest. You can prevent certain types of messages, such as
out-of-office messages,
auto-reply messages, non-delivery reports (NDRs), and meeting forward notifications, from being sent to a
domain that is defined as a remote domain. In this scenario, you want to ensure that messages sent to an
old email address from a customer are directed to the proper recipient. You are not blocking certain
messages.
You cannot configure address rewriting on a Hub Transport server. Address rewriting allows you to re-route
inbound messages to internal recipients at a different address, or to alter the appearance of the e-mail
address on outbound messages so that it appears to come from a different domain. Address rewriting will
enable replies to messages that were originally from users in a different domain such as asia.nutex.com,
but were configured to appear from the nutex.com domain, to be correctly routed back to the original
sender in the asia.nutex.com
domain. These outbound messages are rewritten as they passed to the Internet by the Edge Transport
server. The Address Rewriting agent is configured only on the Send connector of the Edge Transport
server, not the Hub Transport server.
Objective:
Sub-Objective:
Deploy hub transport server role
QUESTION 37
You administer an Exchange 2003 organization for the Nutex Corporation in their headquarters in Atlanta.
other branch offices in different locations that are configured as Active Directory sites. All Exchange clients
use Microsoft Office Outlook 2003.
You will be moving from Exchange 2003 to Exchange 2010 SP1. All clients will be upgraded to Microsoft
Office 2010, but not all locations will be upgraded all at once. The CIO instructs you to ensure that all clients
in all locations will be able to use their particular versions of Outlook to retrieve mail.
What should you plan?
A. Ensure that Office 2003 clients encrypt data between Outlook and Microsoft Exchange Server.
B. Remove RPC encryption for the Exchange 2010 SP1 Client Access servers.
C. Create a Group Policy to enable the setting of Digitally sign communications (Always). Filter the
policy to only the Outlook 2003 clients.
D. Create a Group Policy to enable the setting of Digitally sign communications (If Server Agrees).
Filter the policy to only the Outlook 2003 clients.
Answer: A
Answer:
Ensure that Office 2003 clients encrypt data between Outlook and Microsoft Exchange Server.
Explanation:
You should ensure that Office 2003 clients encrypt data between Outlook and Microsoft Exchange Server.
In Exchange 2003, a client was able to directly communicate with an Exchange mailbox. In Exchange 2010
and Exchange 2010 SP1, the client must access a Client Access server before accessing a mailbox. A
service named Exchange RPC Client Access handles all MAPI client connections. By default, the RPC
Client Access service requires encryption. You must enable encryption in the Outlook 2003 profile. You can
check "Encrypt data
between Microsoft Office Outlook and Microsoft Exchange server" in Outlook 2003.
You can remove RPC encryption for the Exchange 2010 SP1 Client Access server to allow Outlook 2003
clients to connect to a Client Access server. However, this action is not recommended because you will be
making communication between Outlook 2003 and 2010 clients and the Client Access server unsecure.
You should not create a Group Policy to enable the settings of either Digitally sign communications
(Always) or Digitally sign communications (If Server Agrees). When you digitally sign communications,
you are digitally signing a packet that is required by the SMB client component. Digitally signing
communication between a server and a client protects against a "man-in-the-middle" attack where packets
are modified in transit. The Digitally sign communications (Always) setting always signs SMB packets.
The Digitally sign communications (If
Server Agrees) setting signs SMB packets if the server does. Digitally signing SMB packets will not allow
Outlook 2003 clients to interface with an Exchange 2010 SP1 Client Access server.
Objective:
Sub-Objective:
QUESTION 38
You work as the enterprise Exchange administrator for the Nutex Corporation. Nutex has acquired several
companies that will all be integrated into a single domain in a single forest named nutex.com. Nutex plans
to install Exchange 2010 SP1 in your Exchange organization. Some of the existing companies have
implemented previous versions of Microsoft Exchange server, including Exchange 2000, Exchange 2003,
and Exchange 2007. All servers that are Exchange servers use a 64-bit processor.
The following Exchange servers exist in the organization:
Exchange 2000 SP2

Exchange 2003 SP1
Exchange 2007 SP1
The CIO asks you to design a plan to use existing servers for the installation of Exchange 2010 SP1.
What should you do?
A. You should consider removing all Exchange 2000 servers and upgrading all Exchange 2003 servers to
SP2.
B. You should consider removing all Exchange 2000 servers and Exchange 2003 servers, and upgrading
all Exchange 2007 servers to SP2.
C. You should consider removing all Exchange 2000 servers, upgrading Exchange 2003 servers to SP2,
and upgrading all Exchange 2007 servers to SP2.
D. You should consider upgrading all Exchange 2000 servers to SP3, upgrading Exchange 2003 servers to
SP2, and upgrading all Exchange 2007 servers to SP2.
Answer: C
Answer:
You should consider removing all Exchange 2000 servers, upgrading Exchange 2003 servers to SP2, and
upgrading all Exchange 2007 servers to SP2.
Explanation:
You should consider removing all Exchange 2000 servers, upgrading Exchange 2003 servers to SP2, and
upgrading all Exchange 2007 servers to SP2. Exchange 2010 supports coexistence with Exchange 2003
versions that have SP2 or higher. You must configure the organization to run in native mode. If you plan on
upgrading the Exchange 2007 servers, you will need to apply SP2 or later.
You should not choose the option of removing all Exchange 2000 servers and upgrading all Exchange 2003
servers to SP2. You have to apply SP2 or later to the Exchange 2007 servers in order to upgrade the
servers to Exchange 2010 SP1.
You should not consider removing all Exchange 2000 servers and Exchange 2003 servers and upgrading
all Exchange 2007 servers to SP2. You must remove the Exchange 2000 servers, but you can apply SP2 to
the Exchange 2003 servers to support coexistence with Exchange 2010 or Exchange 2010 SP1. You
should not consider a solution that includes upgrading all Exchange 2000 servers to SP3. You will have to
remove the Exchange 2000 servers because a direct upgrade from Exchange 2000 to Exchange 2010 or
Exchange 2010 SP1 is not supported.
Objective:
Sub-Objective:
QUESTION 39
Nutex has an Active Directory forest that contains a single domain named nutex.com. Nutex has branch
offices in Dallas and Miami that are configured as Active Directory sites.
The following conditions apply to the Nutex forest:
All servers in all three locations of the Nutex domain are Windows Server 2008 R2 servers that use the
64- bit platform.
Nutex has an Active Directory-integrated DNS server and a global catalog server in both the Atlanta and
Miami locations.
Nutex has a secondary DNS server and a read-only domain controller (RODC) that is a global catalog
server in the Dallas location.
The Nutex Corporation has merged with the Verigon Corporation. Verigon now shares the same three
offices as Nutex. Verigon has a single Active Directory domain named verigon.com that is in a separate
forest from nutex.com.
The following conditions apply to the Verigon forest:
Verigon has an Active Directory-integrated DNS server and a global catalog server in the Atlanta and
Miami locations.
The Verigon servers in Atlanta and Miami are Windows Server 2008 servers that use the 32-bit platform.
Verigon has a secondary DNS server in the Dallas location that uses universal group membership
caching.
The Verigon servers in Dallas are Windows Server 2008 R2 servers that use the 64-bit platform.
Each location in verigon.com has multiple domain controllers.
Both the verigon.com forest and the nutex.com forest contain fewer than 8,000 objects apiece.
The CIO announces that Nutex plans to install Exchange Server 2010 SP1 server at every office of the
Nutex domain. Due to economic restraints, Exchange Server 2010 SP1 will not be implemented for Verigon
until sales improve. You need to recommend changes that will keep costs to a minimum.
What changes do you propose?
A. Make an extra domain controller from the Dallas location of verigon.com a global catalog server.
B. Purchase a new Windows Server 2008 R2 server (64-bit) for the Dallas location. Make the server a
RODC and global catalog server for nutex.com
C. Purchase a new Windows Server 2008 R2 server (32-bit) for the Dallas location. Make the server a
domain controller and global catalog server for nutex.com
D. Demote a domain controller from the verigon.com in the Dallas location. Remove the server from the
verigon.com domain. Add the server to the nutex.com domain. Make the server a domain controller
and global catalog server for nutex.com
Answer: D
Answer:
Demote a domain controller from the verigon.com in the Dallas location. Remove the server from the
verigon.com domain. Add the server to the nutex.com domain. Make the server a domain controller and
global catalog server for nutex.com
Explanation:
To install Exchange 2010 SP1 in the nutex.com domain, you will need a writeable domain controller and a
global catalog server in every Active Directory site. The Dallas location of nutex.com only has a read-only
domain controller (RODC) and global catalog server. To minimize costs, you can take an existing server
from the partner company, since it has multiple domain controllers in each location.
You would perform the following actions in this order:
Demote a domain controller from the Dallas location of verigon.com.

Remove the server from the verigon.com domain.
Add the server to the nutex.com domain.
Make the server a domain controller and global catalog server for nutex.com.
Since the server is a domain controller of verigon.com, you will have to demote the domain controller to a
member server and then remove the server from the verigon.com domain and place it in a workgroup. You
will then add the server to the nutex.com domain and promote the domain controller to the nutex.com
domain. Once the server is a domain controller for the nutex.com domain, you can make it a global catalog
server for the nutex.com forest. You should not make an extra domain controller from the Dallas location of
verigon.com a global catalog server. A global catalog server contains Active Directory objects of all
domains in a schema of a particular forest. Verigon.com is in a separate forest from nutex.com and will
have a separate schema. A global catalog server of verigon.com will not have the Active Directory objects
of nutex.com. In this scenario, you need a writeable domain controller with a global catalog server that
contains the Active Directory objects for the schema of nutex.com in the Dallas location. Making an
existing domain controller for verigon.com, which is in a separate
forest, a global catalog server for nutex.com will not help.
You should not purchase a new Windows Server 2008 R2 server (64-bit) or Windows Server 2008 server
(32-bit) for the Dallas location. You could use existing resources to meet this requirement instead of
purchasing new equipment, thereby minimizing costs. However, making the server a writable domain
controller and global catalog server for nutex.com will meet the requirement for installing Exchange 2010
SP1 for the Nutex Corporation. Also, you cannot install Windows Server 2008 R2 on a computer with a 32-
bit processor. Windows Server 2008 R2 only
supports a 64-bit processor.
It does not matter whether you use a 32-bit version of Windows Server 2008 or a 64-bit version of Windows
Server 2008 R2 to be a global catalog server in this scenario. You should upgrade a domain controller and
a global catalog server to 64-bit hardware when an Active Directory organization contains more than 20,000
objects. In this scenario, the forest of nutex.com and verigon.com contain fewer than 8,000 objects
apiece. A global catalog server does not have to run Windows Server 2008 R2. A global catalog server
must run at least
Windows Server 2003 Standard or Enterprise Editions operating systems.
Objective:
Sub-Objective:
QUESTION 40
You work as the enterprise Exchange administrator for the Nutex Corporation. You plan to install Exchange
2010 SP1 in your existing Exchange organization, which currently runs Exchange Server 2003. Nutex a
single domain named nutex.com that has three locations. All of the domain controllers in your domain run
Windows Server 2008 R2. Each location has a perimeter network.
The CIO plans to have a secure SMTP gateway for all incoming and outgoing e-mail in each location of the
Nutex organization. The CIO wants to maintain message hygiene and provide SMTP address modification
for any of Nutex's message senders or recipients.
A. In each location, make a member server an Edge Transport server. Use Active Directory Federation
Services (AD FS) to store its configuration and recipient information.
B. In each location, make a new standalone Windows Server 2008 R2 server an Edge Transport server.
Use Active Directory Lightweight Directory Services (AD LDS) to store its configuration and recipient
information.
C. In each location, make a new standalone Windows Server 2008 R2 server an Edge Transport server.
Use Federation Services to store its configuration and recipient information.
D. In each location, make a domain controller of nutex.com an Edge Transport server.
Answer: B
Answer:
In each location, make a new standalone Windows Server 2008 R2 server an Edge Transport server. Use
Active Directory Lightweight Directory Services (AD LDS) to store its configuration and recipient information.
Explanation:
You should make a new standalone Windows Server 2008 R2 server an Edge Transport server in each
location, and use Active Directory Lightweight Directory Services (AD LDS) to store its configuration and
recipient
information. An Edge Transport server can provide the following features:
Internet message delivery - The server that accepts all e-mail from the Internet.
Antivirus and anti-spam protection - You can specify a collection of agents on the Edge Transport server
that provide layers of spam filtering and virus protection.
Edge Transport rules - You can apply actions and rules to messages from the Internet that meet
specified conditions to control the flow of messages.
Address rewriting - Enables SMTP address modification for any senders or recipients in your
organization.
To provide a secure gateway for all incoming and outgoing e-mail in each location of the Nutex organization
to the Internet, the Edge Transport server should not be a member of the domain, but a standalone server.
The Edge Transport server will use AD LDS as an LDAP directory service to store schema information,
configuration information, and recipient information for the Exchange organization. You should not have an
Edge Transport server as a member server or domain controller. If the Edge Transport server is a member
of the domain, the attack surface is too great. To minimize the attack surface, you should have Edge
Transport server in a perimeter network and ensure that the Edge Transport server is not a member of the
domain.
You should not use Federation Services with an Edge Transport server. The Federation Services
component of AD FS allows your organization to share calendar information and free/busy information with
other companies outside your Active Directory forest. It is not used with an Edge Transport server.
Objective:
Sub-Objective:
QUESTION 41
You administer an Exchange 2010 SP1 organization that has a single domain and three locations. All of the
domain controllers in your domain run Windows Server 2008 R2. The CIO instructs you to deploy Microsoft
Office 2010 to all client computers. More users will be using mobile
devices to check e-mail than were previously supported. You must plan the deployment of Client Access
servers in all locations so that a user's profile settings for a client running Outlook 2010 and the user profile
settings for a mobile phone running Windows Mobile 6.1 are automatically configured.
What should you plan to use configure FIRST?
A. Configure ActiveSync access

B. Configure the Autodiscover service
C. Configure the Availability service
D. Configure the IMAP4 service
Answer: B
Answer:
Configure the Autodiscover service
Explanation:
You should configure the Autodiscover service first because this service automatically configures a user's
profile settings for a client running Outlook 2010 and the user profile settings for a mobile phone running
Windows Mobile 6.1 or later. The Autodiscover service provides Outlook 2007 and Outlook 2010 clients
access to Exchange features.
All other answers are incorrect because none of the options automatically configures a user's Outlook
profile settings.
Before designing or configuring ActiveSync access, you should configure the Autodiscover service to
enable automatic client configuration. You should also require SSL on the Microsoft-server-ActiveSync
virtual directory so that communication between a mobile device that is running Windows Mobile 6.1 or
higher is secure. The mobile device should have a certificate from a trusted certification authority, and you
should implement Exchange ActiveSync policies.
You should not configure the Availability service first. The Availability service provides Outlook 2007 or
Outlook 2010 clients with secure, consistent, and up-to-date free/busy data. An Outlook client relies on the
Autodiscover service to obtain the URL of the Availability service.
You should not configure the IMAP4 service first. This service provides Outlook clients the ability to use the
Internet Message Access Protocol (IMAP4) service.
Objective:
QUESTION 42
You administer the Nutex Corporation's Exchange 2003 organization. You currently have a front-end server
in the perimeter network named FE1-EXC and a back-end server named BE1-EXC. Users are able to
access e-mail via the Internet using the URL http://mail.nutex.com.
You will be migrating to Exchange 2010 SP1. The CIO instructs you to deploy a Mailbox server named
MB1-EXC and a Client Access server named CAS1-EXC. How should you plan to deploy the new servers
and allow users to access e-mail via the Internet using the URL http://mail.nutex.com?
(Choose two. Each correct answer is part of the solution.)
A. Deploy MB1-EXC before deploying CAS1-EXC

B. Deploy CAS1-EXC before deploying MB1-EXC
C. Link the IP address of MB1-EXC to mail.nutex.com
D. Link the IP address of CAS1-EXC to mail.nutex.com
E. Link the IP address of BE1-EXC to mail.nutex.com
Answer: BD
Answer:
Deploy CAS1-EXC before deploying MB1-EXC
Link the IP address of CAS1-EXC to mail.nutex.com
Explanation:
You should deploy the Client Access server role as the first Exchange 2010 SP1 server role on the new
servers. The Client Access server role provides access to Exchange Server 2010 mailboxes for all internal
and external messaging clients. The recommended order for deploying the
Exchange 2010 server roles is as follows:
Client Access Server role

Hub Transport Server role
Unified Messaging (UM) Server role
Mailbox Server role
Although the Edge Transport Server is not a member of a domain and can be deployed at any time, the
Edge Transport Server will not be fully functional until other server roles have been deployed such as the
Hub Transport server role. You should link the IP address of CAS1-EXC to mail.nutex.com. Clients that
use Outlook Web Application (OWA) to access their e-mail from the Internet will connect to the Client
Access server role. The Client Access server role requires IIS so that virtual directories for OWA,
ActiveSync, and others are created. You should not deploy MB1-EXC before CAS1-EXC. The Client
Access server role must be deployed before the Mailbox server role. Internal and external clients will use
the Client Access server to access their mailbox.
You should not link the IP address of MB1-EXC or BE1-EXC to mail.nutex.com. The Outlook Web App
virtual directories are configured on the Client Access server role, not the Mailbox server role. You would
not use the Exchange 2003 server as the IP address of mail.nutex.com. In Exchange 2003, you use the IP
address of the front-end server that is a perimeter network as the IP address of mail.nutex.com. Now that
you are migrating to Exchange 2010 SP1, you would use the Client Access server role, not the legacy front-
end server that will be replaced.
Objective:
Sub-Objective:
QUESTION 43
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. The CIO
wants to ensure that information concerning new products in development does not leak to the media or
competitors. You must develop a plan to prevent Nutex users from forwarding messages that contain the
name of a product under development to users outside the organization.
A. Create a single remote domain entry. Configure the appropriate settings to prevent forwarding.
B. Create a single transport rule with the appropriate RMS template.
C. Create a single journal rule with the appropriate RMS template.
D. Create a single journal rule and apply a legal hold.
Answer: C
Answer:
Create a single transport rule with the appropriate RMS template.
Explanation:
You should create a single transport rule with the appropriate RMS template. You will need to install Active
Directory Rights Management Services (AD RMS). AD RMS protects information from unauthorized use.
AD RMS identifies users and provides the users with licenses for protected information. It also provides
Information Rights Management (IRM) protection. AD RMS can work with RMS-enabled applications, such
as Microsoft Office and OWA, to protect messages and documents online and offline.
To use IRM protection in an Exchange 2010 SP1 organization, you will need to deploy Windows Server
2008 with AD RMS installed. Exchange 2010 ships with an XML-based policy template named Do Not
Forward. When this template is applied to a message, users will not be able to forward a message, copy
content from the message, or print the message.
You can create a transport rule with the Do Not Forward RMS template. You can specify conditions and
actions on a transport rule. You could specify the conditions on a transport rule to apply to users inside the
organization and when the subject field or body of the message contains a particular word or phrase, such
as "Top Secret."
You should not create a single remote domain entry. A remote domain is an SMTP domain that is external
to your organization. You can use remote domain entries to define the message types that can be
transferred between your Exchange 2010 SP1 organization and any domains outside your Active Directory
forest. You could use a remote domain to specify settings for out-of-office messages, by configuring the
out-of-office message settings and message format settings for e-mail that is sent to the remote domain.
You cannot configure settings on a
remote domain to prevent forwarding of a message based on a keyword in the subject or in the body of the
message. You should not create a single journal rule with the appropriate RMS template. A journal rule is
used to comply with legal, regulatory, and organizational requirements. A journal rule records inbound and
outbound e-mail communications. A journal rule cannot apply an RMS template to a message. You should
not include a journal rule and legal hold. A legal hold forces Exchange server to never purge a mailbox's
deleted messages so they remain searchable.
Objective:
Sub-Objective:
QUESTION 44
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex has an Active Directory
forest that contains a single domain and three branch offices in different locations that are configured as
Active Directory sites. Nutex plans to deploy Exchange 2010 SP1. You will be deploying Exchange servers
in every site. Currently you have Windows Server 2008 R2 domain controllers. You will have the same
number of Exchange servers in each site. All the domain controllers in every site use the same hardware,
and all Exchange servers will use the same
hardware.
The CIO is writing the budget request, and needs to know how many Exchange Server processors you will
implement for each global catalog server processor.
What do you propose?
A. Eight Exchange Server processors to one global catalog server processor

B. Four Exchange Server processors to one global catalog server processor
C. One Exchange Server processor to eight global catalog server processors
D. One Exchange Server processor to four global catalog server processors
Answer: A
Answer:
Eight Exchange Server processors to one global catalog server processor
Explanation:
You should implement eight Exchange Server processors to one global catalog server processor. You
should have a 8:1 ratio of Exchange Server processors to global catalog servers if you have deployed 32-bit
domain controllers. Windows Server 2008 R2 only uses 64-bit processors.
You should not implement four Exchange Server processors to one global catalog server processor. A
general guideline is to implement an 4:1 ratio of Exchange Server processors to one global catalog server if
your domain controllers have 32-bit processors. In this scenario, you have deployed 64-bit domain
controllers. You should not have a 1:4 or 1:8 ratio of Exchange Server processors to global catalog servers.
You should have more Exchange servers than global catalog servers.
Objective:
Sub-Objective:
QUESTION 45
You administer an Exchange 2003 organization for the Nutex Corporation in their headquarters in Atlanta.
Nutex has an Active Directory forest that contains a single domain named nutex.com, and three other
branch offices in different locations that are configured as Active Directory sites. All Exchange clients use
Microsoft Office Outlook 2003.
You will be moving from Exchange 2003 to Exchange 2010 SP1. All clients will be upgraded to Microsoft
Office 2010. Unfortunately, you will not be able to acquire licenses for all clients for five days. Over half the
clients will be upgraded to Exchange 2010 SP1 now, and after five days the rest of the clients will be
upgraded. The CIO asks you to come up with a plan that will grant users access to Outlook 2003 clients
until they are upgraded to Outlook 2010.
What should you do?
A. Stop the RPC Client Access service on the Client Access servers until all clients upgraded to Outlook
2010.
B. Remove RPC encryption for the Exchange 2010 SP1 Client Access servers until all clients upgraded to
Outlook 2010.
C. Create a Group Policy to enable the setting of Digitally sign communications (Always). Filter the
policy to only the Outlook 2003 clients. Remove the Group Policy after all clients are upgraded to
Outlook 2010.
D. Create a Group Policy to enable the setting of Digitally sign communications (If Server Agrees).
Filter the policy to only the Outlook 2003 clients. Remove the Group Policy after all clients are upgraded
to Outlook 2010.
Answer: B
Answer:
Remove RPC encryption for the Exchange 2010 SP1 Client Access servers until all clients upgraded to
Outlook 2010.
Explanation:
You should remove RPC encryption for the Exchange 2010 SP1 Client Access servers until all clients
upgraded to Outlook 2010. In Exchange 2003, a client was able to directly communicate with an Exchange
mailbox. In Exchange 2010 and Exchange 2010 SP1, the client must access a Client Access server before
accessing a mailbox. A service named Exchange RPC Client Access handles all MAPI client connections.
By default the RPC Client Access service requires encryption. You can remove RPC encryption for the
Exchange 2010 SP1 Client
Access server to allow Outlook 2003 clients to connect to a Client Access server. This action is not
recommended as a long-term solution because you are making communication between Outlook 2003 and
2010 clients and the Client Access server unsecure, but in this scenario the window of vulnerability is five
days.
Once all Outlook clients are upgraded to Outlook 2010, you can use the Set-RpcClientAccess cmdlet to
reset the Exchange 2010 SP1 Client Access server to the default of requiring encryption. You could also
enable encryption in the Outlook 2003 profile of the Outlook 2003 clients by checking "Encrypt data
between Microsoft Office Outlook and Microsoft Exchange server" in Outlook 2003.
You should not stop the RPC Client Access service on the Client Access servers until all clients upgraded to
Outlook 2010. The RPC Client Access service is what allows MAPI clients to communicate with the user's
mailbox. If you disable the service then all Outlook clients, including Outlook 2010 and Outlook 2003 clients,
will not be able to communicate with their mailbox.
You should not create a Group Policy to enable the setting of Digitally sign communications (Always) or
Digitally sign communications (If Server Agrees). When you digitally sign communications, you are
digitally signing a packet that is required by the SMB client component. Digitally signing communication
between a server and a client protects against a "man-in-the-middle" attack where packets are modified in
transit. The Digitally sign communications (Always) setting always signs SMB packets. The Digitally sign
communications (If Server
Agrees) setting signs SMB packets if the server does. Digitally signing SMB packets will not allow Outlook
2003 clients to interface with an Exchange 2010 SP1 Client Access server.
Objective:
Sub-Objective:
QUESTION 46
has an Exchange 2010 SP1 organization and an Active Directory forest that contains a single domain
named nutex.com. Nutex has three other branch offices in Dallas, Miami, and Boston that are configured
as Active Directory sites.
Each different location of Nutex is a separate division that produces a different product. The Atlanta office
produces golf clubs and gear. The Dallas office produces tennis rackets and gear. The Miami office
produces baseball equipment. The Boston office produces track and field equipment.
The CIO instructs you to accomplish the following:
Make it easier to find recipients who exist in a different division.

You solution should not prohibit finding a recipient if you do not know what division that the recipient
works at.
What should you do?
A. Set up four new accepted domains and four new e-mail address policies.
B. Set up four new remote domains and four new e-mail address policies.
C. Set up four new address lists.
D. Set up four new dynamic distribution groups and four new offline address books (OABs).
Answer: C
Answer:
Set up four new address lists.
Explanation:
You should set up four new address lists. You can create separate address lists for each division for
employees to find recipients who exist only in their division. A custom address list can be created for each
recipient that is in each separate division. Even if you create separate custom address lists, you can still find
a recipient in the Global Address list if you do not know what division or address list the recipient may be in.
You could also create an offline address book (OAB) for each address list so that a Nutex user can access
recipient information from the
custom address list while disconnected from the server.
You should not create four new accepted domains and four new e-mail address policies. An accepted
domain is a SMTP namespace that the Exchange organization sends or receives e-mail. You can use e-
mail address policies to apply more than one e-mail address to a user. An accepted domain is used for
namespaces for which the Exchange 2010 SP1 organization is authoritative. However, an accepted domain
is not used to retrieve a list of users by division.
You should not set up four new remote domains and four new e-mail address policies. A remote domain
entry is used to specify message transfer settings from your Exchange organization to and from domains
outside your Active Directory forest. In this scenario, all divisions are in the same Active Directory forest and
same domain. A remote domain is not used to retrieve a list of users by division.
You should not set up four new dynamic distribution groups and four new offline address books (OABs). A
dynamic distribution group is a mail-enabled group object in Active Directory that can be used to send a
single message to a bunch of users. The membership list for a dynamic distribution group is created based
on a specific set of criteria. The membership list of a dynamic distribution group is calculated each time a
message is set to the group. A dynamic distribution group will not allow you to send a message to only a
single recipient in a division.
Objective:
Sub-Objective:
QUESTION 47
domain named nutex.com. Each location of nutex.com is its own Active Directory site. Each site has a
database availability group (DAG) with JBOD disks.
Responding to a rash of burglaries around the data center, the CIO has instructed you to ensure against
data theft from any Mailbox server if the computer is stolen from the data center.
A. Enable Encrypted File System (EFS) encryption on all Exchange database and log files.
B. Enable BitLocker on all volumes that contain Exchange database and log files.
C. Issue a certificate from a third-party CA for each Exchange Database and digitally sign the Exchange
database.
D. Use the self-signed certificate from the server and digitally sign the Exchange database.
Answer: B
Answer:
Enable BitLocker on all volumes that contain Exchange database and log files.
Explanation:
You should enable BitLocker on all volumes that contain Exchange database and log files. BitLocker
provides volume encryption for Windows 7 and Windows Server 2008 computers. You can use BitLocker to
protect data on volumes from theft. BitLocker is supported on volumes that contain Exchange database and
log files. You cannot enable Encrypted File System (EFS) encryption on all Exchange database and log
files. EFS is used to encrypt individual files on an NTFS volume. However, EFS is not supported on
Exchange database and log files.
You should not digitally sign an Exchange database or log file. When you digitally sign a database file, you
can ensure that database has not been modified or not replaced, but you cannot prevent the file from being
copied or viewed.
Objective:
Sub-Objective:
QUESTION 48
domain named nutex.com. Each location of the nutex.com domain is its own Active Directory site.
The CIO has instructed you to design the storage for a new Mailbox server.
A. Create a single volume for the Mailbox server, enable BitLocker, and implement RAID 10.
B. Create a single volume for the OS and a single volume for the Exchange database and logs, enable
BitLocker, and implement RAID 1.
C. Create a single volume for the OS, a single volume for the Exchange database and a volume for the
logs. Enable EFS on all Exchange database files and implement RAID 10.
D. Create a single volume for the OS, a single volume for the Exchange database, and a volume for the
logs. Enable BitLocker on all volumes and implement RAID 1.
Answer: B
Answer:
Create a single volume for the OS, a single volume for the Exchange database, and a volume for the logs.
Enable BitLocker on all volumes and implement RAID 1.
Explanation:
You should create a single volume for the OS, a single volume for the Exchange database and a volume for
the logs. You should enable BitLocker on all volumes and create a RAID-1 array. You should separate the
operating system, the Exchange database, and Exchange log files onto separate volumes. This action will
improve performance and is a best practice for recoverability when restoring the .edb database files.
You can enable BitLocker to secure data on volumes from theft if the server is lost or stolen. BitLocker
provides volume encryption for Windows 7 and Windows Server 2008 computers, and is supported on
volumes that contain Exchange database and log files.
You can implement a RAID-10 or RAID-1 array. RAID 1 will provide mirroring of volumes if a single disk
fails. RAID 10 will provide mirroring of a volume across multiple disks, as RAID 1 does, but will also provide
striping. You should not create a single volume for the Mailbox server. You should have the operating
system on one volume, the Exchange databases on another volume, and the log files on a third volume to
improve performance. You should not enable EFS on all Exchange database files. EFS is used to encrypt
individual files on an NTFS
volume. However, EFS is not supported on Exchange database and log files.
Objective:
Sub-Objective:
QUESTION 49
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex has acquired several
companies. Each company will be allowed to operate as a separate domain in its own forest. You are
directed plan the installation of an Exchange 2010 SP1 organization for each forest.
Some of the existing companies have implemented previous versions of Microsoft Exchange server. The
following Exchange servers exist:
The first company has (4) Exchange 2000 SP2 servers that have 64-bit processors
The second company has (2) Exchange 2003 SP2 servers that have 32-bit processors
The third company has (2) Exchange 2003 SP1 servers that have 64-bit processors
The fourth company has (4) Exchange 2007 SP1 servers that have 64-bit processors
The CIO asks you to design a plan to use existing servers for the installation of Exchange 2010 SP1 in each
forest by applying patches or service packs as necessary.
How many of the existing Exchange servers can you use for upgrading to Exchange 2010 SP1?
A. 6
B. 8
C. 10
D. 12
Answer: A
Answer:
6
Explanation:
You can upgrade six of the twelve servers.
You can upgrade the two Exchange 2003 with SP1 servers that have 64-bit processors. You must apply
Exchange SP2 or higher to the Exchange 2003 server before upgrading to Exchange 2010 SP1. You must
configure the existing organization to run in native mode before you install the first Exchange 2010 SP1
servers. You can upgrade the four Exchange 2007 SP1 servers that have 64-bit processors. You must
apply at least SP2 or higher to the Exchange 2007 server before upgrading to Exchange 2010 SP1. You
cannot use the four Exchange 2000 SP2 servers that have 64-bit processors.
Although these servers have 64-bit processors, upgrading from Exchange Server 2000 to Exchange 2010
SP1 is not supported. You cannot upgrade the two Exchange 2003 servers with SP2 because these servers
have 32-bit processors.You can upgrade an Exchange 2003 server with SP2 to Exchange 2010 SP1, but
you must have a 64-bit processor.
Objective:
Sub-Objective:
QUESTION 50
You are the enterprise Exchange administrator for the Nutex Corporation. You plan to migrate mailboxes
from your Exchange 2010 SP1 on-premise organization to the cloud. You want to ensure that all retention
policies are migrated with the mailboxes.
A. Use the Export-RetentionTags.ps1 script to export the tags of the Messaging records management
(MRM) policy of the on-premise organization to an XML file.
B. Use the Set-RetentionPolicy cmdlet with the RetentionID parameter on the cloud based organization.
Use the name of the XML file as the value of the RetentionID parameter
C. Use the Import-RetentionTags.ps1 script to import the XML file to the cloud based organization
D. Use the Set-RetentionPolicy cmdlet with the RetentionPolicyTagLinks parameter on the cloud based
organization. Use the name of the XML file as the value of the RetentionID parameter
Answer: AC
Answer:
Use the Export-RetentionTags.ps1 script to export the tags of the Messaging records management (MRM)
policy of the on-premise organization to an XML file.
Use the Import-RetentionTags.ps1 script to import the XML file to the cloud based organization
Explanation:
You should use the Export-RetentionTags.ps1 script to export the tags of the Messaging records
management (MRM) policy of the on-premise organization to an XML file. When migrating mailboxes from
an on-premise organization to the cloud, the Messaging records management (MRM) policy is not
automatically migrated or synced. You can use the Export-RetentionTags.ps1 script to exports the
retention tags tat linked to the MRM policy to an XML file. You can then use the Import-RetentionTags.ps1
script to import the XML file to the
retention policies in the cloud-based organization. Both the Export-RetentionTags.ps1 script and the
Import- RetentionTags.ps1 script are located in the %Program files%\Microsoft\Exchange Server\V14
\Scripts directory.
You cannot use the Set-RetentionPolicy cmdlet with the RetentionID parameter or the
RetentionPolicyTagLinks parameter on the cloud based organization. The RetentionID parameter
specifies the identity of the retention policy, not the XML file in which you imported the retention tags. The
RetentionPolicyTagLinks parameter specifies the identity of the retention tags associated with the
retention policy, not the XML file in which you imported the retention tags.
Objective:
Sub-Objective:
QUESTION 51
You are the enterprise Exchange administrator. The CIO instructs you to ensure that a database availability
group (DAG) is implemented within the organization to meet the high availability and site resiliency
conditions that were part of the agreement signed with the creditors.
Since financial resources are at a minimum, what is the minimum disk configuration that you can propose
for the DAG?

B. Recommend iSCSI hard disks in a storage area network (SAN).
D. Recommend iSCSI hard disks in a direct attached storage (DAS).
Answer: C
Answer:
Recommend SATA hard disks in a direct attached storage (DAS).
Explanation:
You should recommend SATA hard disks in a direct attached storage (DAS). Exchange 2010 and
Exchange 2010 SP1 reduce disk input/output over previous versions of Exchange server. Exchange 2010
allows most disk operations to be performed in sequential order instead of random order. Because of the
reduced I/O requirements, you can use inexpensive disks such as Serial ATA (SATA) disks. You could also
use just a bunch of disks (JBOD) rather than a more expensive solution of Redundant Array of
Independents Disks (RAID).
DAS is less expensive than using a storage area network (SAN). In this scenario, cost reduction is a must
because the company is on the edge of bankruptcy. SAN may perform better than a DAS and is more
reliable, but since a database availability group (DAG) does not require very reliable storage, the DAS disks
can be a low-cost option.
You should not recommend iSCSI disks instead of SATA disks because iSCSI disks are more expensive.
Objective:
Sub-Objective:
QUESTION 52
You are the enterprise Exchange administrator for a company that installs turnkey email and phone
solutions for customer service departments. Your Active Directory forest contains a single domain and an
Exchange Server 2010 SP1 organization.
One of your customers plans to support thousands of clients simultaneously. You will install the Exchange
organization for the customer. You must ensure that the new Mailbox server in the client's organization will
support 2000 simultaneous MAPI, OWA, IMAP, POP, and SMTP client connections to the Mailbox servers.
You need to test 2000 simultaneous client connections in order to ensure the solution meets the customer's
expectations.
What is the BEST tool should you use to measure performance for your solution?
A. The best option is to use the Exchange Server Load Generator (LoadGen) 2010 tool.
B. The best option is to use the Performance Monitor tool in the Toolbox of the Exchange Management
Console.
C. The best option is to use the Performance Troubleshooter tool in the Toolbox of the Exchange
Management Console.
D. The best option is to use the Exchange Server Jetstress 2010 tool.
Answer: A
Answer:
The best option is to use the Exchange Server Load Generator (LoadGen) 2010 tool.
Explanation:
You should use the Exchange Server Load Generator (LoadGen) 2010 tool to test the 2000 simultaneous
MAPI, OWA, IMAP, POP, and SMTP client connections to the Mailbox servers. LoadGen is a simulation
server to handle a typical load or
heavy load from MAPI, OWA, IMAP, POP, and SMTP clients. LoadGen should only be used in a test
environment and not in a production environment.
You should not use the Exchange Server Jetstress 2010 tool to test 2000 simultaneous MAPI, OWA, IMAP,
POP, and SMTP client connections to the Mailbox servers. The Exchange Server Jetstress 2010 tool
simulates Exchange disk Input/Output load by simulating database and log file loads generated by a
specified number of users. You can use monitoring tools such as Event Viewer, Performance Monitor, and
ESEUTIL to monitor the load that Jetstress has placed on your disk subsystem to ensure it meets
performance criteria, and is adequately
sized for a production environment. Jetstress is not used to test the simulation of sending multiple
messages.
check if your design meets the client's requirements. Performance Monitor can be used to measure
memory, disk, network, or processor activity on a Windows computer. Performance Monitor will not test the
simulation of sending multiple messages.
You should not use the use the Performance Troubleshooter tool in the Toolbox of the Exchange
Management Console to check if your design meets the client's requirements. The Performance
Troubleshooter tool can be used to troubleshooting performance issues, mail flow issues, or database
issues. The Performance Troubleshooter tool allows you to choose the symptom that your server has and
offer a solution. This tool will not test the simulation of sending multiple messages.
Objective:
Sub-Objective:
QUESTION 53
You work as the enterprise Exchange administrator for the Nutex Corporation. The Nutex Corporation
recently purchased the Verigon Corporation after the Verigon Corporation was forced into bankruptcy. The
Verigon Corporation will be integrated into Active Directory as a separate forest named verigon.com. The
verigon.com will have three child domains.
The CIO wants the following requirements to be met:
meeting forward notifications should be allowed to be sent to the verigon.com domain.
meeting forward notifications should NOT be allowed to be sent to the nutex.com domain.
What is the BEST option?
A. configure remote domains

B. configure e-mail address policies
C. configure accepted domains
D. use federation services
Answer: A
Answer:
configure remote domains
Explanation:
The best option is to configure remote domains. Remote domains can be used to define message transfer
settings between your Exchange 2010 SP1 organization and domains located in a separate Active Directory
forest. You can create remote domain entries for specific domains that can specify message format polices.
You can block or allow specific message types, such as out-of-office messages, auto-reply messages, non-
delivery reports (NDRs), and meeting forward notifications. The blocked message is deleted.
All other choices are incorrect because they do not block certain type of messages.
You should not create e-mail address policies. An e-mail address policy allows recipients to have more than
one e-mail address. An accepted domain is any SMTP namespace that your Exchange organization sends
or receives mail as. For example, nutex.com may send and receive e-mail as another name, such as
nutexshoes.com.
Federation services allows your organization to share calendar information and free/busy information with
other companies outside your Active Directory forest.
Objective:
Sub-Objective:
QUESTION 54
You are the enterprise administrator for the Nutex Corporation. Nutex has an Active Directory forest that
contains a single domain named nutex.com.
Nutex plans to evaluate Exchange 2010 SP1 before implementing it in your organization. You are instructed
by the CIO to install Exchange 2010 SP1 in a test environment and use a different namespace. The users
in the IT department will test Exchange 2010 SP1. Once the testing is completed and is satisfactory, the
test servers will be deactivated and reformatted, and new Exchange 2010 SP1 servers will be installed in
the nutex.com namespace.
You will be able to install all server roles in the Exchange 2010 SP1 environment. You will have to install an
Internet-facing Edge Transport server to receive messages from the Internet. Since Exchange 2010 SP1
will be deployed in a test environment, the CIO has instructed you not to use the EdgeSync synchronization.
To accomplish this you need to design a plan to ensure the delivery of e-mail messages from the Internet to
A. On the Hub Transport server, modify the settings of the default Receive connector and create an
type.
B. On the Hub Transport server, modify the settings of the default Receive connector and create an
type.
C. On the Edge Transport server, modify the settings of the default Receive connector and create an
type.
D. On the Edge Transport server, modify the settings of the default Receive connector and create an
type.
E. On the Hub Transport server, create a Send connector configured to send messages to the Internet and
a Send connector configured to send messages to the Exchange organization.
F. On the Edge Transport server, create a Send connector configured to send messages to the Internet
and a Send connector configured to send messages to the Exchange organization.
Answer: CF
Answer:
On the Edge Transport server, modify the settings of the default Receive connector and create an additional
Receive connector. On the new Receive connector, select Internal as the connector usage type.
On the Edge Transport server, create a Send connector configured to send messages to the Internet and a
Send connector configured to send messages to the Exchange organization.
Explanation:
In this scenario, you should modify the default Receive connector of the Edge Transport server and create a
new Receive connector on the Edge Transport server that has Internal selected as the connector usage
type. When you use the Edge Subscription process in a typical installation, the Edge Subscription
configures permissions and authentication. In this scenario, the CIO has instructed you to not use
EdgeSync. You will have to create a Receive connector on the Edge Transport server that only accepts
messages from the Hub Transport server.
You will also have to create a Send connector on the Edge Transport server that will be configured to send
messages to the Internet. You will have to create a second Send connector on the Edge Transport server
that will be configured to send messages to the Exchange organization. The Send connector that is
configured to send messages to the Internet would have the usage type of Internet and have the address
space of * for all domains. The second Send connector that is configured to send messages to the
Exchange organization would have the
usage type of Internal and have the address space of the accepted domain of the Exchange organization in
the test environment.
You will not have to select Internet as the type on the new Receive connector of the Edge Transport server.
Since the new Receive connector will be configured to accept messages from the Exchange organization,
the usage type of the Receive connector should be Internal.
You do not have modify the settings of the default Receive connector and create an additional Receive
connector on the Hub Transport server. Two Receive connectors when a Hub Transport server is installed
that can accept messages from an Edge Transport server. You do not have to modify the Receive
connectors.
You should not create a Send connector configured to send messages to the Internet on the Hub Transport
server and create a Send connector on the Hub Transport server configured to send messages to the
Exchange organization. The Edge Transport server will be the Internet-facing server that will accept
messages from the Internet, not the Hub Transport server. However, you should create a single Send
connector to send outgoing messages to the Edge Transport server.
Objective:
Sub-Objective:
QUESTION 55
You administer an Exchange Server 2003 organization and an Active Directory forest that contains a
multiple domains named nutex.com . You plan to move the organization to Exchange Server 2010 SP1.
You want a user named Dave to prepare legacy Exchange permissions in south. nutex.com by running the
setup /PrepareLegacyExchangePermissions south.nutex.com command. You need to add Dave to the
appropriate roles and groups to perform the task, while granting him the least administrative permissions.
What should you do?
A. Add Dave to the Exchange Install Domain Servers group.

B. Add Dave to the Enterprise Admins group.
C. Add Dave to the Organization Management role group and to Domain Admins group.
D. Add Dave to the Organization Management role group and the Server Operators group.
Answer: C
Answer:
Add Dave to the Organization Management role group and to Domain Admins group.
Explanation:
You should add Dave to the built-in Organization Management role group and the Domain Admins group
to prepare legacy Exchange permissions in the south.nutex.com domain. If the forest has only one
domain, or if you want the user to prepare legacy permissions in only one of the domains in the forest, you
can add the user to the Organization Management role group and to the Domain Admins group to meet the
requirement. You must run the setup /PrepareLegacyExchangePermissions south.nutex.com
command in the same domain and in
the same Active Directory site as the schema master.
The Organization Management role assignment is part of the Role Based Access Control (RBAC)
permissions model in Microsoft Exchange Server 2010. You must be a member of the default Active
Directory security group Domain Admins on the domain to have permissions to run setup and otherwise
prepare the domain. You do not have to add Dave to the Enterprise Admins group to prepare legacy
Exchange permissions in the south.nutex.com domain. A member of the Enterprise Admins group can
grant itself all permissions in the
forest and run the setup /PrepareLegacyExchangePermissions south.nutex.com command in all
domains in the forest. However, there is only one domain in the forest in the scenario. You should add Dave
to the Domain Admins group, which has lower permissions than the Enterprise Admins group, to prepare
legacy Exchange permissions in the south.nutex.com domain.
You should not add Dave to the Exchange Install Domain Servers group. This group is used to install
Exchange 2010 SP1 into a child domain of the root domain. You would add Dave to this group if you were
planning to install Exchange 2010 SP1 into a subdirectory of south.nutex.com.
You should not add Dave to the Organization Management role group and the Server Operators group.
The Server Operators group is a group that appears on a domain controller. This group can create shares,
manage disk functions, and can run performance monitoring. This group cannot be used to prepare legacy
Exchange permissions in a domain.
Objective:
Sub-Objective:
Exam B
QUESTION 1
You administer an Exchange 2003 organization for the Nutex Corporation. Nutex a single domain named
nutex.com spanning three locations. Each location has a perimeter network. All the domain controllers in
your domain run Windows Server 2008 R2.
You plan to install Exchange 2010 SP1 in your existing Exchange organization. You have received
instructions from the CIO to install Edge Transport servers on the perimeter network. You must minimize
the attack surface of perimeter network.
What are the minimum ports that you should recommend opening on the firewall? (Choose all that apply.)
A. Port 25 on the internal firewall

B. Port 25 on the external firewall
C. Port 53 on the internal firewall
D. Port 53 on the external firewall
E. Port 389 on the internal firewall
F. Port 389 on the external firewall
G. Port 3268 on the internal firewall
H. Port 3268 on the internal firewall
I. Port 50636 on the internal firewall
J. Port 50636 on the external firewall
Answer: ABDI
Answer:
Port 25 on the internal firewall
Port 25 on the external firewall
Explanation:
You should open all of the following ports:

You open port 25 on both the internal and external firewalls. Port 25 should be open on the external firewall
so that SMTP hosts on the Internet are able to send e-mail. Port 25 should be open on the internal firewall
for the Edge Transport server to send inbound SMTP e-mail to Hub Transport servers on the internal
network. Internet.
Port 50636 on the internal firewall should be open so that the Hub Transport server can replicate
information to the Edge Transport server using Edge Synchronization.
Port 50636 on the external firewall should not be open on the external firewall. The Edge Transport server
should replicate with a Hub Transport server on the internal network, not with a server on the Internet.
Port 3268 should not be open on the internal or external firewalls. Port 3268 is used by a Hub Transport
server to contact a global catalog server. It is not used by an Edge Transport server.
Port 389 should not be open on the internal or external firewalls. Port 389 is used by a Hub Transport server
to use Lightweight Directory Access Protocol (LDAP) to contact Active Directory. It is not used by an Edge
Transport server.
Objective:
Sub-Objective:
QUESTION 2
You work as the enterprise Exchange administrator for the Nutex Corporation. Nutex has a single tree
named nutex.com with two subdomains named east.nutex.com and west.nutex.com. All the domain
controllers in your domain run Windows Server 2008 R2. You plan to install Exchange 2010 SP1 on several
servers in your existing Exchange organization, which currently runs Exchange Server 2003. Click the
Exhibit(s) button to view a list of domain controllers in the nutex.com forest.
You inform the CIO that you will be on vacation during the first phase of the scheduled Exchange 2010 SP1
deployment. The CIO requests that you have David perform the first phase of the installation, and that you
make changes the David's account so that the user will be able to perform the required duties.
Exhibit:
A. Add David's account to the Schema Admins and Domain Admins groups, and have David prepare the
Active Directory forest from a domain controller in the nutex.com domain.
B. Add David's account to the Schema Admins and Domain Admins groups, and have David prepare the
Active Directory forest from a domain controller in the east.nutex.com domain.
C. Add David's account to the Schema Admins and Domain Admins groups, and have David prepare the
Active Directory forest from a domain controller in the west.nutex.com domain.
D. Add David's account to the Schema Admins and Enterprise Admins groups, and have David prepare the
Active Directory forest from a domain controller in the nutex.com domain.
E. Add David's account to the Schema Admins and Enterprise Admins groups, and have David prepare the
F. Add David's account to the Schema Admins and Enterprise Admins groups, and have David prepare the
Active Directory forest from a domain controller in the west.nutex.com domain.
Answer: E
Answer:
Add David's account to the Schema Admins and Enterprise Admins groups, and have David prepare the
Explanation:
You should add David's account to the Schema Admins and Enterprise Admins groups and have him
prepare the Active Directory forest from a domain controller in the east.nutex.com domain.
David must be a member of the Enterprise Admins and Schema Admins groups to start the first phase of
the installation process of preparing the Active Directory forest. David must prepare the Active Directory
forest in the same domain and the same site as the domain controller that hosts the schema master role. In
this scenario, the schema master is on a domain controller in the east.nutex.com domain named SRV11.
All other answers are incorrect. David cannot be a member of the Domain Admins group and prepare
Active Directory. You cannot prepare the Active Directory forest from the nutex.com domain or the west.
nutex.com domain because these domains do not contain the schema master.
Objective:
Sub-Objective:
QUESTION 3
You are the enterprise Exchange administrator for the Nutex Corporation, which has an Active Directory
forest that contains a single domain named nutex.com. Nutex plans to switch to Exchange 2010 SP1 from
another mail system. You have domain controllers that run Windows 2000 Server, Windows Server 2003,
and Windows Server 2008. The CIO asks you to propose changes to the Active Directory structure that will
enable you to install Exchange 2010 SP1.
What changes do you propose? (Choose all that apply. Each correct answer is part of the solution.)
A. Upgrade the schema master from Windows 2000 Server to Windows Server 2003 R2.
B. Upgrade the schema master from Windows 2000 Server to Windows Server 2008 R2.
C. Upgrade any global catalog servers that run Windows 2000 Server to Windows Server 2003 R2.
D. Replace any global catalog servers that run Windows 2000 Server with global catalog servers running
Windows Server 2008 R2.
E. Upgrade all domain controllers that run Windows 2000 Server to Windows Server 2003 R2.
F. Replace all domain controllers that run Windows 2000 server with domain controllers running Windows
Server 2008 R2.
G. Raise the domain level and Active Directory forest level to Windows 2003 functionality mode.
H. Raise the domain level and Active Directory forest level to Windows 2008 functionality mode.
Answer: ACEG
Answer
Upgrade the schema master from Windows 2000 Server to Windows Server 2003 R2.
Upgrade any global catalog servers that run Windows 2000 Server to Windows Server 2003 R2.
Upgrade all domain controllers that run Windows 2000 Server to Windows Server 2003 R2.
Raise the domain level and Active Directory forest level to Windows 2003 functionality mode.
Explanation:
You only need to perform the following actions to meet the minimum requirements for the network and
directory servers in a new Exchange 2010 SP1 organization:
Upgrade the schema master from Windows 2000 Server to Windows Server 2003 R2. The schema
master must have, at a minimum, the latest version of either Windows Server 2003 Standard or
Enterprise Edition operating
systems.
Upgrade any global catalog servers that run Windows 2000 Server to Windows Server 2003 R2. In
every Active Directory site of your Exchange organization where an Exchange 2010 server is installed,
you should have at least one global catalog server. This global catalog server must run the latest version
of Windows Server 2003 Standard or Enterprise Editions operating systems or above.
Upgrade all domain controllers that run Windows 2000 server to Windows Server 2003 R2. Exchange
2010 must be installed into an Active Directory forest that has the Windows 2003 forest functionality
mode. You must upgrade or replace all domain controllers that run Windows 2000 Server to ensure that
each domain is at least at the Windows 2003 mode.
Raise the domain level and Active Directory forest level to Windows 2003 functionality mode. In order for
the Active Directory forest to be set at Windows Server 2003 functionality mode, each domain in the
forest must be set to Windows Server 2003 functionality or higher.
You do not need to upgrade the schema master or the global catalog servers to Windows Server 2008 R2.
You only need to ensure that the schema master and global catalog servers are running the latest version
of the Windows Server 2003 operating system.
You do not need to upgrade the domain level and Active Directory forest level to Windows 2008
functionality mode. You can install Exchange 2010 in an Active Directory forest that has the Windows
Server 2003 forest functionality mode.
You do not have to replace all domain controllers that run Windows 2000 server with domain controllers
running Windows Server 2008 R2. You can replace the domain controllers that run Windows 2000 server
with Windows Server 2003 R2, either by upgrading or by replacing the machines.
Objective:
Sub-Objective:
QUESTION 4
You administer an Exchange 2007 organization for the Nutex Corporation. Nutex has an Active Directory
forest that contains a single domain named nutex.com.
Nutex plans to upgrade to Exchange 2010 SP1 from Exchange 2007. Your domain controllers run Windows
Server 2003 SP2 and Windows Server 2008, and your servers run Exchange 2007 SP1 and Exchange
Server 2007 SP2. The CIO asks you to propose the minimum hardware changes required to install
Exchange 2010 SP1. What minimum changes do you propose to install Exchange 2010 SP1 in your
organization?
(Choose all that apply. Each correct answer is part of the solution.)
A. Upgrade the schema master from Windows Server 2003 SP2 to Windows Server 2003 R2 before
upgrading to Exchange 2010 SP1.
B. Upgrade the schema master from Windows Server 2003 SP2 to Windows Server 2008 R2 64-bit edition
before upgrading to Exchange 2010 SP1.
C. Upgrade any global catalog servers that run Windows Server 2003 SP2 to Windows Server 2003 R2
before upgrading to Exchange 2010 SP1.
D. Replace any global catalog servers that run Windows Server 2003 SP2 with global catalog servers
running Windows Server 2008 R2 64-bit edition before upgrading to Exchange 2010 SP1.
E. Raise the domain level and Active Directory forest level to Windows Server 2008 functional mode before
upgrading to Exchange 2010 SP1.
F. Upgrade all Exchange Server 2007 SP1 servers to Exchange Server 2007 SP2 before upgrading to
Exchange 2010 SP1.
Answer: F
Answer:
Upgrade all Exchange Server 2007 SP1 servers to Exchange Server 2007 SP2 before upgrading to
Exchange 2010 SP1.
Explanation:
The only required action is to upgrade all Exchange Server 2007 SP1 servers to Exchange Server 2007
SP2 before upgrading to Exchange 2010 SP1. All existing Exchange servers must have Exchange Service
Pack 2 (SP2) installed on them to support co-existence with Exchange 2010 SP1.
You only need to perform the following actions to meet the minimum requirements for the network and
directory servers in a new Exchange 2010 SP1 organization:
The schema master must have, at a minimum, the Windows Server 2003 operating system (either the
Standard or Enterprise edition). You do not have to upgrade the schema master for this scenario.
The global catalog server must run the latest version of Windows Server 2003 or above (Standard or
Enterprise editions).
The Active Directory forest must be at the Windows Server 2003 functional level or above.
You do not have to upgrade the current schema master or global catalog server because all domain
controllers run Windows Server 2003 SP2 and Windows Server 2008.
None of the domain controllers has to use the 64-bit operating system, Windows Server 2003 SP2, or
Windows Server 2008.
You do not have to raise the domain level and Active Directory forest level to Windows Server 2008
because the current domain level and Active Directory forest level is set to Windows Server 2003. This level
supports the upgrade to Exchange 2010 SP1.
You do not need to upgrade the schema master or the global catalog servers to Windows Server 2008 R2.
You only need to ensure that the schema master and global catalog servers are running the latest version
of the Windows Server 2003 operating system.
Objective:
Sub-Objective:
QUESTION 5
You are the enterprise Exchange administrator at the main office of your company. Your company has an
Active Directory forest that contains a single domain, as well as four branch offices in different locations that
are configured as Active Directory sites. In each location you have domain controllers that run Windows
2003 Server SP2 (32-bit edition) and Windows Server 2008 (32-bit edition). Each site has a global catalog
server. One of the locations has a Windows Server 2008 read-only domain controller (RODC). The Active
Directory forest level of
your domain is set to Windows Server 2003.
Your company plans to install Exchange 2010 SP1. The CIO asks you to propose the minimum changes
required to install Exchange 2010 SP1.
What minimum changes do you propose to install Exchange 2010 SP1 in your organization
A. Replace any global catalog servers that run Windows Server 2003 SP2 with global catalog servers
running Windows Server 2008 R2 (64-bit edition).
B. Replace any RODCs that run Windows Server 2008 (32-bit edition) with RODCs that run Windows
Server 2008 (64-bit edition).
C. Raise the domain level and Active Directory forest level to Windows Server 2008 functionality mode.
D. Replace all RODCs with domain controllers that run Windows Server 2003 SP1 (32-bit edition).
Answer: D
Answer:
Replace all RODCs with domain controllers that run Windows Server 2003 SP1 (32-bit edition).
Explanation:
You should replace all read-only domain controllers (RODCs) with writable domain controllers that run at
least Windows Server 2003 SP2 (either 32-bit or 64-bit edition). In each Active Directory site, you must have
at least one domain controller and one global catalog server with a writeable copy of Active Directory
Directory Services (AD DS). Exchange 2010 SP1 cannot use an RODC or a global catalog server on an
RODC. A domain controller or a global catalog server has to run at least Windows Server 2003 SP2 to
support Exchange 2010 SP1.
You do not have to replace any global catalog servers that run Windows Server 2003 SP2 with global
catalog servers running Windows Server 2008 R2 64-bit edition. The domain controller and global catalog
servers do not have to run the 64-bit version of Windows Server; they can use the 32-bit version.
You do not have to raise the domain level and Active Directory forest level to Windows Server 2008
functionality mode because the current domain level and Active Directory forest level is set to Windows
Server 2003, which is sufficient.
You should not replace any RODC that run Windows Server 2008 (32-bit edition) with an RODC that runs
Windows Server 2008 (64-bit edition). Exchange 2010 cannot use an RODC or a global catalog server on
an RODC.
Objective:
Sub-Objective:
QUESTION 6
You administer an enterprise Exchange 2003 organization for the Nutex Corporation. Nutex a single domain
named nutex.com. All the domain controllers in your domain run Windows Server 2008 R2.
You plan to install Exchange 2010 SP1 on several servers in your existing Exchange organization. You
inform the CIO that you will be on vacation during the first phase of the scheduled Exchange 2010 SP1
deployment. The CIO requests that you propose a candidate and make changes the user's account so that
the user will be able to perform the duties of the first phase of the installation which updates the schema
and creates an Exchange container.
Which user should you configure?

A. Add Brian to the Domain Admins and Schema Admins groups.
B. Add Linda to the Enterprise Admins and Schema Admins groups.
C. Add Josh to the Enterprise Admins and Exchange Servers groups.
D. Add Ann to the Domain Admins and Exchange Servers groups.
Answer: B
Answer:
Add Linda to the Enterprise Admins and Schema Admins groups.
Explanation:
You should allow Linda to do the first phase of the installation after adding her account to the Enterprise
Admins and Schema Admins groups. To install Exchange 2010 SP1, she must prepare Active Directory
and the domain for Exchange 2010, for which she must be a member of the Enterprise Admins and
Schema Admins groups. The user first needs to prepare legacy Exchange permissions in every domain in
the forest that has either Exchange servers or Exchange domain server groups. There are two ways to
accomplish this. You can run
setup /PrepareLegacyExchangePermissions or setup /pl to prepare legacy Exchange permissions in
every domain in the forest, or you can run setup /PrepareSchema.
You can specify the fully qualified name of the domain (FQDN) to prepare legacy Exchange permissions in
a specific domain. For example, you could run the following command to prepare legacy Exchange
permissions in the nutex.com domain:
setup /PrepareLegacyExchangePermissions: nutex.com
However, you do not necessarily have to run setup /PrepareLegacyExchangePermissions or setup /pl to
prepare the legacy Exchange permissions because this step will be included when you run setup /
PrepareSchema.
You should run setup /PrepareSchema or setup /ps to update the schema with Exchange 2010 specific
attributes. This step can be skipped if you run the setup /PrepareAD /organization:nutex.com or setup /P /
organization:nutex.com commands, which can perform the same function.
The setup /PrepareAD /organization:<FQDN of domain> command does the following:
Creates an Exchange container if one does not exist

Verifies the schema has been updated, creates Exchange container, and objects if the schema has not
been updated
Creates the Microsoft Exchange Security Groups organizational unit (OU)
Creates security groups for Exchange 2010
Prepares the local domain for Exchange 2010
These steps do not have to be performed in an exact sequence, and some steps can be skipped. However,
it is better to run the steps in the order given by Microsoft because you can run each step with an account
that has the minimum permissions required for that step. By following this procedure, you can also verify
that each step was completed successfully before continuing to the next step.
After preparing the Active Directory, you should prepare the domains that will have Exchange 2010 SP1
servers. You can run the setup /PrepareDomain or setup /pd to prepare the local domain, setup /
PrepareDomain:<FQDN of domain> to prepare a specific domain, or setup /PrepareAllDomains or
setup /pad to prepare all domains in your organization. The setup /PrepareDomain command sets
permissions on the domain container for the Exchange Servers, Exchange Organization Administrators,
and Exchange Mailbox Administrators.
All other answers are incorrect because the candidates were not added to the Enterprise Admins or
Schema Admins group. The Domain Admins group allows a user to have administrative rights throughout
the domain; however, this group may not be able to perform certain functions in the Active Directory forest.
The ExchangeServers group only exists after Exchange 2010 SP1 has been installed. This group contains
the computers that are Exchange 2010 SP1 servers in the Exchange organization. The group should not
have users added as members. Do not confuse the ExchangeServers group with the built-in Exchange
Servers management role, which is part of the role-based access control (RBAC) feature of Exchange
Server 2010 and Exchange
Server 2010 SP1. Membership in the Exchange Servers management role allows administrators to do the
following:

Modify the content filtering configuration on Hub Transport servers
Objective:
Sub-Objective:
QUESTION 7
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex a single domain named
nutex.com that has three locations. All of the domain controllers in your domain run Windows Server 2008
R2. Nutex has an Exchange 2010 SP1 organization.
The CIO instructs you to deploy Microsoft Office 2010 to all client computers and to design Autodiscover for
internal and external clients. The Autodiscover service must be properly designed so Outlook clients can
use the Autodiscover service to repair Exchange Server connection settings for corrupted profiles and for
user mailboxes that are moved to different servers.
What should you plan to deploy? (Choose two for a complete solution.)
A. Use a single Autodiscover service URL for both your internal and external clients
B. Use multiple URLs for all Client Access servers
C. Use site affinity
D. Create TXT records in DNS for the Autodiscover service URL(s)
E. Create SRV records in DNS for the Autodiscover service URL(s)
Answer: AC
Answer:
Use a single Autodiscover service URL for both your internal and external clients
Use site affinity
Explanation:
You should consider configuring a single Autodiscover service URL for both your internal and external
clients. The Autodiscover URL matches the server name of the Client Access server (CAS) role that you
installed; for example, https://cas1.nutex.com/autodiscover/autodiscover.xml. The name of the server is
registered in Active Directory and DNS and creates a server connection point that matches the fully
qualified domain name (FQDN). Any computer in the domain uses the FQDN to locate the Autodiscover
service. Multiple Client Access servers in the domain have their own Autodiscover service connection point
records. Clients that are not connected to the domain will try to locate the Autodiscover service by using
DNS. You can ensure that both internal and external clients can locate the Autodiscover service by
configuring a single URL for
all clients, such as https://nutex.com/autodiscover/autodiscover.xml.
You should also use site affinity. Site affinity is useful if you have Client Access servers in multiple locations
where links between the locations may have slow connections. With site affinity, you can improve
performance by having Outlook 2007 and 2010 users to retrieve Autodiscover information from the closest
Active Directory site. To configure site affinity, you must specify which sites Outlook clients prefer to
connect to for a particular Autodiscover service instance.
You should not use multiple URLs for all Client Access servers. Each Client Access server has its own
URL. Having multiple URLs will be hard to manage. You will also need to configure a different URL for each
Client Access server to make it available to external clients that are not connected to the domain. You
should not create a TXT or SRV record for the Autodiscover service URL(s). You should configure a Host
(A) record in DNS for the Autodiscover service URL. A SRV record is a service record used to find certain
servers,
such as a domain controller or global catalog server. A TXT record is used to provide proof of ownership of
a registered Internet domain.
Objective:
Sub-Objective:
QUESTION 8
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex has an Exchange 2007
organization that you plan to upgrade to Exchange 2010 SP1. You have applied Exchange 2007 Service
Pack 2 (SP2) to all of your Exchange 2007 servers.
The current host name is https://nutex.com.
The CIO instructs you to deploy the first Client Access server role in the Atlanta office. How should you plan
to handle the deployment? (Choose two.)
A. Remove the old host name and create a new host name
B. Create a second DNS host name
C. Appropriate a SSL certificate for the new host name
D. Appropriate two SSL certificates, one for the old host name and one for the new host name
E. Appropriate a single SSL certificate for both host names
Answer: BE
Answer:
Create a second DNS host name
Appropriate a single SSL certificate for both host names
Explanation:
You will need to create a second DNS host name when you install Exchange 2010 SP1 in an Exchange
2007 organization. A new host name will be required at the time when you install the first Exchange 2010
SP1 Client Access server. If the current host name is https://nutex.com, Microsoft recommends that you
use the naming convention https://legacy.nutex.com. You should configure https://legacy.nutex.com to
point to your Exchange 2007 Client Access servers and https://nutex.com to point to your Exchange 2010
SP1 Client Access server or
to the host record of the Client Access server array.
You must appropriate a single SSL certificate for the host names of https://nutex.com and https://legacy.
nutex.com. You can use a Subject Alternative Name (SAN) on the certificate. When an Outlook Web App
client connects to the Client Access server, and the user mailbox is located on an Exchange Server 2007
mailbox server, the client is redirected to the Exchange Server 2007 URL that is configured on the Client
Access server. In this scenario, if the client connects to the Exchange Server 2010 SP1 Client Access
server
using the URL https://nutex.com, the request might be redirected to https://legacy.nutex.com; the client
then communicates with the Exchange Server 2007 mailbox server to access the user mailbox.
You do not have to remove the old host name and create a new host name. You can keep the old name,
but you will have to create a new name to accommodate requests to user mailboxes that are on the old
mailbox servers. Microsoft recommends the https://legacy.<domain name>.com nomenclature.
You should not appropriate a single SSL certificate for the new host name. You need the SSL certificate to
support both names.
You do not have to appropriate two SSL certificates for two host names. You can use a Subject Alternative
Name (SAN) or wild card certificate that can support multiple names.
Objective:
Sub-Objective:
QUESTION 9
You administer an Exchange 2010 SP1 organization where you have deployed multiple Client Access
servers. You have a large number of users in the organization that use Outlook Anywhere to connect
remotely. The CIO instructs you to come up with a plan to test end-to-end client Outlook Anywhere
connectivity.
What methods should your plan include? (Choose two. Each correct answer is a separate solution.)
A. Use the Exchange Remote Connectivity Analyzer (ExRCA)

B. Use the Mail Flow Troubleshooter.
C. Use the Test-OutlookConnectivity cmdlet
D. Use the Test-OutlookWebServices cmdlet
E. Use the Test-ServiceHealth cmdlet
Answer: AC
Answer:
Use the Exchange Remote Connectivity Analyzer (ExRCA)
Use the Test-OutlookConnectivity cmdlet
Explanation:
You can use the Test-OutlookConnectivity cmdlet. This cmdlet can test end-to-end Microsoft Outlook
client connectivity using either RPC/HTTP or TCP-based connections.
You can also use the Exchange Remote Connectivity Analyzer (ExRCA) to test Outlook Anywhere
connectivity, as shown in the following illustration:
You should not use the Test-OutlookWebServices cmdlet. This cmdlet verifies the Autodiscover service
settings for Microsoft Outlook on a Client Access role. This cmdlet will not test or monitor RPC/HTTP
connectivity for Outlook Anywhere.
You should not use Test-ServiceHealth cmdlet. This cmdlet tests to see if all the proper services that
Exchange 2010 requires on a server are started. This cmdlet will not test or monitor RPC/HTTP connectivity
for Outlook Anywhere.
You should not use the Mail Flow Troubleshooter. This tool is used to troubleshoot mail flow problems, not
to test or monitor RPC/HTTP connectivity for Outlook Anywhere.
Objective:
Sub-Objective:
QUESTION 10
has several business partners. The CIO wants you to control what types of messages sent from users in
the Nutex organization to the business partners.
What should you plan on configuring?
A. Create an accepted domain for each business partner

B. Create a remote domain entry for each business partner
C. Use federated sharing
D. Use AD RMS
Answer: B
Answer:
Create a remote domain entry for each business partner
Explanation:
You should create a remote domain entry for each business partner. A remote domain is an SMTP domain
that is external to your organization. You can use remote domain entries to define the message types that
can be transferred between your Exchange 2010 organization and any domains outside your Active
Directory forest. You could use a remote domain to specify settings for out-of-office messages. You can
configure the out-of-office message settings and message format settings for e-mail that is sent to the
remote domain. To configure these
settings, you can use either the Set-RemoteDomain cmdlet or the properties dialog box of the remote
domain. You can also use the Exchange Management Console (EMC) to configure the message types to
be delivered to a remote domain.
You should not use an accepted domain for each business partner. An accepted domain is a SMTP
namespace that an Exchange organization can use to send or receive mail. An accepted domain will not
determine what types of messages can be sent from users in the Nutex organization to the business
partners.
You should not use federated sharing. Federated sharing is a function of Federation Services, which allows
your organization to share calendar information and free/busy information with other companies outside
your Active Directory forest. Federated sharing will not allow you to control what type of messages sent from
users in the Nutex organization to the business partners.
You should not use Active Directory Rights Management Services (AD RMS). AD RMS will not allow you to
control what type of messages sent from users in the Nutex organization to the business partners. AD RMS
protects information from unauthorized use. AD RMS identifies users and provides the users with licenses
for protected information. It also provides Information Rights Management (IRM) protection.
AD RMS can work with RMS-enabled applications, such as Microsoft Office and OWA, to protect messages
and documents online and offline, and to apply IRM protection to messages. Outlook 2010 has automatic
IRM protection. You can create Outlook protection rules that use an IRM template on an Exchange 2010 or
Exchange 2010 SP1 server. These rules are distributed to Outlook 2010 client via Exchange Web services.
Objective:
QUESTION 11
You are the enterprise Exchange administrator for the Nutex Corporation. Nutex plans to deploy Exchange
2010 SP1. You will need to deploy Hub Transport servers that perform antivirus scanning.
You have a server with eight processor cores. The CIO asks you to come up with a plan for the number of
processor cores that mailbox servers will use on the server and the number of processor cores that the hub
transport servers will use on the server.
What processor core ratio should you deploy?
A. a processor core ratio of seven mailbox servers to each Hub Transport server
B. a processor core ratio of deploy five mailbox servers to each Hub Transport server
C. a processor core ratio of deploy seven Hub Transport servers to each mailbox server
D. a processor core ratio of deploy five Hub Transport servers to each mailbox server
Answer: B
Answer:
a processor core ratio of deploy five mailbox servers to each Hub Transport server
Explanation:
You should plan to deploy five processor cores for mailbox servers to each processor core for the Hub
Transport server. If the Hub Transport servers are performing antivirus scanning, Microsoft recommends
that you have a Mailbox to Hub Transport role ratio of five processor cores for mailbox servers to each
processor core for the Hub Transport server.
If you do not plan to perform antivirus scanning on the Hub Transport servers, you should plan to deploy a
ratio of seven processor cores for mailbox servers to each processor core for the Hub Transport server You
should not have a processor core ratio of more Hub Transport servers than Mailbox servers.
Objective:
Sub-Objective:
QUESTION 12
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization in
Atlanta. Nutex has two other locations in Boston and Chicago that are configured as separate Active
Directory sites. Each site has a site link to every other site and each site has all Exchange server roles.
Users use Outlook 2010 to access information in public folders. The CIO wants to ensure that if users in
Atlanta cannot retrieve information from public folders on the Atlanta server, they are able to retrieve the
information from Chicago servers, but not the Boston servers.
A. Configure Forms authentication for Outlook Web App in Atlanta

B. Set the Atlanta to Chicago site link cost to 50
C. Set the Atlanta to Boston site link cost to 50
D. Enable a database availability group (DAG) with the mailbox servers in Atlanta and Chicago
Answer: C
Answer:
Set the Atlanta to Chicago site link cost to 50
Explanation:
You should configure cost of the Atlanta to Chicago site link to 50. Outlook clients attempt to access public
folder information from a Mailbox server in their own site. If there is no replica of the public folder in its own
site, the client will connect to a server in another site that contains the public folder replica. This process is
known as a public folder referral. A mailbox server that does not contain the public folder information will
refer the request to another mailbox server that contains the public folder replica based on the lowest IP site
link costs between the
sites. Active Directory assigns a default cost of 100 to each site link. If you lower the site link from Atlanta
to Chicago from 50 to 100, the Chicago site will be the referral site.
You should not configure the Atlanta to Boston site link to 50. This action will cause the Atlanta mailbox
server to refer clients to mailbox servers in the Boston site because the Boston site will now have a lower
site link cost than the Chicago site.
You should not use Forms authentication for Outlook Web App in Atlanta. Forms authentication can be
used to provide authentication for non-domain users, and can also provide automatic authentication for
Outlook Web application for domain users. Forms authentication will not automatically refer users to
mailbox servers in the Chicago if a public folder replica is not available in Atlanta.
You should not create a database availability group (DAG) with the mailbox servers in Atlanta and Chicago.
A database availability group (DAG) is used to provide fault tolerance for mailbox databases. A public folder
database cannot participate in a DAG.
Objective:
Sub-Objective:
QUESTION 13
You administer an Exchange 2010 SP1 organization for a company with several locations. All client
computers run Microsoft Office Outlook 2007 SP2. In the main office, there are few conference rooms. You
want to ensure that requests for conference rooms are
automatically accepted or denied.
A. Configure a linked mailbox and the Booking Attendant

B. Configure a linked mailbox and a delegate for the mailbox
C. Configure a room mailbox and the Booking Attendant
D. Configure a room mailbox and a delegate for the mailbox
Answer: C
Section: Designing and Deploying Security for the Exchange Organization
Answer:
Configure a room mailbox and the Booking Attendant
Explanation:
You should configure a room mailbox. A room mailbox is a resource mailbox that is used for room
scheduling and is not owned by a user. The user account associated with this resource mailbox will be
disabled. You should use the Resource Booking Attendant to automatically accept or decline request for the
conference rooms. When the Resource Booking Attendant is enabled, it will use the booking policies that
you have defined on the room mailbox to determine who is eligible to use the room and who is not. If you do
not want to automatically
accept or decline meeting room requests, you can disable the Resource Booking Attendant and assign a
user to be a delegate of the room mailbox. The delegate can decide who will be able to use the meet room
if a conflict arises by accepting or declining the meeting requests.
You should not use a linked mailbox. A linked mailbox is a mailbox that is assessed by a user in a different
forest that has a trust to your domain. A linked mailbox should not be used as a room mailbox.
Objective:
Designing and Deploying Security for the Exchange Organization
Sub-Objective:
Design and deploy Exchange permissions model
QUESTION 14
asks you to allow users who are members of the NutexHelp group to manage existing mailboxes in the
Nutex organization.
What built-in management role should you assign to the group?
A. Mailbox Search role

B. Mail Recipients role
C. MyDiagnostics role
D. Mail Tips role
Answer: B
Answer:
Mail Recipients role
Explanation:
You should add the Mail Recipients management role to the group. This management role allows users to
manage existing mailboxes, mail users, and mail contacts.
You should not add the MyDiagnostics role to the group. This management role allows users to perform
basic diagnostics on a mailbox. This role will not allow you to manage existing mailboxes.
You should not add the Mailbox Search role to the group. This management role allows users to search the
content of mailboxes in an organization. This role will not allow you to manage existing mailboxes.
You should not add the Mail Tips role to the group. This management role allows users to manage mail tips
in an organization. This role will not allow you to manage existing mailboxes.
Objective:
Sub-Objective:
Design and deploy Exchange permissions model
QUESTION 15
has several locations and several DNS servers that have an Active Directory integrated zone for nutex.com
. All client computers run Office Outlook 2007 SP2.
Management has complained that e-mail messages from your organization are treated as spam by several
important customers. The CIO wants the Nutex organization to use the Sender ID agent to validate the
origin of email messages by verifying the IP address of the sender against the alleged owner of the sending
domain.
What must you plan to add to all Internet-facing DNS servers of the organization?
A. Plan to create a MG record to support your sender policy framework (SPF)

B. Plan to create a MINFO record to support your sender policy framework (SPF)
C. Plan to create a SRV record to support your sender policy framework (SPF)
D. Plan to create a TXT record to support your sender policy framework (SPF)
Answer: D
Answer:
Plan to create a TXT record to support your sender policy framework (SPF)
Explanation:
You must use a TXT record to specify DNS records for your sender policy framework (SPF) records. The
Sender ID agent helps prevent the impersonation or spoofing of a sender and a domain. You must create
an SPF record on your public DNS server. The records must be a TXT record because it provides proof of
ownership.
The following command uses a TXT record to create a SPF record for the nutex.com domain in DNS:
nutex.com. TXT "v=spf1 mx -all"
The above record will allow all MX servers in the nutex.com domain to send mail for nutex.com.
To support the Sender ID infrastructure, you must have an SPF record on all Internet-facing DNS servers.
Sender ID relies on DNS data. The more Internet-facing DNS servers that have an SPF records, the better
Sender ID will be able to identify spoofed e-mail messages.
You should not create a SRV record to support your sender policy framework. A SRV record is a service
record. SRV records are used by DNS clients to identify specific TCP/IP services and protocols mapped to
a specific DNS domain. A SRV record is not used to support Sender ID.
You should not create a MG record to support your sender policy framework. A MG record is a mailbox
record that adds domain mailboxes (MB) records in the current zone. The MG record identifies all the MB
records that have been added in the zone. An MG record is not used to support Sender ID.
You should not create a MINFO record to support your sender policy framework. A MINFO record is a
Mailbox Information record. A MINFO record is used to specify a mail list that identifies a mailbox name to a
contact. An MINFO record is not used to support Sender ID.
Objective:
Sub-Objective:
Design and deploy message hygiene
QUESTION 16
instructs you to allow only mobile phones that can support and implement encryption to synchronize with an
Exchange server in your organization.
What must you do?
A. Enable client certificate authentication on the ActiveSync Virtual Directory.

B. Enter the phone ID in the Allow List on the ActiveSync Virtual Directory.
C. Create a new Exchange ActiveSync policy.
D. Enable Direct Push to work through the firewall.
Answer: C
Answer:
Create a new Exchange ActiveSync policy.
Explanation:
You must create a new a new Exchange ActiveSync policy and enable the Require Device Encryption
policy setting. When Require Device Encryption is set to $true in an Active Sync policy, the mobile phone
must support and implement encryption in order to synchronize with the server.
You should not enable Direct Push to work through the firewall. Direct Push maintains a long-standing
HTTPS request between the mobile phone and the Exchange Client Access server using Secure Sockets
Layer (SSL). Direct Push requires an SSL connection from the Internet and the Client Access server. Direct
Push does not require a device to support and implement encryption to synchronize with an Exchange
server.
You cannot enter the phone ID in the Allow List on the ActiveSync Virtual Directory. The Allow List on the
ActiveSync Virtual Directory is a list of host names of servers from which clients are allowed to access files.
You do not have to enable client certificate authentication on the ActiveSync Virtual Directory. A client
certificate is not required for a device to support and implement encryption to synchronize with an Exchange
server.
Objective:
Sub-Objective:
Design and deploy client access security
QUESTION 17
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization in New
York. Nutex has multiple locations. All locations have Exchange 2010 SP1 servers that have the Client
Access role, Hub Transport role, and Mailbox server role. Edge Transport servers are deployed in the
perimeter network of each location. You have Active Directory Rights Management Service deployed in the
nutex.com forest. All client computers run either Windows XP SP3 and Office 2007, or Windows Vista and
Office 2010.
The CIO wants protect against the risk of information leakage by automatically applying IRM-protection to
messages that are sent and received by Outlook.
What should you plan on doing to meet this requirement?
A. You should first copy the rights policy template to all client computers.
B. You should first replace or upgrade all Windows XP client computers to at least Windows Vista.
C. You should first replace or upgrade client computers to Windows 7.
D. You should first upgrade all clients to Office 2010.
Answer: D
Answer:
You should first upgrade all clients to Office 2010.
Explanation:
You should first upgrade all clients to Office 2010. In Exchange 2010 SP1, Outlook protection rules protect
against the risk of information leakage to messages created in Outlook 2010. Outlook 2010 automatically
applies IRM protection to the message and any attachments before the message is sent. Outlook protection
rules are distributed to Outlook 2010 clients using Exchange Web Services. Outlook protection rules are
only supported in Outlook 2010, not Outlook 2007.
You should not replace or upgrade client computers to Windows 7 or replace or upgrade all Windows XP
client computers to at least Windows Vista. Outlook protection rules are only supported on clients that use
Office 2010. Office 2010 will run on computers that run Windows XP SP3, Windows Vista, or Windows 7.
You do not have to copy the IRM template to all client computers. The rights policy template that is used by
the Outlook protection rules exists on the AD RMS server. Outlook protection rules are distributed to
Outlook 2010
clients using Exchange Web Services. You will need to upgrade all Outlook clients to Outlook 2010 to use
Outlook protection rules.
Objective:
Sub-Objective:
Design and deploy messaging security
QUESTION 18
You work as the enterprise Exchange administrator for the Nutex Corporation. Nutex has an Exchange
2010 SP1 organization with multiple locations. Each location contains a Mailbox server, Client Access
server, and Hub Transport server. Each location has a perimeter network that has an Edge Transport
server that sends e-mail to the Internet. All clients in the Nutex organization use Microsoft Office 2010.
The CIO wants you to ensure that sensitive information such as financial data, customer credit card
information, and employee information exchanged by employees in the organization is not at risk once the
message leaves the client and is sent outside the organization. Outlook 2010 clients must know if a
message is protected.
What should you recommend? (Choose two as a complete solution.)
A. AD RMS
B. AD LDS
C. S/MIME
D. Outlook protection rules
E. Transport Rules
F. Journal Rules
Answer: AD
Answer:
AD RMS
Outlook protection rules
Explanation:
You must implement Active Directory Rights Management Services (AD RMS). You can apply Information
Rights Management (IRM) protection to messages using AD RMS. Outlook 2010 has automatic IRM
protection. You can create Outlook protection rules that use an IRM template on an Exchange 2010 server.
These rules are distributed to Outlook 2010 client via Exchange Web services.
You should also use Outlook protection rules. Outlook protection rules are applied when the message
leaves the Outlook 2010 clients. Outlook protection rules can use three predicates:
FromDepartment - This is predicate is used to automatically protect messages sent by the sender's
department attribute in Active Directory and automatically IRM-protects the message. You could
configure a rule to protect all messages sent by a particular department.
Sent to - This predicate is use to automatically protect messages sent to certain recipients, such as a
distribution group.
SentToScope - This predicate is use to automatically protect messages sent to users inside or outside
the organization.
You should not use Transport rules. Transport rules can work with AD RMS and are similar to Outlook
Protection rules. Transport rules can be based on message conditions and protect a message by applying
an AD RMS rights protection template. Transport rules are applied on the Hub Transport server, not the
client. Outlook protection rules are applied to the message when it leaves the Outlook 2010 client.
Transport rules are applied to the message when the message passes through a Hub Transport server.
You should not use journal rules. A journal rule is used to comply with legal, regulatory, and organizational
requirements. A journal rule records inbound and outbound e-mail communications. A journal rule keeps a
copy of a message, but does not protect a message.
You should not use S/MIME. S/MIME allows you to encrypt attachments and messages. The recipient of the
message must have a certificate that acts like a digital identification to be able to open the attachment or
read the message. With S/MIME a message can be digitally signed. A digitally signed message verifies the
identity of the message's sender and verifies that the message has not been altered. With Outlook 2010,
you can use Outlook protection rules and AD RMS as a low-cost alternative to fully protect messages.
You should not user Active Directory Lightweight Directory Services (AD LDS). AD LDS is an LDAP
directory service used by directory-enabled applications. This service is not required to apply IRM protection
or Outlook protection rules.
Objective:
QUESTION 19
The CIO wants you to assign to assign certain users of your Exchange 2010 SP1 organization to a group
named NutexProtection. To ensure productivity, you need to make sure that users belonging to this group
are able to search mailboxes of users for messages that may contain the words "spam," "Patents,"
"infringement," or "virus." You should ensure that your solution reduces the number of permissions that are
assigned to NutexProtection.
What should you do?
A. You should consider assigning the users to the Records Management management role group.
B. You should consider assigning the users to the Hygiene Management management role group.
C. You should consider assigning the users to the Discovery Management management role group.
D. You should consider assigning the users to the Help Desk role management group
Answer: C
Answer:
You should consider assigning the users to the Discovery Management management role group.
Explanation:
You should consider assigning the users to the Discovery Management management role group. Members
of the Discovery Management role group are allowed to perform searches of mailboxes for data that meets
designated criteria. Members of this role group can perform legal holds and perform multi-mailbox
searches. A member of the Discovery Management management role group could perform a discovery
search of mailboxes for messages that may contain specified words, as per the scenario requirements.
In Exchange 2010 SP1, discovery search results copy only one instance of a particular message to the
discovery mailbox. The new feature is called deduplication. Deduplication reduces the storage footprint and
reduces the discovery mailbox size. Users involved reviewing discovery search results, such as discovery
managers or legal counsel, will have a reduced workload.
You should not consider assigning the users to the Records Management management role group.
Members of this role group can configure retention policy tags, message classifications, and transport rules.
You should not consider assigning the users to the Hygiene Management management role group.
Members of this role group can configure antivirus and anti-spam features. In this scenario, you wanted to
search a mailbox for the words "spam" and "virus", not configure antivirus and anti-spam features.
You should not consider assigning the users to the Help Desk management role group. Members of this
role group can view and modify the Outlook Web App options of any user in the organization. Members of
this role group cannot perform searches on a user's mailbox or modify the size of a user's mailbox.
Objective:
QUESTION 20
has several locations. All client computers run Office Outlook 2007 SP2.
The CIO instructs you to protect the organizations from malicious users that take advantage of ISPs that
allow their clients to send SMTP traffic from dial-up accounts. These users can then send SMTP traffic on
dynamically assigned IP addresses, making it hard to block spam by the originating IP address, since the
address is changing.
What should you do?
A. Use an IP Block List provider

B. Create an administrator-defined IP Allow list
C. Use recipient filtering on Edge Transport servers
D. Use sender filtering on Hub Transport servers
Answer: A
Answer:
Use an IP Block List provider
Explanation:
You should use an IP Block List provider. An IP Block List provider service compiles lists of IP addresses
from which spam has originated in the past and provides a "real-time" block list (RBL). Using an IP Block
List provider, you can protect your organization from spammers that take advantage of ISPs that allow
SMTP traffic to send spam on dynamically assigned IP addresses. An IP Block List provider can provide a
list of different IP addresses that can cover spam threats.
You should not create an administrator-defined IP Allow list. You would have to manually add in the IP
addresses of the many spammers who may have IP addresses that can change.
You should not use recipient filtering. Recipient filtering blocks messages based on the characteristics of
the recipient of the message. You can use a recipient filter to stop messages sent to misused account
names, such as admin@nutex.com, support@nutex.com, or webmaster@nutex.com. You can also
stop messages to distribution lists or to mailboxes that should not receive messages from the Internet. A
recipient filter is placed on an Edge Transport server. Recipient filters do not filter based on the sender's
address.
You should not use sender filtering. Sender filtering filters messages on the MAIL FROM: SMTP header.
You can block senders based on a single sender, such as joe@verigon.com, or a whole domain or
subdomains, such as *.verigon.com. A Sender Filter agent must be configured on an Edge Transport
server, not a Hub Transport server. You must also manually add entries into the Sender Filter agent. Since
there are many ISPs that may have many clients that may send spam, it would be easier to rely on an IP
Block List provider to provide protection from changing spammers with different IP addresses.
Objective:
Sub-Objective:
QUESTION 21
You are the Exchange administrator for the Nutex Corporation's Exchange 2007 organization. Nutex is
moving to Exchange 2010 SP1. You have a site that has a single Internet-accessible Client Access server
named CAS1.
You have another site that has another Client Access server named CAS2. CAS2 is not Internet-accessible.
What type of authentication MUST be configured for CAS2?
A. Integrated Windows authentication

B. Digest authentication
C. Basic authentication
D. Forms authentication
Answer: A
Answer:
Integrated Windows authentication
Explanation:
You should choose Integrated Windows authentication. In this scenario, CAS1 is acting as a proxy for other
Client Access servers in the Nutex organization because CAS1 is the Internet-facing Client Access server.
CAS2 does not have to have a separate Secure Sockets Layer (SSL) certificate because it is not exposed
to the Internet. CAS2 can use the self-signed certificate installed by default with Exchange 2010.
Proxying between Client Access servers is known as CAS-CAS proxying. CAS-CAS proxying is supported
for clients that that use Outlook Web App, Exchange ActiveSync, and Exchange Web Services. If you do
not have multiple Active Directory sites in your organization, you do not have to configure Exchange 2010
for proxying or redirection.
In this scenario, you will have to configure the proper authentication on the virtual directories of the Internet-
facing Client Access server for the /owa, /EWS, and /Microsoft-Server-ActiveSync virtual directories.
The /owa virtual directory is used by Outlook Web app for clients to access their mailboxes that may be
on either Exchange 2007 or Exchange 2010 mailbox servers.
The /EWS virtual directory publishes Exchange Web Services and programming APIs for third party
applications.
The /Microsoft-Server-ActiveSync virtual directory is for ActiveSync clients to connect to mailboxes.
All other answers are incorrect because client communications to be proxied between virtual directories on
different servers, the virtual directories must use Integrated Windows authentication. Digest authentication
secures the password by transmitting it as a hash value over the network. Basic authentication transmits
passwords in clear text. Forms-based authentication is available only for Outlook Web App and Exchange
Control Panel. Forms-based authentication replaces all other authentication methods when used.
Objective:
Sub-Objective:
QUESTION 22
You administer the Nutex Corporation's Exchange 2007 organization. Nutex is moving to Exchange 2010
SP1. You will have multiple Client Access servers in a Client Access server array. The Exchange 2007
Client Access server will point to http://legacy.nutex.com. The Exchange 2010 SP1 Client Access server
array will point to http://nutex.com.
Your organization has users with mobile devices running Windows Mobile 5.0 and Windows Mobile 6.5.
Nutex has an Enterprise subordinate certificate authority (CA) that issues certificates on behalf of a third
party trusted root CA. The CIO asks you to secure the Client Access servers and allow users with Windows
Mobile devices to access their mailboxes.
What should you do?
A. Acquire an SSL certificate with for the hostname of nutex.com for the Client Access server array and
upgrade all mobile devices to at least Windows Mobile 6.1.
B. Acquire an SSL certificate with for the hostname of nutex.com for the Client Access server array and
upgrade all mobile devices to at least Windows Mobile 6.5.
C. Use a wildcard certificate that can support multiple host names.
D. Use a Subject Alternate Name certificate.
E. Use a Subject Alternate Name certificate and upgrade all mobile devices to at least Windows Mobile
6.1.
Answer: D
Answer:
Use a Subject Alternate Name certificate.
Explanation:
You should use a Subject Alternate Name (SAN) certificate. This type of X.509 certificate allows you to
associate multiple hostnames with a single certificate. You may need to have users access both Client
Access server versions: the Exchange 2007 Client Access server and the Exchange 2010 SP1 Client
Access server array. You must associate the hostnames of legacy.nutex.com and nutex.com with the
certificate. You will also need a load balancer to provide load balancing for a CAS server. A CAS array does
not provide any load balancing. You need
to set the FQDN of the CAS array. The FQDN of the CAS array must resolve to a load-balanced virtual IP
address in the internal DNS zone.
A Subject Alternate Name certificate is compatible with Windows Mobile 5.0 devices. There is no need to
upgrade the mobile devices to Windows Mobile 6.1 or Windows Mobile 6.5.
You should not use a wildcard certificate that can support multiple host names. A wildcard certificate allows
you to use a single certificate to support multiple names in a domain. With a wildcard certificate, you could
use a certificate for your entire domain. However, in this scenario you have users that have Windows
Mobile 5.0 devices. A wildcard certificate is not compatible with Windows Mobile 5.0 devices. You should
not acquire an SSL certificate for the hostname of nutex.com. You need to have a certificate that can
support both names.
Objective:
Sub-Objective:
QUESTION 23
You work as the enterprise administrator for the Nutex Corporation. Nutex has an Exchange 2010 SP1
organization and multiple locations. Each location contains a Mailbox server, Client Access server, and Hub
Transport server. Each location has a perimeter network that has an Edge Transport server that sends e-
mail to the Internet.
You must ensure that e-mails sent between Nutex employees and certain business partners are encrypted,
that the messages cannot be altered, and that messages cannot be read by another recipient.
What should you plan to use?
A. Use TLS security on the Edge Transport server

B. Use IPsec on the on the Hub Transport server
C. Use S/MIME
D. Configure a VPN between the business partners that use SSTP
Answer: C
Answer:
Use S/MIME
Explanation:
You should use S/MIME. S/MIME allows you to encrypt attachments and messages. The recipient of the
message must have a certificate that acts like a digital identification to be able to open the attachment or
read the message. With S/MIME a message can be digitally signed. Digitally signed messages verify the
identity of the message's sender and verify that the message has not been altered.
You can also use Domain Security as a low-cost alternative to S/MIME or other message-level security
solutions. Domain Security uses mutual Transport Layer Security authentication to provide authentication
and encryption for messages sent from a Hub Transport server through an Edge Transport server and then
to business partners via the Internet. Domain Security requires clients to use Microsoft Office Outlook 2007,
or later.
You should not use IPsec security on the Edge Transport server or Hub Transport server to secure e-mails
sent between Nutex employees and certain business partners. IPSec security can secure a message and
prevent the message from being altered in transport, but will require that the client and recipient have an
IPsec connection. You should not configure a VPN between the business partners that use SSTP. This
solution would require a VPN server be setup at the partner's site. Also, this solution does not ensure that a
non-intended recipient at the
business partner site cannot see the message. A VPN solution will secure the message in transport, but will
not secure the message once it is at the business partner's site. S/MIME allows only the user with the
certificate to see the message.
Objective:
Sub-Objective:
Design and deploy messaging security
QUESTION 24
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. You
need to specify separation of work policies in order to maintain standards and workflows, and help to control
change in the organization.
You organization has the following requirements regarding the creation of security principals:
Users who are assigned specific permissions in Active Directory will create security principals.
Exchange server services will create security principals.
Mailboxes, mail-enabled users, distribution groups, and role groups will be created by Exchange
management tools.
Some third-party programs will require that Exchange servers be able to create security principals on
their behalf.
What type of model should you use?
A. RBAC split permissions

B. Active Directory split permissions
C. Shared permissions
D. RBAC shared permissions
Answer: A
Answer:
RBAC split permissions
Explanation:
You should use a RBAC split permissions model. The RBAC security model uses role assignment to divide
the users or entities that can create security principals in the Active Directory domain from the users who
administer the Exchange organization data in the Active Directory domain. For example, you can assign
one set of users the Mail Recipient Creation role to allow them to create users with mailboxes, and assign
another set of users to the Security Group Creation and Membership management role groups to create
distribution groups. Permission
assigned to the members of the Mail Recipient Creation or Security Group Creation and Membership roles
remain separate from the permissions required to create security principals outside of the Exchange
management tools. Exchange administrators can still modify Exchange-related attributes on security
principals, even though they are not members of the Mail Recipient Creation or Security Group Creation
and Membership roles. Active Directory administrators can create Active Directory security principals with
Exchange management tools or Active
Directory management tools.
You can use the RBAC split permissions model if the following conditions are met:
You do not have a requirement that security principal creation be performed only Active Directory
management tool and only by users who are assigned specific Active Directory permissions.
Services are able to create security principals.
You need to allow the creation of mailboxes, mail-enabled users, distribution groups, and role groups
within Exchange management tools.
You need to manage the membership of distribution groups and role groups with Exchange
management tools.
You need to allow third-party programs that require that Exchange servers to be able to create security
principals on their behalf.
To split RBAC permissions, run the following command:
setup.com /PrepareAD /ActiveDirectorySplitPermissions:false
To meet the requirements of the scenario, you would create a role group that contains members that are
Active
Directory administrators, and assign the Mail Recipient Creation, the Security Group Creation, and the
Membership roles to that group. Next, remove the assignments between those roles and any role group or
universal security group that contains Exchange administrators.
You should not use the Active Directory split permissions model. This model requires that the creation of
security principals such as mailboxes and distribution groups be created with Active Directory management
tools. When you implement the Active Directory split permissions model, the following occurs:
Exchange administration functions, such as the creation of Exchange-related security principals such as
mailboxes, mail-enabled users, or distribution groups, are removed from the Exchange management
tools.
You cannot manage the membership list of distribution group members with Exchange Management
tools.
Permissions to create security principals are removed from the Exchange Trusted Subsystem and
Exchange servers.
Exchange management tools can modify the Exchange attributes of existing security principals in Active
Directory.
You should not use a shared permissions model. This is the default model and does not separate the
management of Exchange and Active Directory objects from within the Exchange management tools. There
is no RBAC shared permissions model. The RBAC security model is referred to a split model rather than a
shared model.
Objective:
QUESTION 25
You administer an Exchange Server 2010 SP1 organization with Forefront Threat Management Gateway
(TMG) for the Nutex Corporation. Nutex has several locations, and all client computers run Office Outlook
2007 SP2. The CIO instructs you to prevent SMTP relays from sending spam messages to the Nutex
organization.
What should you plan to do?
A. Open Sender Reputation properties and enable Perform an open proxy test when determining
sender confidence level on the Sender Confidence tab.
B. Open Sender ID properties and enable Stamp the message with Sender ID and continue
processing on the Action tab.
C. Open Sender Filtering properties and enable Stamp the message with blocked sender and continue
processing on the Action tab.
D. Open Recipient Filtering properties and enable Block messages sent to recipients not listed in the
Global Address List on the Recipients tab
Answer: A
Answer:
Open Sender Reputation properties and enable Perform an open proxy test when determining sender
confidence level on the Sender Confidence tab.
Explanation:
You should right-click Sender Reputation on the Edge Transport server, select Properties, and enable
Perform an open proxy test when determining sender confidence level. Sender Reputation agents
filter messages based on information about recent messages received from specific senders. The Sender
Reputation agent uses various statistics , such as a reverse DNS lookup to check for a sender domain
mismatch, to create a sender reputation level (SRL) value between 0 (trusted) and 9 (spammer). Sender
reputation filters enable an Edge Transport server to start blocking SMTP connections dynamically from a
specific sender, such as a server that is being used as a SMTP relay agent by spammers. You can
configure the agent to perform an open proxy test to ensure that the sender may not be an SMTP relay
used by spammers.
You should not open Sender ID properties and enable Stamp the message with Sender ID and continue
processing. The Sender ID agent uses the RECEIVED SMTP header to verify via a DNS server if the
sending system is authorized to send mail. A Sender ID will not determine if the sender message came
from an SMTP relay.
You should not open Sender Filtering properties and enable Stamp the message with blocked sender
and continue processing. The Sender Filter agent uses the MAIL FROM: SMTP header to block
messages based on an individual e-mail address or domain. Sender filtering will not determine if the sender
message came from an SMTP relay.
You should not open Recipient Filtering properties and enable Block messages sent to recipients not
listed in the Global Address List. Recipient filters block messages based on the characteristics of the
recipient of the message. You can use a recipient filter to stop messages sent to misused account names,
such as admin@nutex.com, support@nutex.com, or webmaster@nutex.com. You can also stop
messages to distribution lists or to mailboxes that should not receive messages from the Internet. Recipient
filters are enabled on an Edge Transport server. A recipient filter does not filter based on the sender's
address.
Objective:
Sub-Objective:
QUESTION 26
You are the Exchange administrator of the Nutex Corporation's Exchange 2010 SP1 organization. You have
devices that use Windows Mobile 5.0, Windows Mobile 6.1, and Windows Mobile 6.5. You have a Client
Access server named cas1.nutex.com.
Your users connect to the Outlook Web App site with the URL of https://mail.nutex.com and they connect
to the IMAP4 server using imap.nutex.com. Autodiscover is enabled on cas1.nutex.com. Users complain
that are receiving error messages during the client connection to cas1.nutex.com using SSL.
The CIO asks you to come up with a solution. What should you do? (Choose two. Each correct answer is a
separate solution.)
A. Obtain a certificate for the subject name of cas1.nutex.com

B. Obtain a separate certificate for each client protocol that requires a unique name
C. Obtain a certificate with multiple subject alternative names
D. Configure all clients to use the name of *.nutex.com
E. Use a certificate that has the subject name of *.nutex.com
Answer: BC
Answer:
Obtain a separate certificate for each client protocol that requires a unique name
Obtain a certificate with multiple subject alternative names
Explanation:
You could obtain a certificate with multiple subject alternative names. A Subject Alternate Name (SAN)
certificate can support multiple names. This type of X.509 certificate allows you to associate multiple
hostnames with a single certificate. A client can connect to a Client Access server that is using a SAN
certificate using any of the names listed in the subject alternative name.
You could also obtain a separate certificate for each client protocol that requires a unique name. This
solution would require multiple certificates to be issued and installed on the Client Access server. This may
also require multiple Web sites in IIS and may require more than one IP address bound to the computer.
Using a SAN certificate would be an easier and less complicated solution.
You should not obtain a certificate for the subject name of cas1.nutex.com. In this scenario, the Client
Access server has multiple protocols that need multiple certificates. A single certificate with for the name of
cas1.nutex.com will not prevent users from receiving errors when they try to connect via SSL to mail.
nutex.com. You would have to have a separate certificate for each name used, or have a certificate that
supports multiple names.
You should not configure all clients to use the name of *.nutex.com. You cannot configure a client to
connect to a server with a wildcard character. You could have all clients connect to the user with a single
name, such as mail.nutex.com, and obtain a certificate just for mail.nutex.com.
You should not use a certificate with the subject of *.nutex.com. A wildcard certificate can support multiple
host names for the nutex.com domain. A wildcard certificate allows you to use a single certificate to
support multiple names in a domain. With a wildcard certificate, you could use a certificate for your entire
domain. However, in this scenario, you have users that have Windows Mobile 5.0 devices. A wildcard
certificate is not compatible with Windows Mobile 5.0 devices.
Objective:
QUESTION 27
You are the Exchange administrator of the Nutex Corporation's Exchange 2010 SP1 organization. The CIO
wants you to ensure that users' mobile devices are secure. Recently several mobile devices were stolen
from employees. You want to ensure that a stolen device will be wiped after a thief enters the wrong
password five times. You want to allow both an administrator and a user to be able to perform a remote
wipe if a device is stolen.
What should you do?
A. Assign mobile device users to the Recipient Management management role group
B. Assign mobile device users to the Organization Management management role group
C. Create several ActiveSync policies
D. Implement Direct Push
Answer: C
Answer:
Create several ActiveSync policies
Explanation:
You should create several ActiveSync policies. You should create a policy so that certain people can wipe
devices remotely. For example, you could have a policy so that the NutexHelpDesk group can perform
remote wipes on devices that are reported stolen. You should also create an ActiveSync policy so that
users can use the option on the Outlook Web App Options page to wipe their own devices. This action can
decrease the time required for administrators to manage mobile devices when a user changes phones.
With this policy, the user can
also remove associations with mobile devices that the user no longer owns.
NOTE: a remote wipe resets everything and completely erases the phone back to its factory state. Users
lose all their applications and personal data. However a remote wipe does not delete data stored on a
memory card in the computer.
You should not implement Direct Push. Direct Push maintains a long-standing HTTPS request between the
mobile phone and the Exchange Client Access server using SSL. Direct Push requires a Secure Sockets
Layer (SSL) connection from the Internet and the Client Access server. Direct Push does not perform a
remote wipe on a mobile device.
You should not assign mobile device users to the Recipient Management management role group.
Members of this group can create, delete, and manage Exchange recipients. Membership in this group will
not immediately give the users the ability to perform a remote wipe, or allow the administrators to perform a
remote wipe. You should not assign mobile device users to the Organization Management management
role group. Members of the Organization Management group are allowed to manage all Exchange objects
in the Exchange Organization. Membership in this group may allow a user the ability to create an
ActiveSync policy, but adding the mobile device users to the Organization Management group does not
immediately give the users the ability to perform a remote wipe or allow the administrators to perform a
remote wipe.
Objective:
QUESTION 28
You work as the enterprise Exchange administrator at Nutex. Nutex makes use of Microsoft Exchange
Server messaging solution. The Nutex network consists of a single Active Directory domain named nutex.
com. The nutex.com domain is configured to run in an Exchange Server 2010 environment. You have
received instructions from the CIO to deploy a public access solution. To accomplish this task you need to
ensure that members of the HelpDesk department are able to view items, create items, edit items that are
owned by the individual users, and create subfolders in a public folder.
What should you do?
A. This can be achieved by using Contributor permissions

B. This can be achieved by using Reviewer permission
C. This can be achieved by using PublishingAuthor permissions
D. This can be achieved by using Editor permissions
Answer: C
Answer:
This can be achieved by using PublishingAuthor permissions
Explanation:
You should use PublishingAuthor permissions. The PublishingAuthor role has the following access rights:
CreateItems
ReadItems
CreateSubfolders
FolderVisible
EditOwnedItems
DeleteOwned Items
DeleteAllItems
You should not use the Contributor permissions. Contributor permissions are used add items to a public
folder, but not to read or edit the items. The Contributor role has the following access rights:
CreateItems
FolderVisible
You should not use the Reviewer permissions. Reviewer permissions are used to read items in a public
folder. The Reviewer role has the following access rights:
ReadItems
FolderVisible
You should not use the Editor permissions. Editor permissions allow you to add messages, review
messages, delete messages, edit your own messages, or edit anybody's messages in a public folder. The
Editor role has the following access rights:
CreateItems
ReadItems
FolderVisible
EditOwnedItems
EditAllIItems
DeleteOwned Items
DeleteAllItems
Objective:
QUESTION 29
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. All client
computers run Office Outlook 2007 SP2.
Nutex has several locations. You want support personnel in each location to give other users delegate As
permission to the room mailbox. However, the support personnel report that they receive the following error
when they attempt to add other users as delegates:
"The Delegates settings were not saved correctly. Cannot activate send-on-behalf-oflist.
You do not have sufficient permission to perform this operation on this object"
The CIO insists that you must restrict the Exchange Management Shell (EMS) cmdlets that users can run
and the attributes that they can modify.
What should you do? (Choose all that apply. Each correct answer is part of the solution.)
A. Create a new management role named SendItemsOnBehalf based on the Mail Recipients role.
B. Create a new management role named SendItemsOnBehalf based on the Mail Recipients Creation
role.
C. Remove all cmdlets except Set-Mailbox and Get-Mailbox for the SendItemsOnBehalf management
role.
D. Reduce the parameters that Set-Mailbox can execute on the SendItemsOnBehalf management role.
E. Create a universal security group named DelegateSendItemsOnBehalfMailboxes and add the
SendItemsOnBehalf management role.
F. Create a local security group named DelegateSendItemsOnBehalfMailboxes and add the
SendItemsOnBehalf management role
Answer: ACDE
Answer:
Create a new management role named SendItemsOnBehalf based on the Mail Recipients role.
Remove all cmdlets except Set-Mailbox and Get-Mailbox for the SendItemsOnBehalf management role.
Reduce the parameters that Set-Mailbox can execute on the SendItemsOnBehalf management role.
Create a universal security group named DelegateSendItemsOnBehalfMailboxes and add the
Explanation:
Create a new management role named SendItemsOnBehalf based on the Mail Recipients
management role.
Remove all cmdlets except Set-Mailbox and Get-Mailbox for the SendItemsOnBehalf management
role.
Reduce the parameters that Set-Mailbox can execute on the SendItemsOnBehalf management role.
Create a universal security group named DelegateSendItemsOnBehalfMailboxes and add the
The role-based access control (RBAC) feature of Exchange 2010 and Exchange 2010 SP1 is used to
assign permissions and to restrict the Exchange Management Shell (EMS) cmdlets that can be associated
with a role. You can also limit attributes that the role can modify. RBAC provides you with significantly more
flexibility in assigning permissions than in previous versions of Exchange, which would have required you to
give permissions via an access control list (ACL). With RBAC, you do not have to give more permissions
than necessary.
You should create a new management role that is based on the Mail Recipients role. The Mail Recipients
management role allows users to manage existing mailboxes, mail users, and mail contacts. You can use
the New-ManagementRole cmdlet to create a new role named SendItemsOnBehalf: New-
ManagementRole -Name "SendItemsOnBehalf" -Parent "MailRecipients"
You should remove all cmdlets that are not necessary, which would be all but the Set-Mailbox and Get-
Mailbox cmdlets. You can pipe the results of the Get-ManagementRoleEntry cmdlet to the Remove-
ManagementRoleEntry cmdlet:
Get-ManagementRoleEntry "SendItemsOnBehalf \*" | where {($_.Name notlike "Set- Mailbox") and ($_.
Name notlike "Get-Mailbox")} | Remove-ManagementRoleEntry
You should reduce the parameters that Set-Mailbox can execute on the SendItemsOnBehalf
management role.
You can use the Set-ManagementRoleEntry cmdlet to reduce parameters:
Set-ManagementRoleentry "SendItemsOnBehalf \Set-Mailbox" -Parameters

GrantSendOnBehalfTo, Identity
You should create a universal security group named DelegateSendItemsOnBehalfMailboxes and add the
SendItemsOnBehalf management role. You can use the New-RoleGroup to create the role group:
New-RoleGroup -Name "DelegateSendItemsOnBehalfMailboxes" -Roles "SendItemsOnBehalf"
You should not create a new management role based on the Mail Recipients Creation role. The Mail
Recipients Creation management role allows users to create mail contacts, distribution groups, dynamic
distribution groups, mailboxes, and mail users. In this scenario, you need the users to be able to manage
the mailbox by adding delegates. You do not need to create new mailboxes.
You should not create a local security group named DelegateSendItemsOnBehalfMailboxes and add the
SendItemsOnBehalf management role. A local security group is limited to computer that it was created on.
You should have a global or universal security group so that the group can be accessed by other computers
in the domain or other domains in the forest.
Objective:
QUESTION 30
You are the Exchange administrator for an Exchange 2010 SP1 organization. The CIO asks you to allow
users to retain messages related to specific projects. She also wants to eliminate the use of PST files and
have messages moved to the archive mailbox every 45 days.
What should you do? (Choose three.)
A. Get an Exchange Enterprise Client Access License (CAL) for every mailbox that has a personal archive.
B. Ensure that every client that has a personal archive runs Office 2010.
C. Use personal tags.
D. Use a retention hold.
E. Use retention policies.
F. Use journal rules.
G. Use transport rules.
Answer: ACE
Answer:
Get an Exchange Enterprise Client Access License (CAL) for every mailbox that has a personal archive.
Use personal tags.
Use retention policies
Explanation:
You should use retention policies and personal tags. Retention policies can be used to apply retention
settings to a mailbox. You can specify when a message must be archived. A retention policy can use
retention policy tags and personal tags. Retention policy tags apply retention settings to a specific folder and
subfolders. A personal tag can be used by a user to apply retention settings to a folder or item. A personal
tag overrides a retention policy tag if there is a conflict. A personal tag can be used by users to apply
retention settings on messages in a
folder for a specific project.
You can have messages sent to archive mailboxes that are provisioned in four different ways:
The archive mailbox can be on the same mailbox database

The archive mailbox can on another mailbox database
The archive mailbox can another server
The archive mailbox can be in the cloud
You must get an Exchange Enterprise Client Access License (CAL) for every mailbox that has a personal
archive.
A personal archive can be enabled on a recipient by enabling an archive mailbox. The archive mailbox is
available in Outlook and Outlook Web App. Once you have enabled an archive mailbox, you can import the
contents of any PST files for the user in the archive mailbox. You can then disable the ability to use the PST
files and allow the user to access older messages in the Personal Archive.
You should not use journal rules. A journal rule is used to comply with legal, regulatory, and organizational
requirements. A journal rule records inbound and outbound e-mail communications. A journal rule is not
used to manage retention of messages.
You should not use transport rules. A transport rule can be used to process a message in transport. You
would not use transport rules to manage retention of messages.
You should not use a retention hold. A retention hold suspends the processing of retention policies on a
mailbox. A retention hold will not preserve the user's mailbox content because a user could manually
change or delete items.
Objective:
QUESTION 31
has several locations. All client computers run Office Outlook 2007 SP2.
The CIO instructs you to make plans to block messages to certain distribution lists, and also to start
blocking SMTP connections dynamically from a specific sender.
What should you plan to use to fulfill these requirements? (Choose two.)
A. IP Allow List
B. Recipient Filtering
C. Sender ID
D. Sender Reputation
E. IP Block List
Answer: BD
Answer:
Recipient Filtering
Sender Reputation
Explanation:
You should use recipient filtering and sender reputation, which are both anti-spam agents enabled on the
Edge the recipients' SMTP addresses. Sender reputation filters messages based on information about
recent messages received from specific senders. The Sender Reputation agent uses various statistics,
such as a reverse DNS lookup to check for a sender domain mismatch, to create a sender reputation level
(SRL) value between 0 (trusted) and 9 (spammer). Sender reputation filters enable an Edge Transport
server to start blocking SMTP
connections dynamically from a specific sender, such as a server that is being used as a SMTP relay agent
by spammers.
All other answers are incorrect because they do not block messages to certain distribution lists or block
SMTP connections dynamically from a specific sender.
You should not use an IP Block List. An IP Block List blocks an SMTP connection from a specific source IP
address. However, you must manually update this list. You should use an IP Block List provider instead. An
IP Block List provider services provide real-time block list (RBL) services. The Block List provider can
specify a service level agreement (SLA) for the services provided.
You should not use an IP Allow List. This list is used to all messages from a specific IP address or range of
addresses. You would have to know the IP addresses of the senders. This is useful for enabling certain
SMTP servers, such as SMTP servers in a partner organization.
You should not use a Sender ID agent. The Sender ID anti-spam feature is useful in protecting against e-
mail domain spoofing and against phishing schemes.
Objective:
Sub-Objective:
QUESTION 32
You work as the enterprise Exchange administrator at nutex.com. Nutex has a central office located in
Atlanta and branch offices in different cities. All locations are separate sites in nutex.com domain.
A water pipe leak in the San Jose office has destroyed the Client Access server in that site. The CIO has
asked you to restore the lost Client Access server. You install a new Windows Server 2008 server that was
shipped to the San Jose location.
What must you do to restore the server? (Choose all that apply.)
A. Join the new server to domain
B. Delete the computer account of the failed server and then join the new server to the domain
C. Run Setup /m:RecoverServer on the new server
D. Run Setup /NewProvisionedServer on the new server
E. Reapply any customizations that you configured on the original servers
F. Run the EdgeSync process on the new server
Answer: ACE
Section: Designing and Deploying Exchange Server 2010 Availability and Recovery
Join the new server to domain
Run Setup /m:RecoverServer on the new server
Reapply any customizations that you configured on the original servers
You should do the following in this order:

1. Join the new server to domain
2. Run Setup /m:RecoverServer on the new server
3. Reapply any customizations that you configured on the original servers
You should first join the server to the domain. You may want to restore the computer's system state so you
can restore configuration information such as the IP address and any certificates. However, you can reissue
certificates and configure the IP address information yourself.
You must run Setup /m:RecoverServer. The /RecoverServer switch is used to recover a destroyed
server. After running Setup /m:RecoverServer, you must reconfigure any custom settings that were
previously present on the server. You should also reconfigure any custom settings that were present on the
server before putting the recovered server back into production.
You should reapply any customization that you configured on the original servers. Any customization that
was done on the failed server needs to be reconfigured on the new server.
You should not delete the computer account in Active Directory for the failed server. If you do, you will not
be able to recover the Exchange Server functionality for that server when you run Setup /m:
RecoverServer.
You should not run Setup /NewProvisionedServer. The /NewProvisionedServer switch is used to delegate
the setup an Exchange 2010 SP1 server. This switch will not recover an existing server, but will allow
another user to install a new Exchange 2010 SP1 server.
You should not run the EdgeSync process on the new server. The EdgeSync process should be used after
you have recovered or cloned an Edge Transport server, not a Client Access server. To recover or clone an
Edge Transport server, you can use an exported XML file from a source server using the
ExportEdgeConfig.ps1 script. This script exports the configuration of the source server. You can import
the XML file when you run the ImportEdgeConfig.ps1 script.
QUESTION 33
a line of business (LOB) application that must use a single SMTP relay in order to submit messages to the
Exchange organization.
The application cannot log on to a mailbox using MAPI and then send the messages as that mailbox.
What should you do?
A. Ensure there are multiple Hub Transport servers in the Active Directory site. Use a hardware load
balancer to load-balance the Hub Transport servers.
B. Add two Windows Server 2008 R2 servers and install the Hub Transport role and Mailbox server role on
each. Create a Database Availability Group (DAG).
C. Ensure there are multiple Client Access servers in the Active Directory site.
D. Add multiple Client Access servers in the Active Directory site. Use a hardware load balancer to
loadbalance the Client Access servers.
Answer: A
You should add multiple Hub Transport servers in the Active Directory site and use a hardware load
balancer to load-balance the Hub Transport servers. Typically, you do not need to load-balance a Hub
Transport server. However, in this particular case, you would need to load-balance the inbound SMTP
connections from the LOB application. POP and IMAP clients use the default client Receive connector on a
Hub Transport server if the transport server fails, and do not require a Windows Network Load Balancing or
a hardware load balancer. The LOB application must use a single SMTP relay, though, and you cannot
specify multiple SMTP servers for the application.
You should not add two Windows Server 2008 R2 servers with the Hub Transport role and Mailbox server
role and create a Database Availability Group (DAG). Although you can have a Hub Transport server role
installed on a member of a DAG, you must have the Hub Transport server load-balanced because the LOB
application must use a single SMTP relay, and the inbound SMTP connection needs to be load-balanced for
the LOB application. While POP and IMAP clients can use the default Receive connector of any Hub
Transport server if a Hub Transport server fails, the LOB application will require the Hub Transport server to
be load balanced in order to use in bound SMTP connections in case of failure.
You do not need to have multiple Client Access servers or multiple Client Access servers in an array to
loadbalance inbound SMTP connections. A Client Access array can load-balance HTTP and RPC
connections, not SMTP connections.
QUESTION 34
a Client Access server, Mailbox server, and Hub Transport server role installed in the internal network. You
have an Edge Transport server installed in the perimeter network.
You install a computer named WSUS1 that is configured as a Windows Server Update Services (WSUS)
server to meet the following requirements:
Only approved patches and security updates are installed.

Only administrators are allowed to approve patches and security updates manually.
Deployment casts is reduced.
Administrative effort of deploying patches is reduced.
You notice that several updates have not been installed to several Exchange 2010 SP1 servers. You verify
that those updates are available on WSUS1. Other updates, including more recent ones, have been
downloaded and installed on client computers successfully. You must ensure that all of the necessary
updates are downloaded and installed on all Exchange servers.
What should you do?
A. On WSUS1, approve the updates that have not been installed.

B. On each Exchange server, enable Automatic Updates in System Properties.
C. Place all Exchange servers into an OU, enable the Configure Automatic Updates policy in a GPO, and
link the GPO to the OU.
D. Configure WSUS1 to refer WSUS clients to download the updates from the Windows Update Web site.
Answer: A
You should approve the updates that have not been installed on WSUS1. One of the advantages of using a
local WSUS server for deploying security updates is the ability of an administrator to approve updates. An
administrator can first test all the available updates on the appropriate computers in a lab and then approve
only those updates that do not cause any problems or conflicts with other software. Automatic Updates
clients can download only the approved updates from the WSUS server. It appears in this scenario that
several updates have been accidentally
skipped during the approval process. To correct the problem, you should approve the skipped updates.
Clients will automatically download them and install in accordance with their Automatic Updates settings.
If Automatic Updates were not enabled on client computers, either in each computer's System Properties or
through a Group Policy object (GPO), then none of the available updates would have been installed.
However, the scenario states that all updates, except a few skipped ones, have been successfully installed
on the client computers. Even if you changed the configuration of WSUS1 to refer clients to the Windows
Update Web site, the clients that are configured to use WSUS1 for updates would download only those
updates that have been approved on WSUS1.
QUESTION 35
an office in Atlanta, and you plan to open offices in Charlotte and Memphis. Each office will be an Active
Directory site of nutex.com. All sites will be connected to the others via a WAN link and each office has a
direct link to the Internet.
You have several extra domain controllers in the Atlanta office. Each new office will have one of the extra
Windows Server 2003 Standard Edition SP2 domain controllers from the Atlanta office to be the domain
controller.
The CIO wants you to install Exchange 2010 SP1 servers that have the Client Access server role, Mailbox
server role, and the Hub Transport role in each new office. Users must be able to send mail to the Internet if
a domain controller fails or if the WAN link fails. You must accomplish this with a limited budget.
What should you do?
A. Enable site link bridging.

B. Upgrade the domain controller in each site to a Windows Server 2008 R2 server and make the domain
controller a global catalog server.
C. Install two domain controllers running Windows Server 2003 Standard Edition SP2 server and make
each of the domain controllers global catalog servers.
D. Install two domain controllers running Windows Server 2008 R2 server and make each of the domain
controllers global catalog servers.
Answer: C
You should install two domain controllers running Windows Server 2003 Standard Edition SP2 server and
make each of the domain controllers a global catalog server. For users to be able to send mail to the
Internet, the users must be able to have one writeable global catalog server available. A Hub Transport
server must be able to communicate directly with a global catalog server to perform Active Directory
lookups. You should have two global catalog servers available in case one domain controller fails.
You should not enable site link bridging. By default, all site links are bridged. A bridge between two site links
that have at least one site in common enables transitive connectivity through the common site or sites.
Bridging will work when physical connectivity exists between the sites that are included in the bridged site
links. In this scenario, bridging will allow domain controllers in each site can to communicate with domain
controllers in any other site. Site link bridging will not allow fault tolerance of global catalog servers in a site.
You should not install two domain controllers running Windows Server 2008 R2 server and make the
domain controllers a global catalog server. You can use the existing domain controllers that run Windows
Server 2003 SP2 to be global catalog servers for each location. You do not have to spend money to
upgrade existing domain controllers or install new domain controllers running Window Server 2008 R2.
You should not upgrade the domain controller in each site to a Windows Server 2008 R2 server and make
that domain controller a global catalog server. You can use a global catalog server that is running Windows
Server 2003 SP2 or higher. However, in this scenario you will need more than one global catalog server in
each site.
QUESTION 36
You work as the enterprise Exchange administrator at nutex.com. Nutex has a central office located in
Atlanta. The Nutex network consists of a single Active Directory domain named nutex.com. All Exchange
server run Exchange 2010 SP1.
You plan to open another office in Phoenix. The Phoenix office will be an extra Active Directory site. The
CIO wants to ensure that you have high availability for all Exchange servers in the Phoenix office. You have
already allocated a Windows Server 2003 SP2 server to be a global catalog server in the Phoenix office.
What should you do next to ensure high availability?
A. Upgrade the global catalog server to Windows Server 2008.

Install the Edge Transport server role on the global catalog server.
Install two Windows Server 2008 R2 servers with the Client Access, Hub Transport, and Mailbox server
roles on each.
B. Upgrade the global catalog server to Windows Server 2008 R2.
Install the Client Access, Hub Transport, and Mailbox server roles on the global catalog server.
Install two Windows Server 2008 R2 servers.
Install the Client Access, Hub Transport, and Mailbox server roles on one of the new Windows 2008 R2
servers
Install the Edge Transport server role on one of the other new Windows 2008 R2 servers
C. Upgrade the global catalog server to Windows Server 2008 R2.
Install a new Windows Server 2008 R2 server with the Client Access, Hub Transport, Edge Transport,
and Mailbox server roles
D. Install two new Windows Server 2008 R2 servers with the Client Access, Hub Transport, and Mailbox
server roles on each.
Install two new Windows Server 2008 servers with the Edge Transport server role on each.
Answer: D
Install two new Windows Server 2008 R2 servers with the Client Access, Hub Transport and Mailbox
server roles on each.
Install two new Windows Server 2008 servers with the Edge Transport server role on each.
To provide high availability, you should have at least two Mailbox server roles, two Client Access server
roles, two Hub Transport server roles, and two Edge Transport server roles. You can create a Database
Availability Group (DAG) from the two mailbox servers to ensure high availability for the Mailbox server role.
You can add a Hub Transport role and Client Access server role to each of the mailbox servers.
You can create a Client Access array by having two Client Access servers. A Client Access server array will
ensure high availability of the Client Access server. You can have high availability for the Hub Transport
service by having two Hub Transport roles in the same Active Directory site.
An Edge Transport server must be on a server that is NOT a domain member. The Edge Transport server
must be in the perimeter network and not the internal network. With a second Edge Transport server,
external message delivery to the Internet achieves high availability. However, for message reception, you
will need to configure an additional MX record for the second Edge Transport server. You should set the MX
records for the Edge Transport servers with the same priority, so that incoming messages to your
organization are load balanced between the two Edge Transport servers. The Edge Transport server role
can be installed on a Windows Server 2008 server, since Exchange 2010 can be installed on either the
Windows Server 2008 or Windows Server 2008 R2 operating systems.
You should not choose an option that includes upgrading the global catalog server to Windows Server 2008
or installing the Edge Transport server role on the global catalog server. You do not have to upgrade the
global catalog server. A global catalog server can be on a domain controller that is running at least
Windows Server 2003 SP2. Also, you will not be able to install the Edge Transport server on the global
catalog server because the Edge Transport server must be on a server that is not a domain member.
You should not choose an option that includes upgrading the global catalog server to Windows Server 2008
or installing a Mailbox server role on the global catalog server. You cannot setup a Database Availability
Group (DAG) to provide high availability for the Mailbox server because a DAG cannot contain a member
that is a domain controller. Also, you do not have to upgrade the global catalog server. A global catalog
server can be on a domain controller that is running at least Windows Server 2003 SP2.
You cannot install the Edge Transport server on the same Exchange servers that host the Client Access,
Hub Transport, and Mailbox server roles. The Edge Transport server must be on a server that is not a
domain member.
QUESTION 37
You are the Exchange administrator of the Nutex Corporation's Exchange 2010 SP1 organization. You plan
to open a new office in New Orleans, where you will configure a Client Access server array using Windows
Network Load Balancing (NLB). The CIO instructs you to provide high availability for the Hub Transport
server role and Mailbox server role in the New Orleans office. You should also limit the total number of
Exchange servers placed in the New Orleans site.
What should you do?
A. Add two Windows Server 2008 R2 servers in a Window Network Load Balancing (NLB) cluster.
Add the Mailbox server role, Hub Transport server role and Client Access server role to each of the
servers in the NLB cluster.
B. Add two Windows Server 2008 R2 servers in a Window Network Load Balancing (NLB) cluster.
Add the Mailbox server role, Hub Transport server role and Client Access server role to each of the
servers in the NLB cluster.
Create a Database Availability Group (DAG).
C. Add two Windows Server 2008 R2 servers in a Window Network Load Balancing (NLB) cluster.
Add the Client Access server role to each of the servers in the NLB cluster.
Add two Windows Server 2008 R2 servers with the Mailbox server role and the Hub Transport server
role installed on each server.
Create a cluster continuous replication (CCR) for the Mailbox server roles.
D. Add two Windows Server 2008 R2 servers in a Window Network Load Balancing (NLB) cluster.
Add the Client Access server role to each of the servers in the NLB cluster.
Create a DAG for the Mailbox server roles.
Answer: D
Add two Windows Server 2008 R2 servers in a Window Network Load Balancing (NLB) cluster.
Add the Client Access server role to the servers in the NLB cluster.
Create a DAG for the Mailbox server roles.
You can provide high availability for a Client Access server by using Windows Network Load Balancing
(NLB) to create a Client Access array. It is also feasible to use a hardware load balancer to create a Client
Access array. A Client Access server array can provide high availability for a Client Access server role when
you combine it with a load balancer. You can configure two or more Client Access servers into a Client
Access server array. You can have high availability for the Hub Transport service by having two Hub
Transport roles in the same Active Directory site.
To provide high availability for a Mailbox server role, you can use a Database Availability Group (DAG). You
will need to have at least two Mailbox server roles in each site to create a DAG. All DAG members must run
the same operating system. The existing Mailbox server in each site is running Windows Server 2008 R2.
The other Mailbox servers that are added must match the operating system of the existing Mailbox server.
It is typically recommended that you use the Hub Transport server as a witness server for a DAG because it
places minimal additional load on the Hub Transport server. In this scenario, you should not use the Hub
Transport server role as the witness since the Hub Transport server role is on the same server as a DAG.
The witness server can be any computer running Windows Server. The witness server does not need to run
the same version of the Windows Server operating system as the Mailbox servers in the DAG. A DAG
member can NOT also be a member of a NLB cluster. You must add two additional Windows Server 2008
R2 servers with the Mailbox server role and the Hub Transport server role installed. You can configure a
DAG with those two servers. You can also have a Windows Server that is a domain member and also a
witness server. To have a member server be a witness server to a DAG, you must add the Exchange
Trusted Subsystem group to the local administrator group to be used as a witness.
You should not choose a solution that does not create a DAG for the Mailbox server role. You should not
choose a solution that only adds two Windows Server 2008 R2 servers to the New Orleans office. The
solution requires the addition of four servers: two for the NLB cluster and two for the DAG. You cannot
place the Mailbox server roles on the same servers that host the Client Access server roles because those
roles are part of a NLB cluster. A DAG member cannot also be a member of a NLB cluster.
You should not create a cluster continuous replication (CCR) for the Mailbox server roles. In Exchange
2010, CCR has been replaced by DAG and mailbox copies.
QUESTION 38
an office in Atlanta, and you plan to open offices in Charlotte and Memphis. You allocated a server in
Charlotte to be the Edge Transport server in the perimeter network at the Charlotte location, and you
allocated a server in Memphis to be the Edge Transport server in a perimeter network at the Memphis
location. All sites will be part of the nutex.com domain. You have allocated two Windows Server 2003 (x86)
SP2 domain controllers for each
location.
The CIO asks you to provide redundancy for the servers in the internal network of the Memphis and
Charlotte locations. Your budget is limited. What should you do?
A. Install one server in Memphis and one server in Charlotte

B. Install two servers in Memphis and two servers in Charlotte
C. Install three servers in Memphis and three servers in Charlotte
D. Install four servers in Memphis and four servers in Charlotte
Answer: B
You should install two servers in Memphis and two servers in Charlotte. A single Exchange 2010 SP1
server may have multiple server roles, such as Client Access server, Mailbox server, and Hub Transport
server. You could use high-availability methods with the two servers that have multiple server roles. For
example, you could set up the two Mailbox server roles into a Database Availability Group (DAG), and you
could configure the two Client Access servers into a Client Access server array. If one Hub Transport server
in a site became unavailable,
Exchange services will automatically use the other Hub Transport server for message transport. You could
also configure the Windows Server 2003 domain controller to be a global catalog server and have the DNS
server role with an Active Directory integrated zone. Obviously, separating these roles may give you better
performance, but all of these roles can be supported on a single server. This action can save resources and
money.
You could not have a mailbox server that is part of DAG also be a domain controller.
You should not install one server in Memphis and one server in Charlotte. A single server in each location
will not provide redundancy if a single server fails in each site.
All other answers are incorrect because they use more than the needed number of servers.
QUESTION 39
have two Active Directory sites, one in Oregon and one in California. You have multiple DNS servers that
contain an Active Directory-integrated zone of nutex.com.
You have multiple Client Access servers in each site. There is a Client Access server array in the Oregon
site named cas1.nutex.com, and a Client Access server array in California named cas2.nutex.com. The
Internetfacing site is mail.nutex.com, which is located in Oregon.
You need to take precautions to ensure Outlook connectivity will not be interrupted if the Oregon site goes
down and the Client Access servers are inaccessible. What should your disaster recovery plan include?
(Choose all that apply.)
A. Change the IP address of the (A) record of mail.nutex.com to point to the IP address of cas2.nutex.
com on internal and external DNS servers.
B. Change the IP address of the (MX) record of mail.nutex.com to point to the IP address of cas2.nutex.
com on internal and external DNS servers.
C. Use Repadmin to force replication on internal DNS servers.
D. Shorten the refresh time of the SOA record of nutex.com on internal DNS servers.
E. Shorten the minimum TTL of the SOA record of nutex.com on internal DNS servers.
Answer: AC
You should change the IP address of the host (A) record of the Internet-facing site, which is named mail.
nutex.com, to point to the IP address of the Client Access server array in California, which is named cas2.
nutex.com. This will allow users to connect to mail.company.com if the Oregon site is down. Once the
Oregon site has been restored, you can revert the changes.
After making the changes to the host records in the nutex.com Active Directory-integrated zone, you will
need to force replication to other DNS servers that have an Active Directory-integrated zone. You can use
the Repadmin command or Active Directory Sites and Services to force replication of Active Directory.
You should not shorten the refresh time of the SOA record of nutex.com or shorten the minimum TTL of
the SOA record of nutex.com on internal DNS servers. The refresh time of the SOA record is used by a
DNS server that contains a secondary copy of the zone to request a copy of the current SOA record from
the primary zone. The minimum TTL is used to inform other querying servers how long those servers
should keep the data in cache. In this scenario, the internal DNS servers use Active Directory-integrated
zones, not a traditional configuration of a
primary zone and multiple secondary zones.
You should not change the IP address of the (MX) record of mail.nutex.com to point to the IP address of
cas2.nutex.com on internal and external DNS servers. A Client Access server uses a host (A) record in
DNS, not a mail exchange (MX) record.
QUESTION 40
You work as the enterprise Exchange administrator at Nutex in the home office in Atlanta. All of the
Exchange servers were upgraded to Exchange 2010 SP1. You implement high availability features in order
to reduce data loss by ensuring that each update that is written to the active database copy's active log
buffer. Each update is also shipped to a log buffer on each of the passive mailbox copies. If a failure occurs,
the passive copies should receive most or all of the latest updates.
You want to monitor when a passive database makes copies of the active copies. What counter in
Performance Monitor will tell you if a database copy is in block mode, and what value should be configured
for the counter?
A. the CopyGenerationNumber performance counter under the MSExchange Replication performance

object should be set to 0.
B. the CopyGenerationNumber performance counter under the MSExchange Replication performance
object should be set to 1.
C. the Continuous replication block mode Active performance counter under the MSExchange
Replication performance object should be set to 1.
D. the Continuous replication block mode Active performance counter under the MSExchange
Replication performance object should be set to 0.
Answer: C
You should monitor the Continuous replication block mode Active performance counter under the
MSExchange Replication performance object. The value of the counter should be set to 1. With Exchange
2010 SP1, Microsoft renames the continuous replication operation used in Exchange 2010 and Exchange
2007 as continuous replication - file mode. SP1 also introduces continuous replication - block mode. With
block mode, each update is written to both the active database copy's active log and each passive database
copy's log. It reduces the latency lag between a change being made on the active copy and that change
being replicated to a passive copy. If a failure occurs with the active copy, the passive copy will have the
most recent data.
When the MSExchange Replication performance object is to 1, the passive copy is in block mode. When
the MSExchange Replication performance object is to 0, the passive copy is in file mode.
You should not use the CopyGenerationNumber performance counter under the MSExchange
Replication performance object. The CopyGenerationNumber performance counter specifies the
generation of the last log file that was copied to the passive copy.
QUESTION 41
You are a network administrator for the Nutex Corporation, which consists of three offices. The corporate
network consists of a single Active Directory forest named nutex.com that is presented in the following
exhibit:
The CIO has instructed to plan for the installation of Exchange 2010 SP1. Each location has been
configured for each office.
There are four domain controllers in SiteA, three in SiteB, and two in SiteC.
Two domain controllers in SiteA and one domain controller in SiteB host the global catalog.
Each site will have a Client Access server, Mailbox server, and Hub Transport server on the internal
network and an Edge Transport server in the perimeter network.
All servers run Windows Server 2008.
There are 400 users in SiteA, 120 users in SiteB, and 90 users in SiteC. Users in SiteC complain that it
takes them too long to log on to the network. You must reduce the logon times for users in SiteC.
Which of the following should you do?
Exhibit:
A. Configure dc5.nutex.com as a global catalog server.
B. Configure dc9.nutex.com as a global catalog server.
C. Enable universal group membership caching in SiteC.
D. Enable universal group membership caching in SiteB.
Answer: B
You should configure dc9.nutex.com as a global catalog server. Exchange 2010 and Exchange 2010 SP1
require that you have a writeable domain controller that is a global catalog server in every Active Directory
site. The Mailbox server role, Hub Transport server role, and Client Access role rely on a global catalog
server.
You should not configure dc5.nutex.com as a global catalog server. This server is in SiteB, and SiteB
already has a global catalog server named dc6.nutex.com. You may want to add additional global catalog
servers to provide fault tolerance in SiteB in case a global catalog server fails. However, SiteC must have a
global catalog server.
You should not enable universal group membership caching. In a multi-domain forest, universal group
memberships are stored only in the global catalog. To process a user's logon request, a domain controller
queries catalog servers in a site, then the domain controller will query a global catalog server in another
site. Therefore, if WAN links between sites are slow, the logon process can take considerable time. With
universal group membership caching, this information is stored in the cache indefinitely and is refreshed by
default every eight hours. In this scenario, universal caching cannot be used because every site requires a
global catalog server to support Exchange 2010.
To improve the performance of user logons in an Active Directory environment, you can configure a domain
controller in SiteC to host the global catalog. However, the presence of a global catalog server in SiteC
would increase Active Directory replication traffic across WAN links, particularly between SiteB and SiteC.
Domain controllers in these two sites belong to different domains, and the global catalog is populated and
updated through replication with domain controllers for each domain in the forest. You can minimize logon
times without
increasing replication traffic for computers in sites that do NOT have an Exchange 2010 organization by
enabling universal group membership caching in SiteC. When this Universal group feature is enabled for a
site, the domain controller that authenticates a user's logon request queries a global catalog server and
then stores the user's universal group memberships in a local cache. This information is stored in the cache
indefinitely and is refreshed, by default, every eight hours. In this scenario, universal caching cannot be
used because every site requires a
global catalog server to support Exchange 2010.
QUESTION 42
a single office in Atlanta. All your domain controllers run Windows Server 2008 R2. You have one Client
Access server, one Hub Transport server, two mailbox servers, one Edge Transport server, and one
Microsoft Internet Security and Acceleration (ISA) server.
The CIO instructs you to protect Exchange 2010 services from the failure of a single server. You must use
the least number of servers possible to meet that requirement. What should you plan for?
A. Add one more server

B. Add two more servers
C. Add three more servers
D. Add four more servers.
Answer: B
You should add two more servers, one to be an extra ISA server and one to be an extra Edge Transport
server. An extra ISA server can allow the ISA servers to be grouped into an array. This array can ensure a
fault-tolerance and load balancing solution for the ISA servers. If one array member fails, other array
member can continue to service requests from clients.
An extra server should be dedicated to be an Edge Transport server. An Edge Transport server must be on
a server that is NOT a domain member. The Edge Transport server must be in the perimeter network, not
the internal network. With a second Edge Transport server, external message delivery to the Internet
achieves high availability. However, for message reception, you will need to configure an additional MX
record for the second Edge Transport server. You should set the MX records for the Edge Transport
servers with the same priority, so
that incoming messages to your organization are load balanced between the two Edge Transport servers.
You can create a Database Availability Group (DAG) from the two mailbox servers already present in your
office to ensure high availability for the Mailbox server. You can add an additional Hub Transport role and
Client Access server role to one of the mailbox servers, then create a Client Access array with the two
Client Access servers using a hardware load balancer. A Client Access server array using a hardware load
balancer will ensure high
availability of the Client Access server. You can have high availability for the Hub Transport service by
having two Hub Transport roles in the same Active Directory site.
You cannot add just one more server. You must have an extra server for the ISA server and the Edge
Transport server.
You do not have to have three or four more servers. You can add additional Hub Transport role and Client
Access server role to one of the mailbox servers.
QUESTION 43
You are the Exchange administrator of the Nutex Corporation's Exchange 2010 SP1 organization. Nutex
has one main site, but several users work remotely from their homes. The CIO wants to ensure that the
potential failure of a Client Access server will not prevent remote users from accessing mailbox contents.
She instructs you to implement a Client Access server array. What should you do to make this possible?
A. Install the same SSL certificate on all Client Access servers.

B. Install a SSL certificate for the Client Access server array and individual SSL certificates for each Client
Access server.
C. Create a Single Copy Cluster (SSC) to create a Client Access server array. Install the same SSL
certificate on all Client Access servers.
D. Create a Clustered Continuous Replication (CCR) to create a Client Access server array. Install
individual SSL certificates for each Client Access server.
Answer: A
You should install the same SSL certificate on all Client Access servers. All Client Access servers in a
Client Access server array must be configured with the same SSL certificate. This is because all Client
Access servers use the name specified in the client access array. You can use hardware-based load
balancing or software-based load balancing for high availability between the Client Access server and a
client access array. You can use the Network Load Balancing (NLB) feature of Windows Server 2008, an
external hardware load balancer, or Microsoft
Internet Security and Acceleration (ISA) server. If you use ISA, you must publish multiple Client Access
servers in a single publishing rule as a Web server farm.
You should not install a SSL certificate for the Client Access server array and individual SSL certificates for
each Client Access server. The servers in the Client Access server array will use the same name.
Therefore, they will only use the SSL certificate for the name of the Client Access server array.
You should not create a Single Copy Cluster (SSC) or a Clustered Continuous Replication (CCR) to create
a Client Access server array. Both SSC and CCR are clustering techniques
QUESTION 44
You work as the enterprise Exchange administrator for an Exchange 2010 SP1 organization. You have a
Database Availability Group (DAG), and you have added several mailbox servers to the DAG. You also set
up database copies and the Legal Hold feature to provide protection against failures.
The CIO has asked you to prevent against data loss in the case of logical corruption. You recently had
several users complain about corrupt messages. The CIO wants the DAG to serve as a replacement for
backup of the mailbox servers. The CIO wants to ensure there is more time available for administrators to
discover a corruption or bad data on a passive copy of the mailbox database.
What should you do?
A. Decrease the replay lag

B. Increase the replay lag
C. Decrease the truncation lag
D. Increase the truncation lag
Answer: B
You should increase the time of the replay lag. You can configure a replay lag for each passive copy of a
mailbox database. The replay lag determines the amount of time the transaction logs are behind the original
source. The active mailbox plays the transaction logs immediately. However, on a passive database copy,
the replay of logs is delayed by the time period that you specify. In this scenario, you should increase the
time of the replay lag. If the transaction logs contain data that may cause a logical corruption of the
database, the increase in lag time
can prevent the bad data from being replayed onto a passive copy.
You should not decrease the replay lag. Decreasing the replay lag will limit the time available for an
administrator to discover corruption or bad data on a passive copy of a mailbox database.
You should not increase or decrease the truncation lag. Truncation lag controls how long transaction logs
are kept before they are deleted. Transaction logs in a SQL database are generally truncated when a
backup is performed. With DAG, not all mailbox database copies are backed up. You can use the
truncation lag to ensure that transaction logs are backed up on another server before they are truncated.
QUESTION 45
You are the Exchange administrator for the Nutex Corporation. You have a single domain named nutex.
com and three locations. You have multiple Mailbox servers, Client Access servers, Hub Transport servers,
and global
catalog servers in each location. The CIO wants to ensure that you can provide the following:
Ensure redundancy in the event of a DNS server failure

Ensure that only domain computers can register records in the nutex.com zone
A. Have two DNS servers in each location. One server will have a primary zone of nutex.com. The other
server will have a secondary zone of nutex.com.
B. Have two DNS servers in each location. One server will have a primary zone of nutex.com. The other
server will have a stub zone of nutex.com.
C. Have two DNS servers in each location. Each server will have an Active Directory integrated zone of
nutex.com.
D. Ensure that nutex.com is set to secure dynamic updates only.
E. Ensure that the SOA record of nutex.com is set to negative caching.
Answer: AD
You should ensure that you have multiple DNS servers in each location that have an Active Directory
integrated zone of nutex.com. In each location where Exchange 2010 SP1 is installed, you should have a
domain controller with a global catalog server installed. An Active Directory integrated zone is a multimaster
read-write copy of the primary zone. You can have multiple DNS servers with the same zone that can be
updated. The zone updates are replicated by Active Directory replication. An Active Directory integrated
zone must be on a DNS server that is
installed on an Active Directory domain controller.
You must ensure that the nutex.com zone is set to secure dynamic updates only. You have three choices
on updating records in a zone:
You can choose not to have dynamic updates at all. This requires that someone add in all the service
records (SRV), host records (A), mail exchange records (MX), and any other records in the zone.
You can have unsecure dynamic updates. This allows any computer to update their A record in the zone
or pointer record (PTR) in a reverse lookup zone.
You can support secure dynamic updates only. Secure dynamic updates only update the A records,
PTR records, or SRV records of computers that are members of the Active Directory domain.
In this scenario, you should ensure that the zone is set to allow only secure dynamic updates, ensuring that
only members of the nutex.com domain are able to add records to the nutex.com zone or the reverse
lookup zone. You should not have DNS servers with a primary zone and secondary zone of nutex.com in
each location. A primary zone is a single copy of a read-write zone. A secondary zone is a read-only copy of
a zone. You can only have a single primary zone that is updated. The secondary zones pull updates from
the primary zone. You should
not have a multiple primary zones in different locations.
You should not have DNS servers with a primary zone of nutex.com and a stub zone of nutex.com. A stub
zone is a zone that contains glue records for clients that need to retrieve data from a primary zone. A stub
zone contains only A records for domain controllers and SRV records for domain controllers. A stub zone
will not contain a Start of Authority (SOA) record for the primary zone, copies of the NS records for all DNS
servers that are authoritative for the zone, or A records for the DNS servers that are authoritative for that
zone. When a client
sends a request to the stub zone, the request is sent to one of the authoritative DNS servers. A stub zone is
not a multimaster copy of the zone. If the DNS server or servers that are authoritative for the zone failed,
the stub zone will not be able to successfully refer the query.
You should not ensure that the SOA record of nutex.com is set to negative caching. An SOA record is
contains the time a record has to live. This is referred to as the TTL value. Negative caching in a SOA
record is used to cache a non-existent record. Negative caching can reduce the response time for a
negative answer in a query. Negative caching will not allow only domain clients to add records into the
nutex.com zone.
QUESTION 46
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. Your
Exchange organization spans two locations, Atlanta and Charlotte. Click the Exhibit(s) button to view the
organization structure:
Each client is configured with CAS1 as its home server. You have extended a four-member DAG to the two
Active Directory sites. The user's mailbox is hosted on DB1, which is replicated to each of the servers. The
active copy of DB1 should fail over from MBX2 to MBX3.
A power failure in the Atlanta site has caused a failure on CAS1 and MBX2. What should you do to ensure
that Outlook 2010 clients in the Atlanta site can receive mail?
Exhibit:
A. Use the Exchange Management Console (EMC) to switch over CAS1 to CAS2
B. Perform a datacenter switchover from Atlanta to Charlotte
C. Set the value of the RPCClientAccessServer property for DB1 to NULL
D. Run the following to switch over CAS1 to CAS2: Move-ActiveMailboxDatabase -Server MBX4 MBX5 -
ActivateOnServer CAS2
Answer: B
From the available answers, you will need to perform a datacenter switchover from Atlanta to Charlotte. A
switchover must be performed in order to restore access to services and data if a Client Access server is
not available in the Atlanta site.
You will need to do the following:
Terminate Mailbox and Unified Messaging services in the primary datacenter

Ensure that the second datacenter is valid and meets the prerequisites
Activate the second datacenter by activating the Mailbox servers
Activate other server roles
You should provide client access to the message platform through a combination of capacity and load
balancing. Load balancing and fault tolerance to client connections can be done by a combination of a CAS
array and thirdparty network load balancer hardware devices. In this scenario, you have created a single
point of failure by having a single Client Access server in the site.
You cannot use the EMC to switch over CAS1 to CAS2. You could use the EMC to perform a server
switchover for Mailbox servers, but not Client Access servers. A server switchover moves all active mailbox
database copies from their current Mailbox server to one or more other Mailbox servers in a database
availability group (DAG). You can also use the Move-ActiveMailboxDatabase cmdlet to move active
mailbox copies.
You should not set the value of the RPCClientAccessServer property for DB1 to NULL. You can get a
redirect to occur by changing the RPCClientAccessServer property on the database.
RPCClientAccessServer property for DB1 is configured for CAS1, making Atlanta the preferred database
site. You could change the property for DB1 to CAS2 in Charlotte making the Charlotte the preferred
database site.
You cannot run the Move-ActiveMailboxDatabase cmdlet to switch over CAS1 to CAS2. You can use this
cmdlet perform a server switchover for a Mailbox server. The following performs a server switchover of the
Mailbox server MBX2 to MBX3:
Move-ActiveMailboxDatabase -Server MBX2 -ActivateOnServer MBX3 When the above command

completes, MBX3 hosts the active copy of the databases that were previously active on MBX2.
QUESTION 47
You are the Exchange administrator for the Nutex Corporation. You have all Exchange 2010 SP1 server
roles installed on servers in the central location. You plan to open another location that will be a second
Active Directory site.
The CIO wants you to ensure that the mailbox servers in the new site have high availability. She instructs
you to configure a Database Availability Group (DAG). You expect to have three or more replicas of the
database in a DAG, and you have a minimum hardware budget to work with.
What should you do to provide high availability within your budget?
A. Have a DAG with three members that use RAID 1

B. Have a DAG with three members that use RAID 1+0
C. Have a DAG with three members that use RAID 5
D. Have a DAG with three members that use JBOD
Answer: D
You could have a DAG with three members that use JBOD (Just Bunch of Disks). In Exchange 2010, you
can use low-cost SATA disks for storage. SATA disks have the same capacity as more expensive SCSI or
SAS disks but are significantly less expensive. The JBOD solution has no redundancy or increase in
performance over single disks, but JBOD is expandable so additional disks can be added later as the
budget allows.
If you have three or more replicas of a database in DAG, you can use JBOD. If disks fail on the mailbox
server, another replica in the DAG can service requests. With a DAG, the need for a redundant storage
system is reduced. Using JBOD storage allows you to use application-level redundancy without the use of
RAID, and can result in dramatic cost savings according to Microsoft.
All other options, according to Microsoft, are more expensive. Of the RAID types, RAID 1+0 is the best
performing RAID option. RAID 1 incorporates disk mirroring. If one drive that contains the volume fails, the
other volume on the other disk will continue to run. RAID 1+0 combines mirroring (RAID 1) and striping
(RAID 0). RAID 1+0 allows you to have fault tolerance, provide great read performance and great write
performance. RAID 5 incorporates disk striping with parity. Although RAID5 will provide fault tolerance for
the volume in case one disk in the set fails,
RAID 5 provide worse performance with writes than RAID 0, RAID 1 or RAID 1+0.
Although JBOD storage may be cheaper to use on a DAG with three or more replicas, according to
Microsoft, there can be some disadvantages to this solution. Using leftover SATA disks can cause
problems because disks may be out of warranty or drives may have buggy firmware. Rebuilding a server
that uses JBOD storage and has failed can be time consuming. If all servers have the same hardware
instead of a random collection of disks, it would be easier to rebuild.
QUESTION 48
You are the Exchange administrator for the Nutex Corporation. All Exchange 2010 SP1 server roles are
installed at the main location. You plan to open another location that will be another Active Directory site.
The CIO wants you to ensure that the mailbox servers in the new site have high availability.
You need to plan the RAID types and the volumes of the mailbox servers. What should you do?
(Choose three. Each correct answer is part of the solution.)
A. Use RAID 5 for the OS/System/Pagefile volume

B. Use RAID 1 for the OS/System/Pagefile volume
C. Use RAID 1 for the Exchange Mailbox Database File (EDB) volume
D. Use RAID 10 for the Exchange Mailbox Database File (EDB) volume
E. Use RAID 5 for the Exchange Mailbox Database Log volume
F. Use RAID 10 for the Exchange Mailbox Database Log volume
Answer: BDF
You should place the OS/System/Pagefile volume on a RAID-1 array. RAID 1 incorporates disk mirroring.
If one drive that contains the volume fails, the other volume on the other disk will continue to run. You could
get better performance if you placed the page file on a separate volume. RAID-1+0 will give better
performance than RAID- 1. RAID 1+0 combines mirroring (RAID 1) and striping (RAID 0). RAID 1+0 allows
you to have fault tolerance and provides great read performance and great write performance.
You should not place the OS/System/Pagefile volume on a RAID 5. RAID 5 incorporates disk striping with
parity. Although RAID5 will provide fault tolerance for the volume in case one disk in the set fails, RAID 5
provide worse performance with writes than RAID 0, RAID 1 or RAID 1+0. Since the page file will be written
and read from often, you should use a RAID 1 or RAID 1+0 to provide fault tolerance and good write
performance.
You should place the Exchange Mailbox Database File (EDB) Volume on a RAID 1+0 instead of a RAID 1
volume. Both RAID 1 and RAID 1+0 will provide fault tolerance. However, RAID 1+0 will provide better
performance. RAID 1+0 stripes a mirrored set, which gives you improved read and write performance. You
should place the Exchange Mailbox Database Log Volume on a RAID 1+0 instead of a RAID 5. The
database logs will be written to often. A RAID 5 may provide fault tolerance, but will provide less write
performance than a RAID 1+0.
QUESTION 49
a central office in Atlanta. You plan to open offices in Charlotte and Memphis. You have several mailbox
databases in your organization, DB1, DB2 and DB3. You want to limit which servers can host an active
database in the event of a failure so that a database is not brought online in a secondary datacenter.
What should you run to control the database activation by lagging it on DB1?
A. Set-MailboxServer <ServerName> DatabaseCopyAutoActivationPolicy Blocked

B. Set-MailboxServer <ServerName> DatabaseCopyAutoActivationPolicy IntrasiteOnly
C. Suspend-MailboxDatabaseCopy <Database Name>\<Server Name> -ActivationOnly
D. Resume-MailboxDatabaseCopy <Database Name>\<Server Name> -ActivationOnly
Answer: C
You should run Suspend-MailboxDatabaseCopy <Database Name>\<Server Name> - ActivationOnly. The
Suspend-MailboxDatabaseCopy cmdlet can be used to suspend the activation of a specific copy. This
can be done on the databases that you do not want to be activated automatically. In this scenario, you can
lag database copies of DB1.
You should not run the Set-MailboxServer cmdlet with the DatabaseCopyAutoActivationPolicy
parameter. The Set-MailboxServer cmdlet cannot be used to prevent replication of a specific database.
You can specify the following values for the DatabaseCopyAutoActivationPolicy parameter:
Blocked - Prevents any database from automatically being activated.

IntrasiteOnly - Restricts database failovers to copies that are only in the same Active Directory site.
Unrestricted - Allows any server in the DAG to be for database activation.
You should not run Resume-MailboxDatabaseCopy <Database Name>\<Server Name> - ActivationOnly.

The Resume-MailboxDatabaseCopy cmdlet will resume the copy of a database, not prevent replication.
QUESTION 50
You work as the enterprise Exchange administrator for the Nutex Corporation's Exchange 2010 SP1
organization. You will employ a third-party message transfer agent that transfers mail between a mission-
critical application server and the Exchange organization. You must ensure that the Hub Transport server
accepts e-mail from the third-party message transfer agent.
A. Create an additional Receive connector on the Hub Transport server. Set the usage type to Internal and
the authentication to Basic.
B. Create an additional Send connector on the Hub Transport server. Set the usage type to Internal and
the authentication to Basic.
C. Specify the IP address of the third-party message transfer agent in the connector..
D. Specify the IPv6 address range
0000:0000:0000:0000:0000:0000:0.0.0.0ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255
Answer: AC
You should create an additional Receive connector on the Hub Transport server, set the usage type to
Internal, and set the authentication to Basic. You should configure a Receive connector so that the Hub
Transfer server can receive messages from a third-party transfer agent (MTA). You can set the usage type
to Internal and not to Internet. The Internet type is used to accept anonymous users. Typically, the Internet
type is for Receive connectors used to receive e-mail from servers on the Internet.
You should also limit the IP address of the stations from which the Receive connector will receive
messages. In this scenario, you should specify the IP address of the message transfer agent.
You should not specify the IPv6 address range

0000:0000:0000:0000:0000:0000:0.0.0.0ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255. This address range covers
all IPv6 addresses.
You should limit the IP addresses just to the IP address of the message transfer agent.
You should not create a Send connector. A Send connector is used to send e-mail outbound. Typically, you
would have to create a Send connector on the Edge Transport server.
QUESTION 51
You administer an enterprise Exchange 2003 organization for the Nutex Corporation. Nutex a single domain
named nutex.com. All the domain controllers in your domain run Windows Server 2008 R2.
You plan to install Exchange 2010 SP1 on several servers in your existing Exchange organization. You
inform the CIO that you will be on vacation during the first phase of the scheduled Exchange 2010 SP1
deployment. The CIO requests that you propose a candidate and make changes the user's account so that
the user will be able to perform the duties of the first phase of the installation which updates the schema
and creates an Exchange container.
Which user should you configure?
A. Add Brian to the Domain Admins and Schema Admins groups.

B. Add Linda to the Enterprise Admins and Schema Admins groups.
C. Add Josh to the Enterprise Admins and Exchange Servers groups.
D. Add Ann to the Domain Admins and Exchange Servers groups.
Answer: B
Answer:
Add Linda to the Enterprise Admins and Schema Admins groups.
Explanation:
You should allow Linda to do the first phase of the installation after adding her account to the Enterprise
Admins and Schema Admins groups. To install Exchange 2010 SP1, she must prepare Active Directory
and the domain for Exchange 2010, for which she must be a member of the Enterprise Admins and
Schema Admins groups. The user first needs to prepare legacy Exchange permissions in every domain in
the forest that has either Exchange servers or Exchange domain server groups. There are two ways to
accomplish this. You can run
setup /PrepareLegacyExchangePermissions or setup /pl to prepare legacy Exchange permissions in
every domain in the forest, or you can run setup /PrepareSchema.
You can specify the fully qualified name of the domain (FQDN) to prepare legacy Exchange permissions in
a specific domain. For example, you could run the following command to prepare legacy Exchange
permissions in the nutex.com domain:
setup /PrepareLegacyExchangePermissions: nutex.com
However, you do not necessarily have to run setup /PrepareLegacyExchangePermissions or setup /pl to
prepare the legacy Exchange permissions because this step will be included when you run setup /
PrepareSchema.
You should run setup /PrepareSchema or setup /ps to update the schema with Exchange 2010 specific
attributes. This step can be skipped if you run the setup /PrepareAD /organization:nutex.com or setup /P /
organization:nutex.com commands, which can perform the same function.
The setup /PrepareAD /organization:<FQDN of domain> command does the following:

Creates an Exchange container if one does not exist
Verifies the schema has been updated, creates Exchange container, and objects if the schema has not
been updated
Creates the Microsoft Exchange Security Groups organizational unit (OU)
Creates security groups for Exchange 2010
Prepares the local domain for Exchange 2010
These steps do not have to be performed in an exact sequence, and some steps can be skipped. However,
it is better to run the steps in the order given by Microsoft because you can run each step with an account
that has the minimum permissions required for that step. By following this procedure, you can also verify
that each step was completed successfully before continuing to the next step.
After preparing the Active Directory, you should prepare the domains that will have Exchange 2010 SP1
servers. You can run the setup /PrepareDomain or setup /pd to prepare the local domain, setup /
PrepareDomain:<FQDN of domain> to prepare a specific domain, or setup /PrepareAllDomains or
setup /pad to prepare all domains in your organization. The setup /PrepareDomain command sets
permissions on the domain container for the Exchange Servers, Exchange Organization Administrators,
and Exchange Mailbox Administrators.
All other answers are incorrect because the candidates were not added to the Enterprise Admins or
Schema Admins group. The Domain Admins group allows a user to have administrative rights throughout
the domain; however, this group may not be able to perform certain functions in the Active Directory forest.
The ExchangeServers group only exists after Exchange 2010 SP1 has been installed. This group contains
the computers that are Exchange 2010 SP1 servers in the Exchange organization. The group should not
have users added as members. Do not confuse the ExchangeServers group with the built-in Exchange
Servers management role, which is part of the role-based access control (RBAC) feature of Exchange
Server 2010 and Exchange
Server 2010 SP1. Membership in the Exchange Servers management role allows administrators to do the
following:

Modify the content filtering configuration on Hub Transport servers
Objective:
Sub-Objective:
Exam C
QUESTION 1
You have a Client Access server, Hub Transport server, and Mailbox server deployed in your internal
network, and an Edge Transport server deployed in the perimeter network. You want to ensure that mail
from the Internet can be delivered to recipients of your organization if the Edge Transport server fails.
What should you do?
A. Add an additional Edge Transport server.

Use a hardware load balancer to load-balance the two Edge Transport servers.
Create an A record in DNS for the name of the load balancer that uses the IP address of each of the
Edge Transport servers
B. Add an additional Edge Transport server. Create a failover cluster with the Edge Transport servers.
Create an A record for the failover cluster.
C. Add an additional Edge Transport server.
Create an MX record for the fully qualified domain name (FQDN) of the mail server.
Set the priority to the same value as the other Edge Transport server.
D. Add an additional Edge Transport server.
Create a SRV record for the fully qualified domain name (FQDN) of the mail server.
Set the priority and weight to the same value as the other Edge Transport server.
Answer: C
You should add an additional Edge Transport server and create an MX record for the fully qualified domain
name (FQDN) of the mail server, and set the priority to the same value as the other Edge Transport server.
The Edge Transport server must be in the perimeter network and not the internal network. When you add a
second Edge Transport server, external message delivery to the Internet achieves high availability.
However, for message reception, you will need to configure an additional MX record for the second Edge
Transport server. You should
set the MX records for the Edge Transport servers with the same priority, so that incoming messages to
your organization are load-balanced between the two Edge Transport servers.
You should not create a SRV record for the fully qualified domain name (FQDN) of the mail server and set
the priority and weight to the same value as the other Edge Transport server. A SRV record is not needed
for Internet recipients to be able send mail to recipients of your organization. Users from the Internet need
to be able to resolve a mail exchange (MX) record, not a SRV record.
You should not use a hardware load balancer to load-balance the two Edge Transport servers. By creating
an A record in DNS for the name of the load balancer that uses the IP address of each Edge Transport
servers, you can load balance the Edge Transport servers. Users from the Internet need to be able to
resolve a mail exchange (MX) record of the FQDN of the mail server, not the A record of the Edge
Transport server.
You should not use a failover cluster with the Edge Transport servers. A failover cluster cannot be used with
an Edge Transport server. You can use a failover cluster with a Mailbox server role.
QUESTION 2
a central office in Atlanta. You plan to open offices in Charlotte and Memphis. You have allocated a server
in Charlotte to be the Edge Transport server in the perimeter network at the Charlotte location, and you
allocated a server in Memphis to be the Edge Transport server in a perimeter network at the Memphis
location. All sites will be part of the nutex.com domain.
The CIO says that you must plan for high availability of the Mailbox server role and other roles in the internal
network of the new locations. You must decide how many servers and what configuration must be installed
in each new location.
You have a limited budget. What must you do?
A. Allocate an extra Windows Server 2008 R2 domain controller from the central office for each
location.
Install the Client Access server, Mailbox Server role, and Hub Transport role on a new Windows
Server 2008 R2 computer and the Windows Server 2008 R2 domain controller in each site.
Create a Client Access server array and a Database Availability Group in each site
B. Allocate an extra Windows Server 2008 R2 domain controller from the central office for each
location.
Server 2008 R2 computer and the Windows 2008 domain controller in each site
Make the Windows Server 2008 R2 computer a domain controller and enable global catalog servers
on the domain controllers in each site.
C. Allocate two extra Windows Server 2008 R2 domain controllers from the central office for each
location.
Server 2008 R2 computer and a Windows 2008 domain controller in each site
Make both domain controllers in each site global catalog servers
D. Allocate two extra Windows Server 2008 R2 domain controllers from the central office for each
location.
Install the Client Access server, Mailbox Server role, and Hub Transport role on two new Windows
Server 2008 R2 computers in each site.
Make both domain controllers in each site global catalog servers
Answer: C
Allocate two extra Windows Server 2008 R2 domain controllers from the central office for each location.
Install the Client Access server, Mailbox Server role, Hub Transport role on two new Windows Server
2008 R2 computers in each site.
Create a Client Access server array and a Database Availability Group (DAG) in each site.
Make both domain controllers in each site global catalog servers.
In this scenario, you should plan to have high availability for the Mailbox server role, Client Access server
role and Hub Transport roles. Since these roles rely on the global catalog server, you should have
redundant global catalog servers in each site in case one of the domain controllers that have a global
catalog server fails.
To achieve high availability with a Mailbox server role, you can use a DAG. A DAG must meet the following
requirements:
Members must be in the same domain.

Members cannot be on computers that are domain controllers.
Members of a DAG must be running the same operating system version. All DAG members must be
running Windows Server 2008, or all DAG members must be running Windows Server 2008 R2. You
cannot mix the two operating system versions within the same DAG.
Members must be on computers that have two network adapters.
The DAG must have one IP address on the MAPI network.
It is recommended that you use the Hub Transport server as a witness server for a DAG because it places
minimal additional load on the Hub Transport server. The witness server does not need to run the same
version of the Windows Server operating system as the Mailbox servers in the DAG. A DAG member can
NOT also be a member of a NLB cluster. You must add two additional Windows Server 2008 R2 servers
with the Mailbox server role and the Hub Transport server role installed. You can configure a DAG with
those two servers. You can also
have a Windows Server that is a domain member act as a witness server. To have a member server be a
witness server to a DAG, you must add the Exchange Trusted Subsystem group to the local administrator
group to be used as a witness.
A Client Access server array can provide high availability for a Client Access server. You can configure two
or more Client Access servers into a Client Access server array. You can provide high availability for a Hub
Transport server by having more than one Hub Transport server in an Active Directory site. You should not
choose a solution with only one global catalog server because you should have redundant global catalog
servers in each site.
You should not choose any solution that attempts to create a DAG with a Windows Server 2008 R2
computer and a Windows Server 2008 computer, or a DAG that contains a domain controller. You cannot
create a DAG that has members with two different operating systems, and you cannot have a DAG with a
member that is a domain
QUESTION 3
You work as the enterprise Exchange administrator at Nutex in the home office in Atlanta. Nutex has two
Active Directory sites in Atlanta and Phoenix. The Nutex network consists of a single Active Directory
domain named nutex.com.
You have the following servers installed:
The CIO wants to ensure that you have high availability for mailbox databases by using a Database
Availability Group (DAG) in the Atlanta and Phoenix offices. She asks you to implement a witness server for
a node and file share majority quorum. You must use the minimum number of servers.
What should you do?
A. Install another Mailbox server role on the Client Access servers in Phoenix and Atlanta.
B. Install another Mailbox server role on the Hub Transport servers in Phoenix and Atlanta.
C. Add another Mailbox server role running Windows Server 2008 R2 in Phoenix and Atlanta.
D. Add another Mailbox server role running Windows Server 2008 R2 in Phoenix and Atlanta. Upgrade the
Hub
E. Transport server's operating system in Phoenix and Atlanta to Windows Server 2008 R2.
Answer: C
You need to add another Mailbox server role running Windows Server 2008 R2 in both Phoenix and Atlanta.
You will need to have at least two Mailbox server roles in each site to create a DAG.
All DAG members must run the same operating system. The existing Mailbox server in each site is running
Windows Server 2008 R2. The other Mailbox servers that are added must match the operating system of
the existing Mailbox server. It is recommended that you use the Hub Transport server as a witness server
for a DAG because the additional load placed on the Hub Transport server is minimal. The witness server
does not need to run the same version of the Windows Server operating system as the Mailbox servers in
the DAG.
You do not need to upgrade the Hub Transport server's operating system in Phoenix and Atlanta to
Windows Server 2008 R2. The Hub Transport server can be used as a witness server, but does not need to
run the same version of the Windows Server operating system as the Mailbox servers in the DAG. Also, you
are not allowed to update the operating system once Exchange 2010 SP1 has been installed on the server.
You cannot install another Mailbox server role on either the Client Access server or Hub Transport server in
Phoenix and Atlanta. The Client Access server and Hub Transport server in both sites run a different
version of the Windows Server operating system as the existing Mailbox server in the site. All DAG
members must run the same operating system.
QUESTION 4
You administer an Exchange 2010 SP1 organization with multiple Active Directory sites. You plan to
upgrade the operating system of several of the Exchange 2010 SP1 server roles to Windows Server 2008
R2. You want to ensure that if you bring any Hub Transport server offline to upgrade the operating system,
it should not delay the sending of messages to the Internet. Also, if a Hub Transport server fails, you should
be able to simply remove it from production without worrying about emptying its queues or losing messages.
What should you do?
A. Add multiple Hub Transport servers to each Active Directory site and ensure that the organization has
multiple Edge Transport servers.
B. Ensure that the organization has multiple Hub Transport servers and multiple Edge Transport servers.
C. Ensure that the organization has multiple Hub Transport servers and multiple Edge Transport servers in
each Active Directory site. Create a failover cluster for the Hub Transport servers and create a failover
cluster for the Edge Transport servers.
D. Add multiple Hub Transport servers to each Active Directory site. Create a server array with each Hub
Transport server.
Answer: B
You should add multiple Hub Transport servers to each Active Directory site and ensure that the
organization has multiple Edge Transport servers. Having multiple Hub Transport servers in an Active
Directory site and having multiple Edge Transport servers in your organization can provide shadow
redundancy.
Shadow redundancy provides the following features:

Redundant paths for a message in transit.
Message deletion from a transport database is delayed until the server verifies that all of the next hops
for that message have completed delivery.
Ensures that a Hub Transport server or Edge Transport server is disposable as long as redundant
message paths exist in your routing topology.
Alleviates worrying about empting queues or losing messages if a Hub Transport server or Edge
Transport server fails.
Provides resilience and simplifies recovery from a transport server failure.
You should have an MX record for each Edge Transport server with the same priority in order to load-
balance incoming messages to the Edge Transport servers.
You should not ensure that the overall organization has multiple Hub Transport servers and multiple Edge
Transport servers. Each Active Directory site requires more than one Hub Transport server. You cannot
achieve high availability or shadow redundancy solely by installing multiple Hub Transport servers in the
organization. You must have multiple Hub Transport servers in each Active Directory site, not just the
organization. You do not have to create an array of Hub Transport servers. You can have shadow
redundancy in a site by simply having multiple Hub Transport servers in the site and multiple Edge
Transport servers in the organization. You do not have to provide additional configuration for the Hub
Transport servers. If one Hub Transport server in a site is unavailable, Exchange services will automatically
use the other Hub Transport server for message transport.
You do not have to create a failover cluster for the Hub Transport servers and create a failover cluster for
the Edge Transport servers. You can only create a failover cluster for the Mailbox server role, which is
accomplished by using a Database Availability Group (DAG) to provide high availability for Mailbox server
roles to ensure failover of a mailbox. You can provide high availability for an Edge Transport server by
having multiple Edge Transport servers in your organization. You should create multiple MX records
pointing to each Edge Transport servers.
QUESTION 5
You are the Exchange administrator for the Nutex Corporation's Exchange organization. Nutex has single
Active Directory domain named nutex.com. You have a Client Access server, Hub Transport server, and
Mailbox server deployed in the internal network and an Edge Transport server, named ExchEdge1,
deployed in the perimeter network.
You must ensure that mail from the Internet can be delivered to recipients within the Nutex organization if
an Edge Transport server fails. You must do the following to ensure high availability:
Install a second Edge Transport server named ExchEdge2

Create a MX record for the fully qualified domain name (FQDN) of the mail server
Set the priority of the MX record to the same value as the ExchEdge1 server
How should you duplicate the configuration of the ExchEdge1 server to the ExchEdge2 server?
(Choose two. Each correct answer is part of the solution.)
A. Copy the ExportEdgeConfig.ps1 script to the root folder on the ExchEdge1 server.
B. Copy the ExportEdgeConfig.ps1 script to the root folder of your user profile on the ExchEdge1 server.
C. Use the Windows Server Backup utility on ExchEdge1 to back up system state data only.
D. Use the ExportEdgeConfig.ps1 script on ExchEdge1 with the CloneConfigData parameter.
E. Use the Windows Server Backup utility on ExchEdge1 to perform a full backup of the server.
Answer: BD
You should copy the ExportEdgeConfig.ps1 script to the root folder of your user profile on the ExchEdge1
server. Next, you should run the ExportEdgeConfig.ps1 script with the CloneConfigData parameter.
Cloned configuration is the method used to back up user-configured settings on an Edge Transport server.
The ExportEdgeConfig.ps1 and ImportEdgeConfig.ps1 scripts are installed automatically when you
install the Edge Transport server role. These scripts perform the configuration cloning. All user-configured
settings and data
from an Edge Transport server are exported by the ExportEdgeConfig.ps1 script. This data is stored in an
.xml file. You can import the .xml file created by the ExportEdgeConfig.ps1 script to the new Edge
Transport server, ExchEdge2, by using the ImportEdgeConfig.ps1 script.
Both scripts are located in the \Scripts folder in your Exchange installation folder. The default location for
this folder is C:\Program Files\Microsoft\Exchange Server\Scripts. To back up an Edge Transport server
by using the ExportEdgeConfig.ps1 script, you should perform the following tasks:
Copy the ExportEdgeConfig.ps1 script to the root folder of your user profile on the server that you are
backing up.
Capture the configuration by running the ExportEdgeConfig.ps1 script with the CloneConfigData
parameter in the Exchange Management Shell:
./ExportEdgeConfig -cloneConfigData:"C:\FileName.xml"
You should not copy the ExportEdgeConfig.ps1 script to the root folder on the ExchEdge1 server. The
ExportEdgeConfig.ps1 script should be copied to the root folder of your user profile on the server that you
are backing up, not the root folder of the server.
You should not use the Windows Server Backup utility on ExchEdge1 to back up the system state data or
to perform a full backup. When you back up the system state on a non-domain controller, the backup will
include the boot file, the COM+ class registration database, and the registry. A full backup is a complete
backup, and it archives every selected database as well as all necessary log files. However, the Windows
Server Backup utility does not allow you to store that data in an .xml file. The .xml file is required to hold the
saved configuration data
from the parent server.
QUESTION 6
You are the Exchange administrator of the Nutex Corporation's Exchange 2010 SP1 organization. You want
to plan for the eventuality of a highly available mailbox database failure.
You want to ensure the following:
After failure, the mailbox database should not automatically mount until all logs that were generated on
the active copy have been copied to the passive copy.
Potential candidates for activation should not be judged on copy queue length, but on the database
copy's activation preference value.
What cmdlet should you use?
A. Use the Set-MailboxServer cmdlet with the AutoDatabaseMountDial parameter set to

BestAvailability
B. Use the Set-MailboxServer cmdlet with the AutoDatabaseMountDial parameter set to
GoodAvailability
C. Use the Set-MailboxServer cmdlet with the AutoDatabaseMountDial parameter set to Lossless
D. Use the Set-MailboxServer cmdlet with the DatabaseCopyAutoActivationPolicy parameter set to
Blocked
E. Use the Set-MailboxServer cmdlet with the DatabaseCopyAutoActivationPolicy parameter set to
Unrestricted
Answer: C
You should use the Set-MailboxServer cmdlet with the AutoDatabaseMountDial parameter set to
Lossless. When the AutoDatabaseMountDial parameter is set to Lossless, a database will not mount
automatically until all logs generated on the active copy have been copied to the passive copy. The value of
Lossless will cause Active Manager's algorithm to find potential candidates for activation based on the
database copy's activation preference value.
You should not set the AutoDatabaseMountDial parameter of the Set-MailboxServer cmdlet to
BestAvailability or GoodAvailability. The value of BestAvailability allows the database to be
automatically mounted if the copy queue length is less than or equal to 12. The value of GoodAvailability
allows the database the database be automatically mounted immediately after a failover if the copy queue
length is less than or equal to six. The default value of the AutoDatabaseMountDial parameter is
BestAvailability. If the copy queue length
is less than or equal to 12 and of the AutoDatabaseMountDial parameter is BestAvailability, Exchange
Server attempts to replicate the remaining logs to the passive copies and mount the database. If the copy
queue length is less than or equal to 6 and of the AutoDatabaseMountDial parameter is GoodAvailability
, Exchange Server attempts to replicate the remaining logs to the passive copies and mount the database.
Only the value of Lossless will not prevent automatic mounting until all logs generated on the active copy
have been copied to the passive copy.
You should not use the DatabaseCopyAutoActivationPolicy parameter with the Set-MailboxServer
cmdlet. The DatabaseCopyAutoActivationPolicy parameter is used to specify the type of automatic
activation available for mailbox database copies. This parameter will not determine the automatic database
mount behavior.
You can specify the following as values of the DatabaseCopyAutoActivationPolicy parameter:

QUESTION 7
You administer an enterprise Exchange 2010 SP1 organization with two office locations that are connected
by high-speed links.
The CIO instructs you to do the following:
Provide high availability for message delivery from the Internet to recipients in your organization
Ensure messages from recipients in your organization are delivered if a Hub Transport server fails
Minimize the number of servers in use
You have both a Hub Transport server and an Edge Transport server in each location. Each Edge
Transport server has a MX record with same priority configured in DNS.
What must you do?
A. Install an additional Hub Transport server in each location.

B. Install an additional Hub Transport server and an additional Edge Transport server in each location.
C. Install an additional Hub Transport server in each location and configure an additional Receive
connector on each Hub Transport server.
D. Install an additional Hub Transport server and an additional Edge Transport server in each location.
Configure an additional Send connector on each Edge Transport server.
Answer: A
You should install an additional Hub Transport server in each location. You must have a Hub Transport
server in each site for message delivery. You can achieve high availability for Hub Transport services by
adding additional Hub Transport servers in the same site.
You do not have to configure new Send connectors or modify the default Receive connectors. If a Hub
Transport server in a site fails, then Exchange services will use another Hub Transport server in that site.
No additional configuration is required.
You do not have to add an additional Edge Transport server to each location. You currently have two Edge
Transport servers that have MX records with the same priority. Incoming messages to the Exchange
organization are currently load-balanced between the Edge Transport servers.
You do not have to add an additional Receive connector on each Hub Transport server. No additional
configuration is required for Exchange services to use another Hub Transport server if another Hub
Transport server fails within the site.
QUESTION 8
You are the Exchange administrator of the Nutex Corporation's Exchange 2010 SP1 organization. Your
corporate network currently consists of a single Active Directory domain named nutex.com and a single
site. Nutex opens a new branch office to expand its business operations. In the central office, you install a
domain controller named dc5.nutex.com that is set as an additional global catalog server. You also
implement several Windows Server 2008 R2 servers and Windows 7 computers with Exchange 2010
management tools installed.
The central office and the branch office are connected by a dedicated WAN link. You create a new Active
Directory site named Site2. When dc5.nutex.com and the new client computers are delivered to the
branch office, you want to configure them to belong to Site2.
Which of the following should you do? (Choose two. Each correct answer is part of the solution.)
A. Move the dc5.nutex.com server object to Site2.

B. Move the computer objects for the new client computers to Site2.
C. Create a subnet object in Site2 and assign dc5.nutex.com an IP address from the range of that subnet.
D. Create a subnet object in Site2 and assign the new client computers IP addresses from the range of
that subnet.
E. In a GPO linked to the new domain, configure a policy that assigns the new client computers to Site2.
F. In a GPO linked to the Domain Controllers organizational unit, configure a policy that assigns dc5.
nutex.com to Site2.
Answer: AD
You must do the following:
Move the dc5.nutex.com server object to Site2.

Create a subnet object in Site2 and assign the new client computers IP addresses from the range of that
subnet.
You must have a global catalog server in every site where Exchange 2010 SP1 is installed. In this scenario,
you created the domain controller with the global catalog server installed in the central office. To assign a
domain controller to a specific Active Directory site, the server object that represents that domain controller
must be moved to the Servers container in the appropriate site. To move dc5.nutex.com to Site2 in this
scenario, you should use Active Directory Sites and Services to move the dc5.nutex.com server object to
the Servers container
that is a child of the Site2 container.
Client computers and member servers are not assigned to sites explicitly. Their site affiliations are
determined automatically from the IP addresses assigned to those computers. In this scenario, you should
use Active Directory Sites and Services to create a new subnet object in Site2 and specify an IP address for
that subnet. When the new client computers are physically connected to the network in the branch office,
you should assign them IP addresses that belong to the new subnet. Site affiliations cannot be configured in
Group Policy objects (GPOs).
QUESTION 9
You work as the enterprise Exchange administrator for the Nutex Corporation's Exchange 2010 SP1
organization. You have two Database Availability Group (DAG) members that have the Mailbox server role,
Hub Transport server role, and Client Access server role installed.
The CIO instructs you to ensure that you can load balance RPC traffic for the Client Access servers. You
have ordered two hardware load balancers from a vendor. Due to non-payment on a previous order, the
delivery of the hardware load balancers has been delayed by two weeks.
What can you do to implement load balancing so that users who use RPC client access are able to connect
to their mailboxes within 5 minutes of failure?
A. Install two Microsoft Internet Security and Acceleration (ISA) servers

Implement an ISA server array
Create an A record for each ISA server in the array
Create CNAME record for the ISA server array name that uses the IP address of both ISA servers
Change the TTL of the A record for the ISA server array name to 5 minutes
B. Install two Microsoft Internet Security and Acceleration (ISA) servers
Implement an ISA server array
Create an A record for each ISA server in the array
Create an A record for the ISA server array name that uses the IP address of both ISA servers
Change the TTL for the A record of each ISA server array to 5 minutes
C. Create two A records for the Client Access array
Point one A record to the first multi-role DAG server
Point one A record to the second multi-role DAG server
Change the TTL of the two A records to 5 minutes
D. Create two CNAME records for the Client Access array
Point one CNAME record to the first multi-role DAG server
Point one CNAME record to the second multi-role DAG server
Change the TTL of the two CNAME records to 5 minutes
Answer: C
You should create two (A) records for the Client Access array, point each A record to one of the two multi-
role DAG servers, and change the TTL of the two A records to 5 minutes. In this scenario, you are tasked
with load balancing RPC traffic for RPC Client Access. An ISA server can load balance HTTP and HTTPS
traffic, but cannot load balance RPC traffic. You can use DNS round robin to achieve load balancing. To do
so, you will need to create two host (A) records for each multi-role DAG member.
Because DNS round robin does not ensure automatic failover, you will have to change the value of the time
to live (TTL) on the A record for each multi-role DAG member. You want to ensure that users who use RPC
client access are able to connect to their mailboxes within 5 minutes of failure. This can be achieved by
decreasing the TTL values to 5 minutes on the A record for each multi-role DAG member. When the TTL
value of the A record is set to 5 minutes, clients that have cached the A record in the past will flush that A
record from their DNS cache
within 5 minutes.
All other answers are incorrect. You cannot use CNAME or alias records on a DNS server to achieve DNS
round robin. You must use A records. You cannot use an ISA server to load balance RPC traffic. Besides a
hardware load balancer, you could use Windows Network Load balancing to load balance RPC traffic for
RPC Client Access.
QUESTION 10
Active Directory domain named nutex.com. All Exchange server roles are running Exchange 2010 SP1. All
your users use Office Outlook 2010 and Outlook Web App.
You want to use MailTips to do the following:
Notify users about issues or limitations with their outgoing messages

Minimize the number of e-mail messages received by company executives due to users sending
messages to company-wide distribution groups.
Minimize the number of non-delivery reports (NDRs)
How should you optimize the use of MailTips?
A. Ensure that Client Access servers are on the same high-bandwidth subnet as the global catalog server
and Mailbox server.
B. Inform users to use distribution groups are universal to ensure that MailTips can expand beyond 250
characters.
C. Configure MailTips to appear if a message has more than 200 recipients.
D. Configure MailTips to use the offline mode with Outlook.
Answer: A
Section: Designing and Deploying Messaging Compliance, System Monitoring, and Reporting
You should ensure that Client Access servers are on the same high-bandwidth subnet as the global catalog
server and Mailbox server. Client Access servers need a fast connection to a global catalog server and
Mailbox server. The Client Access server uses Active Directory information, recipient mailbox information,
and local group metrics to compile MailTips. The Client Access server will need to query the global catalog
server to gather Active Directory information and will need to query the Mailbox server to query recipient
mailbox information in order to
compile MailTips.
MailTips can help minimize mail violations, such as composing e-mails to recipients who do not exist or
sending inappropriate content to a large number of recipients, by analyzing user metrics and notifying the
user of potential problems before a message is actually sent. The information provided by MailTips can help
the senders adjust the message they are composing to avoid errors and non-delivery reports (NDRs). In
Exchange 2010 SP1, you can control how MailTips are shared between your organization and other
organizations with which you configured an organizational sharing relationship and you can monitor
changes to
event logs regarding MailTips.
All other answers are incorrect. MailTips are limited to 250 characters. You can create a Custom MailTip
beyond 250 characters. MailTips will not appear if a message has more than 200 recipients and cannot use
the offline mode with Outlook.
QUESTION 11
You are the administrator for the Nutex Corporation's Exchange 2010 SP1 organization.
You want to record the SMTP conversations that occur when messages are sent from:
Hub Transport servers to other Hub Transport servers in your organization

Hub Transport servers to Edge Transport servers in the Exchange organization
What should you do?
A. Enable protocol logging for the intra-organization Send connector on each Hub Transport server in the
organization
B. Enable audit logging on each Hub Transport server in the organization
C. Enable protocol logging for the intra-organization Receive connector on the Hub Transport server
D. Enable audit logging on each Edge Transport server in the organization
Answer: A
You should enable protocol logging for the intra-organization Send connector on each Hub Transport server
in the organization. A Send connector is implicitly created on a Hub Transport server, called the intra-
organization Send connector. Protocol logging is disabled on this connector by default. Protocol logging
records the SMTP conversations that occur between Hub Transport servers and Edge Transport servers as
part of message delivery. Protocol logging should be enabled to diagnose mail flow problems.
You should not enable protocol logging for the intra-organization Receive connector on the Hub Transport
server. The intra-organization Send connector on the Hub Transport server is used to relay messages to
other Hub Transports servers in the organization and to Edge Transport servers in the organization. You
should enable protocol logging on the intra-organization Send connector, not the Receive connector.
You should not enable audit logging on each Hub Transport server or Edge Transport server in the
organization. Audit logging is used to track which cmdlets are run on any Exchange 2010 server roles and
to trace changes a person has made to an Exchange 2010 server role. A
QUESTION 12
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. New
federal laws require all communication regarding employee purchases of your company's stock must be
retained. The CIO wants to ensure that Nutex complies with the new laws. You are instructed to ensure that
Nutex keeps an archived copy of all messages sent to the Nutex_Finance distribution group.
What should you do?
A. You should use standard journaling

B. You should use premium journaling
C. You should use transport rules
D. You should use transport rules and apply a RMS template
Answer: B
You should use premium journaling. The Journaling feature of Exchange 2010 allows you to record all
messages for an organization's archival strategy. Journaling helps your exchange organization comply with
new legal and regulatory requirements. You can configure standard journaling or premium journaling.
Standard journaling allows a journal agent to journal all messages sent to and from mailboxes located on a
particular mailbox database. Premium journaling allows the Journaling agent to journal based on journal
rules instead of the mailbox database.
With premium journaling, you can journal all messages sent to recipients or members of a distribution
groups. You must have an Exchange Enterprise client access license (CAL) to use premium journaling.
You should not use standard journaling in this scenario. Standard journaling will not allow you to journal at a
granular level of the Nutex_Finance distribution group. You can only journal based on the mailbox
database with
standard journaling.
You would not use a transport rule to archive message sent to the Nutex_Finance distribution group. A
transport rule is used to restrict message flow or to modify messages in transit by attaching disclaimers to
them. You can specify conditions and actions on a transport rule. You could specify the conditions on a
transport rule to apply to users inside the organization and when the subject field or body of the message
contains a particular word or phrase, such as "Top Secret."
QUESTION 13
want to make several users responsible for purging unwanted content from the mailboxes of other users in
the organization.
How should you plan for this?
A. Create a security group named NutexPurgeAdmins and add the security group to the Records
Management management role group.
B. Create a security group named NutexPurgeAdmins and add the Mailbox Import Export management
role to the security group.
C. Create a distribution group named NutexPurgeAdmins and add the distribution group to the Discovery
D. Create a security group named NutexPurgeAdmins and add the Mail Recipients management role to
the security group.
Answer: B
You should create a security group named NutexPurgeAdmins and add the Mailbox Import Export
management role to the security group. The NutexPurgeAdmins group will contain the users that are
responsible for purging unwanted content from the mailboxes of other users in the organization. The Mail
Import Export role should be added to the security group. This role enables users to purge unwanted
content from a mailbox, as well as to import and export mailbox content.
You can use the New-ManagementRoleAssignment cmdlet to add a management role to a security
group. The following adds the Mailbox Import Export role to the security group named NutexPurgeAdmins.
The role assignment is referenced as Import_Export_Nutex:
New-ManagementRoleAssignment -Name "Import Export_Nutex" -SecurityGroup

"NutexPurgeAdmins" -Role "Mailbox Import Export"
When the Mailbox Import Export role is assigned to a group or user, the user or group is granted full access
rights to all mailboxes in its scope. Since this can be a security issue, it should be assigned with care. You
should not add the NutexPurgeAdmins group to the Records Management management role group.
Members of the Records Management role group do not have the permission to purge information from a
mailbox, nor do they have the permission to import or export data to and from a mailbox. The Records
Management role
group has the ability to configure policy tags, message classifications, and transport rules.
You should not add the NutexPurgeAdmins group to the Discovery Management management role group.
Members of the Discovery Management role group do not have the permission to purge information from a
mailbox, nor do they have the permission to import or export data to and from a mailbox. The Discovery
Management role group has the ability to search mailboxes in an organization and configure a legal hold on
a mailbox.
You should not add the Mail Recipients management role to the security group. This role allows a user or
group assigned the role to manage mailboxes, users and mail contents in an organization. This role does
not allow a user or group the permission to purge information from a mailbox, nor do they have the
permission to import or export data to and from a mailbox.
QUESTION 14
You are the Exchange administrator for an Exchange 2010 SP1 organization. You manage several
administrators who will need to administer Exchange 2010 SP1 servers via Remote PowerShell. You want
to ensure that all administrators connect securely to any Exchange servers.
What should you recommend?
A. Recommend using RDP 5.2 or higher with SSL

B. Recommend using Windows Remote Management (WinRM) with HTTPS
C. Ensure the secondary logon service is started on all Exchange services and RDP with Network Level
Authentication (NLA) is set on all Exchange servers
D. Ensure the IP Helper service is started on all Exchange services and RDP with Network Level
Authentication (NLA) is set on all Exchange servers
Answer: B
You should recommend using Windows Remote Management (WinRM) with HTTPS. Remote PowerShell
requests are sent via the HTTP/HTTPS protocol. These requests use Internet Information Services (IIS). IIS
interacts with WINRM and the Web Services for Management (WSMan) protocol to make a session
connection. You should not use RDP 5.2 or higher with SSL. Remote Desktop Communication 5.2 or higher
supports encryption with SSL using TLS 1.0. However, in this scenario, you want to support PowerShell
commands being executed remotely by administrators. Remote PowerShell requests are sent via the
HTTP/HTTPS protocol. RDP allows a user to connect via a Remote Desktop session. RDP 5.2 or higher
will allow the communication of the RDP session to be encrypted via SSL. RDP is not required to execute
Remote PowerShell commands.
You do not have to ensure the secondary logon service is started on all Exchange services and RDP with
Network Level Authentication (NLA) is set on all Exchange servers. NLA is an authentication method that
Windows 7 and Windows 2008 clients can use to authenticate before establishing an RDP connection. NLA
reduces the risk of denial-of-service attacks on the computer that users are connecting to with RDP. The
secondary logon service or NLA are not required to execute Remote PowerShell commands.
You do not have to ensure the IP Helper service is started on all Exchange services and RDP with Network
Level Authentication (NLA) is set on all Exchange servers. The IP Helper service is started by default on all
Windows 7 and Windows Server 2008 servers. This service allows tunnel connectivity using IPv6 transition.
This service is needed for 6to4, ISATAP, Port Proxy, Teredo technologies. The IP Helper service is not
required to execute Remote PowerShell commands.
QUESTION 15
You are the Nutex Corporation's Exchange 2010 administrator. You want to find out whether the Chief
Financial Officer, Lisa Smith, has done the following to her mailbox:
Deleted items permanently from the Recoverable Items folder

Deleted items permanently from the Deleted Items folder
What must you do?
A. Search-MailboxAuditLog -Identity "Lisa Smith" -LogonTypes HardDelete, SoftDelete

B. Set-Mailbox -Identity "Lisa Smith" -AuditOwner HardDelete, SoftDelete - AuditEnabled $true
C. Set-Mailbox -Identity "Lisa Smith" -AuditAdmin HardDelete, SoftDelete - AuditEnabled $true
D. Set-Mailbox -Identity "Lisa Smith" -AuditDelegate HardDelete, SoftDelete - AuditEnabled $true
Answer: B
You should run the following:
Set-Mailbox -Identity "Lisa Smith" -AuditOwner HardDelete, SoftDelete -AuditEnabled $true
You must use the Set-Mailbox cmdlet to enable or disable mailbox audit logging. Exchange 2010 SP1
expands the auditing capabilities of Exchange 2010 by logging access to a mailbox performed by
administrators, delegates, and mailbox owners. You must use the -AuditEnabled $true switch to enable
mailbox auditing logging. In this scenario, you must use the -AuditOwner switch to see what actions were
performed by the mailbox owner. In this scenario, you will need to audit the HardDelete action and
SoftDelete action. You should not use the -AuditAdmin switch or the -AuditDelegate switch. The -
AuditDelegate switch is used to audit actions performed by delegate users on the mailbox. The -
AuditAdmin switch is used to audit actions performed by administrators on the mailbox. In this scenario,
you want to know what actions the user performed on her mailbox. You should use the -AuditOwner
switch.
QUESTION 16
You administer an Exchange 2010 SP1 organization. The CIO wants all messages sent to users outside of
the
organization to contain the user's contact information and a legal disclaimer. He instructs you to ensure that
all
messages for non-organizational recipients contain the sender's name, address, division, telephone
number, and
mobile phone number at the bottom of the message, along with a standard privacy disclaimer.
A. Use the Get-Mailbox cmdlet to specify the disclaimer text on all recipients and Active Directory
attributes of the sender
B. Specify the disclaimer text and Active Directory attributes of the sender in the Message Delivery tab in
the transport settings of each Hub Transport server
C. Use a journal rule to specify the disclaimer text and Active Directory attributes of the sender
D. Use a transport rule to specify the disclaimer text and Active Directory attributes of the sender
Answer: D
You should use a transport rule to ensure that all messages sent to users outside your organization contain
the sender' name, address, division, telephone, and mobile phone number at the bottom of the message
along with a disclaimer. You can use the Transport Rule Wizard to create this rule.
You can add in HTML code that can read the Active Directory attributes of the user. The following code
could be added into the disclaimer text box on the Transport Rule Wizard to create a disclaimer that
contains the sender's name, address, office, and phone number, as well as a legal message:
<hr>
%%DisplayName%% 

%%Department%% - %%Company%% 
%%StreetAddress%% - %%City%% - %%StateOrProvince%% - %%PostalCode%% 
Telephone: %%Phone%% / Fax: %%Fax%% / Mobile: %%MobilePhone%% 

<h5> 
The content of this e-mail (including any attachments) is strictly confidential and may be commercially
sensitive. If you are not, or believe you may not be, the intended recipient, please advise the sender
immediately by return email, delete this e-mail and destroy any copies. All brands and products are
copyrighted of the Nutex Corporation. Any use without the express written consent of the Nutex Corporation
is strictly prohibited and will result in legal action. Have a nice day.
In addition to using the Transport Rule Wizard, you can use the New-TransportRule cmdlet to create a
disclaimer with recipient's information, Active Directory contact information, and a disclaimer in the e-mail,
as
shown in the following example:
New-TransportRule -Name 'DisclaimerTransportRule' -Comments 'This appends a

disclaimer on the bottom of all messages along with the name and address of the
sender.' -Priority '0' -Enabled $true -SentToScope 'NotInOrganization' -
ApplyHtmlDisclaimerLocation 'Append' -ApplyHtmlDisclaimerText '<hr>
%%DisplayName%% 

%%Department%% - %%Company%% 
%%StreetAddress%% - %%City%% - %%StateOrProvince%% - %%PostalCode%% 
Telephone: %%Phone%% / Fax: %%Fax%% / Mobile: %%MobilePhone%% 

<h5> 
The content of this e-mail (including any attachments) is strictly confidential and may be commercially
sensitive. If you are not, or believe you may not be, the intended recipient, please advise the sender
immediately by return e-mail, delete
this e-mail and destroy any copies. All brands and products are copyrighted of the Nutex Corporation. Any
use without the express written consent of the Nutex Corporation is strictly prohibited and will result in legal
action. Have a nice day.
' -ApplyHtmlDisclaimerFallbackAction 'Wrap'
You should not use a journal rule to specify the disclaimer text and Active Directory attributes of the sender.
A
journal rule is used to comply with legal, regulatory, and organizational requirements. A journal rule records
inbound and outbound e-mail communications. A journal rule will not delete a message; it will keep a copy
of a
message. For example, the following journal rule journals all messages sent to or from the distribution
group
named Tax@nutex.com. These messages are sent to the user with the e-mail address
GeorgeP.Burdell@nutex.com.
New-JournalRule -Name 'NutexJournalRule' -JournalEmailAddress
'GeorgeP.Burdell@nutex.com' -Scope 'External' -Enabled $true -Recipient
'Tax@nutex.com'
You should not use the Get-Mailbox cmdlet to specify the disclaimer text and Active Directory attributes of
the sender. You can use the Get-Mailbox and Export-Mailbox cmdlets to search for and delete messages
that have already been delivered to a mailbox, but not to attach a disclaimer or append information to
messages that have already been delivered. You should not specify the disclaimer text and Active Directory
attributes of the sender in the Message Delivery tab in the transport settings of the Hub Transport server.
You cannot specify a disclaimer or append information to a message in the message content in the
Transport Setting properties. The Hub Transport server role handles all mail flow inside the organization,
applies journaling policies, applies transport rules, and delivers messages to a recipient's mailbox. You can
use these settings to specify transport limits, such as the maximum send and receive size of a message
and the maximum number of recipients.
QUESTION 17
need to monitor the disk space on your on-premise mailbox servers, specifically so you can detect
excessive log growth. If there is excessive log growth, you need to take action to find the source of problem.
What should you do?
A. Run Troubleshoot-DatabaseLatency.ps1
B. Run Troubleshoot-DatabaseSpace.ps1
C. Run the Exchange Server Load Generator (LoadGen) 2010 tool
D. Run the Exchange Server Jetstress 2010 tool
Answer: B
You should run Troubleshoot-DatabaseSpace.ps1. This script can detect and correct any excess log
growth or Exchange database file growth. The Troubleshoot-DatabaseSpace.ps1 script is stored in the %
ProgramFiles% \Microsoft\Exchange Server\V14\Scripts directory.
This script is run by System Center Operations Manager 2007 every 15 minutes to monitor growth. If you do
not use System Center Operations Manager 2007, you can use Task Scheduler to configure and run
Troubleshot-DatabaseSpace.ps1 script at specified times.
You should not run Troubleshoot-DatabaseLatency.ps1. This script detects and corrects high latencies
on a database. This script is run by System Center Operations Manager 2007. If you do not use System
Center Operations Manager 2007, you can use Task Scheduler to configure and run the Troubleshoot-
DatabaseLatency.ps1. This script will not check if there is excessive growth in a mailbox database log
growth.
You should not run the Exchange Server Load Generator (LoadGen) 2010 tool. LoadGen is a simulation
server to handle a typical load or heavy load from MAPI, OWA, IMAP, POP, and SMTP clients. LoadGen
will not check if there is excessive growth
in a mailbox database log growth.
You should not run the Exchange Server Jetstress 2010 tool. The Exchange Server Jetstress 2010 tool
simulates the Exchange disk Input/Output (I/O) load by simulating a database and log file loads of a
specified number of users. The Exchange Server Jetstress 2010 tool will not check if there is excessive
growth in a mailbox database log growth.
QUESTION 18
You are the Exchange administrator for an Exchange organization that has a single Active Directory
domain. The CIO instructs you to ensure that no deleted messages for the CEO of the corporation are
purged, and that any record changes made to mailbox items can be returned in a discovery search.
What should you do?
A. Configure the CEO's mailbox as an arbitration mailbox

B. Place the CEO's mailbox on legal hold
C. Place the CEO's mailbox on retention hold
D. Configure a managed folder mailbox policy for the CEO's mailbox
Answer: B
You should place the CEO's mailbox on litigation hold. Litigation hold, also referred to as legal hold,
prohibits messages from being deleted. Any deleted items and all versions of changed items are retained in
the Recoverable Items folder. When the -LitigationHoldEnabled parameter is set to $True in the Set-
Mailbox cmdlet, single-item recovery quotas are not applied. Any messages that were purged from the
dumpster are retained and are held indefinitely.
You should not configure the CEO's mailbox as an arbitration mailbox. Arbitration mailboxes are specialty
mailboxes that are part of the approval flow for moderated transport features in Exchange 2010.
Specifically, they handle moderated recipients and distribution group approval. Arbitration mailboxes are still
bound by the settings in the retention policy.
You should not place the CEO's mailbox on retention hold. A retention hold suspends the processing of a
retention policy. During a retention hold, users can log on to their mailbox and change or delete messages.
Also, any deleted items that are past the deleted item retention period are not returned in a search of the
mailbox. You wanted to ensure that any record changes made to mailbox items could be returned in a
discovery search. You should not use a managed folder mailbox policy for the CEO's mailbox. A managed
folder mailbox policy may
archive messages, but will allow items to be deleted after a certain time. A managed folder mailbox policy
helps prevent a mailbox from becoming too large. In this scenario, you want to ensure that no messages
would be deleted for the CEO.
QUESTION 19
You are the Exchange administrator for the Nutex Corporation's Exchange organization. You have several
research scientists who will be traveling to South America to conduct experiments and gather data for
several weeks. The scientists will have little or no access to their e-mail while in the field. The CIO instructs
you to ensure that none of the scientists' messages will be deleted while they are in South America. If the
scientists are able to access to their e-mail, they should be free to manually delete or change items in their
mailboxes.
What should you do?

A. Configure the scientists' mailboxes as arbitration mailboxes
B. Place the scientists' mailboxes on legal hold
C. Place the scientists' mailboxes on retention hold
D. Configure a managed folder mailbox policy for the scientists' mailboxes
Answer: C
You should place the scientists' mailboxes on retention hold. A retention hold suspends processing of a
retention policy. During retention hold, users can log on to their mailboxes and change or delete messages.
Any deleted items that are past the deleted item retention period are not returned in a search of the
mailbox. In this scenario, you wanted to suspend processing of the retention policies on the scientist's
mailboxes, but allow them to manually delete or change items in their mailboxes while in the field.
You should not configure the scientists' mailboxes as an arbitration mailbox. Arbitration mailboxes are
specialty mailboxes that are part of the approval flow for moderated transport features in Exchange 2010.
Specifically, they handle moderated recipients and distribution group approval. Arbitration mailboxes are still
bound by the settings in the retention policy.
You should not place the scientists' mailboxes on legal hold. Legal hold, also referred to as litigation hold,
prohibits messages from being deleted. Any deleted items and all versions of changed items are retained in
the Recoverable Items folder. When the -LitigationHoldEnabled parameter is set to $True in the Set-
Mailbox cmdlet, single-item recovery quotas are not applied. Any messages that were purged from the
dumpster are retained and are held indefinitely. In this scenario, you wanted the scientists to be able to
change or delete messages in their mailboxes.
You should not use a managed folder mailbox policy for the scientists' mailboxes. A managed folder
mailbox policy may archive messages, but will allow items to be deleted after a certain time. A managed
folder mailbox policy helps prevent a mailbox from becoming too large. In this scenario, you want to ensure
that no messages would be deleted for the scientists while they were away unless the scientists deleted the
message themselves.
QUESTION 20
A corporate environment includes Exchange Server 2010 SP1. The company plans to implement
messaging records management (MRM). You need to recommend an implementation plan that meets the
following requirements: Enable users to mark their own messages for retention. Delete messages that
have no retention value. What should you recommend?
A. Apply a default policy tag to each user's mailbox and use personal tags.
B. Apply a litigation hold to each users mailbox and configure transport rules.
C. Apply a litigation hold to each users mailbox and configure Outlook rules.
D. Apply a default policy tag only to each user's Inbox and use personal tags.
Answer: A
QUESTION 21
A corporate environment includes Exchange Server 2007 SP2 and an Active Directory Domain Services
(AD DS) domain named contoso.com. The Client Access server, cas01.contoso.com, has an SSL
certificate. The SSL certificate includes mail.contoso.com and autodiscover.contoso.com. Outlook
Anywhere is disabled. Client computers run Microsoft Office Outlook 2007. After you transition the
Exchange Server environment to Exchange Server 2010, Outlook displays a warning message indicating
that the SSL certificate is not trusted for connections to cas01.contoso.com. You need to recommend an
approach to resolving the problem. What should you recommend?
A. Set the Client Access server AutoDiscoverServiceInternalUri property to autodiscover.contoso.com.

B. Set the Client Access server array FQDN property to mail.contoso.com.
C. Set the Autodiscover virtual directory ExternalUrl property to autodiscover.contoso.com.
D. Set the Autodiscover virtual directory InternalUrl property to mail.contoso.com.
Answer: A
Section: Powershell
QUESTION 22
A corporate environment includes Exchange Server 2010 and client computers that run Microsoft Outlook
2010. The Exchange Server environment includes public folders. Specific users must be able to perform
the following tasks: Create subfolders in the public folder hierarchy Delete only items they create in the
subfolders You need to recommend a solution that enables the users to perform the tasks. What should
you recommend?
A. Assign the users to the Editor role.

B. Assign the users to the Owner role.
C. Assign the users to the PublishingEditor role.
D. Assign the users to the PublishingAuthor role.
Answer: D
QUESTION 23
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1. The
environment is configured as shown in the following table.
The company plans to move the European employee email accounts to a cloud-based Exchange Server
2010 SP1 service provider. You have the following requirements:
You need to recommend a solution for meeting the requirements. What should you recommend?
A. Configure address rewriting. Configure send connectors for the on-premise Edge Transport server and
the cloud-based servers.
B. Configure an external relay domain for tailspintoys.com. Configure send connectors for the on-premise
and cloud-based servers.
C. Configure address rewriting. Configure send connectors for the on-premise Hub Transport server and
D. Configure an external relay domain for wingtiptoys.com. Configure send connectors for the on-premise
Answer: B
QUESTION 24
A company has an on-premise Exchange Server 2010 SP1 environment and an Active Directory Domain
Services (AD DS) domain. Client computers run Microsoft Office Outlook 2003. The company plans to
migrate mailboxes to a cloud-based Exchange Server 2010 SP1 service. You need to recommend a
solution for ensuring that the global address list (GAL) in the on-premise and cloud-based environments are
identical. What should you recommend?
A. Synchronize the AD DS directory from the cloud-based environment.

B. Install and configure the Exchange Online Connector for Office Outlook 2003 in the on-premise
environment.
C. Install and configure an SMTP connector in the cloud-based environment.
D. Synchronize the AD DS directory from the on-premise environment.
Answer: B
QUESTION 25
A company named Contoso Ltd. has three offices. Each office is configured as an Active Directory site and
contains multiple Exchange servers. Each office has a team of network support technicians. You are
designing an Exchange organization for Contoso. All servers in the organization will have Exchange Server
2010 Service Pack 1 (SP1) installed. You need to implement a security solution to ensure that the team of
network support technicians can manage the Exchange servers in its respective office only. Which of the
following solutions is the best recommendation?
(More than one answer choice may achieve the goal. Select the BEST answer.)
A. three custom scopes and three management role groups

B. one management role and three Active Directory security groups
C. one custom scope and one management role group
D. three custom scopes, three management roles, and three Active Directory security groups
Answer: A
QUESTION 26
A corporate environment includes Exchange Server 2010. Client computers run Microsoft Outlook 2010. In
the current environment, when users need to recover Outlook items that have been permanently deleted
from the Deleted Items folder, administrators must recover the items from a backup of the Exchange Server
environment. You have the following requirements: Do not require administrators to recover items from the
Exchange Server backups. Enable online recovery by administrators of permanently deleted items.
Automatically purge items after a specific period of time. You need to recommend a solution that meets
the requirements. What should you recommend?
A. Implement litigation hold.

B. Configure single item recovery.
C. Create a retention policy.
D. Create a recovery database.
Answer: B
QUESTION 27
A corporate environment includes Exchange Server 2010 and an Active Directory Domain Services (AD
DS) domain. Multiple auditing teams search mailboxes from the Exchange Control Panel (ECP) for
specific types of content. You need to recommend a solution that restricts access to the results of a
specific search to a specific auditing team.
A. Create an AD DS security group for each auditing team. Assign the security groups to the Legal Hold
role.
B. Create an arbitration mailbox for each auditing team and grant each team Read permissions to its
designated mailbox.
C. Create an AD DS security group for each auditing team. Assign the security groups to the Message
Tracking role.
D. Create a discovery mailbox for each auditing team and grant each team Read permissions to its
designated mailbox.
Answer: D
QUESTION 28
A corporate environment includes Exchange Server 2010 SP1 and client computers that run Microsoft
Outlook 2010. You create a Hierarchical Address Book (HAB). Organizational groups must be added to
the HAB and organized alphabetically. You need to recommend a solution for adding and alphabetizing the
organizational groups. Which two actions should you recommend? (Each correct answer presents part of
the solution. Choose two.)
A. Modify the PhoneticDisplayName parameter of the security groups.

B. Create security groups for the organizational groups and designate them as members of the HAB.
C. Create distribution groups for the organizational groups and designate them as members of the HAB.
D. Modify the DisplayName parameter of the distribution groups.
Answer: CD
QUESTION 29
A corporate environment includes deployments of Exchange Server 2010 in North America and Europe. All
client computers connect to an Active Directory Domain Services (AD DS) domain named contoso.com.
The topology of the Exchange organization is shown in the following table.
Users access Outlook Web App (OWA) by browsing to https://owa.contoso.com/owa. The configuration of
the OWA virtual directory URLs on each Client Access server is shown in the following table.
Users with mailboxes hosted on server MB02 cannot remotely connect to their mailboxes by using OWA.
You need to recommend a solution that allows the users to remotely connect to their mailboxes. What
should you recommend?
A. Set the ExternalUrl property on the CAHT01 OWA virtual directory to https://caht02.contoso.com/owa.
B. Set the InternalUrl property on the CAHT01 OWA virtual directory to https://owa.contoso.com/owa.
C. Set the ExternalUrl property on the CAHT02 OWA virtual directory to $null.
D. Set the InternalUrl property on the CAHT02 OWA virtual directory to $null.
Answer: C
QUESTION 30
A corporate environment includes Active Directory Domain Services (AD DS). The environment consists of
an internal network and a perimeter network. AD DS is deployed only on the internal network. The
company intends to utilize a service providers cloud-based Exchange Server 2010 SP1 email service. You
have the following requirements: Maximize the security of the design. Use the minimum permissions
required to perform directory synchronization. You need to recommend a solution for directory
synchronization between the corporate environment and the service providers environment. Which two
actions should you recommend? (Each correct answer presents part of the solution. Choose two.)
A. Install the directory synchronization tool on a computer in the perimeter network.
B. Install the directory synchronization tool on a computer on the internal network.
C. Create a directory synchronization service account with membership in the Domain Users group.
D. Create a directory synchronization service account with membership in the Domain Admins group.
Answer: BD
QUESTION 31
A corporate environment includes Exchange Server 2007 SP2 and Active Directory Domain Services (AD
DS). Journaling is in use for all inbound and outbound email messages. The company intends to transition
to Exchange Server 2010 SP1. During the coexistence, you will have the following requirements: Export
new journal and transport rules created in the Exchange Server 2007 SP2 system. Ensure that the exported
rules are available for import in the Exchange Server 2010 SP1 environment.
You need to recommend a solution that meets the requirements. Which two actions should you
recommend?
(Each correct answer presents part of the solution. Choose two.)
A. From the Exchange Server 2010 SP1 Hub Transport server, export the journal rules.
B. From the Exchange Server 2007 SP2 Hub Transport server, export the transport rules.
C. From the Exchange Server 2010 SP1 Hub Transport server, export the transport rules.
D. From the Exchange Server 2007 SP2 Hub Transport server, export the journal rules.
Answer: AC
QUESTION 32
A corporate environment includes Exchange Server 2010. You need to recommend a solution that enables
only support technicians to manage their Exchange Server 2010 distribution group configurations. What
A. Replace the default role assignment policy.

B. Add a management role group delegate.
C. Create a management role assignment policy.
D. Add a management role.
Answer: C
QUESTION 33
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1 with stand-
alone Edge Transport servers in a perimeter network. The company plans to move a subset of Exchange
users to a cloud-based Exchange Server 2010 SP1 service. The security team has the following
requirements: Manage mailbox audit logging for the on-premise and cloud-based Exchange servers.
Search message tracking logs for all on-premise Exchange servers.
You need to recommend a solution that meets the requirements.

A. Use group policy to manage audit settings. Add the security team members to the local Administrators
group on each of the on-premise Exchange servers.
B. Add the security team members to the Organization Management, Recipient Management, and Records
Management management role groups in both environments. Add the security team members to the
local Administrators group on each of the on-premise Exchange servers.
C. Use group policy to manage audit settings. Add the security team members to the Server Management
management role group in both environments.
D. Add the security team members to the Organization Management, Recipient Management, Records
Management, and Server Management management role groups in both environments.
Answer: B
QUESTION 34
company intends to migrate to a cloud-based Exchange Server 2010 SP1 service. The security team needs
to perform the following tasks: Search multiple mailboxes for messages that meet specific criteria. Store
search results in a specific mailbox. You need to recommend a solution for enabling security team
members to perform the tasks. To which group should you recommend the security team members be
assigned?
A. the Domain Admins security group

B. the Discovery Management role-based access control (RBAC) role group
C. the Enterprise Admins security group
D. the Records Management role-based access control (RBAC) role group
Answer: B
QUESTION 35
You are the Exchange administrator and want to prevent your users from accessing certain OWA features.
What would you use to accomplish this?
A. OWA segmentation
B. Public folders
C. Active Directory
D. ActiveSync
Answer: A
OWA segmentation is useful for controlling what features and information users have access to when they
are connecting to Exchange from a web browser, which may be at an insecure location.
QUESTION 36
What type of logging can be used to keep a log of commands that are run by administrative personnel?
A. Administrative logging
B. Admin audit logging
C. Check points
D. Transaction logs
Answer: B
Admin audit logging allows you to keep a log of commands that are run. This provides information about
what people with administrative access are using that access for, which may be necessary to record for
compliance reasons or for internal auditing.
QUESTION 37
You are the messaging professional for a growing company. You are planning to deploy Exchange Server
2010. You are currently planning the site topology. You need to ensure that the Exchange Server has
appropriate connectivity to Active Directory. What should you do?
A. Add one global catalog server to each AD site. Each global catalog server will be running at least
Windows Server 2003 Standard
B. Add one global catalog server to each AD site. Each global catalog server will be running at least
Windows Server 2003 Standard with SP1
C. Ensure that the Exchange Server is in a DMZ
D. Ensure that the Exchange Server has the Hub Transport role installed.
Answer: B
At least one global catalog server must be present in each AD site where Exchange will be installed. As with
the schema master, the global catalog must be running at least Windows Server 2003 Standard with SP1.
QUESTION 38
What factors help determine the processor utilization on an Edge Transport server? (Choose all that apply.)
Choose 3
A. Average message size

B. Third-party applications
C. Number of network cards
D. Antivirus configuration
Answer: ABD
Processor utilization on the Edge Transport server depends on message rate, average message size,
number of enabled transport agents, antivirus configuration, and third-party applications.
QUESTION 39
You have an Exchange Server 2010 organization and an Active Directory Rights Management Services (AD
RMS) server.
All users access their mailboxes by using Outlook Web App (OWA).
You need to plan a security solution for the organization to meet the following requirements:
Secure messages by using administrator-defined templates
Ensure that e-mail messages sent by users can be stored in an encrypted format
What should you include in the plan?
A. a legal hold
B. Domain Security
C. Outlook Protection Rules
D. Secure/Multipurpose Internet Mail Extensions (S/MIME)
Answer: C
QUESTION 40
You have an Active Directory forest. You plan to deploy an Exchange Server 2010 organization that
contains the following servers:
Two Edge Transport servers

Two Hub Transport servers
You need to recommend changes to the organization to ensure that e-mail messages can be sent to the
Internet if a single transport server fails.
A. Configure shadow redundancy for the Hub Transport servers.

B. Implement failover clustering on both Hub Transport servers.
C. Configure both Edge Transport servers as source servers for a Send connector.
D. Create one mail exchange (MX) record and one SRV record for each Edge Transport server on the
internal DNS zone.
Answer: C
QUESTION 41
You are the Nutex Corporation's Exchange 2010 administrator. All of your users use Office Outlook 2010
and
Outlook Web App. You want to eliminate the use of .pst files for users because of the financial risks and
the
possible theft of data.
What should you do?
A. Place a legal hold on each Nutex recipient's mailbox

B. Place a retention hold on each Nutex recipients' mailbox
C. Enable personal archives for each Nutex recipients' mailbox with storage limits
D. Use Bitlocker to encrypt the volume that contains the .pst files
Answer: C
Section: Powershell
Personal archives allow users to store historical data instead of using personal store (.pst) files. Exchange
Server creates these archive mailboxes as additional mailboxes located in the same mailbox database as
the users' primary mailboxes. Since the archive mailbox is not considered part of a user mailbox when
quotas are calculated, you should provide an archive mailbox with storage limits so that users in your
organization can eliminate the need for .pst files. When you have all users using personal archives, you
must ensure that all message data is being backed up. You can use the Archive parameter of the Set-
Mailbox cmdlet to enable a personal archive for a user. The following example enables the personal
archive for Troy Johnson:
Set-Mailbox "Troy Johnson" -Archive
You can have messages sent to archive mailboxes that are provisioned in four different ways:
The archive mailbox can be on the same mailbox database

The archive mailbox can on another mailbox database
The archive mailbox can another server
The archive mailbox can be in the cloud
You should not use a legal hold or retention hold. Neither of which will eliminate the need for a .pst file.
Legal hold, also referred to as litigation hold, prohibits messages from being deleted. Any deleted items and
all versions of changed items are retained in the Recoverable Items folder. A retention hold suspends
processing of a retention policy. During retention hold, users can log on to their mailbox and change or
delete messages. Any deleted items that are past the deleted item retention period are not returned in a
search of the mailbox.
You should not have to use BitLocker on the volume that contains the .pst file at the client computer.
BitLocker can help alleviate the fear of data being stolen from a computer that had its hard drive removed.
However, BitLocker will not eliminate the need for the use of a .pst file.
QUESTION 42
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization.
You have been instructed to do the following:
Archive all messages after one year.

Archive deleted items after 30 days.
Allow users to mark individual items not to be archived.
Allow the NutexAuditors group to search the content of mailboxes in the Nutex organization.
What should you do?
A. Assign NutexAuditors to the Mailbox Search management role. Create a retention policy that does the
following:
contains a default policy tag that archives deleted items after 30 days
contains a personal tag that allows items to not be archived
B. Assign NutexAuditors to the Mailbox Import Export management role. Create a retention policy that
does the following:
contains a default policy tag that archives deleted items after 30 days
C. Assign NutexAuditors to the Mailbox Search management role. Create a retention policy that does the
following:
contains a default policy tag that archives messages after one year
contains an archive policy tag that removes deleted items after 30 days
D. Assign NutexAuditors to the Mailbox Import Export management role. Create a retention policy that
does the following:
Answer: C
You should assign NutexAuditors to the Mailbox Search management role and create a retention policy
that does the following:
The Mailbox Search management role allows users assigned to the role to search the content of mailboxes
in the organization. This management role is one of the built-in roles in the role based access control
(RBAC) permissions model in Microsoft Exchange Server 2010. You can assign the NutexAuditors group
to the management role.
In this scenario, you should create a retention policy. You should include a default policy tag (DPT) that
archives messages after one year. A DPT is applied to mailboxes that manage all untagged items. A user
can specify personal tags to any custom folders or individual items. You should create a retention policy tag
(RPT), which is sometimes referred to as archive policy tag, to remove deleted items after 30 days.
You could use the following to create a default policy tag:
New-RetentionPolicyTag "Default archive 1 Year" Type All Comment "Archive messages

after 1 year" RetentionEnabled $true AgeLimitForRetention 365 RetentionAction
MoveToArchive
You could use the following to create a retention policy tag:
New-RetentionPolicyTag "30 day removal of DeletedItems" Type DeletedItems Comment

"Remove deleted items after 30 days" RetentionEnabled $true AgeLimitForRetention 30 RetentionAction
DeleteAndAllowRecovery
To meet the requirements of this scenario, you could combine the use of these two tags with a personal tag
called "Personal do not move to archive" to create a retention policy called "Standard Mailbox Retention
Policy" as shown in the following code:
New-RetentionPolicy "Standard Mailbox Retention Policy" RetentionPolicyTagLinks

"Default archive 1 Year","30 day removal of DeletedItems","Personal do not move to archive"
All other options are incorrect. You should not create a default policy tag that archives messages after one
year. You should not add the NutexAuditors group to the Mailbox Import Export management role. This
role allows you to import or export mailbox content or delete content from a mailbox. In this scenario, you
wanted the NutexAuditors group to search the content of mailboxes in the Nutex organization, not delete,
import, or export
content.
QUESTION 43
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. Nutex is
working on a revolutionary project that will provide the company with a significant financial windfall. You
want to ensure that information about the project is not leaked out to competitors. Specifically, messages
sent by the engineers in the group named ProductEngineers to users outside the organization should be
audited by the group ResearchScientists. Only messages sent by ProductEngineers to outside users
should be audited, not
messages sent to other users or groups in the organization.
What should you do?
A. Create a transport rule that sends blind carbon copies of messages sent by ProductEngineers to
outside users to the ResearchScientists group.
B. Place a legal hold on the mailboxes of the ProductEngineers group. Assign the ResearchScientists
group to the Mailbox Search management role.
C. Place a retention hold on the mailboxes of the ProductEngineers group. Assign the
ResearchScientists group to the Mailbox Search management role.
D. Create a retention policy for the ProductEngineers group mailboxes that archives messages to users
outside the organization to a custom folder. Assign the ResearchScientists group to the Mailbox Import
Export management role
Answer: A
You could create a transport rule that sends blind carbon copies of messages sent outside the organization
by the ProductEngineers group to the ResearchScientists group. A transport rule checks a message for
predefined conditions. If those conditions are met, then an action or actions, such as deleting the message
or sending a blind carbon copy (bcc) of the message to another user or users, can occur automatically. You
can also specify exceptions to the rule. In this scenario, you can configure the transport rule to apply to any
message from
ProductEngineers@nutex.com to any user outside the organization to send a blind carbon copy message
to ResearchScientists@nutex.com. You can use the New Transport Rule wizard in the Exchange
Management Console or the New-TransportRule cmdlet to create the rule.
You could also create a journal rule that copies all e-mail messages passing through the Hub Transport
server in the Nutex Corporation that contain at least one recipient of the ProductEngineers group and at
least one external recipient. The journal rule will store a copy of each message in an auditor's mailbox. The
auditors in this scenario, the ResearchScientists group, can review the messages.
You should not place a retention hold on the mailboxes of the ProductEngineers group and assign the
ResearchScientists group to the Mailbox Search management role. A retention hold suspends the
processing of a retention policy. During retention hold, users can log on to their mailbox and change or
delete messages. Any deleted items that are past the deleted item retention period are not returned in a
search of the mailbox. Assigning the ResearchScientists group to the Mailbox Search management role
will allow users in that group to search
the content of all mailboxes in the organization, not just the mailboxes belonging to members of the
ProductEngineers group. You only wanted to audit messages that were destined for users that were
outside the organization. Members of the Mailbox Search management role will be able to search all
messages in the mailbox that were sent to outside users and also to users inside the organization.
You should not place a legal hold on the mailboxes of the ProductEngineers group and assign the
ResearchScientists group to the Mailbox Search management role. Legal hold, also referred to as
litigation hold, prohibits messages from being deleted. Any deleted items and all versions of changed items
are retained in the Recoverable Items folder. A legal hold will not journal or store message in another
mailbox. You should not create a retention policy for the ProductEngineers group members' mailboxes
that archives messages to users outside the organization to a custom folder and assign the
ResearchScientists group to the Mailbox Import Export management role. A retention policy can archive
messages. A retention policy will not journal or store messages destined for a recipient outside your
organization in another mailbox, and the Mailbox Import Export management role gives the
ResearchScientists group permissions beyond the appropriate scope.
QUESTION 44
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. The
Nutex organization plans to allow users to connect to Exchange 2010 with mobile devices. Many users in
the Nutex organization are using different types of mobile phones.
The CIO has asked you to find the following information once mobile devices are allowed to connect to
Exchange 2010:
The number of users who are synchronizing with Exchange ActiveSync

The types of mobile phones that are synchronizing with Exchange ActiveSync
The amount of data each user synchronizes between the Microsoft Exchange server and the mobile
phone
What should you do?
A. Enable the maximum log size on the Application log of the Client Access Server to 2 MB and set Do not
overwrite events (clear log manually)
B. Enable the maximum log size on the Security log of the Client Access Server to 2 MB and set Do not
overwrite events (clear log manually)
C. Enable a System Data Collector set to trace ActiveSync activity on the Client Access server
D. Enable and configure logging in Internet Information Services (IIS) on the Client Access Server
Answer: D
You can examine the Internet Information Services (IIS) log files on the Client Access server and use the
Export- ActiveSyncLog cmdlet to generate reports in comma-separated value format. The Export-
ActiveSyncLog cmdlet reads and compiles IIS log files and processes them into a series of output files. In
order to monitor the number of users or phones that are synchronizing with Exchange ActiveSync and the
amount of data each user synchronizes between the Microsoft Exchange server and the mobile phone, you
must have enabled and
configured logging in Internet Information Services (IIS) on the Client Access Server
.
You should not enable the maximum log size on the Application log or the Security log of the Client Access
Server to 2 MB and set Do not overwrite events (clear log manually). The information required in the
scenario is not kept in either the Application log or the Security log of the Client Access server.
You should not enable a System Data Collector set to trace ActiveSync activity on the Client Access server.
The information of what types of phones are synchronizing with Exchange ActiveSync is not kept in
Performance Monitor.
QUESTION 45
Active Directory domain named nutex.com with three Active Directory sites. For each Active Directory site,
you have a Client Access server, Hub Transport server, and Mailbox server deployed in the internal
network, and an Edge Transport server deployed in the perimeter network.
You have a security group named NutexAuditors that must be able to do the following:
Trace changes a person has made to an Exchange 2010 SP1 server.

Monitor and review messages sent to members of the board of executives.
Prevent specific users from deleting messages, and review the saved messages for those users.
What should you do?
A. Add the members of the NutexAuditors to the Server Management management role group.
B. Add the members of the NutexAuditors to the Records Management management role group.
C. Assign members of the NutexAuditors to the Legal Hold management role.
D. Assign members of the NutexAuditors to the Retention management role.
E. Have the NutexAuditors enable legal hold on a mailbox-by-mailbox basis.
F. Have the NutexAuditors enable retention hold on a mailbox-by-mailbox basis.
Answer: BCE
You should add the members of the NutexAuditors to the Organization Management management role
group or the Records Management management role group. This will enable them to perform administrator
audit logging in order to trace changes a person has made to an Exchange 2010 SP1 server, or track any
cmdlets that were run on an Exchange 2010 SP1 server. You can use the Set-AdminAuditLogConfig
cmdlet to enable audit logging.
The following enables auditing of all cmdlets on Exchange 2010 SP1 servers:
Set-AdminAuditLogConfig -AdminAuditLogCmdlets *
You should also assign the Legal Hold management role to the members of the NutexAuditors group. This
role allows a user to place a legal hold on a mailbox for litigation purposes. Legal hold, also referred to as
litigation hold, prohibits messages from being deleted. Any deleted items and all versions of changed items
are retained in the Recoverable Items folder. When the -LitigationHoldEnabled parameter is set to $True
in the Set-Mailbox cmdlet, single-item recovery quotas are not applied. Any messages that were purged
from the dumpster are
retained and held indefinitely.
Once the NutexAuditors have been assigned the Legal Hold management role, the NutexAuditors can
enable legal hold on a mailbox-by-mailbox basis. The NutexAuditors could monitor and review messages
sent to members of the board of executives and prevent specific users from deleting messages, and review
the saved messages for those users.
You should not add the members of the NutexAuditors to the Organization Management management role
group and Server Management management role group. To be allowed to perform administrator audit
logging, you must be a member of the Organization Management management role group and Records
You should not assign members of the NutexAuditors the Retention management role. This role allows
some users to manage retention policies. In this scenario, you need to be able to review messages sent to
members of the board of executives and prevent specific users from deleting messages. You need to
assign members of the NutexAuditors the Legal Hold management role, not the Retention management
role.
You should not have the NutexAuditors enable retention hold on a mailbox-by-mailbox basis. A retention
hold suspends the processing of a retention policy. During retention hold, users can log on to their mailbox
and change or delete messages. Any deleted items that are aged past the deleted item retention period are
not returned during a search of the mailbox.
QUESTION 46
Active Directory domain named nutex.com with three Active Directory sites. You have a Client Access
server, Hub Transport server, and Mailbox server deployed in the internal network, and an Edge Transport
server deployed in the perimeter network of each Active Directory site.
The CIO wants to ensure that a user named Tom is able to audit each instance of a cmdlet being run on
any Exchange 2010 SP1 server. Tom should also be able to trace changes a person has made to an
Exchange 2010 SP1 server.
What role groups will give Tom the ability to perform the above tasks? (Choose all that apply.)
A. Organization Management management role group

B. Server Management management role group
C. Recipient Management management role group
D. Hygiene Management management role group
E. Records Management management role group
Answer: AE
You should ensure that Tom is a member of the Organization Management management role group and
the Records Management management role group. To be allowed to perform administrator audit logging,
you must be a member of these two role groups.
You can use the Set-AdminAuditLogConfig cmdlet to enable audit logging. The following command
enables auditing of all cmdlets on Exchange 2010 SP1 servers:
Set-AdminAuditLogConfig -AdminAuditLogCmdlets *
After executing this command, you should specify a mailbox where you want to store the administrator audit
logs
using the AdminAuditLogMailbox parameter on the Set-AdminAuditLogConfig cmdlet.
The following stores the audit logs in mailbox with SMTP address of tom@nutex.com:
Set-AdminAuditLogConfig -AdminAuditLogMailbox tom@nutex.com
All other answers are incorrect because these role groups do not give permissions for a user to audit
changes to a mailbox. Members of the Server Management management role group can configure mailbox
features, server- specific configuration of transport, Unified Messaging, client access, and client access
protocols. Members of the Recipient Management management role group can create or modify Microsoft
Exchange Server 2010 recipients. Members of the Hygiene Management management role group can
configure the antivirus and anti-spam features
of Exchange.
QUESTION 47
You are the Exchange administrator for an Exchange organization that has a single Active Directory
domain. All Exchange server roles use Exchange Server 2010 SP1 and all clients use Microsoft Office
2010. The CEO of the company wants to ensure that local laws are being properly followed by your sales
people in sales to international clients.
You want to ensure the following conditions are met:
Sales people keep all e-mail messages regarding the sale of any product for a period of four years
following the sale.
Sales people should not have to move messages to a particular folder for the message to be retained.
What should you do?
A. Create personal tags and apply retention policies.

B. Use retention policy tags and apply retention policies.
C. Use personal archives and a managed folder mailbox policy.
D. Create a Group Policy object (GPO). Define retention policy tags. Link the tags to a retention policy in
the GPO. Apply the GPO to the sales people.
Answer: A
You should create personal tags and apply retention policies. A personal tag is used to apply retention
policies to custom folders and individual items in Outlook. A personal tag overrides a retention policy tag. In
this scenario, you wanted an age limit for retention of 4 years for any custom folder that contains sales
orders or any e-mail messages dealing with international sales orders. You should create a personal tag
that limits the age of messages to 4 years.
The personal tag can be applied to the retention policy. This retention policy is considered an archive policy
if you configure the retention policy with the Move to Archive retention tag enabled. This action uses the
archive policy to move a message to user's archive mailbox. When creating a user's mailbox, you can also
create an archive mailbox for the user. When the archive policies (which are retention policies with
appropriate retention tags) apply to the mailbox, messages affected by the policy will be moved from a
user's primary mailbox to the archive
mailbox after the specified time in the policy.
You should not use personal archives and a managed folder mailbox policy. You cannot apply a managed
folder mailbox policy to mailboxes that have a personal archive configured.
You should not use retention policy tags and apply retention policies. Retention policy tags are used for
default folders in Outlook such as the Inbox, Deleted Items, and Sent Items. In this scenario, you want limits
to be applied to messages for international sales orders. This will require a personal tag.
You cannot create a Group Policy object (GPO), define Retention Policy tags, link the tags to a retention
policy in the GPO, and apply the GPO to the sales people. You cannot use a GPO to apply a retention
policy.
QUESTION 48
Active Directory domain named nutex.com. The CIO instructs you to apply the following Messaging
Records Management (MRM) requirements to the Corp_Mgrs group:
Age limit for retention of 30 days for Inbox and Deleted Items
Age limit for retention of 45 days for custom project folders
Age limit for retention of 365 days for any other folder
What should you do? (Choose all that apply.)
A. Create a retention policy tag for the Inbox and Deleted Items. Set an age limit for retention of 30 days.
B. Create a personal tag for the Inbox and Deleted Items. Set an age limit for retention of 30 days.
C. Create a default policy tag for the Inbox and Deleted Items. Set an age limit for retention of 30 days.
D. Create a retention policy tag for custom project folders. Set an age limit for retention of 45 days.
E. Create a personal tag for custom project folders. Set an age limit for retention of 45 days.
F. Create a default policy tag for custom project folders. Set an age limit for retention of 45 days.
G. Link each default policy tag, each retention policy tag, and each personal tag to a retention policy.
H. Link one default policy tag, each retention policy tag, and each personal tag to a retention policy.
I. Apply the retention policy to the Corp_Mgrs group.
J. Create a default policy tag to limit messages to 365 days
Answer: AEHIJ
Create a retention policy tag for the Inbox and Deleted Items. Set an age limit for retention of 30 days.
Create a personal tag for custom project folders. Set an age limit for retention of 45 days.
Create a default policy tag to limit messages to 365 days.

Link one default policy tag, each retention policy tag, and each personal tag to a retention policy
Apply the retention policy to the Corp_Mgrs group
A retention policy tag (RPT) is created for default folders in Outlook, such as the Inbox, Deleted Items, and
Sent Items. In this scenario, you wanted an age limit for retention of 30 days for Inbox and Deleted Items.
You should create a RPT that limits the age of messages to 30 days for the Inbox and Deleted Items folder.
A personal tag is used to apply retention policies to custom folders and individual items in Outlook. The
application of a personal tag overrides a retention policy tag. In this scenario, you wanted an age limit for
retention of 45 days for custom folders. You should create a personal tag that limits the age of messages in
the custom folders to 45 days.
A default policy tag (DPT) is applied to all items that do not have another retention tag such as a RPT or
personal tag. In this scenario, you wanted an age limit of 365 days to be applied to any folder that is not the
Inbox, Deleted Items, or a custom project folder. You should create a default policy tag to limit the age of
messages to 365 days. You can only have one DPT applied to a policy.
Once the policy tags have been created, they need to be applied to a retention policy. You can apply
multiple personal tags. You can only have one DPT applied to the policy. You can have only one RPT tag
applied to each default folder. For example, you cannot have two different RPT tags applied to the Inbox
folder. You should then apply the retention policy to the Corp_Mgrs group.
You cannot choose to link each default policy tag, each retention policy tag, and each personal tag to a
retention policy. You can only have one DPT applied to a policy.
You should not create a personal tag or default policy tag for the Inbox and Deleted Items. These folders
should have a retention policy tag because they are default folders that require an age limit.
You should not create a retention policy tag or default policy tag on the custom folder. A custom folder that
requires a specific retention setting should have a personal tag.
QUESTION 49
You are the Exchange administrator for the Nutex Corporation's Exchange organization, which is in the
process of upgrading to Exchange Server 2010. Nutex has single Active Directory domain named nutex.
com. You expect that all Exchange server roles will be upgraded to Exchange 2010 SP1 by the upcoming
Friday. All clients will be upgraded to Microsoft Office 2010 by Friday.
The CIO asks you to apply the following Messaging Records Management (MRM) requirements for
Marketing users:
All items in the Deleted Items and Inbox folders for Marketing users should be deleted after 90 days.
All items in the Project folder for Marketing users should be deleted after 120 days.
All items in any other folder for Marketing users should be deleted after 180 days.
Marketing users should not have to move messages to specific folders in order for retention settings to
apply.
What should you do?
A. Create two managed folder policies for the Marketing users

B. Create one managed folder policy for the Marketing users
C. Create a retention policy for the Marketing users
D. Create one retention policy and one managed folder policy for the Marketing users
Answer: A
You should create a retention policy for Marketing users. In this scenario, you will have completely
upgraded to Exchange Server 2010 within a few days. All computers will have Microsoft Office 2010 on
them in a few days, and you can manage retention policies from Office Outlook 2010.You should use
retention policies instead of managed folders.
If you have a mixed environment of Exchange 2007 and Exchange 2010 severs, you may elect to use
managed folder policies to provide a consistent way to manage mailboxes. Retention policies override
managed folder policies. If you have both a managed folder policy and retention policy applying a specific
action on a folder, the retention policy will take precedence.
Retention tags in a retention policy allow users to tag custom mailbox folders and individual items for
retention. There are three different tags that can be associated with a retention policy: a retention policy tag
(RPT), a personal tag and a default policy tag (DPT).
A retention policy tag (RPT) is created for default folders in Outlook such as the Inbox, Deleted Items,
and Sent Items. In this scenario, you wanted a retention age limit of 90 days for the Inbox and Deleted
Items folders. You should create a RPT that limits the age of messages to 90 days for the Inbox and
Deleted Items folders.
A personal tag is used to apply retention policies to custom folders and individual items in Outlook. A
personal tag overrides a retention policy tag. In this scenario, you wanted an age limit for retention of
120 days for a custom folder named Project. You should create a personal tag that limits the age of
messages in the custom folders to 120 days.
A default policy tag (DPT) is applied to all items that do not have another retention tag such as a RPT or
personal tag. In this scenario, you wanted an age limit of 180 days to be applied to any other folder. You
should create a default policy tag to limit the age of messages to 180 days. You can only have one DPT
applied to a policy.
Once the policy tags have been created, they need to be applied to a retention policy. You can only have
one DPT applied to the policy. You can have only one RPT tag applied to each default folder. For example,
you cannot have two different RPT tags applied to the Inbox folder. You can, however, apply multiple
personal tags to a folder.
You should then apply the retention policy to the Marketing users group.
Unlike managed folders, users do not have to file items in custom managed folder for retention settings to
take effect.
All other answers are incorrect. You do not need to apply a managed folder policy to this scenario.
QUESTION 50
You are the Exchange administrator for the Nutex Corporation's Exchange 2010 SP1 organization. The
Exchange organization must comply with new legal and regulatory requirements. You must keep copies of
all e-mail messages passing through the Hub Transport server in the Nutex Corporation that contain at
least one recipient or sender who is a member of the tax@nutex.com distribution list. You must store a
copy of each message in an auditor's mailbox. A group called TaxAuditors will review the messages.
What should you do? (Choose three.)
A. The auditor's mailbox must have moderation enabled

B. The auditor's mailbox must be stored on a database that is on a separate drive from other databases on
the Mailbox server role
C. You must disable the storage quota limits for the journaling mailbox
D. You must grant Full Access permissions to TaxAuditors for the auditor's mailboxes
E. Place a legal hold on the tax@nutex.com distribution list
F. Create a journal rule
Answer: CDF
You should create a journal rule. A journal rule can make copies of all e-mail messages passing through the
Hub Transport server in the Nutex Corporation that contain at least one recipient or sender who is a
member of the tax@nutex.com distribution list. The journal rule will store a copy of each message in an
auditor's mailbox. You use the following to create the journal rule:
New-JournalRule -Name "Tax Communications" -JournalEmailAddress

'TaxAuditors@nutex.com' -Scope Global -Recipient tax@nutex.com -Enabled $True
You should disable the storage quota limits for the journaling mailbox. This action allows the mailbox to
collect messages that are sent to and from recipients in your organization without the fear of interruption
because a quota limit may be reached. The following statement disables the storage quota, send quota,
and receive quota on the auditor mailbox:
Set-Mailbox "auditor" -UseDatabaseQuotaDefaults $false -IssueWarningQuota unlimited

-ProhibitSentQuota unlimited -ProhibitSendReceiveQuota unlimited
You should also grant Full Access permissions to TaxAuditors for the auditor's mailbox. The members of
the TaxAuditors group should be able to view, send, and delete messages in the mailbox if needed. The
auditor's mailbox does not have to be stored on a database that is on a separate drive from other
databases on the Mailbox server Although it may be good practice to separate databases on different
drives, it is not mandatory.
The auditor's mailbox does not have to have moderation enabled. You can enable a moderator of the
mailbox if need be, but it is not required. You can grant Full Access permissions to a Tax Auditor to view,
delete, or send messages in the auditor's mailbox.
You should not place a legal hold on the tax@nutex.com distribution list. Legal hold, also referred to as
litigation hold, prohibits messages from being deleted. A legal hold must be placed on a mailbox, not on a
distribution
group. Any deleted items and all versions of changed items are retained in the Recoverable Items folder. A
legal hold will not journal or store message in another mailbox.
QUESTION 51
You are the Exchange administrator of the Nutex Corporation's Exchange 2010 SP1 organization. You want
to plan for the eventuality of a highly available mailbox database failure.
You want to ensure the following:
After failure, the mailbox database should not automatically mount until all logs that were generated on
the active copy have been copied to the passive copy.
Potential candidates for activation should not be judged on copy queue length, but on the database
copy's activation preference value.
What cmdlet should you use?
A. Use the Set-MailboxServer cmdlet with the AutoDatabaseMountDial parameter set to

BestAvailability
B. Use the Set-MailboxServer cmdlet with the AutoDatabaseMountDial parameter set to
GoodAvailability
C. Use the Set-MailboxServer cmdlet with the AutoDatabaseMountDial parameter set to Lossless
D. Use the Set-MailboxServer cmdlet with the DatabaseCopyAutoActivationPolicy parameter set to
Blocked
E. Use the Set-MailboxServer cmdlet with the DatabaseCopyAutoActivationPolicy parameter set to
Unrestricted
Answer: C
You should use the Set-MailboxServer cmdlet with the AutoDatabaseMountDial parameter set to
Lossless. When the AutoDatabaseMountDial parameter is set to Lossless, a database will not mount
automatically until all logs generated on the active copy have been copied to the passive copy. The value of
Lossless will cause Active Manager's algorithm to find potential candidates for activation based on the
database copy's activation preference value.
You should not set the AutoDatabaseMountDial parameter of the Set-MailboxServer cmdlet to
BestAvailability or GoodAvailability. The value of BestAvailability allows the database to be
automatically mounted if the copy queue length is less than or equal to 12. The value of GoodAvailability
allows the database the database be automatically mounted immediately after a failover if the copy queue
length is less than or equal to six. The default value of the AutoDatabaseMountDial parameter is
BestAvailability. If the copy queue length
is less than or equal to 12 and of the AutoDatabaseMountDial parameter is BestAvailability, Exchange
Server attempts to replicate the remaining logs to the passive copies and mount the database. If the copy
queue length is less than or equal to 6 and of the AutoDatabaseMountDial parameter is GoodAvailability
, Exchange Server attempts to replicate the remaining logs to the passive copies and mount the database.
Only the value of Lossless will not prevent automatic mounting until all logs generated on the active copy
have been copied to the passive copy.
You should not use the DatabaseCopyAutoActivationPolicy parameter with the Set-MailboxServer
cmdlet. The DatabaseCopyAutoActivationPolicy parameter is used to specify the type of automatic
activation available for mailbox database copies. This parameter will not determine the automatic database
mount behavior.
You can specify the following as values of the DatabaseCopyAutoActivationPolicy parameter:

Exam D
QUESTION 1
Your network contains an internal network and a perimeter network that are separated by a firewall. The
perimeter network contains an Exchange Server 2010 Edge Transport server.
You plan to deploy an internal Exchange Server 2010 organization that meets the following requirements:
Support EdgeSync synchronization

Support encrypted delivery of outbound e-mail messages to the Edge Transport server
Minimize the attack surface of the internal network
Which TCP ports should you allow from the internal network to the perimeter network?
A. 3389 and 25
B. 3389 and 636
C. 50636 and 25
D. 50636 and 135
Answer: C
LDAP: Port 50389/TCP
Secure LDAP: Port 50636/UDP
SMTP: Port 25/TCP
Optional: enable RDP: Port 3389/TCP
QUESTION 2
Your network contains three Active Directory sites named Site1, Site2, and Site3. Users can only access
Site1 from the Internet.
In each site, you plan to deploy a Mailbox server and a Hub Transport server.
You need to plan the deployment of Exchange servers to meet the following requirements:
Ensure that Exchange ActiveSync and Outlook Anywhere clients can connect to their Mailboxes from
the Internet
Minimize hardware costs
What should you include in your plan?
A. In Site1, deploy one Client Access server.

B. In each site, deploy one Client Access server.
C. In Site1, deploy one Client Access server and one Edge Transport server.
D. In each site, deploy one Client Access server and one Edge Transport server.
Answer: B
QUESTION 3
You have an Exchange Server 2010 organization named contoso.com.
Your company plans to provide business continuity services for a company named Fabrikam.
Fabrikam has an Exchange Server 2007 organization and uses the fabrikam.com SMTP domain.
You need to configure your organization to queue and relay all e-mail messages sent to fabrikam.com from
the Internet.
What should you do?
A. Create a new remote domain, and then modify the mail exchange (MX) record for the fabrikam.com
public DNS domain.
B. Create a new remote domain, and then modify the mail exchange (MX) records for the contoso.com
public DNS domain.
C. Create a new External Relay Accepted Domain, and then modify the mail exchange (MX) records for
the contoso.com public DNS domain.
D. Create a new External Relay Accepted Domain, and then modify the mail exchange (MX) records for
the fabrikam.com public DNS domain.
Answer: D
QUESTION 4
You have an Exchange Server 2010 organization.
You need to recommend a mailbox storage management solution for your organization to meet the
following requirements:
Apply quota limits for users by department

Automatically apply quota limits for new users
A. A storage group for each department.

B. A mailbox database for each department.
C. An organizational unit for each department.
D. A managed folder mailbox policy for each department.
Answer: B
QUESTION 5
You have an Exchange Server 2007 organization. All users connect to mailboxes by using Microsoft Office
Outlook 2003.
You plan to transition the organization to Exchange Server 2010.
You need to recommend a solution for mailbox access that meets the following requirements:
Minimize support costs

Minimize software costs
Provide access to Public Folders
A. Implement POP3 and IMAP4 access.

B. Implement Personal Archives and forms-based authentication.
C. Implement Autodiscover and upgrade all client computers to Outlook 2010.
D. Implement Outlook Anywhere and modify the Outlook RPC encryption settings.
Answer: D
QUESTION 6
Your company has a Windows Server 2003 Active Directory forest that contains a single domain. The
functional level of the forest is set to Windows 2000 native.
You have an Exchange organization that contains Exchange Server 2003 Service Pack 2 (SP2) and
Exchange Server 2007 Service Pack 2 (SP2) servers.
You need to prepare Active Directory for the installation of the first Exchange Server 2010 server.
What should you do?
A. Set the functional level of the forest to Windows Server 2003.

B. Prepare the legacy Exchange permissions from the Exchange Server 2010 installation source files.
C. Add the Exchange Server 2010 schema extensions by using the Exchange Server 2010 installation
source files.
D. Upgrade all domain controllers to Windows Server 2008, and then set the functional level of the domain
to Windows Server 2008.
Answer: A
QUESTION 7
Your company's compliance policy states that the following occurs when a user leaves the company:
The user account is disabled

The user account and mailbox are deleted after six months
All e-mail messages in the mailbox are retained for three years
You need to recommend a solution to retain the e-mail messages of users who leave the company.
The solution must meet the following requirements:
Ensure that a group named Group1 can manage the process

Minimize disk space required to store the mailbox databases
A. Assign the Mailbox Search management role to Group1, and then create a retention policy.
B. Assign the Mailbox Search management role to Group1, and then create a managed folder mailbox
policy.
C. Assign the Mailbox Import Export management role to Group1, and then configure Personal Archives
for each mailbox.
D. Assign the Mailbox Import Export management role to Group1, and then instruct Group1 to export
mailboxes to personal folder (.pst) files.
Answer: D
QUESTION 8
All users connect to their mailboxes by using Microsoft Office Outlook 2007 Service Pack 2 (SP2) and
Windows 7.
Your company's security administrators deploy Outlook Protection Rules.
You need to recommend a client connection solution for the organization to ensure that Outlook Protection
Rules can be used.
A. Upgrade all client computers to Outlook 2010.

B. Instruct all users to connect to Outlook Web App (OWA).
C. Instruct all users to install the Rights Management Service (RMS) client.
D. Instruct all users to install the Secure/Multipurpose Internet Mail Extensions (S/MIME) control.
Answer: A
Outlook Protection Rules
Although users can apply IRM protection to messages manually before they send them, they may
occasionally neglect to do so for messages that should be protected. Outlook protection rules in Exchange
Server 2010 can help in protecting your organization from information leakage by applying IRM protection to
messages automatically when they are sent from Outlook 2010. When IRM protection is applied to a
message, any attachments in supported file formats have IRM protection applied to them as well.
Because Outlook protection rules are applied within Outlook, the client must be running Outlook
2010 because this is the only version of Outlook that can use Outlook protection rules.
http://mscerts.programming4.us/application_server/exchange%20%20server%202010%20%20%
20designing%20and%20implementing%20ad%20rms%20integration%20(part%202)%20-%20ad%
20rms%20and%20exchange%20server%202010.aspx
QUESTION 9
You have an Exchange Server 2010 organization that contains multiple Hub Transport servers.
You need to recommend a message hygiene solution to meet the following requirements:
Block servers that are known to send spam

Minimize administrative effort
A. an IP Block list
B. IP Block list providers
C. recipient filtering
D. sender filtering
Answer: B
IP Block List Providers are part of the connection filtering feature in Exchange. When the IP Block List
Providers feature is enabled on a computer, the Connection Filter agent queries the specified IP Block List
provider services to determine if the messaging server that has initiated the connection is a host that is
known to send spam.
http://technet.microsoft.com/en-us/library/dd351199.aspx
QUESTION 10
You have an Exchange Server 2010 organization. You plan to provide users with the ability to schedule
meetings.
You need to recommend a scheduling solution that meets the following requirements:
Ensures that users can schedule conference rooms for meetings

Ensures that conference room owners can change the settings of meetings scheduled by users
What should you include in the solution?
A. Managed Folder Assistant

B. public folders
C. resource mailboxes
D. room list distribution groups
Answer: C
QUESTION 11
You have an Exchange Server 2010 organization. You plan to delegate administration of the organization.
You have a group named Technicians that contains all the level-two technicians in the organization.
You need to ensure that the Technicians group can manage the properties of all the mailbox databases.
The solution must minimize the number of permissions assigned to the Technicians group.
Which management role should you assign to the Technicians group?
A. Help Desk
B. Organization Management
C. Recipient Management
D. Server Management
Answer: D
QUESTION 12
Your network contains two Exchange Server 2010 Edge Transport servers and five Exchange Server 2010
Hub Transport servers. All e-mail sent from your organization to the Internet is transferred by the Edge
Transport servers.
You need to recommend a security solution for the organization to meet the following requirements:
Ensure that users can send encrypted messages to any other organization on the Internet
Ensure that all Exchange-related communication between Hub Transport servers and Edge Transport
servers is encrypted
A. Deploy IPsec.
B. Deploy SMTP over SSL.
C. Implement Domain Security.
D. Implement Secure/Multipurpose Internet Mail Extensions (S/MIME).
Answer: D
S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide
authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data
confidentiality. Compression can be used to reduce data size.
http://www.networksorcery.com/enp/data/smime.htm
QUESTION 13
You deploy an Edge Transport server.
You need to implement a message hygiene solution that meets the following requirements:
Users must be able to receive e-mail from external recipients who have been added to their Safe
Senders Lists
The Edge Transport server must block all e-mail sent to invalid addresses inside the organization
What should you do first?
A. Enable sender filtering.

B. Create Send connectors.
C. Configure real-time block lists (RBLs).
D. Configure EdgeSync synchronization.
Answer: D
In Microsoft Exchange Server 2010, the Edge Transport server role is deployed in your organization's
perimeter network. Designed to minimize the attack surface, the Edge Transport server handles all Internet-
facing mail flow, which provides SMTP relay and smart host services for the Exchange organization.
Additional layers of message protection and security are provided by a series of agents that run on the
Edge Transport server and act on messages as they're processed by the message transport components.
These agents support the features that provide protection against viruses and spam and apply transport
rules to control message flow.
The computer that has the Edge Transport server role installed doesn't have access to Active
Directory. All configuration and recipient information is stored in Active Directory Lightweight
Directory Services (AD LDS). To perform recipient lookup tasks, the Edge Transport server requires
data that resides in Active Directory. This data is synchronized to the Edge Transport server using
EdgeSync. EdgeSync is a collection of processes that are run on a computer that has the Hub Transport
server role installed to establish one-way replication of recipient and configuration information from Active
Directory to the AD LDS instance on an Edge Transport server. The Microsoft Exchange EdgeSync service
copies only the information that's required for the Edge Transport server to perform anti-spam configuration
tasks and the information about the connector configuration that's required to enable end-to-end mail flow.
The Microsoft Exchange EdgeSync service performs scheduled updates so that the information in AD LDS
remains current.
You can install more than one Edge Transport server in the perimeter network. Deploying more than one
Edge Transport server provides redundancy and failover capabilities for your inbound message flow. You
can load-balance SMTP traffic to your organization between Edge Transport servers by defining more than
one mail exchange (MX) resource record with the same priority in the Domain Name System (DNS)
database for your mail domain. You can achieve consistency in configuration between multiple Edge
Transport servers by using cloned configuration scripts.
http://technet.microsoft.com/en-us/library/bb124701.aspx
QUESTION 14
You have an Exchange 2010 organization.
Your companys security policy states that all connections to Outlook Web App (OWA) must use smart card
authentication.
You need to recommend a solution to meet the security policy requirements.
Which two possible ways to achieve this goal should you recommend? (Each correct answer presents a
complete solution. Choose two.)
A. Require certificate-based authentication for all Internet-facing Client Access servers.

B. Require Windows Integrated Authentication for all Internet-facing Client Access servers.
C. Deploy an Edge Transport server, and then disable Windows Integrated Authentication.
D. Deploy a server that runs Microsoft Internet Security and Acceleration (ISA) Server, and then enable
Kerberos constrained delegation.
Answer: AD
QUESTION 15
Your company's security policy states that users must not be able to encrypt e-mail messages by using
Outlook Web App (OWA).
You need to recommend a client access solution that meets the requirements of the security policy.
A. managed folder mailbox policies

B. multiple OWA virtual directories
C. OWA segmentation
D. WebReady Document Viewing
Answer: C
Segmentation lets you enable and disable many features in Outlook Web App. You can manage
segmentation using the EMC or the Shell.
By default, segmentation changes take effect after 60 minutes of inactivity for users who are signed in to
Outlook Web App, or when a user signs in to Outlook Web App. To force the changes to take effect
immediately, restart Internet Information Services (IIS) by running the command iisreset/noforce on
the Client Access server.
QUESTION 16
You have an Exchange Server 2010 organization that contains five Hub Transport servers, five Mailbox
servers and one Edge Transport server.
You need to provide a solution to ensure that users can prevent legitimate inbound e-mail messages from
being classified as spam.
What should you do?

B. Enable Sender ID filtering.
C. Configure a custom MailTip.
D. Configure safelist aggregation.
Answer: D
QUESTION 17
You plan to delegate Exchange administrative rights to some users in the organization.
You need to recommend a solution that tracks all changes made to the Exchange organization.
A. administrator audit logging

B. circular logging
C. diagnostic logging
D. Windows Security Auditing
Answer: A
QUESTION 18
You have an Exchange Server 2010 organization that contains Windows Mobile 5.0 devices. Your company
plans to replace all mobile devices with Windows Mobile 6.5 devices.
You need to identify which users accessed their mailboxes by using Windows Mobile 5.0 devices in the past
month.
What should you do?
A. Create a Data Collector Set.

B. Install and run the Exchange Server User Monitor (ExMon).
C. Export and review the Internet Information Services (IIS) logs.
D. Enable User Agent logging, and then review the agent logs.
Answer: C
QUESTION 19
You have an Exchange Server 2010 organization. You have a global security group named Legal that
contains all the members of your companys legal department.
The company's security policy states that the Legal group must be able to search all mailboxes for e-mail
messages that contain specific keywords.
You need to recommend a solution for the organization that complies with the security policy.
A. a Discovery Management role group

B. a legal hold
C. administrator audit logging
D. Mailbox journaling
Answer: A
QUESTION 20
You need to recommend a solution that prevents the permanent deletion of e-mail messages from the
mailboxes of employee who have been dismissed from the company.
A. Implement managed folders.

B. Implement a legal hold for each mailbox.
C. Implement a Retention Policy for each mailbox.
D. Implement an Outlook Protection Rule for each mailbox.
Answer: B
QUESTION 21
You have an Exchange Server 2010 organization. The organization contains a global security group named
Group1.
You plan to deploy a monitoring solution for the Exchange servers in your organization.
You need to recommend a solution that allows members of Group1 to monitor the performance of
Exchange Server 2010 servers.
Your solution must prevent members of Group1 from modifying the configurations of the Exchanges Server
2010 organization.
A. Delegation of Control Wizard

B. Federation Trusts
C. Reliability Monitor
D. Role Based Access Control (RBAC)
Answer: D
Role Based Access Control (RBAC) is the new permissions model in Microsoft Exchange Server
2010. With RBAC, you don't need to modify and manage access control lists (ACLs), which was done in
Exchange Server 2007. ACLs created several challenges in Exchange 2007, such as modifying ACLs
without causing unintended consequences, maintaining ACL modifications through upgrades, and
troubleshooting problems that occurred due to using ACLs in a nonstandard way.
RBAC enables you to control, at both broad and granular levels, what administrators and end-users can do.
RBAC also enables you to more closely align the roles you assign users and administrators to the actual
roles they hold within your organization. In Exchange 2007, the server permissions model applied only to
the administrators who managed the Exchange 2007 infrastructure. In Exchange 2010, RBAC now controls
both the administrative tasks that can be performed and the extent to which users can now administer their
own mailbox and distribution groups.
RBAC has two primary ways of assigning permissions to users in your organization, depending on whether
the user is an administrator or specialist user, or an end-user: management role groups and management
role assignment policies. Each method associates users with the permissions they need to perform their
jobs. A third, more advanced method, direct user role assignment, can also be used
For further reading see:
QUESTION 22
Your company has a main office and 10 branch offices. You have an Exchange Server 2010 organization.
All Exchange servers are installed on virtual machines.
You need to create a monitoring plan for the Exchange servers that meets the following requirements:
Identify Exchange server errors

Provide alerts when Exchange services are stopped
Produce statistical analysis and reporting
Which tool should you include in the plan?
A. Microsoft System Center Service Manager

B. Microsoft System Center Operations Manager
C. Microsoft System Center Configuration Manager
D. Microsoft System Center Virtual Machine Manager
Answer: B
QUESTION 23
You have an Exchange Server 2010 organization. All users access their mailboxes by using Outlook Web
App (OWA).
You need to plan a solution to reduce the number of e-mail messages that are accidentally sent to
distribution groups that contain company executives.
A. custom MailTips
B. dynamic distribution groups
D. sharing policies
Answer: A
MailTips are informative messages displayed to users while they're composing a message. Microsoft
Exchange Server 2010 analyzes the message, including the list of recipients to which it's addressed, and if
it detects a potential problem, it notifies the user with MailTips prior to sending the message. With the help
of the information provided by MailTips, senders can adjust the message they're composing to avoid
undesirable situations or non-delivery reports (NDRs).
The following unproductive messaging scenarios are common in any messaging environment:
NDRs resulting from messages that violate restrictions configured in an organization such as message
size restrictions or maximum number of recipients per message.
NDRs resulting from messages sent to recipients that don't exist, recipients that are restricted, or users
whose mailboxes are full.
Sending messages to users with Automatic Replies configured.
All of these scenarios involve the user sending a message, expecting it to be delivered, and instead
receiving a response stating that the message isn't delivered. Even in the best-case scenario, like the
automatic reply, these events result in lost productivity. In the case of an NDR, this scenario could result in
a costly call to the Help desk.
There are also several scenarios where sending a message won't result in an error, but can have
undesirable, even embarrassing consequences:
Messages sent to extremely large distribution groups.

Messages sent to inappropriate distribution groups.
Messages inadvertently sent to recipients outside your organization.
Selecting Reply to All to a message that was received as a Bcc recipient.
All of these problematic scenarios can be mitigated by informing users of the possible outcome of sending
the message as they're composing the message. For example, if senders know that the size of the
message they're trying to send exceeds the corporate policy, they won't attempt to send the message.
Similarly, if senders are notified that the message they're sending will be delivered to people outside the
organization, they're more likely to ensure that the content and the tone of the message are appropriate.
By addressing the scenarios listed earlier, MailTips can help you to:
Reduce the cost of processing and storing messages by preventing NDRs.

Reduce the volume of Help desk calls caused by NDRs.
Increase productivity by avoiding communications that won't succeed, for example, breaking the cycle of
sending an e-mail message, receiving an automatic reply, and then redirecting the message.
Inform your users as they compose e-mail messages about various policies configured in your
organization that impose limits on the messages sent.
Direct your users to the correct distribution groups.
Reduce the risk of inadvertent disclosure of information to people outside your organization.
QUESTION 24
Your company's compliance policy states the following:
Delete e-mail messages sent to legal department users that are older than 180 days.
Delete e-mail messages sent to all other users that are older than 60 days
You need to recommend a solution that meets the requirements of the compliance policy.
A. Configure deleted item retention for all users.

B. Configure Personal Archives for the legal department users.
C. Create two Managed Folder mailbox policies.
Use one policy for the legal department users.
Use the other policy for all other users.
D. Create two new message classifications.
Use one message classification for the e-mails sent to legal department users.
Use the other message classification for the e-mails sent to all other users.
Answer: C
QUESTION 25
Your company has a main office and 50 branch offices. Each office is configured as an Active Directory
site. Each branch office site contains a domain controller.
The main office site contains all the global catalog servers in the forest.
Each branch office contains a WAN link that connects to the main office.
You need to plan the deployment of new Mailbox servers to meet the following requirements:
Ensure that users in the branch offices can access their mailboxes if their local domain controller fails
Deploy the minimum number of Exchange servers
A. One Mailbox server in each office and global catalog servers in each branch office
B. One Mailbox server in each office and Universal Group Membership Caching in each branch office
C. One Mailbox server in each branch office only
D. Multiple Mailbox servers in the main office only
Answer: D
This is an interesting question however if you break it down it starts to make sense
Main Office has the Global Catalog Servers - not the Branch Offices
Branch Offices connect to the main office via a Wan Link
While each branch office does have a domain controller they are not Global Catalog Servers. Further there
are 50 branch offices so it makes no sense to deploy a mailbox server in each branch office or to have 50
Global Catalog Servers
The best answer is D as this would meet the requirement of deploying the least amount of Exchange
Servers
QUESTION 26
You have an Exchange Server 2010 organization. Your company's legal department sends compliance e-
mail messages by adding recipients to the blind carbon copy (Bcc) field.
The company's compliance policy includes the following requirements:
All e-mail messages sent to external recipients must be archived in a central repository
Compliance officers must be able to identify all the recipients of archived e-mail messages
You need recommend a solution to meet the compliance policy requirements.

A. journal rules
B. message tracking
C. Personal Archives
D. transport rules
Answer: A
Journaling is the ability to record all communications, including e-mail communications, in an organization
for use in the organization's e-mail retention or archival strategy. To meet an increasing number of
regulatory and compliance requirements, many organizations must maintain records of communications
that occur when employees perform daily business tasks.
Archiving refers to backing up the data, removing it from its native environment, and storing it elsewhere,
therefore reducing the strain of data storage. You may use Exchange journaling as a tool in your e-mail
retention or archival strategy.
Although journaling may not be required by a specific regulation, compliance may be achieved through
journaling under certain regulations. For example, corporate officers in some financial sectors may be held
liable for the claims made by their employees to their customers. To verify that the claims are accurate, a
corporate officer may set up a system where managers review some part of employee-to-client
communications regularly. Every quarter, the managers verify compliance and approve their employees'
conduct. After all managers report approval to the corporate officer, the corporate officer reports
compliance, on behalf of the company, to the regulating body. In this example, e-mail messages might be
one type of the employee-to-client communications that managers must review; therefore, journaling can be
used to collect all e-mail messages sent by client-facing employees. Other client communication
mechanisms may include faxes and telephone conversations, which may also be subject to regulation. The
ability to journal all classes of data in an enterprise is a valuable functionality of the IT architecture.
QUESTION 27
Your company has three offices. An Active Directory site named Site1, Site2, and Site3 exists for each
office.
You deploy Exchange Server 2010 servers in Site1.
You plan to deploy Exchange Server 2010 servers in Site2 and Site3.
You need to recommend a solution that allows the Exchange Server 2010 servers to coexist with the
Your solution must meet the following requirements:
All e-mail messages that are sent to mailboxes on Exchange Server 2003 servers from mailboxes on
Exchange Server 2010 servers must be delivered directly from a server in Site2
Exchange Server 2003 servers must be delivered directly to a server in Site1
A. Create two SMTP connectors and one Active Directory SMTP site link.
B. Create a new routing group connector and modify the default routing group connector.
C. Create an X400 connector to Site1 and modify the cost value for the default routing group connector.
D. Move all Exchange Server 2003 servers and Exchange Server 2010 servers to a single routing group.
Answer: B
To coexist with Exchange server 2003 your Exchange 2010 servers must use the Exchange 2003 as a
bridgehead. This will require a new routing group connector on the Exchange 2003 Servers
QUESTION 28
You are the enterprise administrator for an Exchange Server 2010 organization. All users run Microsoft
Office Outlook 2010.
You are designing a sharing solution for your organization and a partner organization.
The partner organization also uses Exchange Server 2010.
You need to recommend a strategy for sharing information with the partner organization to meet the
Provide cross-organizational access to user contacts

Provide cross-organizational access to free\busy information
A. Creating cross-forest trusts

B. Implementing Federated Sharing
C. Implementing Microsoft Identify Lifecycle Manager (ILM) 2007
D. Running the Microsoft Exchange Inter-Organization Replication tool
Answer: B
Information workers frequently need to collaborate with external recipients, vendors, partners, and
customers and share their free/busy (also known as calendar availability) and contact information.
Federation in Microsoft Exchange Server 2010 helps with these collaboration efforts. Federation refers to
the underlying trust infrastructure that supports federated delegation, an easy method for users to share
calendar and contact information with recipients in other external federated organizations. To learn more
about federated delegation, see Understanding Federated Delegation.
Example
Two Exchange organizations, Contoso, Ltd. and Fabrikam, Inc., want their users to be able to share free/
busy information with each other. Each organization creates a federation trust with the Microsoft Federation
Gateway and configures its account namespace to include the domain used for its user's e-mail address
domain.
Contoso employees use one of the following e-mail address domains: contoso.com, contoso.co.uk, or
contoso.ca. Fabrikam employees use one of the following e-mail address domains: fabrikam.com,
fabrikam.org, or fabrikam.net. Both organizations make sure that all accepted e-mail domains are included
in the account namespace for their federation trust with the Microsoft Federation Gateway. Rather than
requiring a complex Active Directory forest or domain trust configuration between the two organizations,
both organizations configure an organization relationship with each other to enable free/busy sharing.
The following figure illustrates the federation configuration between Contoso, Ltd. and Fabrikam, Inc.
QUESTION 29
Your network consists of an Active Directory domain that contains the domain controllers shown in the
following table.
You plan to deploy an Exchange Server 2010 server in each site.

You need to recommend changes to the domain controllers to support the installation of Exchange Server
2010.
What should you do?
A. Enable Server2 as a global catalog server.

B. Enable Server3 as a global catalog server.
C. Upgrade Server2 to Windows Server 2008 SP2 (x64).
D. Upgrade Server3 to Windows Server 2008 SP2 (x64).
Answer: A
Exchange Server needs to have Global Catalog Servers in each site that has Exchange Servers deployed
QUESTION 30
You have an Exchange Server 2010 organization. You plan to deploy a database availability group (DAG).
You need to recommend disk configurations for the servers in the organization.
The solution must minimize costs.
A. 7200 RPM SATA hard disks in a Direct Attach Storage (DAS)

B. 7200 RPM SATA hard disks in a Network Attached Storage (NAS)
C. 15000 RPM SAS hard disks in a Network Attached Storage (NAS)
D. 15000 RPM SAS hard disks in a Fibre Channel (FC) Storage Area Network (SAN)
Answer: A
DAG has been designed to run well on low cost hard drive storage. Generally, there are no special storage
requirements that are specific to DAGs or mailbox database copies. DAGs don't require or use cluster-
managed shared storage.
QUESTION 31
You have an Exchange Server 2010 Hub Transport server named Hub1. You install an application on a
third-party server named Server1.
You discover that the application cannot authenticate to remote servers.
You need to ensure that the application can relay e-mail messages by using Hub1.
What should you do?
A. .Create a new Send connector

.Add the TCP/IP address of Server1 to the Send connector
.Modify the permissions for the Send connector
B. .Create a new Receive connector
.Add the TCP/IP address of Server1 to the Receive connector
.Modify the permissions for the Receive connector
C. .Add the TCP/IP address of Server1 to the default Receive connector
.Create a message classification
.Create a transport rule
D. .Add the TCP/IP address of Server1 to the Client Receive connector
.Create a remote domain
Answer: B
QUESTION 32
You have an Exchange organization that contains Exchange 2000 Server Service Pack 3 (SP3), Exchange
Server 2003 Service Pack 2 (SP2), and Exchange Server 2007 Service Pack 1 (SP1) servers.
You need to transition the organization to Exchange Server 2010.
A. Remove all Exchange Server 2007 SP1 servers from the organization.
B. Remove all Exchange 2000 Server and all Exchange Server 2003 servers from the organization.
C. Remove all Exchange 2000 Server servers from the organization, and then upgrade all Exchange
Server 2007 servers to SP2.
D. Remove all Exchange Server 2003 servers from the organization, and then upgrade all Exchange
Server 2007 servers to SP2.
Answer: C
QUESTION 33
You have an Exchange Server 2010 organization. Users access the internal network by using a server
named ISA1 that runs Microsoft Internet Security and Acceleration (ISA) Server.
You need to configure mailbox access from the Internet to meet the following requirements:
Users must be able to download an offline address book (OAB)

Users must be able to access their mailboxes by using Outlook Anywhere
Users must be able to access their mailboxes by using Outlook Web App (OWA)
The solution must minimize administrative overhead
What should you create from ISA1?
A. an access rule for TCP ports 135, 389, and 993

B. an access rule for TCP ports 389, 636, and 1024
C. publishing rules for the OWA, EWS, RPC, Autodiscover, and OAB virtual directories
D. publishing rules for the OWA, Microsoft-Server-ActiveSync, Public, and OAB virtual directories
Answer: C
QUESTION 34
Your company has a main office and ten branch offices. Your network consists of a single domain Active
Directory forest. An Active Directory site exists for each office.
The main office contains five domain controllers that run Windows Server 2008 (x64).
Each branch office contains one read-only domain controller (RODC) that runs Windows Server 2008 (x86).
All domain controllers are configured as global catalog servers. You plan to deploy one Exchange Server
2010 server in each site.
You need to recommend changes to Active Directory to support the planned deployment.
The solution must ensure that Exchange servers in each branch-office site connect to their local domain
controllers.
A. Implement a DNS zone for each office.

B. Change all RODCs to Windows Server 2008 (x64) RODCs.
C. Implement a writable domain controller in each branch office.
D. Disable site link bridging for the forest and configure Exchange-specific costs.
Answer: C
RODC domain controllers are not considered to be suitable for Exchange Servers. Microsoft documentation
states you must have a writable domain controller to support exchange server
QUESTION 35
Your Exchange Server 2010 organization contains two Hub Transport servers in a single site. The
organization receives all e-mail sent to a SMTP domain named contoso.com.
Your company purchases another company that uses a SMTP domain named fabrikam.com.
You plan to manage message hygiene for both SMTP domains.
You need to recommend changes to the organization to support the planned deployment.
The solution must prevent e-mail sent to fabrikam.com from being delivered to your internal organization.
A. Deploy a new Hub Transport server, and then create remote domains.
B. Deploy a new Hub Transport server, and then configure transport rules.
C. Deploy an Edge Transport server, and then create accepted domains.
D. Deploy an Edge Transport server, and then configure a federation trust.
Answer: C
The correct answer is C - while a hub transport can provide message hygiene for this question deploying
Edge Transport Servers is the proper solution
QUESTION 36
You have an Exchange Server 2003 organization. Users access public folders by using Microsoft Office
Outlook 2003 and Outlook Web App.
You need to ensure that users can access public folders after their mailboxes have been moved to
Exchange Server 2010.
What should you do?

B. Run the New Organization Relationship wizard.
C. Create public folder replicas on an Exchange Server 2010 server.
D. Run the Microsoft Exchange Inter-Organization Replication tool from an Exchange Server 2003 server.
Answer: C
QUESTION 37
contains all the members of your company's legal department.

B. a legal hold
Answer: A
The Discovery Management management role group is one of several built-in role groups that make up the
Role Based Access Control (RBAC) permissions model in Microsoft Exchange Server 2010. Role groups
are assigned one or more management roles that contain the permissions required to perform a given set
of tasks. The members of a role group are granted access to the management roles assigned to the role
group. For more information about role groups, see Understanding Management Role Groups.
Administrators or users who are members of the Discovery Management role group can perform searches
of mailboxes in the Exchange organization for data that meets specific criteria and can also configure legal
holds on mailboxes. For more information, see Discovery and Understanding Litigation Hold.
QUESTION 38
You have an Exchange Server 2010 organization. You design a deployment of multiple Mailbox servers.
Your company's Service Level Agreement (SLA) states that servers must support 1,000 concurrent
connections to mailboxes while maintaining an RPC latency of less than 20 milliseconds.
You need to verify that your design meets the requirements of the SLA before you deploy servers in the
production environment.
Which tool should you use?
A. Exchange Server Jetstress 2010

B. Exchange Server User Monitor (ExMon)
C. Exchange Server Load Generator (LoadGen) 2010
D. Exchange Server Remote Connectivity Analyzer (ExRCA)
Answer: C
Use Microsoft Exchange Load Generator (LoadGen) as a simulation tool to measure the impact of MAPI,
OWA, IMAP, POP and SMTP clients on Exchange servers. LoadGen allows you to test how a server
running Exchange responds to e-mail loads. To simulate the delivery of these messaging requests, you run
LoadGen tests on client computers. These tests send multiple messaging requests to the Exchange server,
thereby causing a mail load. LoadGen is a useful tool for administrators who are sizing servers and
validating a deployment plan. Specifically, LoadGen helps you determine if each of your servers can handle
the load to which they are intended to carry. Another use for LoadGen is to help validate the overall solution.
http://www.microsoft.com/download/en/details.aspx?id=14946
QUESTION 39
Your network contains Exchange Server 2010 servers. All users access their mailboxes by using Outlook
Web App (OWA).
All e-mail messages that contain customer contracts must be stored for three years
Users must be able to classify e-mail messages that relate to customer contracts
Users must be able to move e-mail messages to any folder
You need to recommend a solution that supports the requirements of the compliance policy.
A. Managed Folder mailbox policies

B. an OWA mailbox policy
C. Personal Archives and an Archive policy
D. Retention Policy Tags and a Retention Policy
Answer: D
retention tags are used to apply retention settings to folders and individual items such as e-mail messages
and voice mail. These settings specify how long a message remains in a mailbox and the action to be taken
when the message reaches the specified retention age. When a message reaches its retention age, it's
moved to the personal archive or deleted.
Unlike managed folders (the MRM feature introduced in Exchange Server 2007), retention tags allow
users to tag their own mailbox folders and individual items for retention. Users no longer have to file items in
managed folders provisioned by an administrator based on message retention requirements.
You can use retention policies to group one or more retention tags and apply them to mailboxes. A mailbox
can't have more than one retention policy. Retention tags can be linked to or unlinked from a retention
policy at any time, and the changes automatically take effect for all mailboxes that have the policy applied.
A retention policy can have the following retention tags:
One or more RPTs for supported default folders
One DPT with the Move to Archive action

One DPT with the Delete and Allow Recovery or Permanently Delete actions
One DPT for voice mail messages in Exchange 2010 SP1
Any number of personal tags
Although you can add any number of personal tags to a retention policy, having many personal tags with
different retention settings can confuse users. We recommend linking no more than 10 personal tags to a
retention policy.
retention policy can contain both archive tags (tags that move items to the personal archive mailbox) and
deletion tags (tags that delete items). A mailbox item can also have both types of tags applied. Archive
mailboxes don't have a separate retention policy. The same retention policy is applied to the primary and
archive mailbox.
When planning to create retention policies, you must consider whether they'll include both archive and
deletion tags. As mentioned earlier, a retention policy can have one DPT that uses the Move to Archive
action and one DPT that uses either the Delete and Allow Recovery or Permanently Delete
action. The DPT with the Move to Archive action must have a lower retention age than the DPT with a
deletion action. For example, you can use a DPT with the Move to Archive action to move items to the
archive mailbox in two years, and a DPT with a deletion action to remove items from the mailbox in seven
years.
QUESTION 40
You need to recommend a storage solution that meets the following requirements:
Provides users with an alternate location for storing e-mail messages

Provides users with access to the alternate location by using Outlook Web App (OWA)
A. journal rules
B. managed folders
C. personal archives
D. personal folders (.pst)
Answer: C
QUESTION 41

A. journal rules
B. message tracking
D. transport rules
Answer: A
QUESTION 42
You have an Exchange Server 2010 organization for a company named Contoso, Ltd.
Contoso has the following security policy:
Messages that contain the word budget cannot be sent to external recipients
Messages that contain the name Northwind Traders must be sent to the legal department automatically
You need to recommend a solution to meet the security policy.
A. Create two transport rules.

B. Create two message classifications.
C. Create one transport rule and configure a legal hold.
D. Create one message classification and configure a legal hold.
Answer: A
QUESTION 43
You have an Exchange Server 2010 organization. All users on the network connect to their mailboxes by
using Microsoft Office Outlook.
Your company's compliance policy states that:
A copy of e-mail messages sent to the human resources department from the Internet must be archived
All archived e-mail messages must be stored on a third-party archival server
A. journal rules
B. personal archives
C. Retention Policies
D. Transport Protection Rules
Answer: A
QUESTION 44
You have an Exchange Server 2010 organization. You plan to deploy a monitoring solution for Exchange
Server 2010.
You need to recommend a solution to track the usage of ActiveSync clients and to analyze usage trends.
A. Internet Information Server log files

B. Exchange Server Mail Flow Troubleshooter
C. Exchange Server Performance Troubleshooter
D. Microsoft System Center Configuration Manager
Answer: A
QUESTION 45
You have an Exchange Server 2010 organization. You have a group named Help Desk that contains all the
help desk users in the organization.
You need to ensure that the Help Desk group can manage all the mailboxes and mail-enabled contacts in
the organization.
The solution must minimize the number of permissions assigned to the Help Desk group.
Which management role should you assign to the Help Desk group?
A. Mail Recipients
B. Mail Recipient Creation
C. Organization Client Access
D. Recipient Policies
Answer: A
The Mail Recipients management role enables administrators to manage existing mailboxes, mail
users, and mail contacts in an organization. This role can't create these recipients. Use the Mail
Recipient Creation role to create them.
This role type doesn't enable you to manage mail-enabled public folders or distribution groups. Use the
following roles to manage these objects:
Mail Enabled Public Folders Role

Distribution Groups Role
QUESTION 46
You need to plan a message hygiene solution that meets the following requirements:
Spoofing must be minimized

Open SMTP relays must be added to IP block lists automatically
A. Sender ID filtering and recipient filtering

B. Sender ID filtering and sender reputation
C. sender filtering and recipient filtering
D. sender reputation and recipient filtering
Answer: B
Sender ID is intended to combat the impersonation of a sender and a domain, a practice that's frequently
called spoofing. A spoofed mail is an e-mail message that has a sending address that was modified
to appear as if it originates from a sender other than the actual sender of the message.
Spoofed mails typically contain a From: address that purports to be from a certain organization. In the past,
it was relatively easy to spoof the From: address, in both the SMTP session, such as the MAIL FROM:
header, and in the RFC 822 message data, such as From: "Masato Kawai" masato@contoso.com,
because the headers weren't validated.
Sender reputation evaluates several sender characteristics to calculate an SRL. Among the characteristics
that sender reputation evaluates are the results of a test for open proxy servers. Frequently, spammers
route messages through open proxy servers on the Internet. By routing spam through open proxy servers,
spammers can send messages that appear to originate from a different server than their own.
When sender reputation calculates an SRL, sender reputation tries to connect to the sender's originating
IP address by using a variety of common proxy protocols, such as SOCKS4, SOCKS5, HTTP, Telnet,
Cisco, and Wingate. Sender reputation formats a protocol-specific request in an attempt to connect back to
the Edge Transport server from the open proxy server by using an SMTP request. If an SMTP request is
received from the proxy server, sender reputation verifies that the proxy server is an open proxy server and
adjusts the SRL rating according to this result. By default, detection of open proxy servers is enabled on
sender reputation.
QUESTION 47
You plan to deploy a public folder access solution to meet the following requirements:
Users in the legal department must be able to send e-mail messages to public folders
Users in the legal department must not be able to read documents in the public folders by using Outlook
Web App (OWA)
You need to recommend changes to public folder access that meet the company requirements.

A. mail-enabled public folders and Editor permissions
B. mail-enabled public folders and Contributor permissions
C. OWA segmentation and Reviewer permissions
D. OWA segmentation and Send As permissions
Answer: B
QUESTION 48
Your network contains two Exchange Server 2010 Edge Transport servers. The network also contains five
Hub Transport servers in two Active Directory sites.
All e-mail sent to the network is received by the Edge Transport servers. You plan to configure anti-spam
filtering.
You need to ensure that the anti-spam filtering configurations are applied to both Edge Transport servers.
The solution must use a minimum amount of administrative effort.
What should you do?
A. Configure EdgeSync synchronization.

B. Implement Active Directory Federation Services (AD FS).
C. Join both Edge Transport servers to an Active Directory domain and then create a forest trust from the
internal forest.
D. Manually configure settings on one Edge Transport server and then export the settings to the other
Edge Transport server.
Answer: D
QUESTION 49
You have an Exchange Server 2010 organization. Company policy states that a copy of a users mailbox
must be kept for one year after the user leaves the company.
All user accounts are in an organizational unit (OU) named OU1.
A compliance administrator plans to export the mailboxes to personal folders.
You need to recommend a solution that allows the compliance administrator to meet the requirements of
the company policy.
A. a new management role assignment

B. delegated permissions to OU1
C. managed folder mailbox policies
D. new Personal Archives
Answer: A
QUESTION 50
You have an Exchange Server 2010 organization named contoso.com. The organization contains two Client
Access servers named CAS1 and CAS2 that are in a Client Access server array.
All internal and external users connect to their mailboxes by using mail.contoso.com.
You need to install a certificate on the Client Access servers to meet the following requirements:
Support 500 client computers that are not joined to the Active Directory domain
Support clients that use Microsoft Office Outlook in Cached Exchange Mode, Autodiscover, and
Exchange ActiveSync
Minimize client and user support costs
What should you do?
A. From a trusted third-party certification authority (CA), generate a certificate request that contains the
mail.contoso.com and Autodiscover names.
B. From a trusted third-party certification authority (CA), generate a certificate request that contains the
CAS1.contoso.com and CAS2.contoso.com names.
C. From an internal Active Directory-integrated certification authority (CA), generate a certificate request
that contains the mail.contoso.com and Autodiscover names.
D. From an internal Active Directory-integrated certification authority (CA), generate a certificate request
that contains the CAS1.contoso.com and CAS2.contoso.com names.
Answer: A
QUESTION 51
functional level of the forest is set to Windows 2000 native.
You have an Exchange organization that contains Exchange Server 2003 Service Pack 2 (SP2) and
Exchange Server 2007 Service Pack 2 (SP2) servers.
You need to prepare Active Directory for the installation of the first Exchange Server 2010 server.
What should you do?

source files.
Answer: A
Exam E
QUESTION 1
Your company has three offices. Each office has a direct link to the Internet. The offices connect to each
other by using a WAN link.
Your network consists of an Active Directory forest that contains two domains and one site. The functional
level of the forest is Windows Server 2003.
All domain controllers run Windows Server 2003 R2. Each office contains two domain controllers for each
domain. All domain controllers are global catalog servers.
In each office, you plan to deploy Mailbox, Client Access, and Hub Transport Exchange Server 2010
servers. All e-mail messages sent to the Internet will be delivered from a local server in each office.
You need to recommend changes to the Active Directory environment to support the planned deployment of
A. Disable site link bridging for the forest.

B. Modify the cost values for the default IP site link.
C. Create an Active Directory subnet and site object for each office.
D. Upgrade one domain controller in each office to Windows Server 2008.
Answer: C
QUESTION 2
You have an Exchange Server 2003 organization. All servers have 32-bit hardware.
You plan to transition to Exchange Server 2010 and deploy new Mailbox servers.
You need to evaluate the current servers to provide recommendations for the deployment of the new
Mailbox servers.
What should you include in the evaluation?
A. .number of concurrent connections to Outlook Web App

.number of mailbox databases
.memory utilization
B. .number of concurrent connections to Outlook Web App
.RPC latency
.disk I/O latency
C. .number of concurrent MAPI connections
.size of mailbox databases
.number of mailboxes
D. .number of mailboxes
.disk I/O latency
.RPC latency
Answer: C
QUESTION 3
Your company has a main office and 10 branch offices. Each office has a direct link to the Internet. Each
branch office has a WAN link that connects to the main office.
Your network consists of an Active Directory forest. Each office is configured as an Active Directory site.
You plan to deploy an Exchange Server 2010 Hub Transport server in each site.
You need to design a message routing solution to meet the following requirements:
Branch office connections to the Internet must be used to deliver e-mail

Branch office servers must use the WAN link to the main office to deliver e-mail to other branch offices
Branch office servers must be prevented from sending e-mail to the Internet by using the WAN link to
the main office
A. one Send connector for each site

B. one SMTP site link for each site
C. two Send connectors for each site
D. 10 Send connectors for each site
Answer: A
QUESTION 4
You plan to deploy Exchange Server 2010 on your network.
You plan to deploy the servers configured as shown in the following table.
You need to recommend a solution to deploy Mailbox servers.

Maintain redundancy if a single disk fails

Maintain redundancy if a single server fails
A. Deploy two Mailbox servers.

Configure each server to have a RAID 5 array.
B. Deploy a two-node Network Load Balancing cluster.
Configure each server to have a RAID 5 array.
C. Deploy a database availability group (DAG) that contains three members.
Configure each member to use JBOD.
D. Deploy a three-node Network Load Balancing cluster.
Configure each server to connect to a Fiber Channel (FC) Storage Area Network (SAN).
Answer: C
QUESTION 5
Your company acquires another company that has an Exchange Server 2010 organization.
You need to recommend a solution for the Exchange Server 2010 organization to meet the following
requirements:
All users must be able to view the global address lists (GALs) for both organizations
All users must be able to view free/busy information for users in both organizations
A. .Implement Active Directory Federation Services (AD FS)

.Run the Microsoft Exchange Inter-Organization Replication tool
B. .Implement Microsoft Identity Lifecycle Manager (ILM) 2007
.Create a two-way cross-forest trust between both organizations
C. .Create a federation trust between both organizations
.Implement Microsoft Identity Lifecycle Manager (ILM) 2007
.Run the New Organization Relationship wizard
D. .Create a two-way cross-forest trust between both organizations
.Implement Active Directory Federation Services (AD FS)
Answer: C
QUESTION 6
Your network is separated from the Internet by a firewall.
You need to identify the ports that must be opened on the firewall to allow clients from the Internet to use
the following connections methods:
Outlook Anywhere
Exchange ActiveSync
IMAP4 over Secure Sockets Layer (SSL)
Which TCP ports should you identify?
A. 25, 443 and 993

B. 26, 443 and 995
C. 25, 80, 143, and 3269
D. 80, 143, 443, and 389
Answer: A
QUESTION 7
You have an Exchange Server 2003 organization. You plan to transition the organization to Exchange
Server 2010. You need to recommend a plan that allows the Exchange Server 2003 servers to coexist with
The plan must meet the following requirements:
Support journaling of e-mail messages that are sent to distribution lists from a mailbox on an Exchange
Server 2003 server
Server 2010 server
A. Implement Personal Archives.

B. Implement Universal Group Membership Caching.
C. Use only Exchange Server 2003 servers for the expansion of distribution groups.
D. Use only Exchange Server 2010 Hub Transport servers for the expansion of distribution groups.
Answer: D
QUESTION 8
You have Exchange Server 2003 organization. The organization contains a front-end server named FE1
and a back-end server named BE1. FE1 is accessible from the Internet by using mail.contoso.com.
You will deploy a Mailbox server named MBX1 and a Client Access server named CAS1. Users will access
Outlook Web App (OWA) by using the URL https://mail.contoso.com.
You need to recommend a DNS configuration for the external name of mail.contoso.com.
Which server should be associated with the name mail.contoso.com?
A. BE1
B. CAS1
C. FE1
D. MBX1
Answer: B
QUESTION 9
Your network contains a single Active Directory domain. You have an Exchange Server 2010 organization
that contains a Hub Transport server named Hub1. Hub1 receives all e-mail messages that are sent to
your organization from the Internet.
A new company security policy states that domain-joined servers must not be accessible directly from the
Internet.
You need to create a message hygiene solution to meet the following requirements:
Comply with the new security policy

Minimize the amount of spam that is delivered to the internal Exchange servers in the organization
A. Deploy an Edge Transport server, and then configure EdgeSync synchronization.

B. Deploy a new Hub Transport server, and then install the anti-spam transport agents.
C. Deploy a new Hub Transport server, and then deploy Active Directory Federation Services (AD FS).
D. Deploy an Edge Transport server, and then disable Active Directory Lightweight Directory Services (AD
LDS).
Answer: A
QUESTION 10
Your network contains an internal network and a perimeter network that are separated by a firewall. The
perimeter network contains an Exchange Server 2010 Edge Transport server.
You plan to deploy an internal Exchange Server 2010 organization that meets the following requirements:

Which TCP ports should you allow from the internal network to the perimeter network?
A. 3389 and 25
B. 3389 and 636
C. 50636 and 25
D. 50636 and 135
Answer: C
QUESTION 11
Your network contains three Active Directory sites named Site1, Site2, and Site3. Users can only access
Site1 from the Internet.
the Internet

Answer: B
QUESTION 12
You have an Exchange Server 2010 organization named contoso.com. Your company plans to provide
business continuity services for a company named Fabrikam.
Fabrikam has an Exchange Server 2007 organization and uses the fabrikam.com SMTP domain.
You need to configure your organization to queue and relay all e-mail messages sent to fabrikam.com from
the Internet.
What should you do?
public DNS domain.
public DNS domain.
Answer: D
QUESTION 13


Answer: B
QUESTION 14
A. journal rules
B. message tracking
D. transport rules
Answer: A
QUESTION 15
Your network consists of an Active Directory domain that contains the domain controllers shown in the
following table.
You plan to deploy an Exchange Server 2010 server in each site.

You need to recommend changes to the domain controllers to support the installation of Exchange Server
2010.
What should you do?

Answer: A
QUESTION 16
You have an Exchange Server 2010 Hub Transport server named Hub1.
You install an application on a third-party server named Server1.
What should you do?
A. .Create a new Send connector

.Add the TCP/IP address of Server1 to the Send connector
.Modify the permissions for the Send connector
B. .Create a new Receive connector
.Add the TCP/IP address of Server1 to the Receive connector
.Modify the permissions for the Receive connector
C. .Add the TCP/IP address of Server1 to the default Receive connector
.Create a message classification
D. .Add the TCP/IP address of Server1 to the Client Receive connector
.Create a remote domain
Answer: B
QUESTION 17
Your company has a main office and ten branch offices. Your network consists of a single domain Active
Directory forest.
An Active Directory site exists for each office.
The main office contains five domain controllers that run Windows Server 2008 (x64). Each branch office
contains one read-only domain controller (RODC) that runs Windows Server 2008 (x86).
All domain controllers are configured as global catalog servers.
You plan to deploy one Exchange Server 2010 server in each site.
You need to recommend changes to Active Directory to support the planned deployment.
The solution must ensure that Exchange servers in each branch-office site connect to their local domain
controllers.

D. Disable site link bridging for the forest and configure Exchange-specific costs.
Answer: C
There must be a writable not an RODC to support Exchange Server in a site
QUESTION 18
Your Exchange Server 2010 organization contains two Hub Transport servers in a single site. The
organization receives all e-mail sent to a SMTP domain named contoso.com.
Your company purchases another company that uses a SMTP domain named fabrikam.com.
You need to recommend changes to the organization to support the planned deployment.
The solution must prevent e-mail sent to fabrikam.com from being delivered to your internal organization.
Answer: C
QUESTION 19
Web App (OWA).
All e-mail messages that contain customer contracts must be stored for three years

Answer: D
QUESTION 20


A. journal rules
B. managed folders
Answer: C
QUESTION 21
You need to recommend a solution to meet the security policy.

Answer: A
QUESTION 22
Your company's compliance policy states that:
A. journal rules
B. personal archives
Answer: A
QUESTION 23
the organization.
The solution must minimize the number of permissions assigned to the Help Desk group.
A. Mail Recipients
Answer: A
QUESTION 24
Users in the legal department must be able to send e-mail messages to public folders
Web App (OWA)
A. mail-enabled public folders and Editor permissions

Answer: B
QUESTION 25
Your network consists of a Windows Server 2003 Active Directory forest that contains a Windows Server
2003 enterprise certification authority (CA).
Users access their mailboxes by using Windows Mobile 5.0 and Windows Mobile 6.1 devices. You plan to
transition the organization to Exchange Server 2010.
You need to plan a certificate solution for the Exchange Server 2010 deployment.
The solution must minimize the amount of effort required to connect all mobile devices to the organization.
A. Create a self-signed certificate and install it on the Client Access server.

B. Obtain a wildcard certificate from a trusted third-party CA and install it on the Client Access server.
C. From an internal CA, obtain a certificate that contains multiple names and install it on the Client Access
server.
D. From a trusted third-party CA, obtain a certificate that contains multiple names and install it on the Client
Access server.
Answer: D
QUESTION 26
All e-mail sent to the network is received by the Edge Transport servers.
You plan to configure anti-spam filtering.
What should you do?
A. Configure EdgeSync synchronization.

C. Join both Edge Transport servers to an Active Directory domain and then create a forest trust from the
internal forest.
Edge Transport server.
Answer: D
QUESTION 27
Company policy states that a copy of a users mailbox must be kept for one year after the user leaves the
company.
All user accounts are in an organizational unit (OU) named OU1. A compliance administrator plans to
export the mailboxes to personal folders.
the company policy.

B. delegated permissions to OU1
D. new Personal Archives
Answer: A
QUESTION 28
Exchange ActiveSync
What should you do?
that contains the CAS1.contoso.com and CAS2.contoso.com names.
Answer: A
QUESTION 29
You have an Exchange Server 2010 organization. Your company has a relationship with another company.
The partner company has an Exchange Server 2010 organization.
You need to recommend a security solution to meet the following requirements:
Ensure that all e-mail delivery between your servers and the partner company's servers is encrypted
Ensure that all communication between your servers and the partner company's servers is authenticated
A. Active Directory Rights Management Services (AD RMS)

B. Domain Security
C. Forms-based Authentication
Answer: B
QUESTION 30
A corporate environment will include Exchange Server 2010. You are designing a deployment plan for the
Mailbox servers. You need to recommend the minimum amount of physical memory that supports the
following requirements: Use single-role Mailbox servers. Each Mailbox server must support 22.5 GB of
database cache. How much memory should you recommend?
A. 64 GB
B. 24 GB
C. 48 GB
D. 32 GB
Answer: D
QUESTION 31
You are designing an Exchange organization for a company named Contoso, Ltd. All servers in the
organization will have Exchange Server 2010 Service Pack 1 (SP1) installed. Contoso has a partner
company named Fabrikam, Inc. Fabrikam has an Exchange organization that contains only Exchange
Server 2010 SP1 servers. You plan to configure a federation trust between Fabrikam and Contoso. You
need to recommend a certificate for the federation trust. Which of the following certificates is the best
recommendation? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. a certificate from a third-party certification authority (CA)

B. the self-signed certificate automatically generated by the Exchange 2010 Setup wizard
C. the self-signed certificate automatically generated by the New Federation Trust wizard
D. a certificate from an internal certification authority (CA)
Answer: C
QUESTION 32
Office Outlook 2010. You are designing a sharing solution for your organization and a partner organization.
The partner organization also uses Exchange Server 2010. You need to recommend a strategy for sharing
information with the partner organization to meet the following requirements: Provide cross-organizational
access to user contacts Provide cross-organizational access to free\busy information What should you
recommend?
A. Implementing Microsoft Identify Lifecycle Manager (ILM) 2007

B. Implementing Federated Delegation
C. Running the Microsoft Exchange Inter-Organization Replication tool
D. Creating cross-forest trusts
Answer: B
QUESTION 33
Contoso, Ltd. has an Exchange Server 2010 environment that accepts email for the contoso.com email
domain. Fabrikam, Inc. has an Exchange Server 2010 environment that accepts mail for the fabrikam.com
email domain. Contoso acquires Fabrikam and establishes an internal network connection between the
two companies. After the acquisition, only the Contoso Exchange Server environment accepts external
email. You have the following requirements: Retain existing fabrikam.com email addresses. Enable users
in both Exchange Server environments to receive mail at contoso.com email addresses.
Which two actions should you recommend?
(Each correct answer presents part of the solution. Choose two.)
A. Create an internal relay accepted domain for contoso.com.

B. Create an external relay accepted domain for contoso.com.
C. Create an internal receive connector.
D. Create an internal send connector.
Answer: AD
QUESTION 34
A corporate environment includes Exchange Server 2010 SP1. The Exchange Server environment includes
two Client Access servers, two Hub Transport servers, and two Mailbox servers on the internal network,
and two Edge Transport servers in a perimeter network. An edge subscription is in place between the Hub
Transport servers and the Edge Transport servers. When an Edge Transport server fails, messages
accepted by that server are not delivered.
You need to recommend a solution for ensuring that messages accepted by either Edge Transport server
are attempted for delivery if either Edge Transport server fails.
A. Enable shadow redundancy.

B. Create a new remote domain.
C. Create a new send connector.
D. Enable back pressure.
Answer: A
QUESTION 35
Your company has offices in New York and Miami. The offices connect to each other by using a dedicated
WAN link. Each office has a direct connection to the Internet. An Active Directory site exists for each
office. Each office contains one Mailbox server, two Hub Transport servers, and two Client Access
servers. All servers have Exchange Server 2010 Service Pack 1 (SP1) installed and run Windows Server
2008 R2. The Mailbox servers are configured as shown in the following table.
You need to recommend a high-availability solution for the Mailbox servers that meets the following
requirements:
Which of the following solutions is the best recommendation? (More than one answer choice may achieve
the goal. Select the BEST answer.)
A. Add a Mailbox server to each office. Create one database availability group (DAG). Add all Mailbox
servers to the DAG. Add a file share witness to the Miami office. Create a copy of each mailbox
database.
B. Add a Mailbox server to each office. Create two database availability groups (DAGs). Add one Mailbox
server from each office to each DAG. Add a file share witness to each office. Create a copy of each
mailbox database.
C. Add two Mailbox servers to the Miami office. Add one Mailbox server to the New York office. Create two
database availability groups (DAGs). Add all of the Mailbox servers in the Miami office to one of the
DAGs. Add all of the Mailbox servers in the New York office to the other DAG. Add a file share witness
to each office. Create a copy of each mailbox database.
D. Add two Mailbox servers to each office. Create one database availability group (DAG). Add all of the
Mailbox servers in the Miami office to the DAG. Add a file share witness to the New York office. Create
a copy of each mailbox database.
Answer: A
QUESTION 36
A corporate environment will include Exchange Server 2010 in two Active Directory Domain Services (AD
DS) sites. You need to recommend a solution that provides a single connection point for all Outlook Web
App (OWA) connections. What should you recommend?
A. Deploy one Client Access server array for each AD DS site.

B. Deploy one Client Access server array.
C. Configure a hardware load balancer for the Client Access servers.
D. Configure Autodiscover in each AD DS site for a common internal URL.
Answer: C
QUESTION 37
A corporate environment will include Exchange Server 2010. You need to recommend a solution that
meets the following client access requirements: Automatic failover of specific client access protocols
Distribution of client access traffic across multiple Client Access servers Secure Sockets Layer (SSL)
session ID for Client-to-Client Access server affinity What should you recommend?
A. Deploy a Client Access server array.

B. Deploy Microsoft Forefront Unified Access Gateway (UAG) as a reverse proxy.
C. Deploy a hardware load balancer for the Client Access servers.
D. Deploy Microsoft Forefront Threat Management Gateway (TMG) as a reverse proxy.
Answer: C
QUESTION 38
A corporate environment includes a two-node Exchange Server 2010 Client Access server array. You are
designing a disaster recovery plan for the Client Access servers. The plan must meet the following
requirements: Back up the SSL certificates. Back up the Windows Network Load Balancing (NLB)
configuration. Back up only the minimum amount of data. You need to recommend the components to
back up on each Client Access server. What should you recommend?
A. the system state and the registry

B. only the system state
C. the registry and the system volume
D. the system state and the system volume
Answer: B
QUESTION 39
A company deploys Exchange Server 2010. The environment includes three datacenters located in New
York, Dallas and Miami. Each datacenter is configured as an Active Directory Domain Services (AD DS)
site. Each site has one Client Access server, one Hub Transport server and one Mailbox server. The
Mailbox servers in New York and Dallas are configured in a database availability group (DAG). You have
the following requirements: Ensure that mail flow is not interrupted if any one Hub Transport server fails.
Deploy the minimum number of additional servers. You need to recommend a solution that meets the
requirements. What should you recommend?
A. Deploy one additional Hub Transport server in New York and one additional Hub Transport server in
Dallas.
B. Add the Hub Transport role to the Client Access server in Miami.
C. Deploy one additional Hub Transport server in each site.
D. Deploy one additional Hub Transport server in Miami.
Answer: C
QUESTION 40
A corporate environment will include Exchange Server 2010. You are planning capacity for the Mailbox
servers. You require 800 GB of disk space for mailbox content. You need to recommend the minimum
amount of additional space required for content indexing. What should you recommend?
A. 160 GB
B. 96 GB
C. 120 GB
D. 80 GB
Answer: D
QUESTION 41
You have an Exchange organization. All servers in the organization have Exchange Server 2010 Service
Pack 1 (SP1) installed. The organization contains the servers configured as shown in the following table.
You plan to deploy a line-of-business application named App1. App1 will have a built-in SMTP service that
will send e-mail messages to users in the Exchange organization. You need to recommend a message
routing solution that meets the following requirements:
Ensures that App1 can send e-mail messages to internal users.

Prevents other servers on the internal network from sending e-mail messages to internal users.
Ensures that each e-mail message received by the Exchange organization is scanned for viruses.
You install Microsoft Forefront Protection 2010 for Exchange Server on both Edge Transport servers.
A. On Edge1, create a new internal Receive connector. From the properties of the new Receive connector,
configure the Remote Network settings to include the IP address of App1, and then add the Anonymous
users permission group to the Receive connector. From the properties of the default internal Receive
connector on Edge1, exclude the IP addresses of the internal network. On the server that hosts App1,
configure the SMTP service to relay e-mail to Edge1.
B. On Hub1, install Forefront Protection 2010 for Exchange Server. On Hub1, create a new internal
Receive connector, and then configure the Remote Network settings to include the IP address of App1.
On the server that hosts App1, configure the SMTP service to relay e-mail directly to Hub1.
C. From the properties of the default Receive connector on Edge1, configure the Remote Network settings
to include the IP address of App1, and then add the Anonymous users permission group to the Receive
connector. On the server that hosts App1, configure the SMTP service to relay e-mail to Edge1.
D. On Hub1, install Forefront Protection 2010 for Exchange Server. On Hub1, add the Anonymous users
permission group to the default Receive connector. On an internal DNS server, create a Mail Exchanger
(MX) record that points to Hub1. On the server that hosts App1, configure the SMTP service to relay e-
mail by using DNS name resolution.
Answer: B
QUESTION 42
A company has an on-premise Exchange Server 2010 SP1 environment. Client computers are joined to an
Active Directory Domain Services (AD DS) domain. Some users are hosted in a cloud-based Exchange
Server 2010 SP1 environment. An organization relationship exists between the on-premise and cloud-
based environments. Administrative assistants with mailboxes in the on-premise environment must be
able to view contacts in cloud-based user mailboxes.
You need to recommend a solution that meets the requirement.
A. a federation trust
B. a sharing policy
C. a remote domain
D. an Outlook protection rule
Answer: B
QUESTION 43
An organization plans to deploy Exchange Server 2010 in multiple Active Directory Domain Services (AD
DS) sites. The locations of the Client Access servers are as shown in the following table.
Users will access Autodiscover, Outlook Web App (OWA), Exchange ActiveSync, and Outlook Anywhere
only over the Internet through the URL mail.contoso.com.
Users must be able to connect to all of the services via an SSL connection without receiving errors or
warning messages.
You need to recommend an SSL certificate configuration. In addition, you need to minimize the number of
certificates purchased. Which two actions should you recommend? (Each correct answer presents part of
the solution. Choose two.)
A. Use the existing self-signed certificate on CAS02.

B. Use the existing self-signed certificate on CAS01.
C. Purchase a third-party SSL certificate for CAS01 containing the autodiscover.contoso.com and mail.
contoso.com FQDNs.
D. Purchase a third-party SSL certificate for CAS02 containing the autodiscover.contoso.com and mail.
contoso.com FQDNs.
Answer: AC
QUESTION 44
Contoso, Ltd. has an Exchange Server 2010 environment. Fabrikam, Inc. has an Exchange Server 2007
environment. Contoso acquires Fabrikam. Contoso plans to migrate the email accounts of the Fabrikam
employees to the existing Contoso Exchange Server environment. Fabrikam employees will have new
Contoso email addresses and will also maintain their existing Fabrikam email addresses for a period of
time. You need to recommend a solution for ensuring that replies to email messages sent by Fabrikam
employees prior to the migration are directed to the migrated mailboxes.
A. In the Exchange Management Console (EMC) in the Contoso Exchange Server environment, set the
primary email address to the Fabrikam email address.
B. After the mailbox migration, run the Update-EmailAddressPolicy cmdlet for each email address policy.
C. Export the legacyExchangeDN attributes from the Fabrikam mailboxes and add them as custom X500
addresses on the new Contoso mailboxes.
D. In the Exchange Management Console (EMC) in the Contoso Exchange Server environment, add the
Fabrikam domain name to the Accepted Domains list as an authoritative domain.
Answer: D
QUESTION 45
A corporate environment includes Exchange Server 2003 SP2. Client computers run Microsoft Office
Outlook 2003. You deploy Exchange Server 2010 in the existing Exchange organization, and then install
Exchange Server 2010 SP1 on all the Exchange Server 2010 servers. The company intends to move
mailboxes from Exchange Server 2003 SP2 to Exchange Server 2010 SP1. You need to recommend a
solution for ensuring that after their mailboxes are moved, users can open their mailboxes by using Outlook
2003. What should you recommend?
A. Obtain and install an SSL certificate for each Exchange Server 2010 SP1 Client Access server.
B. Configure Outlook 2003 to encrypt data between Outlook and the Exchange server.
C. Obtain and install an SSL certificate for each Exchange Server 2010 SP1 Mailbox server.
D. Configure Outlook 2003 to use NTLM authentication.
Answer: B
QUESTION 46
You are designing an Exchange Server 2010 environment. The environment will include three datacenters,
located in Seattle, Dallas, and Miami. Each datacenter will have a separate Active Directory Domain
Services (AD DS) site. The Seattle and Miami datacenters will each contain two Mailbox servers. The
Dallas datacenter will not contain Mailbox servers. All Mailbox servers will be members of a single database
availability group (DAG). You need to recommend the minimum file share witness configuration necessary
to ensure that if the Seattle datacenter fails, the DAG will continue to function.

A. No file share witnesses are necessary.
B. Place one file share witness in the Seattle datacenter.
C. Place one file share witness in the Seattle datacenter and one alternate file share witness in the Miami
datacenter.
D. Place one file share witness in the Dallas datacenter.
Answer: B
QUESTION 47
A corporate environment includes Exchange Server 2010. The Exchange Server environment includes two
Edge Transport servers and two Hub Transport servers. The Edge Transport servers process Safe Sender
List information from Exchange users and have multiple IP Allow list entries. An edge subscription is in
place between the Edge Transport servers and the Hub Transport servers. You need to recommend a
solution for configuring a replacement Edge Transport server. You have the following requirements:
Recover all the send connector, receive connector, and accepted domains settings. Recover all the IP Allow
list entries. Continue to process Safe Sender List information. What should you recommend?
A. Configure a new Edge Transport server, restore from a Windows system state backup, and then use
cloned configuration scripts.
B. Configure a new Edge Transport server, create and import a new edge subscription, and then use
C. Configure a new Edge Transport server, create and import a new edge subscription, and then restore
from a Windows system state backup.
D. Restore from a Windows system state backup, configure a new Edge Transport server, and then use
Answer: B
QUESTION 48
A corporate environment includes Exchange Server 2010. The Exchange Server environment includes one
Client Access server, one Edge Transport server, one Hub Transport server, and one Mailbox server.
Email communication between employees in two specific departments is not permitted. You need to
recommend a solution for ensuring that email messages from employees in either department are never
sent to employees in the other department.
A. Create a journal rule.

B. Create a transport rule on the Hub Transport server.
C. Create a transport rule on the Edge Transport server.
D. Configure litigation hold on the mailboxes of the employees in both departments.
Answer: B
QUESTION 49
A corporate environment includes Exchange Server 2010 SP1. You need to recommend a solution for
recording which administrators access specific mailboxes. What should you recommend?
A. Enable administrator audit logging.

B. Increase the mailbox logging level.
C. Enable mailbox audit logging.
D. Enable object access auditing.
Answer: C
QUESTION 50
A corporate environment includes Exchange Server 2010 SP1. Client computers run Microsoft Outlook
2010. You have the following requirements: Minimize the amount of effort required to apply retention tags
to email messages. Ensure that the solution functions across all folders in a mailbox. You need to
recommend a solution that meets the requirements. What should you recommend?
A. Enable AutoTagging for mailboxes.

B. Implement personal tags for each users mailbox.
C. Use the Managed Folder Assistant to process mailbox folders.
D. Modify the retention policy tag by reducing the age limit for retention.
Answer: C
Exam F
QUESTION 1

B. Domain Security
Answer: B
Domain Security refers to the set of functionality in Microsoft Exchange Server 2010 and Microsoft Office
Outlook 2007 that provides a relatively low-cost alternative to S/MIME or other message-level security
solutions. The purpose of the Domain Security feature set is to provide administrators a way to manage
secured message paths over the Internet with business partners. After these secured message paths are
configured, messages that have successfully traveled over the secured path from an authenticated sender
are displayed to users as Domain Secured in the Outlook and Microsoft Office Outlook Web App
interface.
Domain Security uses mutual Transport Layer Security (TLS) authentication to provide session-based
authentication and encryption. Mutual TLS authentication differs from TLS as it's usually implemented.
Typically, when TLS is implemented, the client verifies that the connection securely connects to the
intended server by validating the server's certificate. This is received as part of TLS negotiation. In this
scenario, the client authenticates the server before the client transmits data. However, the server doesn't
authenticate the session with the client.
With mutual TLS authentication, each server verifies the connection with the other server by validating a
certificate that's provided by that other server. In this scenario, where messages are received from external
domains over verified connections in an Exchange 2010 environment, Outlook 2007 displays a Domain
Secured icon.
QUESTION 2
RMS) server. All users access their mailboxes by using Outlook Web App (OWA).

A. a legal hold
B. Domain Security
Answer: C
QUESTION 3
Your company has an Active Directory forest named contoso.com. You plan to deploy an Exchange Server
2010 organization that will contain two servers.
Each server will have the Client Access server role, the Hub Transport server role, and the Mailbox server
role installed.
You plan to add both servers to a database availability group (DAG).
You need to recommend a high-availability solution for the Client Access server role.
Your solution must ensure that users are not prompted to authenticate if a Client Access server becomes
unavailable.
A. Create and configure a Client Access server array, and then install a hardware load balancer.
B. Create and configure a Client Access server array, and then install Windows Network Load Balancing
on both servers.
C. Deploy Microsoft Internet Security and Acceleration (ISA) Server 2006, and then implement DNS round
robin.
D. Deploy Microsoft Internet Security and Acceleration (ISA) Server 2006, and then install Windows
Network Load Balancing.
Answer: A
A is the correct answer for this question.
While it is possible to install the Windows Network Load Balancing for a client access array that solution will
not work for this question.
Windows Network Load Balancing
Windows Network Load Balancing (WNLB) is the most common software load balancer used for Exchange
servers. There are several limitations associated with deploying WNLB with Microsoft Exchange.
WNLB can't be used on Exchange servers where mailbox DAGs are also being used because WNLB is
incompatible with Windows failover clustering. If you're using an Exchange 2010 DAG and you want to
use WNLB, you need to have the Client Access server role and the Mailbox server role running
on separate servers.
Due to performance issues, we don't recommend putting more than eight Client Access servers in an
array that's load balanced by WNLB.
WNLB doesn't detect service outages. WNLB only detects server outages by IP address. This means if
a particular Web service, such as Outlook Web App, fails, but the server is still functioning, WNLB won’t
detect the failure and will still route requests to that Client Access server. Manual intervention is required
to remove the Client Access server experiencing the outage from the load balancing pool.
WNLB configuration can result in port flooding, which can overwhelm networks.
Because WNLB only performs client affinity using the source IP address, it's not an effective solution
when the source IP pool is small. This can occur when the source IP pool is from a remote network
subnet or when your organization is using network address translation.
http://technet.microsoft.com/en-us/library/ff625247.aspx
QUESTION 4
Your company has an Exchange 2010 organization that contains multiple Hub Transport servers. You have
a line-of-business application that relays e-mail messages by using a Hub Transport server named Hub1.
The application only supports sending e-mail to a single SMTP server.
You need to ensure that the application can relay e-mail messages if Hub1 fails.
What should you do?
A. Implement log truncation

B. Install and configure failover clustering on the Hub Transport servers.
C. Implement Windows network load balancing on the Hub Transport servers.
D. Create multiple MX records for the Hub Transport servers in the internal DNS zone.
Answer: C
QUESTION 5
You have an Active Directory forest. You plan to deploy an Exchange Server 2010 organization that


B. Implement failover clustering on both Hub Transport servers.
D. Create one mail exchange (MX) record and one SRV record for each Edge Transport server on the
internal DNS zone.
Answer: C
Send connectors create a logical connection to remote e-mail systems and are responsible for outbound
transmission of e-mail messages. If you use the EdgeSync process, it will configure the Send connectors
required for mail flow to the Internet and to the Edge Transport servers in your Microsoft Exchange Server
2010 organization. If your organization requires a Send connector with specific configuration options, or if
you don't use the EdgeSync process, you must manually configure Send connectors.
QUESTION 6
Your company has a main office and 10 branch offices. Each office connects to the Internet by using a
direct link. The main office connects to the branch offices by using a WAN link.
You plan to deploy Exchange Server 2010 servers in each office.
You need to design Active Directory to meet the following Exchange Server 2010 requirements:
Users must be able to access their mailboxes if a single domain controller fails
Users must be able to send e-mail messages to the Internet if a WAN link fails
What should you include in the design?
A. Create an Active Directory site for each office.

Deploy two global catalog servers in each site.
B. Create an Active Directory site for each office.
Deploy a single domain controller in each site, and then enable site link bridging.
C. Create an Active Directory site for all of the offices.
Deploy a global catalog server and a read-only domain controller in each site.
D. Create an Active Directory site for all of the offices.
Deploy a global catalog server and two read- only global catalog servers in each Active Directory site.
Answer: A
QUESTION 7
You have an Exchange Server 2010 organization. The network contains two Mailbox servers that are
configured in a database availability group (DAG).
You plan to implement a disaster recovery solution.
You need to recommend a solution that ensures that the active mailbox database copy is unaffected by the
backup process.
You want to achieve this goal while minimizing costs.
A. Windows Server Backup

B. Network Attached Storage (NAS) snapshots
D. Microsoft System Center Data Protection Manager
Answer: D
Data Protection Manager 2010 (DPM 2010) is part of the System Center family of management products
from Microsoft. It delivers unified data protection for Windows servers such as SQL Server, Exchange,
SharePoint, Virtualization and file servers -- as well as Windows desktops and laptops.
QUESTION 8
You deploy multiple Mailbox servers. Each Mailbox server contains a copy of a mailbox database named
DB1.
You need to recommend a solution that allows administrators to remove corrupt messages that have been
replicated before the corrupt messages are applied to each copy of DB1.
A. Modify log truncation.

B. Enable circular logging.
C. Implement lagged copies.
D. Configure shadow redundancy.
Answer: C
Using Replay Lag and Truncation Lag Options
Mailbox database copies support the use of a replay lag time and a truncation lag time, both of
which are configured in minutes. Setting a replay lag time enables you to take a database copy back to a
specific point in time. Setting a truncation lag time enables you to use the logs on a passive database copy
to recover from the loss of log files on the active database copy. Because both of these features result in
the temporary build-up of log files, using either of them will affect your storage design.
QUESTION 9
You have an Exchange Server 2010 organization. The organization contains two servers named Server1
and Server2.
Server1 and Server2 have the Mailbox server role and the Hub Transport server role installed.
Server 1 and Server2 are members of a database availability group (DAG).
You need to plan the deployment of Client Access servers to meet the following requirements:
Users must be able to access their mailboxes if a single server fails

Users must not attempt to connect to a failed server
A. On Server1 and Server2, install the Client Access server role.

Implement failover clustering.
B. On Server1 and Server2, install the Client Access server role.
Configure network interface card (NIC) teaming on each server.
C. Deploy two new Client Access servers.
Implement load balancing by using DNS round robin.
Create a Client Access server array.
D. Deploy two new Client Access servers.
Implement load balancing by using a Windows Network Load Balancing cluster.
Answer: D
Correct Answer is D.
As the Client Access role has been deployed on separate servers you can use the Windows Network and
Load Balancing feature.
WNLB, you need to have the Client Access server role and the Mailbox server role running on
separate servers.
QUESTION 10
Your network contains two data centers named Datacenter1 and Datacenter2. An Active Directory site
exists for each data center.
The data centers connect to the Internet by using a direct link. The data centers connect to each other by
using a high-speed WAN link.
You plan to deploy Exchange Server 2010 Mailbox servers in both data centers.
You need to plan message routing to meet the following requirements:
Ensure outbound delivery of e-mail messages if a single server fails

Automatically load balance the Hub Transport server in each site
Deploy the minimum number of servers
A. In each data center, deploy one Hub Transport server.

Create and configure one Send connector.
B. In each data center, deploy two Hub Transport servers.
C. In each data center, deploy one Edge Transport server.
Create and configure two Send connectors.
D. In each data center, deploy two Edge Transport servers.
Answer: B
QUESTION 11
Your company has two main offices named Main1 and Main2. An Active Directory site exists for each office.
Users connect locally to servers in both offices.
The offices connect to each other by using a high-speed WAN link.
You plan to deploy Exchange Server 2010.
You need to plan the deployment of Mailbox servers to meet the following requirements:
Ensure that users can access their mailbox from a server in their site, if a single Mailbox server fails
Ensure that users can access their mailboxes remotely if a site fails
Minimize the number of servers
How many Mailbox servers should you include in the plan?
A. 2
B. 3
C. 4
D. 6
Answer: C
QUESTION 12
You have an Exchange Server 2003 organization. All users connect to their mailboxes by using Microsoft
Office Outlook.
You start to transition the organization to new Exchange Server 2010 servers.
The new servers are on a secured subnet that is separated by a firewall. You will move half of the
mailboxes to the new servers.
Client Access servers and Mailbox servers are on the secured subnet.
Client computers on the network can access the Client Access servers.
You need to recommend a solution that allows users to connect to Public Folders by using Outlook or
A. Public Folder referrals and forms-based authentication

B. Public Folder referrals and HTTP connections to the Mailbox servers
C. Public Folder replicas and MAPI connections to the Mailbox servers
D. Public Folder replicas and WebReady Document Viewing
Answer: C
QUESTION 13
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008.
You have an Exchange organization that consists of the servers shown in the following table.
You plan to implement moderated transport for distribution groups in the organization.
You need to recommend changes to the organization to support the planned implementation.
A. Upgrade Server3 to Exchange Server 2010.

B. Install Windows Server 2008 R2 global catalog servers.
C. Replace all distribution groups with dynamic distribution groups.
D. Use Server4 as the expansion server for all moderated distribution groups.
Answer: D
QUESTION 14
Your network consists of an Active Directory forest that contains two sites named Site1 and Site2. From the
Internet, users can only access servers in Site1.
Each site contains servers that run the Client Access server role, the Mailbox server role, and the Hub
Transport server role. You plan to transition the organization to Exchange Server 2010.
You need to recommend the server role that you must transition first to Exchange Server 2010.
Your solution must provide the least amount of downtime for users in the organization.
Which servers should you transition first?
A. the Client Access servers in Site1

B. the Client Access servers in Site2
C. the Hub Transport servers in Site1
D. the Hub Transport servers in Site2
Answer: A
QUESTION 15
Your network contains two Active Directory sites named Site1 and Site2.
Only Site1 can be accessed from the Internet.
You deploy a Client Access server in Site1 and enable Windows Integrated Authentication for Outlook Web
App (OWA). In Site2, you deploy a Mailbox server and a Client Access server.
You need to configure the Exchange organization to meet the following requirements:
Allow users to access their mailboxes from the Internet by using OWA
Prevent authentication prompts from displaying when users connect to OWA by using domain- joined
computers that are connected to the internal network
What should you do?
A. Modify the Exchange virtual directory on the Client Access server in Site1.
B. Modify the Exchange virtual directory on the Client Access server in Site2.
C. Modify the OWA virtual directory on the Client Access server in Site1.
D. Modify the OWA virtual directory on the Client Access server in Site2.
Answer: D
As only site 1 has internet you need to modify the owa virtual directory on Site 2.
QUESTION 16
Your network contains two Active Directory sites. The sites connect to each other by using a WAN link.
You plan to deploy two Exchange Server 2010 Mailbox servers and two Client Access servers in each site.
Each site will contain a Client Access array.
You need to recommend a solution to deploy Hub Transport servers.
Continue to deliver e-mail messages to users in other sites if a single Hub Transport server fails
Support the planned Client Access array deployment
Minimize the number of Exchange servers
What are two possible ways to achieve this goal? (Each answer presents a complete solution.Choose two.)
A. Add the Hub Transport server role to each Mailbox server.

B. Add the Hub Transport server role to each Client Access server.
C. Deploy two Hub Transport servers on two new servers in each site.
D. Deploy one Hub Transport server on a new server, and then install the SMTP service on each Client
Access server.
Answer: AB
QUESTION 17
Your network contains a single Active Directory forest. The forest contains two domain trees named
contoso.com and fabrikam.com.
The e-mail addresses for the organization are configured as shown in the following table.
You need to ensure that all outbound e-mail messages from fabrikam.com appear to originate from
contoso.com.
Users in contoso.com must be able to send e-mail messages to users in fabrikam.com by using the
address format alias@fabrikam.com.
A. Deploy an Edge Transport server.

B. Deploy a Microsoft Internet Security and Acceleration (ISA) server.
C. Modify the accepted domain entry for contoso.com.
D. Modify the accepted domain entry for fabrikam.com.
Answer: A
A is the correct answer as you will need to do an address rewrite to make email appear that it has originated
from contoso.com. This can only be done with the Edge Transport Server
QUESTION 18
Your network contains 20 offices. Each office contains 1,000 users. The users access their e-mail
messages by using Microsoft Office Outlook.
You need to recommend an Exchange Server solution that meets the following requirements:
Ensures that users in each office download the list of recipients for their office only
Ensures that users in each office can send e-mail messages to any user in the organization
A. Create 20 new address lists and 20 offline address books (OABs).

B. Create 20 new managed folder mailbox policies and 20 e-mail address policies.
C. Create 20 new dynamic distribution groups, and then create 20 new global address lists (GALs).
D. Create 20 new mailbox databases, and then move the mailboxes from each office to a separate mailbox
database.
Answer: A
QUESTION 19
You have an Exchange Server 2010 organization. You plan to deploy two new Mailbox servers. Both
Mailbox servers will be members of a database availability group (DAG).
You need to recommend a hard-disk configuration for the new servers.
Your recommendation must meet the following requirements:
Maximize write performance

Prevent a switchover if a single disk fails
Which disk configuration should you recommend?
A. RAID 0 array
B. RAID 1 array
C. RAID 5 array
D. RAID 10 array
Answer: D
QUESTION 20
You have an Exchange Server 2010 organization. An Edge Transport server sends and receives all e- mail
messages from the Internet.
You notice that some servers on the Internet identify e-mail messages from your organization as spam.
You need to minimize the possibility that e-mail messages sent from your organization are identified as
spam.
What should you do?
A. Implement Microsoft Forefront Security for Exchange Server.

B. Create SenderID TXT records for the Edge Transport servers.
C. Configure the Edge Transport servers to use a real-time block list (RBL).
D. Install a server certificate from a trusted third-party certification authority (CA).
Answer: B
You heard right, Sender Id is coming! What is Sender Id, you ask? Don't feel bad, most Exchange admins
are asking the same question. Essentially (and very simplified) Sender Id is part of an initiative (I'm not sure
that is the exact correct word), to reduce spam. Sender Id is part of the Sender Policy Framework (SPF).
So how does it work? First, you create a DNS TXT record for your domain (or domains) that identifies the
mail servers from which e-mail will be sent for your domain. SMTP servers that support Sender Id will then
check that TXT record when they receive a message from one of your users.
Here is the FUD (fear, uncertainty, and doubt) part. If the message is coming from a domain that does not
have a Sender Id TXT record or the record does not match the sending IP address, the receiving system
has a couple of options:
Do nothing.
Reject the message entirely. (!!!!)
Accept the message and then delete it prior to delivering it to the user.
Give the message to the anti-spam inspection system with the assumption that the antispam system
(such as Microsoft's IMF starting in Exchange 2003 SP2) will give the message a higher spam
probability if the sender's domain does not have valid Sender Id records
http://mostlyexchange.blogspot.ca/2005/07/sender-id-is-coming-get-your-txt.html
QUESTION 21
Your network contains an internal network and a perimeter network. The internal network contains an Active
Directory forest.
The forest contains a single domain.
You plan to deploy 10 Edge Transport servers on the perimeter network. You need to recommend a
solution for the Edge Transport server deployment.
Allow administrators to apply a single security policy to all Edge Transport servers
Reduce the administrative overhead that is required to manage servers
A. Implement Network Policy and Access Services (NPAS).

C. Create a new Active Directory domain in the internal forest, and then join all Edge Transport servers to
the new domain.
D. Create an Active Directory forest in the perimeter network, and then join all Edge Transport servers to
the new domain.
Answer: D
Edge Servers must be in the DMZ - perimeter Network - I am not sure why they need 10 Edge Transport
Servers - sounds like a slight overkill
QUESTION 22
You have a Microsoft Internet Security and Accelerator (ISA) 2006 server that provides all Internet access
for your company.
You have two Mailbox servers configured in a database availability group (DAG), two Client Access servers,
and two Hub Transport servers.
You need to recommend changes to the environment to ensure that users can access Outlook Web App
(OWA) from the Internet if any single server fails.
A. Configure a Client Access server array.

B. Deploy a second ISA server and create an ISA server array.
C. Implement Windows Network Load Balancing for the Client Access servers.
D. Deploy two Edge Transport servers that are configured to use EdgeSync synchronization.
Answer: B
QUESTION 23
Your network contains three Active Directory sites named Site1, Site2, and Site3.
Users can only access Site1 from the Internet.
the Internet

Answer: B
QUESTION 24
You have an Exchange Server 2010 organization that contains two Hub Transport servers.
You need to design a recovery plan for the Hub Transport servers that meets the following requirements:
Restores all Windows settings

Restores all Exchange configurations
Minimizes administrative effort
A. .Retention of Exchange server computer accounts in Active Directory

.Backup and recovery of Windows system state
A recovery installation of Exchange Server 2010
B. .Retention of Exchange server computer accounts in Active Directory
.Backup and recovery of transport queues.
A custom installation of Exchange Server 2010
C. Recovery of Windows system state
A typical installation of Exchange Server 2010
D. Backup and recovery of Windows system state.
A repair installation of Windows Server 2008.
Answer: A
QUESTION 25
Your network contains an internal network and a perimeter network. The internal network contains a single
Active Directory site.
The perimeter network contains two Exchange Server 2010 Edge Transport servers. You plan to deploy an
Exchange Server 2010 organization on the internal network.
You need to plan the deployment of Hub Transport server roles to meet the following requirements:
If a single Hub Transport server fails, e-mail messages from the Internet must be delivered to the
Mailbox servers.
If a single Hub Transport server fails, users must be able to send e-mail messages to other users that
have mailboxes on the same Mailbox server.
A. Deploy one Edge Transport server on the internal network, and then configure EdgeSync
synchronization.
B. Deploy one Hub Transport server on the internal network, and then configure EdgeSync
synchronization.
C. Deploy one Hub Transport server on the internal network and one Hub Transport server on the
perimeter network.
D. Deploy two Hub Transport servers on the internal network.
Answer: D
QUESTION 26
You have an Exchange Server 2010 organization. The organization contains a Mailbox server named
Server1.
Server1 hosts two mailbox databases and one public folder database. You plan to deploy a new Mailbox
server named Server2.
You need to recommend a high-availability solution for Server1 that meets the following requirements:
Mailboxes and public folders must be available if a single Mailbox server fails
A. Install failover clustering on both servers, and then configure cluster continuous replication (CCR).
Replicate all public folders to Server2.
B. Create and configure a database availability group (DAG).
Add Server1 and Server2 to the DAG.
Create database copies.
C. Create and configure a database availability group (DAG).
Deploy a new server named Server3. Create database copies.
Configure Server3 as a dedicated public folder server.
D. Install failover clustering on both servers, and then configure a single copy cluster (SCC).
Deploy a new server named Server3.
Answer: B
QUESTION 27
Your network consists of a single Active Directory site. You plan to deploy Exchange Server 2010.
You need to plan the deployment of Exchange Server 2010 servers to meet the following requirements:
All Mailbox servers must belong to a database availability group (DAG)

MAPI connections from Outlook clients must be load balanced by using a hardware load balancer
If a single server fails, users must continue to send and receive e-mail
The plan must minimize the number of servers deployed
A. Deploy two servers.

On the two servers, deploy the Mailbox server role, the Client Access server role, and the Hub Transport
server role.
Configure a Client Access server array.
B. Deploy two servers.
On the two servers, deploy the Mailbox server role, the Client Access Server role, and the Hub
Enable Outlook Anywhere on both Client Access servers.
C. Deploy four servers.
On two of the servers, deploy the Mailbox server role and the Hub Transport server role.
On the other two servers, deploy the Client Access server role. Configure a Client Access server array.
D. Deploy four servers.
On two of the servers, deploy the Mailbox server role.
On the other two servers, deploy the Client Access server role and the Hub Transport server role.
Answer: A
QUESTION 28
You have an Exchange Server 2010 organization. The network contains an Exchange Server 2010 Mailbox
server named Server1.
All mailboxes are stored on Server1.
You perform a Typical installation of Exchange Server 2010 on a new server named Server2.
You plan to implement redundancy for mailbox access.
You need to recommend a solution that ensures that client computers can reconnect to their mailbox within
five minutes if Server1 fails.
A. Configure cluster continuous replication (CCR).

Implement a file share witness.
B. Configure a Network Load Balancing cluster that includes Server1 and Server2.
Implement Active Directory-integrated DNS zones.
C. Configure a database availability group (DAG) that includes Server1 and Server2.
Set the time to live (TTL) for the DNS record.
D. Configure a database availability group (DAG) that includes Server1 and Server2.
Use the same certificate for both servers.
Answer: C
QUESTION 29
You have a main office and five branch offices. The offices connect to each other by using a WAN link. An
Active Directory site exists for each office.
Each site has a separate IP site link to all other sites. The main office site is configured as a hub site.
You discover that messages sent between offices are not routed through the Hub Transport servers in the
main office.
You need to ensure that all messages sent between offices are routed through the Hub Transport servers in
the main office.
What should you do?
A. Change all IP site links to SMTP site links.

B. Modify the Exchange-specific cost for each site link.
C. From the Hub Transport servers in each site, create a journal rule.
D. From the Hub Transport servers in each site, create a transport rule.
Answer: B
QUESTION 30
Your company has three offices. Each office has a direct link to the Internet. The offices connect to each
other by using a WAN link.
Your network consists of an Active Directory forest that contains two domains and one site.
The functional level of the forest is Windows Server 2003.
All domain controllers run Windows Server 2003 R2. Each office contains two domain controllers for each
domain. All domain controllers are global catalog servers.
In each office, you plan to deploy Mailbox, Client Access, and Hub Transport Exchange Server 2010
servers.
All e-mail messages sent to the Internet will be delivered from a local server in each office.
A. Disable site link bridging for the forest.

C. Create an Active Directory subnet and site object for each office.
D. Upgrade one domain controller in each office to Windows Server 2008.
Answer: C
QUESTION 31
You have an Exchange Server 2003 organization. All servers have 32-bit hardware.
You plan to transition to Exchange Server 2010 and deploy new Mailbox servers.
Mailbox servers.
A. .number of concurrent connections to Outlook Web App

.number of mailbox databases
.memory utilization
B. .number of concurrent connections to Outlook Web App
.RPC latency
.disk I/O latency
C. .number of concurrent MAPI connections
.size of mailbox databases
.number of mailboxes
D. .number of mailboxes
.disk I/O latency
.RPC latency
Answer: C
QUESTION 32

A. an access rule for TCP ports 135, 389, and 993

Answer: C
QUESTION 33
branch office has a WAN link that connects to the main office.
You need to design a message routing solution to meet the following requirements:

the main office
A. one Send connector for each site

B. one SMTP site link for each site
Answer: A
QUESTION 34
Your network consists of an Active Directory forest named contoso.com. Contoso.com has an Exchange
Server 2010 organization.
A subsidiary company has a separate Active Directory forest named fabrikam.com. Fabrikam.com has an
Exchange Server 2007 organization.
You plan to consolidate both organizations.
Your company's consolidation strategy includes the following requirements:
Support costs must be minimized

Mailbox access must be easily shared between users
All e-mail messages must be hosted on Exchange Server 2010 mailbox servers
You need to recommend a solution to meet the requirements of the consolidation strategy.
A. Move all recipients from fabrikam.com to contoso.com.

B. Transition all servers in fabrikam.com to Exchange Server 2010.
C. In contoso.com, create a resource mailbox for each recipient in fabrikam.com.
D. Move all computer accounts for the Exchange servers in fabrikam.com to contoso.com.
On each server, run Setup.com /M:RecoverServer.
Answer: A
QUESTION 35
You have an Exchange Server 2010 organization. Your company acquires another company that has an
requirements:
A. .Implement Active Directory Federation Services (AD FS)

B. .Implement Microsoft Identity Lifecycle Manager (ILM) 2007
.Create a two-way cross-forest trust between both organizations
C. .Create a federation trust between both organizations
.Implement Microsoft Identity Lifecycle Manager (ILM) 2007
.Run the New Organization Relationship wizard
D. .Create a two-way cross-forest trust between both organizations
.Implement Active Directory Federation Services (AD FS)
Answer: C
QUESTION 36
Your network is separated from the Internet by a firewall.
the following connections methods:
Outlook Anywhere
Exchange ActiveSync
A. 25, 443 and 993

B. 26, 443 and 995
C. 25, 80, 143, and 3269
D. 80, 143, 443, and 389
Answer: A
QUESTION 37
that contains a Hub Transport server named Hub1.
Hub1 receives all e-mail messages that are sent to your organization from the Internet.
A new company security policy states that domain-joined servers must not be accessible directly from the
Internet.


LDS).
Answer: A
QUESTION 38
A. Create an Active Directory site for each office.

Deploy two global catalog servers in each site.
B. Create an Active Directory site for each office.
Deploy a single domain controller in each site, and then enable site link bridging.
C. Create an Active Directory site for all of the offices.
Deploy a global catalog server and a read-only domain controller in each site.
D. Create an Active Directory site for all of the offices.
Deploy a global catalog server and two read- only global catalog servers in each Active Directory site.
Answer: A
QUESTION 39
and Server2.
Server1 and Server2 have the Mailbox server role and the Hub Transport server role installed.

A. On Server1 and Server2, install the Client Access server role.

B. On Server1 and Server2, install the Client Access server role.
Configure network interface card (NIC) teaming on each server.
C. Deploy two new Client Access servers.
Implement load balancing by using DNS round robin.
D. Deploy two new Client Access servers.
Implement load balancing by using a Windows Network Load Balancing cluster.
Answer: D
QUESTION 40
exists for each data center. The data centers connect to the Internet by using a direct link.
The data centers connect to each other by using a high-speed WAN link.

Automatically load balance the Hub Transport server in each site
A. In each data center, deploy one Hub Transport server.

B. In each data center, deploy two Hub Transport servers.
C. In each data center, deploy one Edge Transport server.
D. In each data center, deploy two Edge Transport servers.
Answer: B
QUESTION 41
Your network contains two Active Directory sites named Site1 and Site2. Only Site1 can be accessed from
the Internet.
Prevent authentication prompts from displaying when users connect to OWA by using domain- joined
What should you do?
Answer: D
QUESTION 42
The e-mail addresses for the organization are configured as shown in the following table.
contoso.com.
Users in contoso.com must be able to send e-mail messages to users in fabrikam.com by using the
address format alias@fabrikam.com.

Answer: A
QUESTION 43
Your company has three offices. An Active Directory site named Site1, Site2, and Site3 exists for each
office.
You deploy Exchange Server 2010 servers in Site1.
You need to recommend a solution that allows the Exchange Server 2010 servers to coexist with the
Your solution must meet the following requirements:
Exchange Server 2010 servers must be delivered directly from a server in Site2
Exchange Server 2003 servers must be delivered directly to a server in Site1
A. Create two SMTP connectors and one Active Directory SMTP site link.
Answer: B
QUESTION 44
An organization plans to utilize an on-premise Exchange Server 2010 SP1 environment for employees and
a cloud-based Exchange Server 2010 SP1 service for contractors. You need to recommend an anti-spam
solution that meets the following requirements: Minimize the amount of spam received by the on-premise
servers. Ensure that internal and external email delivery remains fully functional.
A. Point the MX records for the domain to the cloud-based servers. Configure the allowed IP addresses on
the send connector of the on-premise servers.
B. Point the MX records for the domain to the on-premise servers. Configure the allowed IP addresses on
the send connector of the cloud-based servers.
C. Point the MX records for the domain to the on-premise servers. Restrict the allowed IP addresses on the
receive connector of the cloud-based servers.
D. Point the MX records for the domain to the cloud-based servers. Restrict the allowed IP addresses on
the receive connector of the on-premise servers.
Answer: D
QUESTION 45
Your company's compliance policy states that the following occurs when a user leaves the company:


Minimize disk space required to store the mailbox databases

A. Assign the Mailbox Search management role to Group1, and then create a retention policy.
B. Assign the Mailbox Search management role to Group1, and then create a managed folder mailbox
policy.
C. Assign the Mailbox Import Export management role to Group1, and then configure Personal Archives
for each mailbox.
D. Assign the Mailbox Import Export management role to Group1, and then instruct Group1 to export
Answer: D
QUESTION 46
A. Help Desk
Answer: D
QUESTION 47
Your network contains two Exchange Server 2010 Edge Transport servers and five Exchange Server 2010
Hub Transport servers. All e-mail sent from your organization to the Internet is transferred by the Edge
Transport servers.
Ensure that all Exchange-related communication between Hub Transport servers and Edge Transport
servers is encrypted
A. Deploy IPsec.
D. Implement Secure/Multipurpose Internet Mail Extensions (S/MIME).
Answer: D
QUESTION 48
You have an Exchange Server 2010 organization. You deploy an Edge Transport server.
You need to implement a message hygiene solution that meets the following requirements:
Senders Lists
The Edge Transport server must block all e-mail sent to invalid addresses inside the organization

B. Create Send connectors.
C. Configure real-time block lists (RBLs).
D. Configure EdgeSync synchronization.
Answer: D
QUESTION 49
What should you do?

B. Enable Sender ID filtering.
C. Configure a custom MailTip.
D. Configure safelist aggregation.
Answer: D
QUESTION 50
Group1.
You plan to deploy a monitoring solution for the Exchange servers in your organization.
You need to recommend a solution that allows members of Group1 to monitor the performance of
Your solution must prevent members of Group1 from modifying the configurations of the Exchanges Server
2010 organization.

Answer: D
Exam G
QUESTION 1
An Edge Transport server sends and receives all e- mail messages from the Internet.
You need to minimize the possibility that e-mail messages sent from your organization are identified as
spam.
What should you do?
A. Implement Microsoft Forefront Security for Exchange Server.

Answer: B
The Sender ID agent is an anti-spam agent that's enabled on computers that have the Microsoft Exchange
Server 2010 Edge Transport server role installed. The Sender ID agent relies on the RECEIVED SMTP
header and a query to the sending system's DNS service to determine what action, if any, to take on an
inbound message.
When you configure anti-spam agents on an Edge Transport server, the agents act on messages
cumulatively to reduce the number of unsolicited e-mail messages that enter the organization. For more
information about how to plan and deploy the anti-spam agents, see Understanding Anti-Spam and
Antivirus Functionality.
called spoofing. A spoofed mail is an e-mail message that has a sending address that was modified
to appear as if it originates from a sender other than the actual sender of the message.
QUESTION 2
for your company.

Answer: B
QUESTION 3
Users can only access Site1 from the Internet.
the Internet

Answer: B
QUESTION 4
contains all the members of your company's legal department.

B. a legal hold
Answer: A
holds on mailboxes. For more information, see Discovery and Understanding Litigation Hold.
QUESTION 5
A corporate environment will include Exchange Server 2010. You need to recommend a solution that
allows point-in-time recovery of the mailbox databases. What should you recommend?
A. Disable circular logging.

B. Configure the transport dumpster.
C. Use lagged database copies.
D. Use highly available database copies.
Answer: C
QUESTION 6
A corporate environment includes Exchange Server 2010. A full backup of the Exchange Server mailbox
databases is performed nightly. The databases and transaction logs in the environment are described in the
following table.
You need to recommend the minimum size for a recovery volume that will accommodate recovering the
most recent data in the event of a logical database corruption of a single mailbox database. What should
you recommend?
A. 180 GB
B. 150 GB
C. 250 GB
D. 120 GB
Answer: A
QUESTION 7
Mailbox server, one Client Access server, and one Hub Transport server. One Edge Transport server
resides in the perimeter network. You are designing a disaster recovery solution for the Edge Transport
server. The solution must provide the ability to perform the following tasks: Restore the Edge Transport
server configuration. Restore log files and transport queue databases. Back up and restore only the
minimum amount of data. You need to recommend a solution that meets the requirements. What should
you recommend?
A. Export the Edge Transport server configuration by using the ExportEdgeConfig.ps1 script. Perform a
system state backup of the Edge Transport server and back up the exported server configuration.
B. Export the Edge Transport server configuration by using the ExportEdgeConfig.ps1 script. Perform a
system state backup of a domain controller and back up the exported server configuration.
C. Perform a system state backup of the Edge Transport server and an export of the Edge Subscription file
server by using Windows Server Backup.
D. Perform a full backup of the Edge Transport server by using Windows Server Backup.
Answer: D
QUESTION 8
A corporate environment includes Exchange Server 2010. The environment is configured as shown in the
following table.
The company is planning to test a complete site failover. You have the following requirements:
You need to recommend a solution that meets the requirements. What should you recommend?
A. Prior to the site failover, raise the time to live (TTL) value of exchange.contoso.com to the maximum
value. After the site failover, update exchange.contoso.com to point to DR-MBX1.
B. Prior to the site failover, lower the time to live (TTL) value of exchange.contoso.com to the minimum
value. After the site failover, update exchange.contoso.com to point to DR-HTCAS1.
C. Add a DNS record pointing exchange.contoso.com to the DR-HTCAS1 server.
D. Add a DNS record pointing exchange.contoso.com to the DR-MBX1 server.
Answer: B
QUESTION 9
A corporate environment includes Exchange Server 2010 deployed at the company headquarters and at a
branch office. Each location includes one Mailbox server, one Client Access server, and one Hub Transport
server. Each location has two Edge Transport servers in the perimeter network. The current MX record
preferences and Edge Transport servers are shown in the following table.
You have the following requirements:
A. Update the MX record preference for ET-BR03 to 10, and remove the MX records for ET-HQ02 and ET-
BR04.
B. Update the MX record preference for ET-HQ02 to 10, for ET-BR03 to 10, and for ET-BR04 to 10.
C. Update the MX record preference for ET-HQ02 to 10, for ET-BR03 to 20, and for ET-BR04 to 20.
D. Update the MX record preference for ET-HQ02 to 10, and remove the MX records for ET-BR03 and ET-
BR04.
Answer: B
QUESTION 10
A corporate environment includes Exchange Server 2010 SP1 deployed in a primary datacenter and in a
secondary datacenter. The datacenters are in separate Active Directory Domain Services (AD DS) sites.
Each datacenter includes AD DS domain controllers, Global Catalog servers, DNS servers, and two
Mailbox servers. The primary datacenter contains one file share witness. All Mailbox servers are members
of one database availability group (DAG). Each datacenter has independent Internet access. A dedicated
high-speed network connection exists between the datacenters. You are designing a failover plan. You
have the following requirements: Provide a highly available solution in the event that the primary
datacenter fails. Provide mailbox access for employees through the secondary datacenter. Ensure that
each Mailbox database is active in only one location at a time. Ensure that failback to the primary
datacenter completes gracefully. You need to design a solution that meets the requirements. What
A. Configure the AutoDatabaseMountDial property to Lossless on all Mailbox servers before an outage
occurs. During an outage, ensure that all Exchange services in the primary datacenter are running,
validate the health of the secondary datacenter Exchange servers, and restart the secondary datacenter
Mailbox servers.
B. Configure the AutoDatabaseMountDial property to BestAvailability on all Mailbox servers before an
outage occurs. During an outage, stop and disable any running Exchange services in the primary
datacenter, validate the health of the secondary datacenter Exchange servers, and restart the
secondary datacenter Mailbox servers.
C. Enable datacenter activation coordination (DAC) mode before an outage occurs. During an outage, stop
and disable any running Exchange services in the primary datacenter, validate the health of the
secondary datacenter Exchange servers, and activate the secondary datacenter Mailbox servers.
D. Disable datacenter activation coordination (DAC) mode before an outage occurs. During an outage,
ensure that all Exchange services in the primary datacenter are running, validate the health of the
Answer: C
Understanding Datacenter Activation Coordination Mode
Applies to: Exchange Server 2010 SP1
Topic Last Modified: 2011-05-26
Datacenter Activation Coordination (DAC) mode is a property setting for a database availability group
(DAG). DAC mode is disabled by default and should be enabled for all DAGs with two or more members
that use continuous replication. DAC mode shouldn't be enabled for DAGs in third-party replication mode
unless specified by the third-party vendor.
If a catastrophic failure occurs that affects the DAG (for example, a complete failure of one of the
datacenters), DAC mode is used to control the startup database mount behavior of a DAG. When DAC
mode isn't enabled, and a failure occurs that affects multiple servers in the DAG, when a majority of the
DAG members are restored after the failure, the DAG will restart and attempt to mount databases. In a
multi-datacenter configuration, this behavior could cause split brain syndrome, a condition that occurs when
all networks fail, and DAG members can't receive heartbeat signals from each other. Split brain syndrome
can also occur when network connectivity is severed between the datacenters. Split brain syndrome is
prevented by always requiring a majority of the DAG members (and in the case of DAGs with an even
number of members, the DAG's witness server) to be available and interacting for the DAG to be
operational. When a majority of the members are communicating, the DAG is said to have quorum.
For example, consider a scenario where the first datacenter contains two DAG members and the witness
server, and the second datacenter contains two other DAG members. If the first datacenter loses power
and you activate the DAG in the second datacenter (for example, by activating the alternate witness server
in the second datacenter), if the first datacenter is restored without network connectivity to the second
datacenter, the active databases within the DAG may enter a split brain condition.
How DAC Mode Works
DAC mode is designed to prevent split brain from occurring by including a protocol called Datacenter
Activation Coordination Protocol (DACP). After a catastrophic failure, when the DAG recovers, it won't
automatically mount databases even though the DAG has a quorum. Instead DACP is used to determine
the current state of the DAG and whether Active Manager should attempt to mount the databases.
You might think of DAC mode as an application level of quorum for mounting databases. To understand the
purpose of DACP and how it works, it's important to understand the primary scenario it's intended to deal
with. Consider the two-datacenter scenario. Suppose there is a complete power failure in the primary
datacenter. In this event, all of the servers and the WAN are down, so the organization makes the decision
to activate the standby datacenter. In almost all such recovery scenarios, when power is restored to the
primary datacenter, WAN connectivity is typically not immediately restored. This means that the DAG
members in the primary datacenter will power up, but they won’t be able to communicate with the DAG
members in the activated standby datacenter. The primary datacenter should always contain the majority of
the DAG quorum voters, which means that when power is restored, even in the absence of WAN
connectivity to the DAG members in the standby datacenter, the DAG members in the primary datacenter
have a majority and therefore have quorum. This is a problem because with quorum, these servers may be
able to mount their databases, which in turn would cause divergence from the actual active databases that
are now mounted in the activated standby datacenter.
DACP was created to address this issue. Active Manager stores a bit in memory (either a 0 or a 1) that tells
the DAG whether it's allowed to mount local databases that are assigned as active on the server. When a
DAG is running in DAC mode (which would be any DAG with three or more members), each time Active
Manager starts up the bit is set to 0, meaning it isn't allowed to mount databases. Because it's in DAC
mode, the server must try to communicate with all other members of the DAG that it knows to get another
DAG member to give it an answer as to whether it can mount local databases that are assigned as active to
it. The answer comes in the form of the bit setting for other Active Managers in the DAG. If another server
responds that its bit is set to 1, it means servers are allowed to mount databases, so the server starting up
sets its bit to 1 and mounts its databases.
But when you recover from a primary datacenter power outage where the servers are recovered but WAN
connectivity has not been restored, all of the DAG members in the primary datacenter will have a DACP bit
value of 0; and therefore none of the servers starting back up in the recovered primary datacenter will
mount databases, because none of them can communicate with a DAG member that has a DACP bit value
of 1.
DAC Mode for DAGs with Two Members
DAGs with two members have inherent limitations that prevent the DACP bit alone from fully protecting
against application-level split brain syndrome. For DAGs with only two members, DAC mode also uses the
boot time of the DAG's alternate witness server to determine whether it can mount databases on startup.
The boot time of the alternate witness server is compared to the time when the DACP bit was set to 1.
If the time the DACP bit was set is earlier than the boot time of the alternate witness server, the system
assumes that the DAG member and witness server were rebooted at the same time (perhaps because of
power loss in the primary datacenter), and the DAG member isn't permitted to mount databases.
If the time that the DACP bit was set is more recent than the boot time of the alternate witness server, the
system assumes that the DAG member was rebooted for some other reason (perhaps a scheduled outage
in which maintenance was performed or perhaps a system crash or power loss isolated to the DAG
member), and the DAG member is permitted to mount databases.
Dd979790.important(en-us,EXCHG.141).gifImportant:
Because the alternate witness server's boot time is used to determine whether a DAG member can mount
its active databases on startup, you should never restart the alternate witness server and the sole DAG
member at the same time. Doing so may leave the DAG member in a state where it cannot mount
databases on startup. If this happens, you must run the Restore-DatabaseAvailabilityGroup cmdlet on the
DAG. This resets the DACP bit and permits the DAG member to mount databases.
Other Benefits of DAC Mode
In addition to preventing split brain syndrome at the application level, DAC mode also enables the use of the
built-in site resilience cmdlets used to perform datacenter switchovers. These include the following:
Stop-DatabaseAvailabilityGroup
Restore-DatabaseAvailabilityGroup
Start-DatabaseAvailabilityGroup
Performing a datacenter switchover for DAGs that are not in DAC mode involves using a combination of
Exchange tools and cluster management tools.
For more information about datacenter switchovers, see Datacenter Switchovers.

Enabling DAC Mode
DAC mode can be enabled only by using the Exchange Management Shell. Specifically, you can use the
Set-DatabaseAvailabilityGroup cmdlet to enable and disable DAC mode, as illustrated in the following
example.
Set-DatabaseAvailabilityGroup -Identity DAG2 -DatacenterActivationMode DagOnly
In the preceding example, a DAG named DAG2 is enabled for DAC mode.
For more information about enabling DAC mode, see Configure Database Availability Group Properties and
Set-DatabaseAvailabilityGroup.
QUESTION 11
A corporate environment includes Exchange Server 2010. Two teams of support technicians manage
mailboxes for the organization. You have the following requirements:
The Tier 1 support team must manage mailboxes for all users other than those in the Executive
Organizational Unit (OU).
The Tier 2 support team must manage mailboxes for all users in the Executive OU.
A. Create an exclusive scope for the Tier 2 support team.

B. Create an explicit scope for the Tier 1 support team.
C. Create an exclusive scope for the Tier 1 support team.
D. Create a configuration scope for the Tier 2 support team.
Answer: A
QUESTION 12
A corporate environment includes Exchange Server 2010 and Active Directory Domain Services (AD DS).
You need to recommend a solution for preventing a specific group of users from changing their AD DS
passwords in Outlook Web App (OWA). The solution must not affect other users. What should you
recommend?
A. Create a new Outlook Web App mailbox policy.

B. Configure the authentication settings on the OWA virtual directory.
C. Configure OWA virtual directory segmentation.
D. Create a new managed folder mailbox policy.
Answer: A
Use Microsoft Office Outlook Web App mailbox policies to create organization-level policies to manage
access to features in Outlook Web App. Outlook Web App mailbox policies allow you to create multiple
policies at the organization level and apply them to individual mailboxes.
QUESTION 13
Client computers and the Exchange servers are joined to a single AD DS domain. When users connect to
Outlook Web App (OWA) from their client computers, they are prompted for their credentials. You need to
recommend a solution that allows users to connect to OWA from their client computers without being
prompted for credentials. What should you recommend?
A. Basic authentication
B. Digest authentication for Windows domain servers
C. forms-based authentication
D. integrated Windows authentication
Answer: D
QUESTION 14
A corporate environment includes a main office and a branch office. The company plans to deploy
Exchange Server 2010. The Mailbox servers will be part of a single database availability group (DAG) that
spans both locations. There is only intermittent connectivity between the two locations. You need to
recommend a public folder database solution that enables users from either location to consistently access
public folders. Which two actions should you recommend? (Each correct answer presents part of the
solution. Choose two.)
A. Create a single public folder database in the branch office and add it as a replica for the public folders.
B. Configure public folder referrals between the main office and the branch office.
C. Create a single public folder database in the main office and add it as a replica for the public folders.
D. Configure cross-site RPC Client Access on the DAG.
Answer: AC
QUESTION 15
A corporate environment includes Exchange Server 2010. All employees connect to their mailboxes by
using a web browser. You need to recommend a solution that will force only a specific group of employees
to use WebReady Document Viewing when connecting to their mailboxes. What should you recommend?
A. Configure an Outlook Web App mailbox policy.

B. Configure the Outlook Web App virtual directory on all Client Access servers.
C. Create and configure a Group Policy Object (GPO) and link it to the Organizational Unit (OU) where the
computer accounts for the employees reside.
D. Create and configure a Group Policy Object (GPO) and link it to the Organizational Unit (OU) where the
user accounts for the employees reside.
Answer: B
QUESTION 16
A corporate environment will include Exchange Server 2010 in a single Active Directory Domain Services
(AD DS) domain. The primary DNS suffix of the domain controllers is not the same as the DNS domain
name. You are designing the Exchange Server 2010 deployment plan. You need to recommend a
solution that allows Exchange Server 2010 servers to access the domain controllers. What should you
recommend?
A. Modify the DNS-Host-Name AD DS attribute on the domain object container.

B. Modify the NETBIOS-Name AD DS attribute on the Exchange Server computer objects.
C. Modify the msDS-AllowedDNSSuffixes AD DS attribute on the domain object container.
D. Modify the msDS-AdditionalDnsHostName AD DS attribute on the domain object container.
Answer: C
QUESTION 17
You have an Active Directory forest that contains one site. You plan to deploy an Exchange organization.
All servers in the organization will have Exchange Server 2010 Service Pack 1 (SP1) installed. The
relevant Mailbox servers are configured as shown in the following table.
Each Mailbox server will host 2,000 mailboxes. Corporate policy states that the servers must have a
maximum write latency of 100 ms and an average write latency of 10 ms. The hardware vendor for the
planned deployment provides test hardware. You need to recommend a solution to ensure that the
planned deployment meets the requirements of the corporate policy. Which of the following solutions is the
best recommendation? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Identify the workload at which the hardware can deliver acceptable latency by using the Jetstress tool.
B. Gather a baseline of the disk I/O usage by using the Windows Performance Monitor.
C. Calculate the number of IOPS required for the planned deployment by using the Exchange 2010
Mailbox Server Role Requirements Calculator.
D. Test the performance of the hardware under a simulated user workload by using the Loadgen tool.
Answer: A
QUESTION 18
A company has an on-premise Exchange Server 2007 SP2 environment. Client computers run Microsoft
Outlook 2010. The company plans to migrate to a cloud-based Microsoft Exchange Server 2010 SP1
service. You need to recommend a solution for ensuring that Outlook locates the cloud-based servers
when users check calendar availability information. What should you recommend?
A. Add a CNAME record.

B. Add an MX record.
C. Synchronize the AD DS directory from the on-premise environment.
D. Synchronize the AD DS directory from the cloud-based environment.
Answer: A
QUESTION 19
Pack 1 (SP1) installed. The Exchange organization contains two Hub Transport servers, two Client Access
servers, and two Mailbox servers. All Exchange servers are located on the internal network. Your company
plans to use Microsoft Exchange Hosted Services for message hygiene. You need to recommend
changes to the Exchange organization to meet the following requirements: Ensure that the company can
send e-mail messages if a single server fails. Ensure that the company can receive e-mail messages if a
single server fails. Prevent Internet hosts from initiating connections directly to servers on the internal
network. Which of the following changes is the best recommendation? (More than one answer choice may
achieve the goal. Select the BEST answer.)
A. Move the two Hub Transport servers to the perimeter network. Update the public Mail Exchanger (MX)
records to point to the Exchange Hosted Services servers. Configure Exchange Hosted Services to
forward e-mail to the new servers. Configure the internal firewall to allow communication from the Hub
Transport servers to the internal network. Create an additional Send connector.
B. Deploy two new Edge Transport servers on the perimeter network. Update the public Mail Exchanger
(MX) records to point to the Exchange Hosted Services servers. Configure Exchange Hosted Services
to forward e-mail to the new servers. Configure the internal firewall to allow communication from the
Edge Transport servers to the internal network. Enable EdgeSync synchronization.
C. Deploy two new Hub Transport servers on the perimeter network. Update the public Mail Exchanger
(MX) records to point to the new Hub Transport servers. Configure the internal firewall to allow
communication from the Hub Transport servers to the internal network. Create an additional Send
connector.
D. Deploy two new Edge Transport servers on the perimeter network. Update the public Mail Exchanger
(MX) records to point to the new Edge Transport servers. Configure the internal firewall to allow
communication from the Edge Transport servers to the internal network. Enable EdgeSync
synchronization.
Answer: B
QUESTION 20
(AD DS) domain. The company intends to transition to Exchange Server 2010. The Exchange 2003
Recipient Update Service (RUS) must function properly after you update the AD DS schema for Exchange
Server 2010. You need to recommend a solution for preparing the environment before updating the
schema. What should you recommend?
A. Add each Exchange Server 2010 Mailbox server to the Exchange Enterprise Servers group in AD DS.
B. Run the setup /PrepareLegacyExchangePermissions command.
C. Run the setup /PrepareDomain command.
D. Add each Exchange Server 2010 server to the Exchange Domain Servers group in AD DS.
Answer: B
QUESTION 21
You are transitioning an Exchange Server environment from Exchange Server 2007 SP2 to Exchange
Server 2010. You deploy all Exchange Server 2010 Client Access servers and Hub Transport servers, and
move Internet mail flow from Exchange Server 2007 SP2 to Exchange Server 2010. All mailboxes are on
Exchange Server 2007 SP2. Each message sent to a specific distribution group must be approved by an
executive assistant. You need to recommend a solution that meets the requirement. What should you
recommend?
A. Configure the message delivery restrictions for the distribution group.

B. Create an Exchange Server 2010 Hub Transport rule, and set an Exchange Server 2007 SP2 Hub
Transport server as the expansion server for the distribution group.
C. Designate the executive assistant as the manager of the distribution group.
D. Create an Exchange Server 2010 Hub Transport rule, and set an Exchange Server 2010 Hub Transport
server as the expansion server for the distribution group.
Answer: D
QUESTION 22
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1 and client
computers that run Microsoft Outlook 2010. An Active Directory Domain Services (AD DS) domain named
contoso.com contains user accounts for all employees. The company plans to move the mailboxes of the
Sales team members to a cloud-based Exchange Server 2010 SP1 service provider. Sales team members
will have primary email addresses of contoso.com and secondary email addresses of cloud.contoso.com.
You need to recommend a solution for ensuring that the Autodiscover service continues to configure
Outlook for all users. What should you recommend?
A. Run the Export-AutoDiscoverConfig cmdlet.

B. Mail-enable the on-premise AD DS user accounts of the Sales team members with email addresses of
cloud.contoso.com.
C. Create a new Autodiscover virtual directory.
D. Configure the ExternalUrl property of the Autodiscover virtual directory to autodiscover.cloud.contoso.
com.
Answer: D
QUESTION 23
A corporate environment includes Exchange Server 2010. Support technicians do not have access to
email message status information. Support technicians must currently escalate user requests for email
message status to Exchange Server administrators. You need to recommend a solution that allows
support technicians to display email message status in the Exchange Control Panel (ECP). What should
you recommend?
A. Grant the support technicians Read access to the SMTP protocol log files.
B. Assign the support technicians to the Message Tracking role.
C. Grant the support technicians Read access to the SMTP connectivity log files.
D. Assign the support technicians to the Records Management role.
Answer: B
QUESTION 24
(AD DS) domain. Client computers run Microsoft Outlook 2010. You need to recommend an approach for
identifying when a mailbox is accessed by someone other than the mailbox owner. What should you
recommend?
A. Run a report from the Exchange Control Panel (ECP).

B. Run the Get-LogonStatistics cmdlet.
C. Search the message tracking logs.
D. Run the Search-AdminAuditLog cmdlet.
Answer: A
Section: Powershell
QUESTION 25
2010 using Standard Client Access Licenses (CALs). You need to recommend a solution that allows long-
term message archival and minimizes hardware costs. Which two actions should you recommend? (Each
correct answer presents part of the solution. Choose two.)
A. Apply a retention policy tag to each mailbox.

B. Utilize personal archives that are stored in a cloud-based Exchange Server 2010 SP1 environment.
C. Acquire an Enterprise CAL for each user.
D. Create a retention policy tag and set the age limit for retention.
Answer: BC
QUESTION 26
:Which of the following cmdlets allows you to connect a disconnected mailbox to
a newly created Active Directory user account?
A. Create-MailboxDatabase
B. Configure-MailboxDatabase
C. Add-MailboxDatabase
D. New-MailboxDatabase
Answer: D
Section: Powershell
To create a new mailbox database from the Exchange Management Shell, you will need to use the New-
MailboxDatabase cmdlet.
QUESTION 27
You need to add EXSRV02 to host a copy of the Sales public folder and the folders below it. Which
command should you run?
A. AddReplicaToPFRecursive.ps1 -TopPublicFolder
B. ReplaceReplicaOnPFRecursive.ps1 -TopPublicFolder “\Sales” -ServerToAdd EXSRV02
C. AddReplicaToPFRecursive.ps1 -TopPublicFolder “\” -ServerToAdd EXSRV02
D. ReplaceReplicaOnPFRecursive.ps1 -TopPublicFolder “\Sales” -ServerToAdd EXSRV02
Answer: A
Section: Powershell
To add a copy or replica for all public folders for the Sales folder and all folders underneath it, use the
included AddReplicaToPFRecursive.ps1 script. The ReplaceReplicaOnPFRecursive.ps1 script removes
one server and adds another server.
QUESTION 28
You are the messaging professional for an engineering firm. The firm has considered deploying Exchange
2010 into their environment. You need to determine the Mailbox Server requirements. Which items are
included in the hardware sizing process? Choose all that apply. Choose 3
A. Create an Exchange configuration

B. Identify Exchange public folder permissions
C. Validate the Exchange configuration
D. Identify Exchange usage profile
Answer: ACD
The hardware sizing process is: identify Exchange usage profile, create an Exchange configuration, and
validate the Exchange configuration.
QUESTION 29
You have created a Customer Service public folder and mail-enabled it so that it can receive emails for the
customer service department. You need to give Brendan access to send email as the public folder so all of
the replies are directed back to the Customer Service public folder. Which command should you run?
A. Add-ADPermission "Customer Service" -User "Brendan" -Extendedrights "Send As"

B. Add-PublicFolderAdministrativePermission -Identity "\Customer Service" -User "Brendan" -AccessRights
AllExtendedRights
C. Add-PublicFolderClientPermission -Identity "\Customer Service" -AccessRights Contributor -User
Brendan
D. Add-ADPermission "Customer Service" -User "Brendan" -Extendedrights "Receive As"
Answer: A
Section: Powershell
The Send As permission is an Active Directory right and must be assigned to the public folder object using
the Add-ADPermission cmdlet. The other cmdlets will modify the administrative and client permissions but
do not achieve the desired result.
QUESTION 30
When planning memory requirements for a Mailbox server, you have a range of RAM to add for each
mailbox hosted on the server. What are the minimum and maximum values of this range of RAM that
Microsoft specifies?
A. 2 MB for light users to 5 MB for heavy users

B. 3.5 MB for light users to 5 MB for heavy users
C. 2 MB for light users to 7.5 MB for heavy users
D. 3.5 MB for light users to 7.5 MB for heavy users
Answer: A
The Mailbox server should have a minimum of 2 GB of RAM installed plus an additional 2 MB for each light
user (5 messages sent/20 messages received per day), 3.5 MB for each average user (10 messages
sent/40 messages received per day), or 5 MB for each heavy user (20 messages sent/80 messages
received per day).
QUESTION 31
What configuration do you need to make to allow the Exchange organization to accept messages for other
domain namespaces?
A. Remote domains
B. SMTP send connector
C. Accepted domains
D. SMTP receive connector
Answer: C
Accepted domains are used to specify the SMTP domains for which the Exchange Server organization will
accept and/or route messages.
QUESTION 32
You are the messaging professional. You need to make a business case to present to your organization’s
technology committee which will support your recommendation to create multiple databases on the
Exchange 2010 server, instead of putting all mailboxes into a single database. What benefits of multiple
databases should you present? Choose all that apply. Choose 3
A. A single database failure will impact fewer mailboxes, because mailboxes are in multiple databases
B. Database restores can be done faster since each database is smaller
C. A single database failure will impact more mailboxes, because mailboxes are in multiple databases
D. Databases can be used to define mailbox limits, rather than applying limits directly to each mailbox.
Answer: ABD
Rather than putting all mailboxes in a single database, creating multiple databases has the following
benefits:
A single database failure will impact fewer mailboxes, because mailboxes are in multiple databases.
A database restore can be done faster since each database is smaller.
Databases can be used to organize mailboxes.
Databases can be used to define mailbox limits, rather than applying limits directly to each mailbox.
QUESTION 33
What PowerShell command can you use on a Client Access server to modify the startup properties of the
IMAP4 service?
A. Set-Service
B. Put-Service
C. Change-Service
D. Get-Service
Answer: A
Section: Powershell
You will use the Set-Service cmdlet to change the startup properties for a service.
QUESTION 34
You are the messaging professional. The firm you work for has required you to provide a way to approve or
reject a message before it is sent to the companies All Users distribution group. What should you do to
meet this new requirement?
A. Specify a moderation recipient for the distribution group

B. Specify an inbox rule to forward all requests to the approve
C. Add the approver to the domain admins AD group
D. Add the approver to the Exchange Server Administrators role
Answer: A
Now Administrators have the ability to specify a moderation recipient for a mailbox recipient or distribution
group. All messages sent to mailbox recipient or distribution group is sent to the moderation recipient for
approval or rejection.
QUESTION 35
You are configuring your Internet-accessible Client Access servers to provide Outlook Web App, Outlook
Anywhere, and Autodiscover services. You need to obtain the fewest number of certificates to secure the
clients’ connection to these servers. According to the recommended practice, which type of certificate will
you need to obtain to provide trusted secure access to both domain-joined and non-domain-joined devices?
A. Enterprise CA certificate
B. User certificate
C. Trusted third-party UCC certificate
D. Trusted third-party certificate
Answer: C
A trusted third-party UCC certificate will handle multiple services and provide compatibility with non-domain-
joined devices.
QUESTION 36
What must be, at a minimum, the domain functional level of your Active Directory domains before you can
install any Exchange Server 2010 servers?
A. Windows 2000 mixed

B. Windows 2000 native
C. Windows 2000 interim
D. Windows 2003 native
Answer: D
In each domain that will have Exchange recipients or Exchange Server roles installed, the domain
functional level must be at the Windows 2003 Server native mode or higher.
QUESTION 37
What PowerShell cmdlet do you to use to enable or disable a role assignment?
A. Set-ManagementRoleAssignment
B. Configure-ExchangeAdministrator
C. Modify-ExchangeAdministrator
D. Set-ExchangeAdministrator
Answer: A
Section: Powershell
To enable or disable a role assignment using the Exchange Management Shell, you would enter the
following command: Set-ManagementRoleAssignment
QUESTION 38
By default, two SMTP receive connectors are configured on a newly installed Exchange Server 2010 Hub
Transport server. Which one accepts inbound messages on TCP port 25?
A. SMTP connector servername

B. Default servername
C. Client servername
D. Receive connector servername
Answer: B
The Default servername SMTP receive connector accepts mail on TCP port 25, which is the default port
for receiving messages from SMTP clients. The connector accepts mail on all installed network adapters in
the Hub Transport server by default, and it also accepts the inbound messages from all IP addresses on the
network by default, but only from Exchange servers. Additionally, this connector will not accept anonymous
submissions.
QUESTION 39
To configure attachment filtering to block all PDF files, which of the following commands should you issue?
A. Add-AttachmentFilterEntry -name *.pdf -type FileName

B. Set-AttachmentFilterEntry -type *.pdf -type FileType
C. Add-AttachmentFilterEntry -name *.pdf -type ContentType
D. Set-AttachmentFilterEntry -name *.pdf -type FileName
Answer: A
Section: Powershell
To add an attachment filtering option that blocks all PDF files, you need to define a name of a wildcard with
the PDF filename extension (*.pdf) using the -FileName option, such as Add-AttachmentFilterEntry -name *.
pdf -type FileName.
QUESTION 40
Which of the following groups could be mail-enabled? (Choose all that apply.) Choose 2
A. A global distribution group

B. A universal security group
C. A local computer group
D. A universal distribution group
Answer: BD
Both security and distribution groups can be mail-enabled. However, only universal groups have their
membership information published to the global catalog servers in the organization.
QUESTION 41
What PowerShell cmdlet do you use to enable POP3 access for a mailbox?
A. Set-CASMailbox
B. Set-MailboxProtocols
C. Set-Mailbox
D. Put-MailboxProtocols
Answer: A
Section: Powershell
To enable POP3 access for a mailbox, you need to use the Set-CASMailbox cmdlet, such as: Set-
CASMailbox -identity robert.jones@wiley.com -POPEnabled:$true.
QUESTION 42
When configuring the OWA (Default Web Site) properties for segmentation, which of the following options
are available? (Choose all that apply.) Choose 3
A. Calendar
B. Contacts
C. Public Folders
D. Standard Client
E. Change Password
Answer: ABE
Calendar, Contacts, and Change Password are among the options that you can disable or enable from the
Segmentation tab of the OWA (Default Web Site) Properties dialog box.
QUESTION 43
What PowerShell cmdlet do you use to mail-enable an existing universal security group?
A. MailEnable-SecurityGroup
B. Enable-DistributionGroup
C. Enable-SecurityGroup
D. MailEnable-DistributionGroup
Answer: B
Section: Powershell
You use the Enable-DistributionGroup cmdlet to mail-enable any existing security group.
QUESTION 44
To perform message tracking from the Exchange Management Shell, what cmdlet must you use?
A. Get-MessageTrackingLog
B. View-MessageTrackingLog
C. Track-Messages
D. Get-MessageTracking
Answer: A
Section: Powershell
To perform message tracking from the Exchange Management Shell, you will need to use the Get-
MessageTrackingLog cmdlet.
QUESTION 45
A project manager at your company missed a deadline on a high-profile project because they did not know
one of the people on the project’s distribution list was out of the office. You need to allow these notifications
to be returned to the message sender on this distribution group. Which cmdlet should you run?
A. Set-DistributionGroup ProjectX -ReportToOriginatorEnabled:$true

B. Set-DistributionGroup ProjectX -ReportToManagerEnabled:$true
C. Set-DistributionGroup ProjectX -SendOofMessageToOriginatorEnabled:$true
D. Set-DistributionGroup ProjectX -CreateDTMFMap:$true
Answer: C
Section: Powershell
Enabling the SendOofMessageToOriginator parameter allows out-of-office messages to be returned to the
originator of a message to the distribution group.
QUESTION 46
.Restores all Windows settings

.Restores all Exchange configurations
.Minimizes administrative effort
A. .Retention of Exchange server computer accounts in Active Directory

.Backup and recovery of Windows system state
A recovery installation of Exchange Server 2010
B. .Retention of Exchange server computer accounts in Active Directory
A custom installation of Exchange Server 2010
C. Recovery of Windows system state
D. Backup and recovery of Windows system state.
A repair installation of Windows Server 2008.
Answer: A
QUESTION 47
Your company has two data centers. Each data center contains a perimeter network. Your network contains
an Exchange Server 2010 organization.
You plan to deploy Exchange Server 2010 Edge Transport servers in the perimeter networks.
You need to recommend a solution for the Edge Transport servers that meets the following requirements:
Distribute inbound e-mail messages across all Edge Transport servers

Ensure that users receive inbound e-mail messages if an Edge Transport server fails
Ensure that users receive inbound e-mail messages if a single data center network becomes
unavailable
Minimize costs
A. In each perimeter network, deploy one Edge Transport server.

B. In each perimeter network, deploy two Edge Transport servers.
C. In each perimeter network, deploy one Edge Transport server.
Configure a mail exchange (MX) record for each server.
D. In each perimeter network, deploy two Edge Transport servers.
Configure a mail exchange (MX) record for each server.
Answer: C
QUESTION 48
Server1. Server1 hosts two mailbox databases and one public folder database.
You plan to deploy a new Mailbox server named Server2.
You need to recommend a high-availability solution for Server1 that meets the following requirements:
A. Install failover clustering on both servers, and then configure cluster continuous replication (CCR).
B. Create and configure a database availability group (DAG).
Create database copies.
C. Create and configure a database availability group (DAG).
Deploy a new server named Server3. Create database copies.
D. Install failover clustering on both servers, and then configure a single copy cluster (SCC).
Deploy a new server named Server3.
Answer: B
QUESTION 49
Your network consists of a single Active Directory site. You plan to deploy Exchange Server 2010.

The plan must minimize the number of servers deployed
A. Deploy two servers.

On the two servers, deploy the Mailbox server role, the Client Access server role, and the Hub Transport
server role.
Configure a Client Access server array.
B. Deploy two servers.
On the two servers, deploy the Mailbox server role, the Client Access Server role, and the Hub
C. Deploy four servers.
On two of the servers, deploy the Mailbox server role and the Hub Transport server role.
On the other two servers, deploy the Client Access server role. Configure a Client Access server array.
D. Deploy four servers.
On two of the servers, deploy the Mailbox server role.
On the other two servers, deploy the Client Access server role and the Hub Transport server role.
Answer: A
QUESTION 50
Your company has an Active Directory forest. The forest contains two sites named Site1 and Site2.
You plan to deploy Exchange Server 2010 servers in both sites.
You need to plan a high-availability solution for the Mailbox servers that meets the following requirements:

Users must be able to access their mailboxes remotely if a single site becomes unavailable
What should you do?
A. Deploy two Mailbox servers in each site.

Install and configure continuous cluster replication (CCR).
B. Deploy one Mailbox server in Site1 and one Mailbox server in Site2.
Install and configure continuous cluster replication (CCR).
C. Deploy two Mailbox servers in each site.
Create one database availability group (DAG) named DAG1.
Add all Mailbox servers to DAG1.
D. Deploy two Mailbox servers in each site.
Create two database availability groups (DAGs) named DAG1 and DAG2.
Add the Mailbox servers from Site1 to DAG1 and the Mailbox servers from Site2 to DAG2.
Answer: C
Exam H
QUESTION 1
Your network contains an internal network and a perimeter network that are separated by firewall. The
perimeter network contains a Server 2010 Edge Transport server.
You plan to deploy an internal Exchange Server 2010 organization that meets the following requirements.

Which TCP ports should you allow form the internal network to the perimeter network?
A. 3309 and 25
B. 3309 and 636
C. 50636 and 25
D. 50636 and 135
Answer: C
QUESTION 2
Your network consists of a single Active Directory site.

The plan must minimize the number of server deployed
A. Deploy two servers. On the two servers, deploy the Mailbox server role, the Client Access server role,
and the Hub Transport server role. Configure a Client Access server array.
B. Deploy two servers. On the two servers, deploy the Mailbox server role, the Client Access server role,
and the Hub Transport server role. Enable Outlook Anywhere on both Client Access servers.
C. Deploy four servers. On two of the servers, deploy the Mailbox server role and the Hub Transport server
role. On the other two servers deploy the Client Access server role. Configure a Client Access server
array.
D. Deploy four servers. On two of the servers, deploy the Mailbox server role. On the other two servers,
deploy the Client Access server role, and the Hub Transport server role. Enable Outlook Anywhere on
both Client Access servers.
Answer: A
QUESTION 3
You have an Exchange Server 2010 organization that contains multiple Hub Transport servers.
You need to recommend a message hygiene solution to meet the following requirements:
Block servers that are known to send spam

Minimize administrative effort
A. an IP Block list
B. IP Block list providers
C. recipient filtering
D. sender filtering
Answer: B
QUESTION 4
Your network contains two Exchange Server 2010 Edge Transport server and five Exchange Server 2010
Hub Transport servers.
All e-mail sent from your organization to the Internet is transferred by the Edge Transport servers.
Ensure that all Exchange related communication between Hub Transport servers and Edge
Transport servers is encrypted.
A. Deploy IPsec.
D. Implement Security/Multipurpose Internet Mail Extensions (S/MIME)
Answer: D
QUESTION 5
Your company has two data centers. Each data center contains a perimeter network.
Your network contains an Exchange Server 2010 organization.
You plan to deploy Exchange Server 2010 Edge Transport servers in the perimeter networks.
You need to recommend a solution for the Edge Transport servers that meets the following requirements:
Distributes inbound email messages across all Edge Transport servers

Ensures that users receive inbound e-mail messages if an Edge Transport server fails
Ensures that users receive inbound e-mail messages if a single data center network becomes
unavailable
Minimize costs
A. In each perimeter network, deploy one Edge Transport server. Implement fallover clustering.
B. In each perimeter network, deploy two Edge Transport servers. Implement fallover clustering.
C. In each perimeter network, deploy one Edge Transport server. Configure a mail exchange (MX) record
for each server.
D. In each perimeter network, deploy two Edge Transport servers. Configure a mail exchange (MX) record
for each server.
Answer: C
QUESTION 6
Your company has an Exchange 2010 organization that contains multiple Hub Transport servers. You have
a line of business application that retry e-mail messages by using a Hub Transport server named Hub1.
The application only supports sending e-mail to a single SMTP server.
You need to ensure that the application can retry e-mail messages of Hub1 fails.
What should you do?
A. Implement log transactions

B. Install and configure failover clustering on the Hub Transport servers.
C. Implement Windows network load balancing on the Hub Transport servers.
D. Create multiple MX records for the Hub Transport servers in the internal DNS zone.
Answer: C
QUESTION 7
Your company has a main office and a branch office. An Active Directory site exits for each office. The
offices are connected by a WAN link. You plan to deploy Exchange Server 2010 in each site.
You need to identify the number of Exchange servers required to meet the following requirements:
Maintain user access to mailboxes if a single server fails

Use the minimize account of Exchange servers in each site
How many servers should you deploy in each site?
A. 1
B. 2
C. 3
D. 4
Answer: B
QUESTION 8
You have an Exchange Server 2010 organization. The organization has a Hub Transport server that has
anti-spam agents installed.
You plan to delegate the administration of the organization to a group named Security Administrators. You
need to ensure that members of Security Administrators can manage anti-spam setting in the
organization. The solution must minimize the amount of permissions assigned to Security Administrators.
Which management role group should you assign?
A. Hygiene Management
C. Records Management
Answer: A
The Hygiene Management management role group is one of several built-in role groups that make up the
Users who are members of the Hygiene Management role group can configure the antivirus and anti-spam
features of Exchange Server 2010. Third-party programs that integrate with Exchange 2010 can add
service accounts to this role group to grant those programs access to the cmdlets required to retrieve and
configure the Exchange configuration.
QUESTION 9
Your company has three offices. An Active Directory site named Site1, Site2 and Site3 exists for each
office. You have an Exchange Server 2010 organization. You deploy Exchange Server 2010 server 2010
servers in Site1.
You need to recommend a solution that allows the Exchange Server 2010 servers to connect with the
You must meet the following requirements:
Exchange Server 2010 servers delivered directly from a server in Site2.
Exchange Server 2003 servers delivered directly to a server in Site1.
A. Create two SMTP connections and one Active Directory SMTP site link.
Answer: B
To coexist you will need to create a routing group connector on the 2003 Exchange server. This will allow
the exchange 2010 server to use the 2003 to send and receive emails.
QUESTION 10
You have an Exchange Server 2003 organization. All e-mail messages sent to the organization from the
Internet are delivered to an Exchange Server 2003 server.
You plan to transition the delivery of e-mail from the Internet to an Exchange Server 2010 Hub Transport
server. You need to create a transition plan for e-mail delivery from the Internet.
What should you plan to modify?
A. accepted domains
B. address lists
C. e-mail address policies
D. Recover connectors
Answer: A
QUESTION 11
Server1. Server1 hosts two mailbox database and one public folder database.
You need to recommend a high availability solution for Server 1 that meets the following requirements:
A. Install fallover clustering on both servers, and then configure cluster continuous replication. Replicate
all public folders to Server2.
B. Create and configure a database availability group (DAG). Add Server1 and Server2 to the DAG. Create
database copies. Replicate all public folders to Server2.
C. Create and configure a database availability group (DAG). Add Server1 and Server2 to the DAG. Deploy
a new server named Server3. Create database copies. Configure Server3 as a dedicated public folder
server.
D. Install fallover Clustering on both servers, and then configure a single copy cluster (SCC). Deploy a new
server named Server3. Configure Server3 as a dedicated public folder server.
Answer: B
This question really only talks about one server so I am not sure where server 2 enters the picture. In order
to have to a high availability you will need a second server - which in that case B is the correct answer.
QUESTION 12
You have an Exchanger Server 2010 organization. You deploy an Edge Transport server.
You need to implement a messages hygiene solution that meets the following requirements:
Senders Lists
The Edge Transport server must block all e-mail sent to invalid addresses inside the organization.
A. Enable sender filtering

B. Create Send connectors
C. Configure real time block lists (RBLs)
D. Configure EdgeSync synchronization
Answer: D
The first step in being able to provide a hygiene solution is to configure EdgeSync synchronization.
After an Edge Transport server has been subscribed to the Exchange organization, the Microsoft Exchange
EdgeSync service replicates data from the Active Directory directory service to the Active Directory
Application Mode (ADAM) directory service instance on the Edge Transport server. The replicated data lets
you implement a wider range of anti-spam features and enables domain security functionality. The
EdgeSync synchronization process also lets you configure Send connectors and configuration objects that
are common to both the Exchange organization and the Edge Transport server on a Hub Transport server
and then have that data automatically populated to ADAM. The EdgeSync synchronization process keeps
this data up to date by performing scheduled synchronization.
QUESTION 13
You have an Exchange Server 2003 organization. Users access public folders by using Microsoft Office
Outlook 2003 and Outlook Web Access. You plan to transition the organization to Exchange Server 2010.
You need to ensure that users can access public folders after their mailboxes have been moved to
What should you do?

B. Run the New Organization Relationship wizard.
C. Create public folder replicas on an Exchange Server 2010 server.
D. Run the Microsoft Exchange Inter-Organization Application tool from an Exchange Server 2003 server.
Answer: C
QUESTION 14
You have an Exchange organization that consists of the servers shown in the following table.
You plan to implement moderated transport for distribution groups in the organization.
You need to recommend changes to the organization to support the planned implementation.
A. Upgrade Server 3 to Exchange Server 2010.

B. Install Windows Server 2008 R2 global catalog servers.
C. Replace all distribution groups with dynamic distribution groups.
D. Use Server4 as the expansion server for all moderated distribution groups.
Answer: D
Moderation must be done on a Exchange 2010 Hub Transport Server.
QUESTION 15
You need to recommend an e-mail retention solution to meet the following requirements:
Ensure that users can manually control the expiration of messages in their inbox folders
Ensure that administrators can archive messages that are older than a specified number of days
automatically
A. managed folders
B. journal rules
D. Retention policies
Answer: C
Note - personal archives require a Enterprise License
QUESTION 16
All e-mail send to the network in received by the Edge Transport servers.
You plan to configure anti-spam filtering.
What should you do?
A. Configure EdgeSync synchronization

B. Implement Active Directory Federation Services (AD FS)
C. Join both Edge Transport servers to an Active Directory domain and then create a forest trust for the
internal forest
Edge Transport server
Answer: D
QUESTION 17
Users in the legal department must be able send e-mail messages to public folders
Web App (OWA)
A. mail-enabled public folders and Editor Permissions

Answer: B
Table 1 Public folder client access rights
At the very least Contributor permissions will allow a user to view and send email
QUESTION 18
Your network consists of a single Active Directory domain. The domain contains three domain controllers
and one DNS server.
You need to recommend a DNS implementation that provides redundancy if a DNS server fails.
What should you include in the recommendations?
A. Active Directory integrated DNS server

B. DNS forwarding
C. integrated DNS and WINS
D. multiple MX records
Answer: A
With 3 domain controller all running the DNS service this will provide good fault tolerance if a single server
fails. Keep in mind that Exchange Server also requires Global Catalog Servers - so you should have more
than one on the network.
QUESTION 19
Your company has three offices. Each office has a direct link to the Internet. The offices connect to the
each other by using a WAN link.
Your network consists of an Active Directory forest that contains two domains and one site. The functional
level of the forest is windows server 2003. All domains controllers run Windows Server 2003 R2. Each
office contains two domains controllers for each domain. All domain controllers are global catalog
servers.
In each office, you plan to deploy Mailbox, Client Access and Hub Transport Exchange Server 2010
servers. All e-mail messages sent to the Internet will be delivered from a local server in each office.
A. Disable site link building for the forest.

C. Create a separate Active Directory subnet and site object for each office.
D. Upgrade one domain controller in each office to windows Server 2008.
Answer: C
QUESTION 20
RMS) server. All users access their mailboxes by using Outlook Web App (OWA).

A. a legal hold
B. Domain Security
Answer: C
Information workers exchange sensitive information such as financial reports and data, customer and
employee information, and confidential product information and specifications, by e-mail everyday. In
Microsoft Exchange Server 2010, Microsoft Outlook, and Microsoft Office Outlook Web App, users can
apply Information Rights Management (IRM) protection to messages by applying an Active Directory Rights
Management Services (AD RMS) rights policy template. This requires an AD RMS deployment in the
organization. For more information about AD RMS, see Active Directory Rights Management Services.
However, when left to the discretion of users, messages may be sent in clear text without IRM protection. In
organizations that use e-mail as a hosted service, there's a risk of information leakage as a message
leaves the client and is routed and stored outside the boundaries of an organization. Although e-mail
hosting companies may have well-defined procedures and checks to help mitigate the risk of information
leakage, after a message leaves the boundary of an organization, the organization loses control of the
information. Outlook protection rules can help protect against this type of information leakage.
In Exchange 2010, Outlook protection rules help your organization protect against the risk of information
leakage by automatically applying IRM-protection to messages in Outlook 2010. Messages are IRM-
protected before they leave the Outlook client. This protection is also applied to any attachments using
supported file formats.
When you create Outlook protection rules on an Exchange 2010 server, the rules are automatically
distributed to Outlook 2010 by using Exchange Web Services. For Outlook 2010 to apply the rule, the AD
RMS rights policy template you specify must be available on users' computers.
QUESTION 21
Your company has an Active Directory forest. The network contains Exchange Server 2007 Service Pack 1
(SP1) and Exchange Server Service Pack 2 (SP2) servers. All domain controllers run windows Server 2003
Service Pack 1 (SP1).
You plan to deploy Exchange Server 2010 on the network.
You need to recommend changes to the servers so that you can deploy Exchange Server 2010 servers.
What should you upgrade first?
A. all domain controllers to Windows Server 2003 (x64) SP2

B. all domain controllers to Windows Server 2008 (x86)
C. all Exchange Server 2003 servers to Exchange Server 2007 SP2
D. all Exchange Server 2007 SP1 servers to Exchange Server 2007 SP2
Answer: D
QUESTION 22
Your network contains 20 offices. Each office contains 1,000 users. The users access their e-mail
messages by using Microsoft Exchange server.
You need to recommend an Exchange Server solution that meets the following requirement:
Ensures that users in each office download the list of recipients for their office only
Ensures that users in each office can send e-mail messages to any user in the organization
A. Create 20 new address lists and 20 offline address books (OABs).

B. Create 20 new managed folder mailbox policies and 20 e-mail address policies.
C. Create 20 new dynamic distribution groups and then create 20 new global address lists (GALs).
D. Create 20 new mailbox databases and then move the mailboxes from each office to a separate mailbox
database.
Answer: A
QUESTION 23
contains all the members of your company’s legal department.
The company’s security policy states that the Legal group must be able to search all mailboxes for e-mail

B. a legal hold
Answer: A
in order to search mailboxes you need to be a member of the Discovery Management role group.
holds on mailboxes.
QUESTION 24
Your company’s compliance policy states the following:
Delete e-mail messages sent to legal department users that are older than 180 days.
Delete e-mail messages sent to all other uses that are older than 60 days
A. Configure deleted item retention for all users.

B. Configure Personal Archives for legal department users.
C. Create two Managed Folder mailbox policies. Use one policy for the legal department users. Use the
other policy for all other users.
D. Create two new message classifications. Use one messages classification for the e-mail sent to legal
department users. Use the other message classification for the e-mail sent to all other users.
Answer: C
QUESTION 25
Your company’s compliance policy states that:
A. Journal rules
B. Personal archives
Answer: A
Journaling can help your organization respond to legal, regulatory, and organizational compliance
requirements by recording inbound and outbound e-mail communications. When planning for messaging
retention and compliance, it's important to understand journaling, how it fits in your organization's
compliance policies, and how Microsoft Exchange Server 2010 helps you secure journaled messages.
http://technet.microsoft.com/en-us/library/aa998649.aspx
QUESTION 26
You have an Exchange Server 2010 organization. You enable journaling in the organization. You need to
recommend a solution that prevents administrators from reading confidential e-mail messages sent
between company executives.
A. Deploy Active Directory Rights Management Services (AD RMS) templates and create Outlook
Protection Rules.
B. Deploy Active Directory Rights Management Services (AD RMS) templates and create Transport
Protection Rules.
C. Deploy an X.509 certificate from an enterprise certification authority (CA) to each executive. Instruct the
executive to connect to the Exchange servers by using SMTP over TLS.
D. Deploy an X.509 certificate from a trusted third-party certification authority (CA) to each executive.
Instruct the executive to encrypt e- mail messages by using Security/Multipurpose Internet Mail
Extensions (S/MIME).
Answer: D
QUESTION 27
Your company has a main office and two branch offices. Your network consists of a single domain Active
Directory forest. An Active Directory exists for each office.
The main office contains five domain controllers that run windows Server 2004 (x64). Each branch office
contains one read only domain control (RODC) that runs Windows Server 2008. All domain controllers are
configured as global catalog servers.
You plan to deploy one Exchange Server 2010 server in each site.
You need to recommend changes to Active Directory to support the planned deployment. The solution must
ensures that Exchange servers branch office site connect to their local domain controllers.

D. Disable site link bridging for the forest and configure Exchange specific costs.
Answer: C
Exchange server only supports writable domain controllers. As the question states you plan on a Exchange
Server for each site - you must also have a writable domain controller and a global Catalog server in each
site.
QUESTION 28
Your company has two main offices named Main1 and Main2. An Active Directory site exists for each office.
Users connect locally to servers in both offices. The offices connect to each other by using a high speed
WAN link.
You need to plan the deployment of Mailbox servers to meet the following requirements:
Ensure that users can access their mailbox from a server in their site, if a single Mailbox server fails
Ensure that users can access their mailboxes remotely if a site fails
Minimize the number of servers
How many Mailbox servers should you include in the plan?
A. 2
B. 3
C. 4
D. 6
Answer: C
You will need 2 servers in each site. This will meet the requirements of the questions.
QUESTION 29
Your network contains an Active Directory forest named contoso.com and two Active Directory sites named
Site1 and Site2.
You plan to deploy an Exchange Server 2010 Service Pack 1 (SP1) organization.
An independent consultant recommends a design for the Exchange Server 2010 SP1 deployment as shown
in the following table.
You are evaluating the implementation of the Hub Transport server role on EX4. You need to identify which
Exchange server configuration will minimize the loss of email messages sent between users of the
organization if a Hub Transport server fails.
What should you identify?
A. DNS round robin on DC1 and DC2

B. Datacenter Activation Coordination (DAC) mode
C. shadow redundancy
D. delayed acknowledgments (ACKs)
E. a Hosts file on EX1, EX2, EX3, and EX4
F. a database availability group (DAG)
G. a single copy cluster (SCC)
H. an activation preference for a database
I. EdgeSync synchronization
J. a DNS server on DC2
K. Edge Transport server cloned configuration
L. local continuous replication (LCR) on EX1, EX2, EX3, and EX4
Answer: C
High availability strategies for Exchange have focused on the availability and recoverability of data stored in
mailbox databases. When you implement a highly available solution for your Mailbox servers, the e-mail
messages won't be lost, and they can easily be recovered after a failure, after they arrive in a mailbox.
However, these strategies didn't extend to messages while they're in transit. If a Hub Transport server fails
while processing messages and can't be recovered, data loss could occur. As the volume of messages
processed by Hub Transport servers increases, potential data loss becomes an increasing concern for
administrators.
Microsoft Exchange Server 2007 introduced the transport dumpster feature for the Hub Transport server
role. An Exchange 2007 Hub Transport server maintains a queue of messages delivered recently to
recipients whose mailboxes are on a clustered mailbox server. When a failover is experienced, the
clustered mailbox server automatically requests every Hub Transport server in the Active Directory site to
resubmit mail from the transport dumpster queue. This prevents mail from being lost during the time taken
for the cluster to fail over. While this does provide a basic level of transport redundancy, it's only available
for message delivery in a cluster continuous replication (CCR) environment and doesn't address potential
message loss when messages are in transit between Hub Transport and Edge Transport servers.
Exchange Server 2010 introduces the shadow redundancy feature to provide redundancy for
messages for the entire time they're in transit. The solution involves a technique similar to the transport
dumpster. With shadow redundancy, the deletion of a message from the transport databases is delayed
until the transport server verifies that all of the next hops for that message have completed delivery. If any
of the next hops fail before reporting back successful delivery, the message is resubmitted for delivery to
that next hop.
Shadow redundancy provides the following benefits:
It eliminates the reliance on the state of any specific Hub Transport or Edge Transport server. As long
as redundant message paths exist in your routing topology, any transport server becomes disposable.
If a transport server fails, you can remove it from production without emptying its queues or losing
messages.
If you want to upgrade a Hub Transport or Edge Transport server, you can bring that server offline at
any time without the risk of losing messages.
It eliminates the need for storage hardware redundancy for transport servers.
It consumes less bandwidth than creating duplicate copies of messages on multiple servers. The only
additional network traffic generated with shadow redundancy is the exchange of discard status
between transport servers. Discard status is the information each transport server maintains. It indicates
when a message is ready to be discarded from the transport database.
It provides resilience and simplifies recovery from a transport server failure.
QUESTION 30
You have an Exchange Server 2010 Service Pack 1 (SP1) organization. The network contains two Active
Directory sites named Site1 and Site2. Site1 contains an Edge Transport server named Server1. Each site
has a direct connection to the Internet.
Server1 receives all of the email sent to the Exchange organization from the Internet.
You need to recommend a solution that meets the following requirements:
Prevents an email message from being returned to the sender if Server1 fails.
Prevents an email message from being returned to the sender if the connection to the Internet in Site1
fails.
What should you include in the recommendation?
(Each correct answer presents a complete solution. Choose all that apply.)
A. Deploy a new Edge Transport server named Server2 to Site2. Create a Network Load Balancing cluster
that contains Server1 and Server2. Create a mail exchange (MX) record for the cluster.
B. Deploy a new Edge Transport server named Server2 to Site2. Create a failover cluster that contains
Server1 and Server2. Create a mail exchange (MX) record for the cluster.
C. Create a mail exchange (MX) record that points to an Exchange Hosted Service. Configure the
Exchange Hosted Service to accept email messages for your SMTP domain.
D. Deploy a new Edge Transport server named Server2 to Site2. Create a mail exchange (MX) record for
Server2.
Answer: D
This question had both c and d as the answers however I disagree with that. From what I can see there is
no Exchange Host Service . The only way to meet the requirements of the question you will need to deploy
a second edge server in site 2 and create the MX record. As both sites have a direct link to the Internet
each Edge Server will load balance across the 2 servers
QUESTION 31
You are a messaging administrator for a company named Contoso, Ltd. Contoso has a UNIXbased email
system for the contoso.com SMTP domain.
Contoso has a perimeter network and an internal network.
Corporate security policy states that only TCP port 25 is allowed from the perimeter network to the internal
network.
You plan to change the UNIX-based email infrastructure to Exchange Server 2010 Service Pack 1 (SP1).
The UNIX-based infrastructure will not coexist with the Exchange Server 2010 SP1 organization.
Contoso has a partner company named Fabrikam, Inc. All recipients at Fabrikam are hosted on an
Exchange Server 2003 organization. Fabrikam uses the fabrikam.com SMTP domain.
You need to plan the configuration of the Exchange Server 2010 SP1 accepted domains to meet the
Ensure that all email messages sent to Contoso and Fabrikam can be received by the Contoso servers.
Ensure that the Contoso servers can then relay the email messages to the Fabrikam servers.
Prevent email messages sent to Fabrikam recipients from being relayed to the internal network.
Each correct answer presents part of the solution. Choose all that apply
A. an authoritative accepted domain for contoso.com

B. an internal relay accepted domain for fabrikam.com
C. an authoritative accepted domain for fabrikam.com
D. an external relay accepted domain for contoso.com
E. an external relay accepted domain for fabrikam.com
Answer: AE
QUESTION 32
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows
Server 2008 R2. The network contains two Active Directory sites named Los Angeles and San Francisco.
All traffic to and from the Internet is routed through Los Angeles.
You have an Exchange Server 2010 Service Pack 1 (SP1) organization that contains three servers. The
servers are configured as shown in the following table.
Server1 has Windows Integrated Authentication enabled for the default OWA virtual directory. You need to
configure the Exchange environment to meet the following requirements. Ensure that users can access
their mailbox from the Internet by using the light version of Outlook Web App.
Prevent users from being prompted for a username and a password when they connect to Outlook Web
App from a domain-joined client computer on the internal network.
A. From the Exchange Management Console (EMC), enable Windows Integrated Authentication for
OWA2.
B. From the Exchange Management Console (EMC) on Server1, enable forms-based authentication for
the default OWA virtual directory on Server1.
C. Create a new OWA virtual directory named OWA2 on Server1.
D. From Internet Information Services (IIS) Manager on Server2, enable forms-based authentication for the
default OWA virtual directory.
E. From Internet Information Services (IIS) Manager on Server1, enable forms-based authentication for the
default OWA virtual directory.
F. From the Exchange Management Console (EMC), enable Windows Integrated Authentication for the
default OWA virtual directory on Server2.
Answer: F
This question had A,B,C and F as the answer however I do not see how that is correct.
As I understand the question Windows Integrated Authentication has already been enabled on Server 1
default OWA directory. I do not see a need to create a second OWA directory named OWA2 as it is Los
Angeles that excepts all connections so it should use either Client Access Proxy, or a redirection to the
Client Access Server in San Francisco.
I also don't see how forms - based authentication will achieve anything. The Light Version of Outlook Web
App will be supported regardless as it is based not on the authentication methods but what browser is being
used. If you do not use a supported browser then only the light version will be available.
Forms Based Authentication
Forms-based authentication enables a sign-in page for Exchange Server 2010 Outlook Web App that uses
a cookie to store a user's encrypted sign-in credentials in the Internet browser. Tracking the use of this
cookie enables the Exchange server to monitor the activity of Outlook Web App sessions on public and
private computers. If a session is inactive for too long, the server blocks access until the user re-
authenticates. The first time that the user name and password are sent to the Client Access server to
authenticate an Outlook Web App session, an encrypted cookie is created that's used to track user activity.
When the user closes the Internet browser or clicks Sign Out to sign out of their Outlook Web App
session, the cookie is cleared. The user name and password are sent to the Client Access server only for
the initial user sign-in. After the initial sign-in is complete, only the cookie is used for authentication between
the client computer and the Client Access server.
Setting the Value for Cookie Time-Out on Public Computers
By default, when a user selects the This is a public or shared computer option on the Outlook
Web App sign-in page, the cookie on the computer expires automatically and the user is signed out when
they haven't used Outlook Web App for 15 minutes.
Automatic time-out is valuable because it helps protect users' accounts from unauthorized access. To
match the security requirements of your organization, you can configure the inactivity time-out values on the
Exchange Client Access server.
Although automatic time-out greatly reduces the risk of unauthorized access, it doesn't eliminate the
possibility that an unauthorized user might access an Outlook Web App account if a session is left running
on a public computer. Therefore, make sure to warn users to take precautions to avoid risks. For example,
tell them to sign out from Outlook Web App and close the Web browser when they've finished using
Outlook Web App.
For more information about how to configure cookie time-out values for public computers, see Set the
Forms-Based Authentication Public Computer Cookie Time-Out Value.
Integrated Windows Authentication
You can configure Integrated Windows authentication for Outlook Web App in Microsoft Exchange Server
2010. Integrated Windows authentication enables the server to authenticate users who are signed in to the
network without prompting them for their user name and password and without transmitting information that
isn't encrypted over the network.
Understanding Proxying and Redirection
In a Microsoft Exchange Server 2010 organization, a Client Access server can act as a proxy for other
Client Access servers within the organization. This is useful when multiple Client Access servers are
present in different Active Directory sites in an organization and at least one of those sites isn't exposed to
the Internet. A Client Access server can also perform redirection for Microsoft Office Outlook Web App
URLs and for Exchange ActiveSync devices. Redirection is useful when a user connects to a Client Access
server that isn't in their local Active Directory site or if a mailbox has moved between Active Directory sites.
It's also useful if the user should be using a better URL, for example, one that's closer to the Active
Directory site their mailbox resides in.
Although the Client Access server's response can vary by protocol, when a Client Access server receives a
request for a user whose mailbox is in an Active Directory site other than the one the Client Access server
belongs to, it looks for the presence of an ExternalURL property on the relevant virtual directory on a Client
Access server that's in the same Active Directory site as the user's mailbox. If the ExternalURL property
exists, and the client type supports redirection (for example, Outlook Web App or Exchange ActiveSync),
the Client Access server will issue a redirect to that client. If there's no ExternalURL property present, or if
the client type doesn't support redirection (for example, POP3 or IMAP4), the Client Access server will try to
proxy the connection to the target Active Directory site.
Client Access Proxy

Redirection for Exchange ActiveSync and Outlook Web App in Exchange 2010
I think the correct answer is just F as the Client Access Server in Los Angeles should perform either a
Client Access Proxy or a redirection to the Client Access Server in San Francisco.
QUESTION 33
You have an Exchange Server 2010 Service Pack 1 (SP1) organization. You plan to implement a
redundancy solution for Exchange dependencies.
You need to identify which services must be available for the Exchange organization to function correctly for
all users.
Which service or services should you identify? (Choose all that apply.)
A. domain naming master

B. DNS server
C. primary domain controller (PDC) emulator
D. certification authority (CA)
E. global catalog
F. WINS server
G. infrastructure master
Answer: BE
QUESTION 34
Server 2003 Service Pack 2 (SP2).
You have an Exchange Server 2003 organization. The organization contains servers that run Exchange
Server 2003 Service Pack 1 (SP1) and servers that run Exchange 2000 Server Service Pack 4 (SP4). The
organization contains three routing groups.
You need to prepare the Exchange organization for the installation of the first Exchange Server 2010 SP1
server. The solution must not affect message flow between the Exchange servers.
A. Move all of the Exchange Server 2003 servers to a single administrative group.
B. Suppress link state updates.
C. Perform an in-place upgrade of the Exchange Server 2003 servers to Exchange Server 2007 SP2.
D. Remove the Exchange 2000 Server servers.
E. Install Exchange Server 2003 SP2.
Answer: BDE
QUESTION 35
Your network contains an Active Directory forest. The forest contains two domains named fabrikam.com
and eu.fabrikam.com. The functional level of the fabrikam.com domain is Windows Server 2003 interim.
The functional level of the eu.fabrikam.com domain is Windows Server 2003.
The fabrikam.com domain contains a domain controller named DC1. DC1 runs Windows Server 2003
Service Pack 2 (SP2). DC1 is configured as a global catalog server. The eu.fabrikam.com domain contains
a domain controller named DC2. DC2 runs Windows Server 2003 RTM.
You need to recommend changes to the Active Directory forest to ensure that servers that run Exchange
Server 2010 Service Pack 1 (SP1) can be deployed to both domains.
What should you do?
A. Upgrade the operating system on DC2. Raise the functional level of the fabrikam.com domain. Raise
the functional level of the forest.
B. Upgrade the operating system on DC1 and DC2. Enable universal group membership caching in each
site.
C. Raise the functional level of the fabrikam.com domain and the eu.fabrikam.com domain. Enable
universal group membership caching in all sites.
D. Upgrade the operating system on DC1 and DC2. Raise the functional level of the fabrikam.com domain.
Answer: A
QUESTION 36
You are a network administrator for a school named Graphic Design Institute. The network contains an
Exchange Server 2010 Service Pack 1 (SP1) organization named graphicdesigninstitute.com.
Approximately 50,000 students enroll at the school each year. The students use Outlook Anywhere. At the
beginning of each academic year, you plan to create 25 new mailbox databases to host all of the student
mailboxes.
You need to recommend which configurations must be performed on each new mailbox database.
Minimize the amount of disk space required on the Mailbox servers.

Ensure that the students can search for email addresses and office locations of teachers when they
cannot access the school network.
What should you include in the recommendation? (Choose all that apply.)
A. Modify the maintenance schedule of each mailbox database.

B. Enable local continuous replication (LCR).
C. Enable circular logging for each mailbox database.
D. Configure the offline address book (OAB) properties of each mailbox database.
E. Enable disk quotas for each volume.
F. Create an offline address book (OAB) virtual directory for each mailbox database.
Answer: CD
C and D are the best answers however please note that depending on how you will distribute your offline
address books you might create a OAB virtual directory.
Although it is not recommend it as a best practice, you can configure Exchange to save disk space by
enabling circular logging. Circular logging allows Exchange to overwrite transaction log files after the data
that the log files contain has been committed to the database.
In Exchange 2010, circular logging is disabled by default. By enabling it, you reduce drive storage space
requirements. However, without a complete set of transaction log files, you can’t recover any data more
recent than the last full backup. Therefore, in a normal production environment, circular logging isn’t
recommended.
An offline address book (OAB) in Exchange Server 2010 is a copy of an address book that's been
downloaded so that an Outlook user can access the information it contains while disconnected from the
server. Exchange administrators can choose which address books are made available to users who work
offline, and they can also configure the method by which the address books are distributed (Web-based
distribution or public folder distribution).
Use the EMC to configure OAB properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you
need, see the "Offline address books" entry in the Mailbox Permissions topic.
In the console tree, navigate to Organization Configuration > Mailbox.
In the result pane, click the Offline Address Book tab, and then select the offline address book that you
want to configure.
In the action pane, click Properties.
Use the General tab to view OAB properties and to set the update interval for the OAB.
Name This unlabeled box at the top of the tab displays the OAB name. You can modify this name.
Generation server This read-only field displays the OAB generation server. The OAB generation server is
the Mailbox server on which the OABs are generated. If you want to specify a different generation server,
use the Move-OfflineAddressBook cmdlet with the Server parameter. For more information, see Move-
OfflineAddressBook.
Default offline address book This read-only field displays a True or False status to indicate whether the
selected OAB is the default OAB. If this isn't the default OAB, and you want to set it as the default, right-
click the OAB in the result pane, and then click Set as Default.
Modified This read-only field displays the last date and time that the OAB was modified.
Update Schedule This list displays the time and interval for the regularly scheduled update.
To customize the schedule, select Use Custom Schedule from the list, and then click Customize to open
the Schedule dialog box and specify the schedule you want.
Use the Address Lists tab to select the address lists you want to include in the OAB. If you want to include
a global address list (GAL) other than the default GAL, you must use the Shell.
Include the default Global Address List Select this check box to include the default GAL in the OAB.
Include the following address lists Select this check box to add address lists to or remove address lists
from the OAB.
Click Add to select one or more address lists to add to the OAB.
Click to remove the selected address list from the OAB.
Use the Distribution tab to specify the client support and OAB distribution points for the OAB.
Client Support Select the OAB version that will be generated for the version of Outlook that is used by your
Exchange organization. If you have more than one version of Outlook in your organization, you can select
one or more of the following versions:
Outlook 98 SP1 or earlier (Version 2)
Outlook 98 SP2 or later (Version 3)
Outlook 2003 SP2 or later (Version 4)
If you don't select one of the Client Support options, Version 4 will be generated.
Distribution Points OAB distribution is the method by which the OAB can be accessed by users when they
are working remotely or over a dial-up connection. To distribute the OAB, administrators can use Web-
based distribution, public folder distribution, or both. An OAB distribution point is the HTTP Web address or
public folder where client computers can download an OAB.
You can select one or both of the following check boxes:

Enable Web-based distribution Select this check box to enable Web-based distribution. Web-based
distribution is the distribution method by which Outlook 2007 or later clients that are working offline or
through a dial-up connection access the OAB. With Web-based distribution, a Client Access server will
contain an OAB virtual directory for Web distribution purposes.
Click Add to specify the virtual directory or directories from which you want to distribute the OAB.
Click to remove the selected virtual directory from the OAB.
Enable public folder distribution Select this check box to enable public folder distribution. Public folder
distribution is the distribution method by which Outlook 2003 or earlier clients that are working offline or
through a dial-up connection access OABs.
QUESTION 37
You have an Exchange Server 2010 Service Pack 1 (SP1) organization.
You need to recommend a solution to ensure that an administrator is notified when the following events
occur:
Mailbox databases are dismounted.

The Microsoft Exchange Replication service stops.
What should you include in the recommendation? (Each correct answer presents a complete solution.
Choose all that apply.)
A. Event Viewer tasks
B. the Exchange Best Practice Analyzer
C. the Microsoft Exchange Troubleshooting Assistant
D. Microsoft System Center Configuration Manager
E. Microsoft System Center Operations Manager
F. administrator audit logging
Answer: AD
QUESTION 38
You have an Exchange Server 2010 Service Pack 1 (SP1) organization. All users access their mailbox by
using Microsoft Outlook 2010.
You plan to implement two Client Access servers.
You need to design a Client Access server solution that meets the following requirements:
Ensures that all of the users can access their mailbox if a Client Access server fails
Ensure that all of the users can access their mailbox if a Client Access server service fails.
What should you include in the design? (Choose all that apply.)
A. a hardware based load balancer

B. a Client Access array
C. DNS round robin
D. a Network Load Balancing cluster
E. multiple MX records
F. an SMTP relay
Answer: AB
QUESTION 39
You plan to implement an Exchange Server 2010 Service Pack 1 (SP1) organization.
You identify the following compliance requirements for the Exchange organization:
Provide members of a security group named Legal with the ability to change message classification
settings and retention policy tags.
Provide members of a security group named Legal Management with the ability to view the results from
searches performed across multiple mailboxes.
You need to identify which permissions or management roles must be assigned to achieve the compliance
requirements. The solution must minimize the number of rights assigned to users.
What should you identify? (Choose all that apply.)
A. the Records Management management role

B. the Discovery Management management role
C. the Server Management management role
D. Full Mailbox Access permission to an arbitration mailbox
E. Full Mailbox Access permission to the Discovery Search Mailbox
F. the Organization Management management role
Answer: AE
The Records Management management role group is one of several built-in role groups that make up the
Users who are members of the Records Management role group can configure compliance features, such
as retention policy tags, message classifications, and transport rules.
QUESTION 40
Site1 and Site2.
You need to recommend a change to the current Exchange Server 2010 SP1 design that will ensure that all
users can access their mailbox if DC1 or DC2 fails.
Which change should you recommend?
A. shadow redundancy
B. an activation preference for a database
C. a database availability group (DAG)
D. Datacenter Activation Coordination (DAC) mode
E. a DNS server on DC2
F. delayed acknowledgments (ACKs)
G. local continuous replication (LCR) on EX1, EX2, EX3, and EX4
H. a single copy cluster (SCC)
I. DNS round robin on DC1 and DC2
J. Edge Transport server cloned configuration
K. EdgeSync synchronization
L. a Hosts file on EX1, EX2, EX3, and EX4
Answer: E
Test4Sure had e as the correct answer however I do not see how that even makes sense. If it is a domain
controller then it has DNS running as there is no way to install a domain controller without it. However it is
the only answer that does seem to work
QUESTION 41
You have an Exchange Server 2010 Service Pack 1 (SP1) organization that contains one Mailbox server.
The organization has 4,000 users. All users connect to their mailbox by using Microsoft Outlook 2010.
You plan to switch the Mailbox server for a new server.
You purchase a new server that runs Windows Server 2008 R2.
You install Exchange Server 2010 SP1 on the new server.
You need to recommend which tools can identify whether the new server can adequately support the 4,000
mailboxes.
Which tools should you recommend? (Choose all that apply.)
A. Exchange Pre-deployment Analyzer

B. Exchange Load Generator
C. Exchange Server Profile Analyzer
D. Deployment Assistant
E. Exchange Server Jetstress 2010
Answer: BE
QUESTION 42
You identify the following compliance requirements for the organization:
Provide an administrator with the ability to perform cross-mailbox searches from the Exchange Control
Panel (ECP).
Prevent specific users from permanently deleting email messages and calendar items from their
mailbox.
You need to identify which Exchange technologies meet the compliance requirements.
Which technologies should you identify? (Choose all that apply.)
A. a cmdlet Extension Agent

B. Role Based Access Control (RBAC)
C. retention policies
D. a litigation hold
E. outlook Web App mailbox policies
F. managed folders
Answer: BD
QUESTION 43
You need to ensure that when a new mailbox-enabled user is created, the configurations shown in the
following table are set by default.
What should you use? (Each correct answer presents a complete solution. Choose all that apply.)
A. Microsoft System Center Configuration Manager

B. email address policies
C. a template user account
D. Microsoft System Center Operations Manager
E. a Windows PowerShell script
F. cmdlet extension agents
Answer: EF
QUESTION 44
You are a network administrator for a company named Contoso, Ltd. The company has offices in New
York, Boston and Montreal. Each office contains an Active Directory site as show in the exhibit. (Click the
Exhibit button.)
All access to the Internet is routed through the Montreal office. Only TCP ports 80, 25, and 443 are allowed
from the Internet to the internal network.
You plan to deploy an Exchange Server 2010 Service Pack 1 (SP1) organization. Each site will contain a
Mailbox server and a Hub Transport server.
You need to recommend where to place the Client Access servers for the organization.
The solution must minimize software costs.
Where should you recommend placing the Client Access servers?
Exhibit:
A. in the Boston site and the New York site

B. in the Montreal site and the New York site
C. in the Montreal site only
D. in the Montreal site, the New York site, and the Boston site
Answer: D
QUESTION 45
Your company plans to deploy Exchange Server 2010 Service Pack 1 (SP1).
The company's security policy has the following requirements:
Users who access the Exchange organization from the Internet must use a smart card or an X.509
certificate for authentication.
All access to the Exchange organization from the Internet must pass through Microsoft Forefront Threat
Management Gateway (TMG).
You need to identify which client connection methods can be implemented based on the security policy.
What should you identify? (Choose all that apply.)
A. Outlook Web App

B. POP3
C. IMAP4
D. Exchange ActiveSync
E. the Exchange Control Panel (ECP)
Answer: ADE
The Exchange Control Panel is a Web application that runs on a Client Access Server providing services
for the Exchange organization. This Exchange Control Panel is installed automatically when you install a
Client Access server. To manage Exchange from just about anywhere, you simply need to enter the URL
path for the application in your browser’s Address field. You can then access the Exchange Control Panel.
By default, the Exchange Control Panel URL is https://yourserver.yourdomain.com/ecp.
The Client Access server to which you connect processes your remote actions via the ECP application
running on the default Web site. The physical directory for this application is %ExchangeInstallPath%
\ClientAccess\Ecp. And it runs in the context of an application pool named MSExchangeECPAppPool. In
the %ExchangeInstallPath%\ClientAccess\Ecp directory on your server, you’ll find a web.config file that
defines the settings for the ECP application.
When you install an Exchange server, the setup process creates a self-signed Security certificate. Because
this default certificate is not issued by a trusted authority, you will see a related error message when you
use HTTPS to access services hosted by your Client Access servers.
By default, Client Access servers are configured to use Secure HTTP (HTTPS) for Outlook Web App.
When you install Exchange Server 2010, a self-signed security certificate is automatically issued for the
Client Access server. Since this default certificate is not issued by a trusted certificate authority, users will
see a warning when they access OWA stating that there is a problem with the Web site’s security
certificate.
At the warning prompt, the user simply needs to click the Continue To This Website link to access the
Outlook Web App. Of course, this warning can be disconcerting to the user and have users click to continue
anyway sets a bad precedent, training users to ignore online security warnings.
The user will see this warning continuously until you install a certificate from a trusted source on the server.
X 509 Certificate
What are colloquially known as SSL certificates should be referred to as X.509 certificates. The term SSL
certificate became common due to the adoption of the X.509 (one of the ITU X.500 Directory standards)
certificate format by Netscape when it designed the original versions of the SSL protocol, eons ago, when
the world was still young and the Internet was a friendly place. The term 'SSL certificate' persisted simply
because given the choice of saying SSL certificate or 'X.509 certificate' which would you choose?
http://www.zytrax.com/tech/survival/ssl.html#x509-overview
QUESTION 46
Site1 and Site2.
You are evaluating the implementation of a Network Load Balancing cluster on the Exchange servers.
You need to identify which potential Exchange server configuration will prevent the implementation of the
Network Load Balancing cluster.
A. DNS round robin on DC1 and DC2

B. a database availability group (DAG)
C. an activation preference for a database
D. shadow redundancy
E. EdgeSync synchronization
F. a single copy cluster (SCC)
G. Edge Transport server cloned configuration
H. local continuous replication (LCR) on EX1, EX2, EX3, and EX4
I. a Hosts file on EX1, EX2, EX3, and EX4
J. Datacenter Activation Coordination (DAC) mode
K. a DNS server on DC2
L. delayed acknowledgments (ACKs)
Answer: B
Before we continue, we need to discuss an important design consideration regarding the load balancing of
the Client Access Server role. In the configuration presented above, the Client Access Server role is
coexisting on the same servers as the Mailbox server role. Since the mailbox servers are part of a DAG,
which itself uses Windows Failover Clustering, it is not possible to implement Windows Network Load
Balancing (WNLB) as the high availability mechanism for the Client Access Server role. As explained in the
Exchange 2010 product documentation, under the section titled “Two-member DAG in Single Datacenter/
Active Directory Site”, this is because WNLB and Windows Failover Clustering cannot be installed on the
same server. Therefore, in this particular configuration, an external load balancing solution will be required,
although that particular facet of configuration is outside the scope of this article.
http://www.simple-talk.com/sysadmin/exchange/exchange-2010-dag-creation-and-configuration-part-1/
QUESTION 47
Your network contains two Active Directory forests. The forests contain domain controllers that run
Windows Server 2008 R2.
The forests are configured as shown in the following table.
A one-way forest trust exists from adatum.com to litwareinc.com.
You plan to deploy an Exchange Server 2010 Service Pack 1 (SP1) organization. The organization will
contain Mailbox servers in litwareinc.com.
You need to ensure that users in adatum.com can access the mailboxes in the Exchange organization.
What should you do?

A. Create a forest trust from litwareinc.com to adatum.com. Create linked mailboxes in litwareinc.com.
B. Create a forest trust from litwareinc.com to adatum.com. Create resource mailboxes in litwareinc.com.
C. Change the forest trust to an external trust. Create linked mailboxes in litwareinc.com.
D. Deploy Mailbox servers to adatum.com. Create resource mailboxes in litwareinc.com.
Answer: A
Linked mailboxes are user mailboxes that are accessed by users in a separate, trusted forest
http://forums.msexchange.org/m_1800450025/mpage_1/key_/tm.htm#1800553199
QUESTION 48
Your network contains one Active Directory site. You have an Exchange Server 2010 organization that
A Client Access server named CAS1.

A Hub Transport server named Hubl.
Two servers named Serverl and Server2. Both Serverl and Server2 have the Mailbox server role installed,
the Client Access server role installed, and are members of a database availability group (DAG).
You need to ensure that users can send e-mail messages to the Internet if a single server fails.
A. Add the Hub Transport server role to CAS1. Modify the Send connector.
B. Add an Edge Transport server. Create a new Edge subscription.
C. Add the Client Access server role to Hub1. Create a Client Access server array.
D. Add an Edge Transport server. Configure a Network Load Balancing cluster.
Answer: A
Pass4Sure did not have an answer for this question
The question is asking that users can send mail if a single server fails. As I read the question I see only one
Hub Transport Server which is Hub1
So I feel that A - adding another hub server to Cas1 will provide the solution
QUESTION 49
Site1 and Site2.
You plan to replicate the mailbox databases from Site1 to Site2.
You need to identify which Exchange server configuration will provide the ability to replicate the mailbox
databases.
A. a Hosts file on EX1, EX2, EX3, and EX4

B. delayed acknowledgments (ACKs)
C. local continuous replication (LCR) on EX1, EX2, EX3, and EX4
D. a single copy cluster (SCC)
E. Edge Transport server cloned configuration
F. Datacenter Activation Coordination (DAC) mode
G. an activation preference for a database
H. shadow redundancy
I. a DNS server on DC2
J. DNS round robin on DC1 and DC2
K. EdgeSync synchronization
L. a database availability group (DAG)
Answer: L
QUESTION 50
You have an Exchange Server 2010 Service Pack 1 (SP1) organization named fabrikam.com. All users
access their mailbox by using Microsoft Outlook 2010.
You identify the following compliance requirements for the Exchange organization:
Ensure that all of the users can prevent confidential email messages from being forwarded to other
recipients.
Ensure that all of the users receive a warning message before they send email messages to the
company's executives.
You need to identify which Exchange technologies meet the compliance requirements.
Which technologies should you identify? (Choose all that apply.)

A. Information Rights Management (IRM)
B. MailTips
C. a Hub Transport rule
D. managed folders
E. a litigation hold
Answer: ABC
A-B-C
You need to have Hub Transport Rules to make A and B work
Every day, information workers use e-mail to exchange sensitive information such as financial reports and
data, legal contracts, confidential product information, sales reports and projections, competitive analysis,
research and patent information, and customer and employee information. Because people can now access
their e-mail from just about anywhere, mailboxes have transformed into repositories containing large
amounts of potentially sensitive information. As a result, information leakage can be a serious threat to
organizations. To help prevent information leakage, Microsoft Exchange Server 2010 includes Information
Rights Management (IRM) features, which provide persistent online and offline protection of e-mail
messages and attachments.
Exam I
QUESTION 1
Your network contains two Active Directory forests. The forests contain domain controllers that run
Windows Server 2008 R2. The forests are configured as shown in the following table.
An external trust exists from contoso.com to fabrikam.com.
You plan to deploy an Exchange Server 2010 Service Pack 1 (SP1) organization. The organization will
contain Mailbox servers in fabrikam.com.
You need to ensure that users in contoso.com can access the mailboxes in the Exchange organization.
What should you do?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order.
Answer:
Section: Drag and Drop
QUESTION 2
You plan to implement an Exchange Server 2010 Service Pack 1 (SP1) organization. You are planning the
compliance infrastructure for the organization.
You need to identify which permissions or management roles must be assigned to achieve your compliance
requirements. The solution must minimize the number of rights assigned to users.
To answer, drag the appropriate To answer, drag the appropriate permission or management role to the
correct compliance requirement in the answer area.
Answer:
QUESTION 3
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and
east.contoso.com. The functional level of the contoso.com domain is Windows Server 2003 interim. The
functional level of the east.contoso.com domain is Windows Server
2003.
The contoso.com domain contains a domain controller named DC1. DC1 runs Windows Server 2003
Service Pack 2 (SP2). DC1 is configured as a global catalog server.
The east.contoso.com domain contains a domain controller named DC2. DC2 runs Windows Server 2003
RTM.
You need to recommend changes to the Active Directory forest to ensure that servers that run Exchange
Server 2010 Service Pack 1 (SP1) can be deployed to both domains.
You plan to raise the functional level of the forest to Windows Server 2003.
Which other actions should you plan to perform?
To answer, drag the appropriate actions to the correct location or locations in the answer area.
Answer:
QUESTION 4
You need to recommend tools that can be used to monitor the Exchange organization.
Which tool or cmdlet should you use to perform each task?

To answer, drag the appropriate tool or cmdlet to the correct task in the answer area.
Answer:
QUESTION 5
Server 2008 R2. The network contains an Exchange Server 2010 Service Pack 1 (SP1) organization.
Corporate security policy states that all user connections from the Internet to the Exchange organization
must be encrypted.
You plan to deploy the following client connection methods for the Exchange organization:
POP3
IMAP4
Outlook Web App
Outlook Anywhere
You need to identify which firewall ports must be opened to meet the security policy. The solution must use
the default TCP ports of each connection method.
To answer, drag the appropriate TCP port to the correct connection method in the answer area.
Answer:
Secure ports to be open
Pop = 995
IMAP = 993
Outlook Web App = 443
If you already use Outlook Web App with SSL or Exchange ActiveSync with SSL, you don't have to open
any additional ports from the Internet.
QUESTION 6
You plan to implement Exchange Server 2010 Service Pack 1 (SP1) in your organization.
You need to plan the security model for the organization to meet the following requirements:
A minimum number of permissions must be assigned.

Members of a group named Support must be able to configure all the properties of mailboxenabled
users, distribution groups, and servers.
Members of a security group named IT-Consultants must be able to generate a report that contains
information about mailbox-enabled users, distribution groups, and server configurations.
Which management roles should you assign?
Answer:
I am not sure if IT Consultants require - View-Only Organization Management along with Organization
Management. The question states the least amount of permissions and to me - Organization Management
does give the required permissions to perform almost any task. I do not see how View-Only Organization
Management is required. I believe the screen shot above is not correct and IT Consultants only require
Organization Management.
Organization Management
Administrators who are members of the Organization Management role group have administrative access
to the entire Exchange 2010 organization and can perform almost any task against any Exchange 2010
object.
View-Only Organization Management

Administrators who are members of the View Only Organization Management role group can view the
properties of any object in the Exchange organization.
Recipient Management
Administrators who are members of the Recipient Management role group have administrative access to
create or modify Exchange 2010 recipients within the Exchange 2010 organization.
Server Management
Administrators who are members of the Server Management role group have administrative access to
Exchange 2010 server configuration. They don't have access to administer Exchange 2010 recipient
configuration.
Help Desk
Users who are members of the Help Desk role group can perform limited recipient management of
Exchange 2010 recipients.
QUESTION 7
Your network contains a single Active Directory domain named contoso.com.
You plan to deploy a new Exchange Server 2010 Service Pack 1 (SP1) organization. You identify the
administrative model for the Exchange organization as shown in the following table.
You need to identity which groups must be assigned to Group1 and Group2 to support the planned
administrative model.
The solution must minimize the number of rights assigned to each group.
Which security groups and role groups should you assign to Group1 and Group2?
To answer, drag the appropriate security groups or role groups to the correct group in the answer area.
Answer:
Group 1 needs to be able to do the following:
Restore mailboxes
Stop and Restart both Servers and Services
Create mailbox database
Install Operating System Updates
Manage Certificates
I don't agree with the need for this group to be a member of the Account Operators group. This is a domain
account that allows local logon to domain controllers and they can create user account accounts. Group 1
as I read the question needs to logon to exchange servers and manage the local exchange server.
Therefore I think they just need to be members of the Administrative Group on each Exchange Server.
Group 2 needs to be able to do the following:
create mail - enabled users

create distribution lists
delete distribution lists
In order for group 2 to complete their tasks they will need to have recipient management role and the
Organization Role
Account Operators is a local group that grants limited account creation privileges to a user.
Members of this group can create and modify most types of accounts, including those of users, local
groups, and global groups. They can also log on locally to domain controllers. However, Account Operators
can't manage the Administrator user account, the user accounts of administrators, or the group accounts
Administrators, Server Operators, Account Operators, Backup Operators, and Print Operators. Account
Operators also can't modify user rights.
The Recipient Management management role group is one of several built-in role groups
that make up the Role Based Access Control (RBAC) permissions model in Microsoft Exchange Server
2010. Role groups are assigned one or more management roles that contain the permissions required to
perform a given set of tasks. The members of a role group are granted access to the management roles
assigned to the role group. For more information about role groups, see Understanding Management Role
Groups.
Administrators who are members of the Recipient Management role group have administrative access to
create or modify Microsoft Exchange Server 2010 recipients within the Exchange 2010 organization.
Help Desk - The Help Desk management role group gives members permissions that are typically
required by members of a help desk, such as modifying users’ details such as their address and phone
number.
Organization Management - The Organization Management role group is synonymous with the
Exchange Full Administrator role in Exchange 2003 and the Exchange Organization Administrators role in
Exchange 2007. Essentially, membership of this management role group gives the user the ability to
perform pretty much any task in Exchange 2010, with the main missing task being the ability to perform
mailbox searches; that itself is achieved via the Discovery Management role group.
Domain Admins - This group is automatically added to the corresponding Administrators group in
every domain in the forest. It has complete control over all domain controllers and all directory content
stored in the domain and it can modify the membership of all administrative accounts in the domain.
The permissions granularity issue was improved in Exchange 2007. The Exchange Full Administrator role
found in Exchange 2000 and Exchange 2003 became known as the Exchange Organization Administrators
role in Exchange 2007 and still gave administrators full access to all Exchange objects in the entire
organization. The Exchange View-Only Administrators role also remained, giving administrators read-only
access to the entire Exchange organization.
There were effectively three new additions to the Exchange 2007 roles:
Exchange Recipient Administrators - Allowed administrators to modify Exchange settings on users,

groups, contacts and public folders
Exchange Public Folder Administrators - Was introduced in Exchange 2007 Service Pack 1 and as
its name suggests allowed administrators to manage public folders
Exchange Server Administrators - Allowed administrators to fully manage a particular Exchange 2007
server as long as they were also a member of the local Administrators group on that server
Although the permissions model in Exchange 2007 was a vast improvement over those models found in
earlier versions of Exchange, it still wasn’t able to satisfy a lot of the administrative scenarios found in
various organizations. Essentially, the roles in Exchange 2007 still offered too much administrative power to
administrators in a decentralized Exchange organization and it was therefore difficult to limit the
permissions available to certain administrators. Although it was possible to implement a split permissions
model in Exchange 2007 by modifying Access Control Lists (ACLs), this was a complex procedure that
could sometimes result in errors and issues that were difficult to troubleshoot.
The design of Exchange 2010 has needed to take into account the more demanding and granular
permissions requirements of organizations. Exchange 2010 now supports a model where specialist users
can be granted specific Exchange permissions required to perform their duties. For example, there may be
the scenario where a compliance officer within a company needs to conduct a search across all employees’
mailboxes for legal reasons, or perhaps a member of the Human Resources department needs to update
user information in Active Directory that is seen on the properties of users’ mailboxes. In these example
cases, the relevant specialist user should only be given the rights to perform the required task and should
not be assigned, for example, additional rights that could allow them to affect the overall configuration of the
Exchange environment.
Management Role Groups - In Exchange 2010, Microsoft has made the task of assigning a series
of common permissions to administrative and specialist users very easy by providing 11 default
management role groups. By placing a user or group into a management role group, the management roles
associated with that management role group are assigned accordingly thereby giving the user or group the
relevant permissions. The term role holder is used by Microsoft to denote the administrative or specialist
user that is added to the management role group. These 11 default management role groups are created
during Exchange 2010 setup. Specifically, these management role groups are created when Exchange
2010 setup runs the Active Directory preparation steps that can be performed individually by running the
Exchange 2010 setup.com program with the /PrepareAD switch. The management role groups can be seen
in the Microsoft Exchange Security Groups Organizational Unit (OU) that is created in the root domain
during the Exchange setup process. You can see this OU and the groups within it in Figure 1. Note that of
the 16 groups shown in Figure 1, only 11 are management role groups; these are highlighted.
A member of LOCAL\Administrators is a far cry from a BUILTIN\Administrators, and here are the two
primary reasons why:
One - BUILTIN\Administrators is not stored locally to a single DC - its membership is in the Active Directory,
in the CN=Builtin,DC=domain,DC=com container. The contents of this container are replicated to all domain
controllers. Therefore, adding a user to a member of this group on one DC makes them a member of the
group on all DCs. (A member server has a local accounts database called a SAM that is not visible to the
domain.)
Two - Since BUILTIN\Administrators gives local Administrator permissions to its members - they can do
anything on any DC in the domain. Anything. Making themselves a Domain Administrator is a trivial
exercise.
A final note of caution: it is now widely recognized that forests are the security boundaries in Active
Directory, not domains (regardless of what the original Windows 2000 Server A/D documentation said).
Domains are simply administrative boundaries. As a corollary to item two above, once a person is a domain
administrator, it is fairly easy to become an enterprise administrator.
QUESTION 8
You have an Exchange Server 2010 Service Pack 1 (SP1) organization named contoso.com.
Remote users connect to the organization by using Microsoft Outlook 2010.
Your network includes four servers. The servers are configured as shown in the following table.
You create a Hosts file on Server3 and Server4 that contains the IP addresses and server names of
Server1 and Server2.
You need to recommend which DNS records must be created to meet the following requirements:
Support Edge Subscriptions.

Provide load balancing for email traffic received from the Internet.
Ensure that email can be received from the Internet if a single Edge Transport server fails.
What should you do?
To answer, drag the appropriate DNS records to the correct DNS zone in the answer area.
Answer:
This solution makes no sense and certainly does not meet the requirements of the Question.

To support load balancing of the edge servers you will need to create external MX records for both Edge
Servers - this will also insure that email can be received if a single edge server fails.
To support Edge Subscriptions you will need to create A records on the internal network.
QUESTION 9
You deploy servers that run Exchange Server 2010 Service Pack 1 (SP1) to the organization.
Your network contains two Active Directory sites named Site1 and Site2. The organization
contains five servers. The servers are configured as shown in the following table.
You plan to move all mailboxes to Servers and to decommission Server1 and Server2.
You need to recommend the process to decommission Server1 and Server2. The solution must prevent
interruptions to the mail flow.
What should you do?
correct order.
Answer:
You will need to uninstall Exchange 2007 and create the Edge subscription.
In a typical deployment scenario, the computer that has the Edge Transport server role installed doesn't
have access to Active Directory. All the configuration and recipient information that the Edge Transport
server has to process messages is stored in AD LDS. Creating an Edge Subscription establishes secure,
automatic replication of information from Active Directory to AD LDS. The Edge Subscription process
provisions the credentials that are used to establish a secure LDAP connection between Hub Transport
servers and a subscribed Edge Transport server. The Microsoft Exchange EdgeSync service that runs on
Hub Transport servers then performs periodic one-way synchronization to transfer data to AD LDS and
keep that data up to date. This process reduces the administration that you must perform in the perimeter
network by letting you perform required configuration on the Hub Transport server role and then write that
information to the Edge Transport server.
You subscribe an Edge Transport server to the Active Directory site that contains the Hub Transport servers
that will directly exchange messages with your Edge Transport servers. The Edge Subscription process
creates an Active Directory site membership affiliation for the Edge Transport server. The site affiliation
enables Hub Transport servers in the Exchange organization to relay messages to the Edge Transport
server for delivery to the Internet without having to configure explicit Send connectors.
QUESTION 10
You have an Exchange Server 2010 Service Pack 1 (SP1) organization that contains four servers.
The servers are configured as shown in the following table.

Datacenter Activation Coordination (DAC) node is enabled for DAG1, The file share witness is located on
Servers and the alternate file share witness is located on Server7.
Domain controllers are available in both sites.
You need to recommend a solution to activate the databases in Site2 if Site1 becomes unavailable for an
extended period of time.
What should you recommend running before you activate the mailbox databases?
correct order.
Answer:
QUESTION 11
You are planning the anti-spam infrastructure for the organization.
You need to identify which Exchange Server 2010 SP1 anti-spam technologies achieve your antispam
requirements.
Which technologies should you identify?
To answer, drag the appropriate anti-spam technology to the correct anti-spam requirement in the answer
area.
Answer:
I think the correct answers are Sender ID - Content Filtering - Sender Filtering - Recipient Filtering
Content Filtering - Content filtering provides another tool to help manage the flow of messages entering
and exiting your enterprise mail stream. Content filtering enables you to filter messages using a variety of
filtering tools. These include:
Sender-domains filtering (for Realtime and Manual scan jobs), Subject line filtering (for Realtime and
Manual scan jobs).Filter set templates (simplify the creation and management of file and content filters on
all scan jobs)
Sender ID - The Sender ID Framework is an e-mail authentication technology protocol that helps address
the problem of spoofing and phishing by verifying the domain name from which e-mail messages are sent.
Sender ID validates the origin of e-mail messages by verifying the IP address of the sender against the
alleged owner of the sending domain. Now adopted by more than 10 million domains worldwide, Sender ID
is providing brand owners, senders, and receiving networks with significant business and technical value
Sender Filtering - The Sender Filter agent is an anti-spam filter that's enabled on computers that have the
Microsoft Exchange Server 2010 Edge Transport server role installed. The Sender Filter agent relies on the
MAIL FROM: SMTP header to determine what action, if any, to take on an inbound e-mail message. When
you configure anti-spam filters on an Edge Transport server, the filters act on messages cumulatively to
reduce the number of unsolicited messages that enter the enterprise. For more information about how to
plan and deploy the anti-spam features, see Understanding Anti-Spam and Antivirus Functionality. The
Sender Filter agent acts on messages from specific senders outside the organization. Administrators of
Edge Transport servers maintain a list of senders who are blocked from sending messages to the
organization. As an administrator, you can block single senders (kim@contoso.com), whole domains (*.
contoso.com), or domains and all subdomains (*.contoso.com). You can also configure what action the
Sender Filter agent should take when a message that has a blocked sender is found.
You can configure the following actions:
The Sender Filter agent rejects the SMTP request with a "554 5.1.0 Sender Denied" SMTP session error
and closes the connection.
The Sender Filter agent accepts the message and updates the message to indicate that the message
came from a blocked sender. Because the message came from a blocked sender and it's marked as
such, the Content Filter agent will use this information when it calculates the spam confidence level
(SCL).
Recipient Filtering - The Recipient Filter agent blocks messages according to the characteristics of the
intended recipient in the organization.
The Recipient Filter agent can help you prevent the acceptance of messages in the following scenarios:
Nonexistent recipients You can prevent delivery to recipients that are not in the organization's address
book. For example, you may want to stop delivery to frequently misused account names, such as
administrator@contoso.com or support@contoso.com.
Restricted distribution lists You can prevent delivery of Internet mail to distribution lists that should be
used only by internal users.
Mailboxes that should never receive messages from the Internet You can prevent delivery of Internet
mail to a specific mailbox or alias that is typically used inside the organization, such as Helpdesk.
The Recipient Filter agent acts on recipients that are stored in one or both of the following data sources:
Recipient Block list An administrator-defined list of recipients for which inbound messages from the
Internet should never be accepted.
Recipient Lookup Verification that the recipient is in the organization. Recipient Lookup requires
access to Active Directory directory service information that is provided by EdgeSync to Active Directory
Application Mode (ADAM).
Sender Reputation - Sender reputation weighs each of these statistics and calculates an SRL for each
sender. The SRL is a number from 0 through 9 that predicts the probability that a specific sender is a
spammer or otherwise malicious user. A value of 0 indicates that the sender isn't likely to be a spammer; a
value of 9 indicates that the sender is likely to be a spammer.
You can configure a block threshold from 0 through 9 at which sender reputation issues a request to the
Sender Filter agent, and, therefore, blocks the sender from sending a message into the organization. When
a sender is blocked, the sender is added to the Blocked Senders list for a configurable period. How blocked
messages are handled depends on the configuration of the Sender Filter agent.
The following actions are the options for handling blocked messages:
Reject
Delete and archive
Accept and mark as a blocked sender
If a sender is included in the IP Block list or Microsoft IP Reputation Service, sender reputation issues an
immediate request to the Sender Filter agent to block the sender. To take advantage of this functionality,
you must enable and configure the Microsoft Exchange Anti-spam Update Service.
By default, the Edge Transport server sets a rating of 0 for senders that haven't been analyzed. After a
sender has sent 20 or more messages, sender reputation calculates an SRL that's based on the statistics
listed earlier in this topic.
QUESTION 12
You are a network administrator for a company named Contoso, Ltd. The company has offices in New York
and Boston.
Each office contains an Active Directory site. The New York office also contains a perimeter network. All
access to the Internet is routed through the perimeter network. Only TCP ports 80, 25, and 443 are allowed
from the perimeter network to the internal network.
Each site will contain a Mailbox server and a Hub Transport server.
You need to recommend the appropriate placement of the Client Access servers for the organization. The
solution must minimize the number of servers deployed.
To answer, select the appropriate Client Access server design in the answer area.
Answer:
QUESTION 13
You have an Exchange Server 2007 organization. All servers in the organization run ExchangeServer 2007
Service Pack 1 (SP1).
Your network contains two Active Directory sites named SiteA and SiteB. Only SiteA has a direct connection
to the Internet.
You plan to transition the organization to Exchange Server 2010 SP1.
You need to recommend a transition solution to ensure that all of the mailboxes in SiteA can be moved to
the Exchange Server 2010 SP1 servers. The solution must ensure that users in SiteB can send email
messages to users in SiteA during the coexistence phase.

Answer:
QUESTION 14
You are planning an Exchange Server 2010 Service Pack (SP1) organization for a company named
Contoso, Ltd.
Your network contains two sites named Site1 and Site2. Site1 has an Internet connection. Site2 connects to
the Internet through Site1.
Each site will contain Client Access servers and Client Access arrays. The Client Access servers and the
Client Access arrays will be configured as shown in the following table.
You plan to purchase SAN certificates for the Client Access servers. You need to identify the names for
each SAN certificate for the Client Access methods in the following table.
Which names should you identify?
To answer, drag the appropriate names to the correct certificate in the answer area.
Answer:
I do not agree with the above answer as the question is about SSL certificates. In my mind site1 is the
internet facing site so it needs SSL certificate for Autodiscover and OWA
Site 2 should just need a SSL certificate for OWA
QUESTION 15
You have an Exchange Server 2010 Service Pack 1 (SP1) organization. You are planning the compliance
infrastructure for the organization.
You need to identify which Exchange technologies achieve the compliance requirements.
To answer, drag the appropriate technology to the correct compliance requirement in the answer area.
Answer:
QUESTION 16
You have an Exchange Server 2010 Service Pack 1 (SP1) organization. The organization contains 1,000
mailbox-enabled users. The maximum mailbox size for each user is 500 MB. The users have Personal
Archives.
You plan to deploy a new Mailbox server that will host multiple mailbox databases. The disks on the new
server are configured as shown in the following table.
You need to recommend configurations for the hard disk of the Mailbox server.
The configurations must meet the following requirements:
Minimize impact if a single disk fails.

Maximize the speed of read and write operations to the mailbox databases.
Which server configurations should you recommend?
To answer, drag the appropriate configuration to the correct disk set in the answer area.
Answer:
Pass4Sure had this answer
I think the correct order is mailbox logs - Operating System - Mailbox database - Personal archives
QUESTION 17
You are planning the audit and discovery infrastructure for an Exchange Server 2010 Service Pack l (SP1)
organization.
You need to identify which Exchange technologies achieve your audit and discovery requirements.
To answer, drag the appropriate technology to the correct audit and discovery requirement in the answer
area.
Answer:
Because mailboxes can potentially contain sensitive, high business impact (HBI) information and personally
identifiable information (PII), it's important that you track who logs on to the mailboxes in your organization
and what actions are taken. It's especially important to track access to mailboxes by users other than the
mailbox owner. These users are referred to as delegate users.
Using mailbox audit logging, you can log mailbox access by mailbox owners, delegates (including
administrators with full mailbox access permissions), and administrators. Mailboxes are considered to be
accessed by an administrator only in the following scenarios:
Discovery search is used to search a mailbox.
The New-MailboxExportRequest cmdlet is used to export a mailbox.

Microsoft Exchange Server MAPI Editor is used to access the mailbox.
When you enable audit logging for a mailbox, you can specify which user actions (for example, accessing,
moving, or deleting a message) should be logged for a logon type (administrator, delegate user, or owner).
The audit log entries also include important information such as the client IP address, host name, and
process or client used to access the mailbox. For items that are moved, the entry includes the name of the
destination folder.
You can use administrator audit logging in Microsoft Exchange Server 2010 to log when a user or
administrator makes a change in your organization. By keeping a log of the changes, you can trace
changes to the person who made the change, augment your change logs with detailed records of the
change as it was implemented, comply with regulatory requirements and requests for discovery, and more.
By default, audit logging is enabled in new installations of Microsoft Exchange Server 2010 Service Pack 1
(SP1).
QUESTION 18
You have an Exchange Server 2010 Service Pack 1 (SP1) organization named contoso.com. A partner
company named Fabrikam, Inc., has an Exchange Server 2010 (SP1) organization named fabrikam.com.
All client computers in contoso.com and fabrikam.com run Microsoft Outlook 2010. You need to ensure that
users in fabrikam.com can view the availability information of users in contoso.com.
What should you do?

Answer:
I think this answer is wrong and the correct answer is that Fabrikam should created the
trust and the organization relationship
Implementing Federated Sharing
With federated sharing, you can use federation technologies to establish trusted relationships and hence
enable secure Internet communications between organizations. This requires that you use Microsoft
Federation Gateway as a trust broker, that each participating organization establish and manage its trust,
and that federated sharing is supported for all messaging clients. To establish a federation trust,
organizations exchange security certificates with public keys with each other or with a trusted third party and
use those certificates to authenticate and secure all interorganizational communications.
The Microsoft Federation Gateway
The Microsoft Federation Gateway is an identity service that runs over the Internet and functions as a trust
broker for federated sharing. It provides a broker service to establish the communication between the
organizations but does not authenticate individual users or store any user account information from either
organization.
To enable federated sharing, you need to register your organization with the Federation Gateway and then
configure a federated sharing relationship with another organization that also registers with the Federation
Gateway. The Federation Gateway then acts as a hub for all connections that the organizations make with
each other, For example, Client Access servers in each organization connect through the Federation
Gateway to exchange availability information and enable calendar sharing. These Client Access servers
use the federated trust that you configure with the Federation Gateway to verify you partner’s Client Access
servers and to encrypt traffic sent between the organizations. Users can also send encrypted and
authenticated email messages between the organizations.
In federated sharing, each organization needs only to manage its trust relationship with the Federation
Gateway and its own user accounts. After an organization establishes a trust relationship with the
Federation Gateway, you can identify other trusted organizations and the types of information you want to
share with them. When you enable federation sharing, all interorganizational communication is sent through
your organization’s Exchange Server 2010 servers. This traffic is transparent to the messaging clients so
that federated sharing works with any client that can connect to Exchange Server 2010, including Microsoft
Outlook Web Access, Outlook 2003, Outlook 2007, and Outlook 2010.
Note:
FEDERATION GATEWAY
For more information about the Federation Gateway, see http://msdn.microsoft.com/en-us/library/cc287610.
aspx. For information about how to connect to and use the Federation Gateway, see http://msdn.microsoft.
com/en-us/library/dd164396.aspx.
Federated Sharing Requirements
To implement federated sharing, you need to establish and configure the following components in
Exchange Server 2010:
A federation trust A federation trust configures the Federation Gateway as a federation partner with the
Exchange Server organization, which enables Exchange Server 2010 Web Services on the Client Access
servers to validate all Federation Gateway authentication requests. You establish a federation trust by
submitting your organization’s public key and a valid X.509 certificate issued by a Certificate Authority (CA)
trusted by Windows Live Domain Services to the Federation Gateway and downloading the Federation
Gateway public key and certificate.
An organization identifier An organization identifier defines what authoritative domains in an Exchange
organization are available for federation. If your organization supports multiple SMTP domains, you can
include one or all of your domain names in your organization identifier. Users can participate in Federated
Sharing only if they have email addresses in the domains that you configure with the organization identifier.
The first domain you specify with the organization identifier is known as the account namespace. Federation
Gateway creates federated user identifiers within this namespace when the Client Access server requests a
delegation token for a user. This process is transparent to the Exchange Server organization.
Create a new organisational relationship
To enable free/busy sharing between two cloud-based organisations, run the following command:
Get-FederationInformation -DomainName <the other cloud-based organization> | New-

OrganizationRelationship -Name <the other tenant domain> -FreeBusyAccessEnabled $true -
FreeBusyAccessLevel LimitedDetails
Here's an example of what the command would look like in the Contoso scenario, where the administrator
for the Contoso organisation configures an organisational relationship with Fabrikam College:
Get-FederationInformation -DomainName fabrikam.edu | New-OrganizationRelationship -Name Fabrikam -

FreeBusyAccessEnabled $true -FreeBusyAccessLevel LimitedDetails
QUESTION 19
You have an Exchange Server 2010 Service Pack l (SP1) organization. Corporate security policy states that
the members of a security group named Legal must be able to search all mailbox content in the
organization.
You plan to add the Legal group to an another security group that has the required permissions.
You need to identify which group must be used to meet the requirement of the security policy.
Which group should you identify?
To answer, select the appropriate group in the answer area.

Answer:
The Discovery management is the correct answer
QUESTION 20
Your network contains four Active Directory sites. The sites are configured as shown in the following table.
You plan to deploy a new Exchange Server 2010 Service Pack l (SP1) organization named fabrikam.com.
You plan to deploy Mailbox servers to the New York site and the Montreal site.
Support users who use Outlook Web App to access their mailbox from the Internet through Montreal.
Support users who use Outlook Anywhere to access their mailbox from the Internet through Montreal.
Minimize the number of Exchange server roles deployed.
Where should you deploy the Client Access servers?
To answer, click on the sites where the client access servers should be.
Answer:
QUESTION 21
Your network contains an Active Directory domain named contoso.com. The domain contains a single
Active Directory site. The network contains a server named Server1 that runs Exchange Server 2003.
Server1 uses forms-based authentication for Outlook Web Access (OWA).
Users access OWA from the corporate network and from the Internet by using the URL https://owa.contoso.
com/exchange.
You plan to deploy a server named Server2 to the current Exchange organization. Server2 will run
Exchange Server 2010 Service Pack 1 (SP1) and will have the following server roles installed:
Mailbox
Client Access
Hub Transport
During the next three months, you plan to move the users to Server2.
You need to recommend changes to the Exchange organization to ensure that all of the users can access
OWA and Outlook Web App by using https://mail.contoso.com/owa.
Which changes should you recommend?
To answer, drag the appropriate changes to the correct location or locations in the answer are
Answer:
I am not sure on this question however I do feel that you will need to the following
Change the URL on the Exchange 2003 Server and replace the Certificate.
As I read the question you plan to deploy server 2? That tells me it is not deployed so what is there to
configure?
QUESTION 22
Your network contains an Active Directory domain named litwareinc.com. The domain contains two sites
named Montreal and Toronto. Only Toronto has a direct connection to the Internet.
The network contains an Exchange Server 2010 Service Pack 1 (SP1) organization that has two Client
Access servers in each site. Each site contains an internal load balancing solution and an external load
balancing solution.
The relevant host records for the load balancing solutions are configured as shown in the following table.
The company uses a split DNS zone.
You need to identify which internal URLs and external URLs must be configured for Outlook Web App in
both sites.
Which URLs should you identify?
Answer:
QUESTION 23
functional level of the forest is set to Windows 2000 native. You have an Exchange organization that
contains Exchange Server 2003 Service Pack 2 (SP2) and Exchange Server
2007 Service Pack 2 (SP2) servers.
You plan to transition the organization to Exchange Server 2010. You need to prepare Active Directory for
the installation of the first Exchange Server 2010 server.
What should you do?

source files.
Answer: A
QUESTION 24
Office Outlook 2007 Service Pack 2 (SP2) and Windows 7.
Your company’s security administrators deploy Outlook Protection Rules. You need to recommend a client
connection solution for the organization to ensure that Outlook Protection Rules can be used.
A. Upgrade all client computers to Outlook 2010.

B. Instruct all users to connect to Outlook Web App (OWA).
C. Instruct all users to install the Rights Management Service (RMS) client.
D. Instruct all users to install the Secure/Multipurpose Internet Mail Extensions (S/MIME) control.
Answer: A
QUESTION 25
A. Help Desk
Answer: D
Server Management - Administrators who are members of the Server Management role group have
administrative access to Exchange 2010 server configuration. They don't have access to administer
Exchange 2010 recipient configuration.
QUESTION 26
You have an Exchange Server 2010 organization. Your companys security policy states that users must not
be able to encrypt e-mail messages by using Outlook Web App (OWA).
You need to recommend a client access solution that meets the requirements of the security policy.
A. managed folder mailbox policies

B. multiple OWA virtual directories
C. OWA segmentation
D. WebReady Document Viewing
Answer: C
QUESTION 27
What should you do?
A. Enable sender filtering

B. Enable Sender ID filtering
C. Configure a custom MailTip
D. Configure safelist aggregation
Answer: D
Safelist Aggregation
In Microsoft Exchange Server 2007, the term safelist aggregation refers to a set of anti-spam functionality
that is shared across Microsoft Office Outlook and Microsoft Exchange. This functionality collects data from
the anti-spam Safe Recipients Lists or Safe Senders Lists and contact data that Outlook users configure,
and makes this data available to the anti-spam agents on the computer that has the Edge Transport server
role installed.
Safelist aggregation can help reduce the instances of false-positives in anti-spam filtering that is performed
by the Edge Transport server. When you configure safelist aggregation, the Content Filter agent passes
safe e-mail messages to the organization's mailbox without additional processing. E-mail messages that
Outlook users receive from contacts that those users have added to their Outlook Safe Recipients List or
Safe Senders List or have trusted are identified by the Content Filter agent as safe. An Outlook contact is a
person, inside or outside the user's organization, about whom the user can save several types of
information, such as e-mail and street addresses, telephone and fax numbers, and Web page URLs.
Safelist aggregation can help reduce the instances of false-positives in anti-spam filtering that is performed
by the Edge Transport server. A false-positive is a positive test or filter result that is in a subject or body of
data that does not possess the attribute for which the filter or test is being conducted. In the context of
spam filtering, a false-positive occurs when a spam filter incorrectly identifies a message from a legitimate
sender as spam.
For organizations that filter hundreds of thousands of messages from the Internet every day, even a small
percentage of false-positives means that users might not receive many messages that were identified
incorrectly as spam and therefore were quarantined or deleted.
Safelist aggregation can be the most effective way to reduce false-positives. Outlook 2003 and the next
release of Outlook, which is included in Office 2007, let users create Safe Senders Lists. Safe Senders
Lists specify a list of domain names and e-mail addresses from which the Outlook user wants to receive
messages. By default, e-mail addresses in Outlook Contacts and in the Exchange Server global address list
are included in this list. By default, Outlook adds all external contacts to which the user sends mail to the
Safe Senders List.
Information Stored in the Outlook User's Safelist Collection
A safelist collection is the combined data from the user's Safe Senders List, Safe Recipients List, Blocked
Senders List, and external contacts. This data is stored in Outlook and in the Exchange mailbox. The
following types of information are stored in an Outlook user's safelist collection:
Safe senders and safe recipients - The P2 From: field of the e-mail message indicates a sender. The To:
field of the e-mail message indicates a recipient. Safe senders and safe recipients are represented by full
Simple Mail Transfer Protocol (SMTP) addresses, such as masato@contoso.com. Outlook users can add
senders and recipients to their safe lists.
Safe domain - The domain is the part of an SMTP address that follows the @ symbol. For example,
contoso.com is the domain in the masato@contoso.com address. Outlook users can add sending domains
to their safe lists.
External contacts - Two types of external contacts can be included in the safelist aggregation. The first
type of external contact includes contacts to whom Outlook users have sent mail. This class of contact is
added to the Safe Senders List only if an Outlook user selects the corresponding option in the Junk E-mail
settings in Outlook 2003 or Exchange Server 2007.
The second type of external contact includes the users' Outlook contacts. Users can add or import these
contacts into Outlook. This class of contact is added to the Safe Senders List only if an Outlook user selects
the corresponding option in the Junk E-mail Filter settings in Outlook 2003 or Outlook 2007.
How Exchange Uses the Safelist Collection
The safelist collection is stored on the user's mailbox server. A user can have up to 1,024 unique entries in
a safelist collection.
In earlier versions of Exchange Server, the user's mailbox server accessed the safelist collection during
spam filtering to allow e-mail from senders on the Safe Senders List to pass through.
In Exchange Server 2007, the safelist collection is stored on the user's mailbox, but you can push it to the
Active Directory directory service, where the safelist collection is stored on each user object. When the
safelist collection is stored on the user object in Active Directory, the safelist collection is aggregated with
the anti-spam functionality of Exchange Server 2007 and is optimized for minimized storage and replication
so that the Edge Transport server can process the safelist aggregation. The Content Filter agent on the
Edge Transport server can access the safelist collection for each recipient. EdgeSync replicates the safelist
collection to the Active Directory Application Mode (ADAM) instance on the Edge Transport server.
Note
Safelist collection entries are one-way hashed (SHA-256) before they are stored in Active Directory. This
minimizes storage and replication size, and it renders the safelist collections unreadable by malicious users.
Hashing of Safelist Collection Entries
The safelist collection entries are hashed (SHA-256) one way before they are stored as array sets across
two user object attributes, msExchangeSafeSenderHash and msExchangeSafeRecipientHash, as a binary
large object. When data is hashed, an output of fixed length is produced; the output is also likely to be
unique. For hashing of safelist collection entries, a 4-byte hash is produced. When a message is received
from the Internet, Exchange Server hashes the sender address and compares it to the hashes that are
stored on behalf of the Outlook user to whom the message was sent. If an inbound hash matches, the
message bypasses content filtering.
One-way hashing of safelist collection entries performs the following important functions:
It minimizes storage and replication space. Most of the time, hashing reduces the size of the data that is
hashed. Therefore, saving and transmitting a hashed version of a safelist collection entry conserves
storage space and replication time. For example, a user who has 200 entries in his or her safelist
collection would create about 800 bytes of hashed data that is stored and replicated in Active Directory.
It renders user safelist collections unusable by malicious users. Because one-way hash values are
impossible to reverse-engineer into the original SMTP address or domain, the safelist collections do not
yield usable e-mail addresses for malicious users who might compromise an Edge Transport server.
Enabling Safelist Aggregation
You can enable safelist aggregation by running the Exchange Management Shell Update-SafeList
command on a user's mailbox. The Update-SafeList command reads the safelist collection from the user's
mailbox, hashes each entry, sorts the entries for easy search, and then converts the hash to a binary
attribute. Finally, the Update-SafeList command compares the binary attribute that was created to any value
that is stored on the attribute. If the two values are identical, the Update-SafeList command does not update
the user attribute value with the safelist aggregation data. If the two attribute values are different, the
Update-SafeList command updates the safelist aggregation value. This logic, where the binary values are
compared before updates, is intended to significantly minimize resource use on Active Directory replication.
Periodic use of Update-Safelist ensures that the most up-to-date safelist aggregation is in Active Directory.
To make the safelist aggregation data in Active Directory available to Edge Transport servers in the
perimeter network, you must install and configure the EdgeSync tool so that the safelist aggregation data is
replicated to the Active Directory Application Mode (ADAM) instance on the Edge server.
QUESTION 28
You have an Exchange Server 2010 organization. You plan to delegate Exchange administrative rights to
some users in the organization. You need to recommend a solution that tracks all changes made to the
Exchange organization.
A. administrator audit logging

B. circular logging
C. diagnostic logging
D. Windows Security Auditing
Answer: A
You can use administrator audit logging in Microsoft Exchange Server 2010 to log when a user or
administrator makes a change in your organization. By keeping a log of the changes, you can trace
changes to the person who made the change, augment your change logs with detailed records of the
change as it was implemented, comply with regulatory requirements and requests for discovery, and more.
By default, audit logging is enabled in new installations of Microsoft Exchange Server 2010 Service Pack 1
(SP1).
QUESTION 29
Group1. You plan to deploy a monitoring solution for the Exchange servers in your organization. You need
to recommend a solution that allows members of Group1 to monitor the
performance of Exchange Server 2010 servers. Your solution must prevent members of Group1 from
modifying the configurations of the Exchanges Server 2010 organization.

Answer: D
QUESTION 30
Your company has a main office and 10 branch offices. You have an Exchange Server 2010 organization.
All Exchange servers are installed on virtual machines. You need to create a monitoring plan for the
Exchange servers that meets the following requirements:
Identify Exchange server errors Provide alerts when Exchange services are stopped Produce statistical
analysis and reporting.
Which tool should you include in the plan?
A. Microsoft System Center Service Manager

B. Microsoft System Center Operations Manager
D. Microsoft System Center Virtual Machine Manager
Answer: B
System Center Operations Manager 2007 R2, Microsoft’s end-to-end service-management product, is your
best choice for Windows environments. It works seamlessly with Microsoft infrastructure servers, such as
Windows Server, and application servers, such as Microsoft Exchange, helping you to increase efficiency
while enabling greater control of the IT environment.
http://www.microsoft.com/en-us/server-cloud/system-center/operations-manager.aspx
QUESTION 31
Your network consists of an Active Directory domain that contains the domain controllers shown in
the following table.
You plan to deploy an Exchange Server 2010 server in each site. You need to recommend changes to the
domain controllers to support the installation of Exchange Server 2010.
What should you do?

Answer: A
QUESTION 32
Your company has a main office and 50 branch offices. Each office is configured as an Active Directory
site.
Each branch office site contains a domain controller. The main office site contains all the global catalog
servers in the forest. Each branch office contains a WAN link that connects to the main office.
You need to plan the deployment of new Mailbox servers to meet the following requirements:
Ensure that users in the branch offices can access their mailboxes if their local domain controller fails
Deploy the minimum number of Exchange servers
A. One Mailbox server in each office and global catalog servers in each branch office
B. One Mailbox server in each office and Universal Group Membership Caching in each branch office
C. One Mailbox server in each branch office only
D. Multiple Mailbox servers in the main office only
Answer: D
As the main office contains all the Global Catalog Servers and each branch office connects to the main
office via a WAN link you should place your mailbox servers in the main office only
QUESTION 33
Your Exchange Server 2010 organization contains two Hub Transport servers in a single site.
The organization receives all e-mail sent to a SMTP domain named contoso.com. Your company purchases
another company that uses a SMTP domain named fabrikam.com.
You need to recommend changes to the organization to support the planned deployment. The solution must
prevent e-mail sent to fabrikam.com from being delivered to your internal organization.
Answer: C
QUESTION 34

A. journal rules
B. managed folders
Answer: C
QUESTION 35
You have an Exchange Server 2010 organization. Your company’s legal department sends compliance e-
The company’s compliance policy includes the following requirements:
You need recommend a solution to meet the compliance policy requirements. What should you
recommend?
A. journal rules
B. message tracking
D. transport rules
Answer: A
QUESTION 36
You need to recommend a solution to meet the security policy. What should you recommend?

Answer: A
QUESTION 37
the organization. The solution must minimize the number of permissions assigned to the Help Desk group.
A. Mail Recipients
Answer: A
The Mail Recipients management role enables administrators to manage existing mailboxes, mail
users, and mail contacts in an organization. This role can't create these recipients. Use the Mail
Recipient Creation role to create them.
This role type doesn't enable you to manage mail-enabled public folders or distribution groups. Use the
following roles to manage these objects:
Mail Enabled Public Folders Role

Distribution Groups Role
If your organization has a split permissions model where recipient creation and management are performed
by different groups, assign the Mail Recipient Creation role to the group that performs recipient
creation and the Mail Recipients role to the group that performs recipient management.
QUESTION 38
You need to plan a message hygiene solution that meets the following requirements:
Spoofing must be minimized

Open SMTP relays must be added to IP block lists automatically
A. Sender ID filtering and recipient filtering

B. Sender ID filtering and sender reputation
C. sender filtering and recipient filtering
D. sender reputation and recipient filtering
Answer: B
inbound message.
called spoofing. A spoofed mail is an e-mail message that has a sending address that was modified to
appear as if it originates from a sender other than the actual sender of the message.
Sender reputation is anti-spam functionality that's enabled on computers that have the Microsoft Exchange
Server 2010 Edge Transport server role installed to block messages according to many characteristics of
the sender. Sender reputation relies on persisted data about the sender to determine what action, if any, to
take on an inbound message.
QUESTION 39
Your network contains an Exchange Server 2010 server.
You need to plan a mailbox sharing solution for the organization to meets the following requirements:
Ensure that assistants can read and modify the e-mail messages of their managers
Ensure that assistants can impersonate their managers when they send e-mail messages
A. Full Access and Send As permissions

B. Full Access and send on behalf of permissions
C. Role Based Access Control (RBAC) assignments and Send As permissions
D. Role Based Access Control (RBAC) assignments and send on behalf of permission
Answer: A
QUESTION 40
Exchange ActiveSync
What should you do?
that contains the CAS1.contoso.com and CAS2.contoso.com names
Answer: A
QUESTION 41

B. Domain Security
Answer: B
Domain Security refers to the set of functionality in Microsoft Exchange Server 2010 and Microsoft Office
Outlook 2007 that provides a relatively low-cost alternative to S/MIME or other message-level security
solutions. The purpose of the Domain Security feature set is to provide administrators a way to manage
secured message paths over the Internet with business partners. After these secured message paths are
configured, messages that have successfully traveled over the secured path from an authenticated sender
are displayed to users as Domain Secured in the Outlook and Microsoft Office Outlook Web App interface.
Domain Security uses mutual Transport Layer Security (TLS) authentication to provide session-based
authentication and encryption. Mutual TLS authentication differs from TLS as it's usually implemented.
Typically, when TLS is implemented, the client verifies that the connection securely connects to the
intended server by validating the server's certificate. This is received as part of TLS negotiation. In this
scenario, the client authenticates the server before the client transmits data. However, the server doesn't
authenticate the session with the client.
With mutual TLS authentication, each server verifies the connection with the other server by validating a
certificate that's provided by that other server. In this scenario, where messages are received from external
domains over verified connections in an Exchange 2010 environment, Outlook 2007 displays a Domain
Secured icon.
http://technet.microsoft.com/en-us/library/bb266978(EXCHG.80).aspx
QUESTION 42
Your company has an Active Directory forest named contoso.com. You plan to deploy an Exchange Server
2010 organization that will contain two servers. Each server will have the Client Access server role, the Hub
Transport server role, and the Mailbox
server role installed.
You plan to add both servers to a database availability group (DAG).
You need to recommend a high-availability solution for the Client Access server role. Your solution must
ensure that users are not prompted to authenticate if a Client Access server becomes unavailable.
A. Create and configure a Client Access server array, and then install a hardware load balancer.
B. Create and configure a Client Access server array, and then install Windows Network Load Balancing
on both servers.
C. Deploy Microsoft Internet Security and Acceleration (ISA) Server 2006, and then implement DNS round
robin.
D. Deploy Microsoft Internet Security and Acceleration (ISA) Server 2006, and then install Windows
Network Load Balancing.
Answer: A
Windows Network Load Balancing
Windows Network Load Balancing (WNLB) is the most common software load balancer used for Exchange
servers. There are several limitations associated with deploying WNLB with Microsoft Exchange.
WNLB can't be used on Exchange servers where mailbox DAGs are also being used because WNLB
is incompatible with Windows failover clustering. If you're using an Exchange 2010 DAG and you
want to use WNLB, you need to have the Client Access server role and the Mailbox server role
running on separate servers.
Due to performance issues, we don't recommend putting more than eight Client Access servers in an array
that's load balanced by WNLB.
WNLB doesn't detect service outages. WNLB only detects server outages by IP address. This means if a
particular Web service, such as Outlook Web App, fails, but the server is still functioning, WNLB won’t
detect the failure and will still route requests to that Client Access server. Manual intervention is required to
remove the Client Access server experiencing the outage from the load balancing pool.
WNLB configuration can result in port flooding, which can overwhelm networks.
Because WNLB only performs client affinity using the source IP address, it's not an effective solution when
the source IP pool is small. This can occur when the source IP pool is from a remote network subnet or
when your organization is using network address translation.
Hardware Load Balancing
If you have more than eight Client Access servers in a single Active Directory site, your organization will
need a more robust load balancing solution. Although there are robust software load balancing solutions
available, a hardware load balancing solution provides the most capacity. For more information about
Exchange 2010 server load balancing solutions, see Microsoft Unified Communications Hardware Load
Balancer Deployment.
Hardware load balancers support very high traffic throughput and can be configured to load balance in
many ways. Most hardware load balancer vendors have detailed documentation about how their product
works with Exchange 2010. The simplest way to configure hardware load balancers is to create a fallback
list of the affinity methods that will be applied by the load balancer. For example, the load balancer will try
cookie-based affinity first, then SSL session ID, and then source IP affinity.
QUESTION 43
You have an Exchange Server 2010 organization. The network contains two Mailbox servers that are
configured in a database availability group (DAG).
You plan to implement a disaster recovery solution.
You need to recommend a solution that ensures that the active mailbox database copy is unaffected by the
backup process. You want to achieve this goal while minimizing costs.
A. Windows Server Backup

B. Network Attached Storage (NAS) snapshots
D. Microsoft System Center Data Protection Manager
Answer: D
QUESTION 44
You deploy multiple Mailbox servers. Each Mailbox server contains a copy of a mailbox database named
DB1. You need to recommend a solution that allows administrators to remove corrupt messages that have
been replicated before the corrupt messages are applied to each copy of
DB1.
A. Modify log truncation.

B. Enable circular logging.
C. Implement lagged copies.
D. Configure shadow redundancy.
Answer: C
A lagged mailbox database copy is a mailbox database copy configured with a replay lag time value greater
than 0. Activating and recovering a lagged mailbox database copy is a simple process if you want the
database to replay all log files and make the database copy current. If you want to replay log files up to a
specific point in time, it's a more difficult operation because you have to manually manipulate log files and
run Eseutil.
QUESTION 45
and Server2. Server1 and Server2 have the Mailbox server role and the Hub Transport server role installed.

A. On Server1 and Server2, install the Client Access server role. Implement failover clustering.
B. On Server1 and Server2, install the Client Access server role. Configure network interface card (NIC)
teaming on each server.
C. Deploy two new Client Access servers. Implement load balancing by using DNS round robin. Create a
Client Access server array.
D. Deploy two new Client Access servers. Implement load balancing by using a Windows Network Load
Balancing cluster. Create a Client Access server array.
Answer: D
QUESTION 46
Office Outlook.
You start to transition the organization to new Exchange Server 2010 servers. The new servers are on a
secured subnet that is separated by a firewall. You will move half of the mailboxes to the new servers.
Client Access servers and Mailbox servers are on the secured subnet. Client computers on the network can
access the Client Access servers.
You need to recommend a solution that allows users to connect to Public Folders by using Outlook or
A. Public Folder referrals and forms-based authentication

B. Public Folder referrals and HTTP connections to the Mailbox servers
C. Public Folder replicas and MAPI connections to the Mailbox servers
D. Public Folder replicas and WebReady Document Viewing
Answer: C
QUESTION 47
Your network consists of an Active Directory forest that contains two sites named Site1 and Site2.
From the Internet, users can only access servers in Site1.
You have an Exchange Server 2007 organization. Each site contains servers that run the Client Access
server role, the Mailbox server role, and the Hub Transport server role.
You need to recommend the server role that you must transition first to Exchange Server 2010.
Your solution must provide the least amount of downtime for users in the organization.
Which servers should you transition first?
A. the Client Access servers in Site1

B. the Client Access servers in Site2
C. the Hub Transport servers in Site1
D. the Hub Transport servers in Site2
Answer: A
QUESTION 48
Your network contains two Active Directory sites named Site1 and Site2. Only Site1 can be accessed from
the Internet.
Prevent authentication prompts from displaying when users connect to OWA by using domainjoined
What should you do?
Answer: D
QUESTION 49
You have an Exchange Server 2010 organization. The e-mail addresses for the organization are configured
as shown in the following table.
contoso.com. Users in contoso.com must be able to send e-mail messages to users in fabrikam.com by
using the address format alias@fabrikam.com.

Answer: A
QUESTION 50
A corporate environment will include Exchange Server 2010.
You need to recommend a solution that allows point-in-time recovery of the mailbox databases.
A. Disable circular logging.

B. Configure the transport dumpster.
C. Use lagged database copies.
D. Use highly available database copies.
Answer: C
The concept of lagged database copies was introduced in Exchange 2007, implemented using Standby
Continuous Replication (SCR). With SCR, we can delay the time when the logs have to be replayed to the
SCR target. There is also the option of specifying truncation lag time, the option which allows us to delay the
time before the log files are truncated. The maximum lag time for both the options is 7 days in Exchange
2007.
With Exchange 2010 DAG, the lag time for both replaying and deleting the logs have been increased to 14
days. This is good if your company wants to go backup-less. Of course, the company has to be aware of
the risk of going without backups, as lagged database copies can’t be a solution for all recovery/restore
issues.
The two parameters you need to know are ReplayLagTime and TruncationLagTime. The ReplayLagtime
parameter specifies the amount of time that the Exchange Replication Service should wait before replaying
log files that have been copied to the database copy location. The format for this parameter is Days.Hours:
Minutes:Seconds. The default value is zero seconds.
The TruncationLagTime parameter specifies the amount of time that Exchange Replication Service should
wait before truncating the log files that have replayed into a database copy. The time period begins after the
log has been successfully replayed into the database copy. The format for this parameter is Days.Hours:
Minutes:Seconds.
The lag times can be configured either while setting up the database copy (Add-MailboxDatabaseCopy) or
after setting up (Set-MailboxDatabaseCopy).
For example, in order to setup the database copy of mailbox database MD1 to server Server1 with a replay
lag time of 12 hours, run Add-MailboxDatabaseCopy –identity “MD1” –MailboxServer “Server1” –
ReplayLagTime 12:00:00
http://www.howexchangeworks.com/2010/02/lagged-database-copies-in-exchange-2010.
html
QUESTION 51
Remote users connect to the organization by using Microsoft Outlook 2010.
Your network includes four servers. The servers are configured as shown in the following table.
You create a Hosts file on Server3 and Server4 that contains the IP addresses and server names of
Server1 and Server2.
You need to recommend which DNS records must be created to meet the following requirements:

What should you do?
To answer, drag the appropriate DNS records to the correct DNS zone in the answer area.
Answer:
This solution makes no sense and certainly does not meet the requirements of the Question.

To support load balancing of the edge servers you will need to create external MX records for both Edge
Servers - this will also insure that email can be received if a single edge server fails.
To support Edge Subscriptions you will need to create A records on the internal network.
Exam J
QUESTION 1
You need to plan a solution to prevent sensitive information from being forwarded on the Internet.
A. a custom Send connector

B. custom MailTips
C. Role Based Access Control (RBAC) role entries
Answer: D
QUESTION 2
You have an Exchange Server 2010 organization. Your company’s security policy states that only approved
mobile devices can connect by using Exchange ActiveSync.
You need to implement a solution that prevents specified mobile devices from connecting to the Exchange
servers.
What should you implement?
A. a new client throttling policy

B. a new Exchange ActiveSync device access role
C. a new Exchange ActiveSync policy
D. a new Microsoft Server ActiveSync virtual directory
Answer: C
Allow or disallow a non-provisionable devices is a policy that can be set with the active policy
QUESTION 3
Web App (OWA).
Your company’s compliance policy states the following:
All e-mail messages that contains customer contracts must be stored for three years

Answer: D
In Microsoft Exchange Server 2010, messaging records management (MRM) is performed by using
retention tags and retention policies. A retention policy is a group of retention tags that can be applied to a
mailbox. Managed folders, the MRM technology introduced in Exchange Server 2007, are supported for
interoperability.
A mailbox that has a managed folder mailbox policy applied can be migrated to use a retention policy. To
do so, you must create retention tags that are equivalent to the managed folders linked to the user's
managed folder mailbox policy.
Unlike managed folders, which require users to move items to a managed folder based on retention
settings, retention tags can be applied to a folder or an individual item in the mailbox. This process has
minimal impact on the user's workflow and e-mail organization methods. When a folder has retention tags
applied, all items in that folder inherit the retention settings. Users can further specify retention settings by
applying different retention tags to individual items in that folder.
Managed folders support different managed content settings for a folder, each with a different message
class (such as e-mail items or calendar items). Retention tags don't require a separate managed content
settings object because the retention settings are specified in the tag's properties. It isn't supported to
create retention tags for particular message classes. Retention tags also don't allow you to use journaling
(which is performed by the Managed Folder Assistant).
The following table compares the MRM functionality available when using retention tags or managed
folders.
Retention tags vs. managed folders
Use the Shell to migrate mailbox users from managed folders
For the following procedures, Contoso mailboxes have a managed folder mailbox policy applied containing
the following managed folders.
Managed folders for Contoso
The following are general steps for migrating users from this managed folder mailbox policy to a retention
policy. Each step is detailed later in this topic:
Create retention tags for the migration.
Create a retention policy and link the newly created retention tags to the policy.
Apply the retention policy to user mailboxes.
QUESTION 4
Your network contains an internal network and a perimeter network. The internal network contains an Active
Directory forest. The forest contains a single domain.
You plan to deploy 10 Edge Transport servers on the perimeter network.

You need to recommend a solution for the Edge Transport server deployment.
Allow administrators to apply a single security policy to all Edge Transport servers
Reduce the administrative overhead that is required to manage servers
A. Implement Network Policy and Access Services (NPAS).

C. Create a new Active Directory domain in the internal forest and then join all Edge Transport servers to
the new domain.
D. Create an Active Directory forest in the perimeter network and then join all Edge Transport servers to
the new domain.
Answer: D
Pass4sure had A as the correct answer however I believe the correct answer is D
The Edge Transport Server role in Exchange Server 2007 is designed to be installed in your organization’s
perimeter network (aka DMZ or screened subnet). The Edge Transport Server is the only Exchange 2007
server role that should not be part of your corporate Active Directory on your internal network; it should
instead be installed on a stand-alone server in a workgroup or as a domain member in an Active Directory
dedicated to servers located in the perimeter network as shown in Figure 1.
Figure 1: Typical Edge Transport Server Deployment Scenario
Although the Edge Transport Server role is isolated from Active Directory on the internal corporate
production network, it is still able to communicate with the Active Directory by making use of a collection of
processes known as EdgeSync that run on the Hub Transport Server and which, since it is part of the
Active Directory, have access to the necessary Active Directory data. The Edge Transport server uses
Active Directory Application Mode (ADAM) to store the required Active Directory data, which is data such as
Accepted Domains, Recipients, Safe Senders, Send Connectors and a Hub Transport server list (used to
generate dynamic connectors so that you do not need to create them manually).
It is important to understand that the EdgeSync replication is encrypted by default, and that the replication is
a one-way process from Active Directory to Active Directory Application Mode (ADAM), this means that no
data is replicated from ADAM to AD.
The first time EdgeSync replication occurs, the ADAM store is populated, and after that data from Active
Directory is replicated at fixed intervals. You can specify the intervals or use the default settings, which
when speaking configuration data is every hour and every 4th hour for recipient data.
http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-
exchange-2007-edge-transport-server-part1.html
QUESTION 5
You have an Exchange Server 2010 organization. Company policy states that a copy of user’s mailbox
must be kept for one year after the user leaves the company.
All user accounts are in an organizational unit (OU) named OU1.
A compliance administrator plans to export the mailboxes to personal folders.
the company policy.

B. delegated perimeters to OU1
D. new personal Archives
Answer: A
A management role assignment policy is a collection of one or more end-user management roles that
enables end users to manage their own Microsoft Exchange Server 2010 mailbox and distribution group
configuration. Role assignment policies, which are part of the Role Based Access Control (RBAC)
permissions model in Exchange 2010, enable you to control what specific mailbox and distribution group
configuration settings your end users can modify. Different groups of users can have role assignment
policies specialized to them.
QUESTION 6
You have an Exchange Server 2010 organization. The company has ten departments. All Active Directory
user objects are located in a separate organizational unit (OU) for each department. Each user belongs to a
separate Exchange distribution group for each department.
You need to plan the assignment of administrative rights for organization. The plan must meet the following
requirements:
Managers of all departments must be prevented from charging the mail flow settings or e-mail address
of a group
Managers of all departments must be able to change the distribution group membership of their
respective departments
A. For each department distribution group, modify the Managed By settings.

B. For each department distribution group, modify the message moderation settings.
C. For each department manager, assign the MyDistributionGroupMembership management role.
D. On each departmental OU, assign the department manager the Charge permissions for group objects.
Answer: C
The MyDistributionGroupMembership management role enables individual users to view and modify
their membership in distribution groups in an organization, provided that those distribution groups allow
manipulation of group membership.
This management role is one of several built-in roles in the Role Based Access Control (RBAC)
permissions model in Microsoft Exchange Server 2010. Management roles, which are assigned to one or
more management role groups, management role assignment policies, users, or universal security groups
(USG), act as a logical grouping of cmdlets or scripts that are combined to provide access to view or modify
the configuration of Exchange 2010 components, such as mailboxes, transport rules, and recipients. If a
cmdlet or script and its parameters, together called a management role entry, are included on a role, that
cmdlet or script and its parameters can be run by those assigned the role. For more information about
management roles and management role entries, see Understanding Management Roles.
QUESTION 7
You have an Exchange Server 2010 organization that has Active Directory Rights Management Services
(AD RMS) installed.
You need to recommend a messaging security solution that meets the following requirements:
Ensures that disclaimers can be applied to all e-mail messages

Ensures that all e-mail messages sent from the legal department cannot be printed
A. Journal Report Decryption

B. Retention policies
C. Secure/Multipurpose Internet Mail Extensions (S/MIME)
Answer: D
QUESTION 8
You have an Exchange Server 2010 organization. You plan to deploy two new Mailbox servers. Both
Mailbox servers will be members of a database availability group (DAG).
You need to recommend a hard-disk configuration for the new servers. Your recommendation must meet
the following requirements:
Minimize write performance

Prevent a switchover if a single disk fails
Which disk configuration should you recommend?
A. RAID 0 array
B. RAID 1 array
C. RAID 5 array
D. RAID 10 array
Answer: D
QUESTION 9
A. Create an Active Directory site for each office. Deploy two global Catalog servers in each site.
B. Create an Active Directory site for each office. Deploy a single domain controller in each site, and then
enable site link bridging.
C. Create an Active Directory site for all of the offices. Deploy a global catalog server and a read only
domain controller in each site.
D. Create an Active Directory site for all of the offices. Deploy a global catalog server and two read only
global catalog servers in each site.
Answer: A
QUESTION 10
You plan to deploy Exchange Server 2010 on your network.
You plan to deploy the servers configured as shown in the following table.
You need to recommend a solution to deploy Mailbox servers. The solution must meet the following
requirements:
Maintain redundancy if a single disk fails

Maintain redundancy if a single server fails
A. Deploy two Mailbox servers. Configure each server to have a RAID 5 array.
B. Deploy a two-node Network Load Balancing cluster. Configure each server to have a RAID 5 array.
C. Deploy a database availability group (DAG) that contains three members. Configure each member to
use JDCO
D. Deploy a three-node Network Load Balancing cluster. Configure each server to connect to a Fiber
Channel (FC) Storage Area Network.
Answer: C
Pass4Sure had A as the correct answer - I do not feel this is correct and I believe C is the best answer
QUESTION 11
Your network contains two subnets named Subnet1 and Subnet2. Subnet1 contains all company servers.
Subnet2 contains all client computers. Subnet1 and Subnet2 are separated by a firewall.
Some client computers connect by using Outlook Any where and some client computers connect by using
MAP1.
You plan to deploy the Exchange Server 2010 servers shown in the following table.
You need to ensure that users can access their mailboxes and public folders by using Microsoft Office
Outlook.
What should you configure on the firewall?
A. Open TCP ports, 80, 443, 135 and 1024 to 65535 from the client subnet to Server3. Open TCP port 25
to Server3.
B. Open TCP ports 80, 135 and 1024 to 65535 from the client subnet to Server1. Open TCP port 25 to
Server2.
C. Open TCP ports 80 and 443 from the client subnet to Server3. Open TCP port 1024 to 65535 from the
client subnet to Server1.
D. Open TCP ports 441, 135, and 1024 to 65535 from the client subnet to Server1. Open TCP ports 135
and 1024 to 65535 from the subnet to server 3
Answer: C
QUESTION 12
Your company has a Active Directory forest. The forest contains two sites named Site1 and Site2.
You plan to deploy Exchange Server 2010 servers in both sites.
You need to plan a high availability subnet for the Mailbox servers that meets the following requirements:

Users must be able to access their mailboxes remotely if a single site becomes unavailable
A. Deploy two Mailbox servers in each site. Install and configure continuous cluster replication (CCR).
B. Deploy one Mailbox server in Site1 and one Mailbox server in Site2. Install and configure continuous
cluster replication (CCR).
C. Deploy one Mailbox server in Site1 and one Mailbox server in Site2. Install and configure continuous
cluster replication (CCR).
D. Deploy two mailbox servers in each site. Create two database availability groups (DAGs) named DAG1
and DAG2. Add the Mailbox server from Site1 to DAG1 and the Mailbox servers from Site2 to DAG2.
Answer: C
Pass4Sure had C as the correct answer and it looks like it is possible based on the following info however I
did find this blurb
CCR cluster nodes could be located in separate datacenters in order to provide site-level redundancy, but
since CCR was not developed with site resiliency in mind, there were too many complexities involved with a
multi-site CCR cluster solution (for details on multi-site CCR cluster deployment take a look at a previous
article series of mine). This made the Exchange Product group think about how they could provide a built-in
feature geared towards offering site resilience functionality with Exchange 2007.
http://www.msexchange.org/articles_tutorials/exchange-server-2010/high-availability-recovery/uncovering-
exchange-2010-database-availability-groups-dags-part1.html
I really think that D is the better answer for this question
Exchange 2007 introduced LCR, CCR, SCC and SCR

LCR (local continuous replication) this was mainly used for small business who wanted to replicate a copy
of their Exchange database to another disk on the same server.
SCC (Single copy cluster) was what I would call a traditional Exchange cluster which used shared storage
to host the Exchange database.
Basic architecture of an SCC
CCR (cluster continuous replication) was used to replicate Exchange database information between 2
Exchange server allowing for hardware and storage redundancy but was limited to 1 Active node and 1
Passive node.
Basic deployment of CCR
SCR (standby continuous replication) was introduced in Exchange 2007 SP1 to provide the ability to
replicate Exchange databases to an disaster recovery location.
How did it use to work?
The concept of a DAG and how it functions I believe is easier learned by someone who hasn’t worked with
Exchange clusters previously. In Ex 200X an Exchange server was installed as either an Active or Passive
cluster node at the time setup.exe was run. Depending on which version of Exchange you installed you had
to create an Exchange virtual server (EVS) which was changed to cluster mailbox server (CMS) in
Exchange 2007. When a user connected Outlook the mailbox server name was a clustered resource which
moved between any number of nodes on the Exchange cluster. This allowed for no end user configuration
changes all the resource moved between physical servers An Exchange database was associated with the
clustered resource and when you open EMC/ESM the only Exchange server name that was shown was the
clustered node, let’s call is CMS1. That means database one would always belong to CMS1 even when this
moved between physical machines
.
Here comes the DAG
So now it’s time to forget everything that I just mentioned previously in this article about Exchange
clustering.
What has been removed?
No more EVS/CMS
Database is no longer associated to a Server but is an Org Level resource
There is no longer a requirement to choose Cluster or Non Cluster at installation, an Exchange 2010 server
can move in and out of a DAG as needed
The limitation of only hosting the mailbox role on a clustered Exchange server
Storage Groups have been removed from Exchange
Is anything the same?

1. Window Enterprise Edition is still required since a DAG still uses pieces of Windows Failover Clustering
CCR cluster nodes could be located in separate datacenters in order to provide site-level redundancy, but
since CCR was not developed with site resiliency in mind, there were too many complexities involved with a
multi-site CCR cluster solution (for details on multi-site CCR cluster deployment take a look at a previous
article series of mine). This made the Exchange Product group think about how they could provide a built-in
feature geared towards offering site resilience functionality with Exchange 2007.
QUESTION 13
branch office connects to the main office.
You need to design a messages routing solution to meet the following requirements:

the main office
A. One Send connector for each site

B. One SMTP site link for each site
Answer: A
QUESTION 14
You have an Exchange Server 2010 organization. Users have mobile devices that run Windows Mobile 6.1.
You need to plan a solution to meet the following requirements:
Ensure that users in the legal department can delete data from a mobile device if it is stolen
Ensure that only administrators can perform remote wipes on all other mobile devices
A. Create multiple Exchange ActiveSync policies.

B. Upgrade all mobile devices to Windows Mobile 6.5.
C. Create multiple Outlook Web App (OWA) mailbox policies.
D. Implement Active Directory Rights Management Services (AD RMS).
Answer: A
Pass4Sure had both A and C as the correct answer however I feel only A is need
Understanding Outlook Web App Mailbox Policies
Use Microsoft Office Outlook Web App mailbox policies to create organization-level policies to manage
access to features in Outlook Web App. Outlook Web App mailbox policies allow you to create multiple
policies at the organization level and apply them to individual mailboxes.
Looking for management tasks related to Outlook Web App mailbox policies? See Managing Outlook Web
App Mailbox Policies.
In Exchange 2010, you can create multiple Outlook Web App mailbox policies and apply them to individual
mailboxes. When an Outlook Web App mailbox policy is applied to a mailbox, it will override the settings of
the virtual directory.
In previous versions of Exchange, Outlook Web App features were managed by configuring the Outlook
Web App virtual directories. Exceptions for individual mailboxes were accommodated by enabling or
disabling features on individual mailboxes.
Configuring Outlook Web App Mailbox Policies
A default Outlook Web App mailbox policy is created automatically when the Client Access server role is
installed. By default, all options are enabled on the default Outlook Web App mailbox policy. You can create
as many Outlook Web App mailbox policies as necessary to meet the needs of your organization.
For example, you may want to create a policy that forces users to use WebReady Document Viewing to
view attachments or a policy that limits users to the Light version of Outlook Web App.
You can use the Exchange Management Console or the Exchange Management Shell to create and
configure Outlook Web App mailbox policies.
Applying Outlook Web App Mailbox Policies
Only one Outlook Web App mailbox policy can be applied to a mailbox.
If there's no Outlook Web App mailbox policy applied to a mailbox, the settings defined on the virtual
directory will be applied.
An Outlook Web App mailbox policy can be applied to a mailbox as part of the new mailbox wizard, by
using the EMC to modify an existing mailbox, or by using the Shell and the Set-CASMailbox cmdlet to apply
a mailbox policy.
QUESTION 15
Your company’s compliance policy states that the following occurs when a user leaves the company:


Minimize disk space required to store the mailbox database
A. Assign the Mailbox Search management role to Group1 and then create a retention policy.
B. Assign the Mailbox Search management role to Group1 and then create a managed folder mailbox
policy.
C. Assign the Mailbox Import Export management role to Group1 and then configure Personal Archives for
each mailbox.
D. Assign the Mailbox Import Export management role to Group1 and then instruct Group1 to export
Answer: D
QUESTION 16
Your network consists of a windows Server 2003 Active Directory forest that contains a windows Server
2003 enterprise certification authority (CA).
Users access their mailboxes by using Windows Mobile 5.0 and Windows Mobile 6.1 devices.
You need to plan a certificate solution for the Exchange Server 2010 deployment. The solution must
minimize the amount of effort required to connect all mobile devices to the organization.
A. Create a self-signed certificate and install it on the Client Access server.

B. Obtain a wildcard certificate from a trusted third-party CA and install it on the Client Access server.
C. From an internal CA obtain a certificate that contains multiple names and install it on the Client Access
server.
D. From a trusted third-party CA obtain a certificate that contains multiple names and install it on the Client
Access server.
Answer: D
Security Services for Windows Mobile 5.0 and Windows Mobile 6
6/2/2010
Windows Mobile implements the following security services as part of the core operating system.
Windows Mobile implements these security services so that applications can make use of them; for
example, the built-in Outlook Mobile client can use SSL (and, by extension, various cryptographic
algorithms) for POP and IMAP accounts.
QUESTION 17
You have an Exchange 2010 organization. Your company’s security policy states that all connections to
Outlook Web App (OWA) must use smart card authentication.
You need to recommend a solution to meet the security policy requirements.
Which two possible ways to achieve this goal should you recommend? (Each correct answer
presents a complete solution. Choose two.)
A. Require certificate-based authentication for all Internet-facing Client Access servers.

B. Require Windows Integrated Authentication for all Internet-facing Client Access servers.
C. Deploy an Edge Transport server and then disable Windows Integrated Authentication.
D. Deploy a server that runs Microsoft Internet Security and Acceleration (ISA) Server and enable Kerberos
constrained delegation.
Answer: AD
Microsoft® Internet Security and Acceleration (ISA) Server 2006 can publish Web servers and authenticate
users to verify their identity before allowing them to access a published Web server. If a published Web
server also needs to authenticate a user that sends a request to it and if the ISA Server computer cannot
delegate authentication to the published Web server by passing user credentials to the published Web
server or impersonating the user, the published Web server will request the user to provide credentials for a
second time. ISA Server can pass user credentials directly to a Web published server only when these
credentials are received using Basic authentication or HTTP forms-based authentication. In particular,
credentials supplied in a Secure Sockets Layer (SSL) certificate cannot be passed to a published server.
ISA Server 2006 introduces support for Kerberos constrained delegation to enable published Web servers
to authenticate users by Kerberos after their identity has been verified by ISA Server using a non-Kerberos
authentication method. When used in this way, Kerberos constrained delegation eliminates the need for
requiring users to provide credentials twice. For example, because it is unrealistic to perform Kerberos
authentication over the Internet, SSL certificates might be used for authenticating users at the ISA Server
computer. After ISA Server verifies the user's identity, ISA Server cannot pass the SSL client certificate
provided by the user to a published server, but it can impersonate the user and obtain a Kerberos service
ticket for authenticating the user (client) to a published Web server.
An ISA Server computer serving as a firewall that sits between the Internet and your organization's intranet
must authenticate clients that send requests over the Internet to servers in your organization to prevent
attacks from anonymous and unauthorized users. Every organization determines which authentication
method can ensure that external clients are identified with sufficient confidence and that unauthorized
clients cannot gain access to a published internal server. Many large organizations (including Microsoft) are
moving toward the use of smart cards, which are actually just secured storage devices for an SSL client
certificate, as a means to identify their users instead of relying on passwords. Smart cards enable two-factor
authentication based on something that the user has (the smart card) and something that the user knows
(the personal identification number (PIN) for the smart card), providing a more secure level of authentication
than passwords.
Internal servers often need to authenticate users who send requests to them both from computers on the
Internet and from computers on the intranet within the organization. For example, a mail server must verify
the identity of users, including internal users, before allowing them access to the appropriate personal
mailboxes. The authentication performed by an edge firewall clearly does not fully meet the needs of these
servers.
If ISA Server can forward a user's credentials to an internal server, there is no need to prompt the user for a
second time to obtain appropriate credentials. However, when SSL client certificates are used, ISA Server
cannot delegate a user's credentials to an internal mail server, such as a Microsoft Exchange server,
because ISA Server never receives a password that can be passed on to that server. There is also no way
to forward an SSL client certificate to another server. This is an intended security feature of the SSL
protocol.
Kerberos constrained delegation provides a way for ISA Server to impersonate a user sending a Web
request and authenticate to specific services running on specific, published Web servers, including
Exchange Outlook Web Access servers, when ISA Server knows only the user name after it verifies the
identity of the user.
QUESTION 18
You have an Active Directory domain named contoso.local.
You plan to deploy an Exchange Server 2010 organization that will contain the following server:
Two Edge Transport servers named Edge1.contoso.com and Edge2.contoso.com

Two Hub Transport servers named hub1.contoso.local and hub2.contoso.local
You need to design a solution that ensures that e-mail messages from the Internet can be delivered to
internal recipients if a single Edge Transport server fails.
A. two Remote Domains

B. two SRV resource records
C. two EdgeSync Subscriptions
D. two mail exchange (MX) records
Answer: D
QUESTION 19
You have Exchange Server 2003 organization. The organization contains a front end server named FE1
and a back end server accessible from the Internet by using mail.contoso.com.
You plan to transition the organization to Exchange Server 2010. You will deploy a Mailbox server named
MIX1 and a Client Access server named CAS1. Users will access Outlook Web Access and Outlook Web
App (OWA) by using the URL. https://mail.contoso.com.
You need to recommend a DNS configuration for the external name of mail.contoso.com.
Which server should be associated with the name mail.contoso.com?
A. BE1
B. CAS1
C. FE1
D. MIX1
Answer: B
QUESTION 20
You have an Exchange Server 2010 organization. Your network is separated from the Internet by a firewall.
the following connections:
Outlook Anywhere
Exchange ActiveSync
A. 25, 443 and 993

B. 26, 443 and 995
C. 25, 80, 143 and 3269
D. 80, 143, 443 and 389
Answer: A
QUESTION 21
You have an Exchange Server 2010 Hub Transport server named Hub1. You install an application on a
third-party server named Server1.
What should you do?
A. Create a new Send connector

Add the TCP/IP address of Server1 to the Send connector
Modify the permissions for the Send connector
B. Create a new Receive connector
Add the TCP/IP address of Server1 to the Receive connector
Modify the permissions for the Receive connector
C. Add the TCP/IP address of Server1 to the default Receive connector
Create a message classification
Create a transport rule
Add the TCP/IP address of Server1 to the Client Receive connector
D. Create a remote domain
E. Create a transport rule
Answer: B
QUESTION 22
You have an Exchange Server 2010 organization that contains two Client Access servers. You deploy a
Microsoft Internet Security and Acceleration (ISA) Server.
You need to recommend a high availability solution for the Client Access servers. The solution must meet
the following requirements:
Ensure that Outlook Web App (OWA) connections are available if a single Client Access server fails
Ensure that client access services are available if a single service fails on a Client Access server
A. Deploy a hardware load balancer.

B. Deploy Windows Network Load Balancing.
C. Publish each Client Access server in a separate publishing rule.
D. Publish both Client Access servers in a single publishing rule as a Web server farm.
Answer: D
QUESTION 23
Your company acquires two companies named Contoso, Ltd and Northwind Traders.
You need to ensure that users from Contoso have only contoso.com e-mail addresses and users from
Northwind Traders have only traders.com e-mail addresses.
What should you create and configure?
A. two accepted domains and two e-mail address policies

B. two remote domains and two accepted domains
C. two transport rules and two address remote entries
D. two Receive connectors and two address lists
Answer: A
QUESTION 24
You have an Exchange Server 2010 organization. You plan to deploy a database availability group (DAG).
You need to recommend disk configuration for the servers in the organization. The solution must minimize
costs.
A. 7200 RPM SATA hard disks in a Direct Attach Storage (DAS)

B. 7200 RPM SATA hard disks in a Network Attached Storage (NAS)
C. 15000 RPM SAS hard disks in a Network Attached Storage (NAS)
D. 15000 RPM SAS hard disks in a Fiber Channel (FC) Storage Area Network (SAN)
Answer: A
QUESTION 25
You have an Active Directory forest.
You plan to deploy an Exchange Server 2010 organization that contains the following servers:


B. Implement fallover clustering on both Hub Transport servers.
D. Create one mail exchange (MX) record and one SRV record for each Edge Transport server in the
internal DNS zone.
Answer: C
QUESTION 26
You have an Exchange Server 2007 organization. All users connect to mailboxes by using Microsoft Office
Outlook 2003.
You need to recommend a solution for mailbox access that meets the following requirements:
Minimize support costs

Minimize software costs
Provide access to Public folders
A. Implement POP3 and IMAP4 access

B. Implement Personal Archive and forms-based authentication
C. Implement Autodiscover and upgrade all client computers to Outlook 2010
D. Implement Outlook Anywhere and modify the Outlook RPC encryption settings
Answer: D
QUESTION 27
exists for each data center. The data centers connect to the Internet by using a direct link. The data centers
connect to each other by using a high speed WAN link.

Automatically load balance the Hub Transport server in each site - Deploy the minimum number of
servers
A. In each data center, deploy one Hub Transport server. Create and configure one Send connector.
B. In each data center, deploy two Hub Transport servers. Create and configure one Send connector.
C. In each data center, deploy one Edge Transport server. Create and configure two Send connectors.
D. In each data center, deploy two Edge Transport servers. Create and configure two Send connectors.
Answer: B
QUESTION 28
You have an Exchange organization that contains Exchange 2000 Server Service Pack 3 (SP3), Exchange
Server 2003 Service Pack 2 (SP2) and Exchange Server 2007 Service Pack 1 (SP1) servers.
You need to transition the organization to Exchange Server 2010.
A. Remove all Exchange Server 2007 SP1 servers from the organization.
B. Remove all Exchange 2000 Server and all Exchange Server 2003 servers from the organization.
C. Remove all Exchange 2000 Server servers from the organization and then upgrade all Exchange Server
2007 servers to SP2.
D. Remove all Exchange Server 2003 servers from the organization and then upgrade all Exchange Server
2007 servers to SP2.
Answer: C
QUESTION 29
You plan to deploy a public folder access solution that meets the following requirements:
Users in the legal department must be able read e-mail sent to public folders
Users in the legal department must not be able to post documents to public folders by using Outlook
Web App (OWA)
You need to recommend modification to the organization to meet the requirements of the public folder
access solution.
A. Modify the mailbox permissions.

B. Modify the OWA segmentation settings.
C. Modify the public folder client permissions.
D. Modify the public folder administrative permissions.
Answer: C
QUESTION 30
Your company has an Exchange Server 2010 organization. The company’s compliance policy states that all
e-mail messages older than three months must be deleted automatically.
You need to recommend a solution to prevent the deletion of e-mail for users on extended leave.
The solution must ensure that users can view of their e-mail when they return to work.
A. a legal hold
B. a retention hold
C. an Outlook Protection Rule
D. an Transport Protection Rule
Answer: B
Placing a mailbox on retention hold suspends the processing of a retention policy or managed folder
mailbox policy for that mailbox. Retention hold is designed for scenarios such as a user being on vacation
or away temporarily.
During retention hold, users can log on to their mailbox and change or delete items. When you perform a
mailbox search, deleted items that are past the deleted item retention period aren't returned in search
results. To make sure items changed or deleted by users are preserved in legal hold scenarios, you must
place a mailbox on legal hold. For more information, see Place a Mailbox on Litigation Hold.
You can also include retention comments for mailboxes you place on retention hold. The comments are
displayed in supported versions of Microsoft Outlook.
QUESTION 31
Your network contains an internal network and a perimeter network. The perimeter network contains an
Exchange Server 2010 Edge Transport server.
You need to recommend a remote management solution for the Edge Transport server that meets the
All management traffic must be encrypted

The solution must allow remote administration from the internet network
The solution must support the use of the Exchange Management Console (EMC)
A. Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL).
B. Remote Desktop Protocol (RDP) over Secure Socket Layer (SSL).
C. Windows Management Instrumentation Command-line (WMIC)
D. Windows Remote Management (WinRM) over SSL
Answer: D
QUESTION 32
Your network contains two Active Directory site. The sites connect to each other by using a WAN link.
You plan to deploy two Exchange Server 2010 Mailbox servers and two Client Access servers in each site.
Each site will contain a Client Access array.
You need to recommend a solution to deploy Hub Transport servers.
Continue to deliver e-mail messages to users in other sites if a single Hub Transport server fails
Support the planned Client Access array deployment
Minimize the number of Exchange servers
What are two possible ways to achieve this goal? (Each answer presents a complete solution. Choose two.)
A. Add the Hub Transport server role to each Mailbox server.

B. Add the Hub Transport server role to each Client Access server.
C. Deploy two Hub Transport servers on two new servers in each site.
D. Deploy one Hub Transport server on a new server and then install the SMTP service on each Client
Access server.
Answer: AB
QUESTION 33
You have an Exchange Server 2010 organization. An Edge Transport server sends and receives all e-mail
messages.
You need to minimize the possibility that e-mail messages send from your organization are identified as
spam.
What should you do?
A. Implement Microsoft Forehead Security for Exchange Server.

Answer: B
Understanding Sender ID
inbound message.
called spoofing. A spoofed mail is an e-mail message that has a sending address that was modified to
appear as if it originates from a sender other than the actual sender of the message.
Using Sender ID to Combat Spoofing
In Exchange 2010, Sender ID makes spoofing more difficult. When you enable Sender ID, each message
contains a Sender ID status in the metadata of the message. When an e-mail message is received, the
Edge Transport server queries the sender's DNS server to verify that the IP address from which the
message was received is authorized to send messages for the domain that's specified in the message
headers. The IP address of the authorized sending server is referred to as the purported responsible
address (PRA).
Domain administrators publish sender policy framework (SPF) records on their DNS servers. SPF records
identify authorized outbound e-mail servers. If an SPF record is configured on the sender's DNS server, the
Edge Transport server parses the SPF record and determines whether the IP address from which the
message was received is authorized to send e-mail on behalf of the domain that's specified in the message.
For more information about what an SPF record contains and how to create an SPF record, see Sender ID.
The Edge Transport server updates the message metadata with the Sender ID status based on the SPF
record. After the Edge Transport server updates the message metadata, the Edge Transport server delivers
the message as it ordinarily would.
QUESTION 34
Restores all Windows settings

Restores all Exchange configurations
Minimizes administrative effort
A. Retention of Exchange server computer accounts in Active Directory. Backup and recovery of Windows
system state A recovery installation of Exchange Server 2010
B. Retention of Exchange server computer accounts in Active Directory. Backup and recovery of transport
queues. A custom installation of Exchange Server 2010
C. Recovery of Windows system state. Backup and recovery of transport queues. A typical installation of
Exchange Server 2010
D. Backup and recovery of Windows system state. A repair installation of Windows Server 2008. A typical
installation of Exchange Server 2010
Answer: A
QUESTION 35
Your company has 10 offices. The offices connect to the Internet by using a WAN link. The offices connect
to each other by using a VPN connection. An Active Directory site exists for each office.
You plan to deploy Exchange Server 2010. Each site will contain two Exchange Server 2010 servers.
You need to recommend the placement of domain controllers and global catalog servers to meet the
Minimize the number of domain controllers

Must be able to deliver e-mail messages between users of the same office, if a domain controller and a
WAN link fail simultaneously
A. In each site, install two global catalog servers.

B. In each site, install two domain controllers. Enable Universal Group Membership caching for each site.
C. In each site, install two domain controllers. Create a publishing point for an offline address list on one
Exchange server in each site.
D. In each site, install one domain controller that is configured as a global catalog server. Enable Universal
Group Membership caching for each site.
Answer: A
QUESTION 36
for your company. You have two Mailbox servers configured in a database availability group (DAG), two
Client Access servers, and two Hub Transport servers.

Answer: B
ISA Server can be installed as a single server or as a multi server array. The single server configuration is
the most commonly used setup because only a few organizations have demand for the high availability and
high performance provided by Web Proxy arrays. However, in mission critical networks you can use ISA
Server arrays to enhance availability and performance on demand. An ISA Server array is a good "Scale
Out" method to accomplish the enterprise needs for firewalls and proxy servers.
http://www.isaserver.org/tutorials/configuring_isa_server_arrays.html
QUESTION 37
Your network contains an internal network and a perimeter network. The internal network contains a single
Active Directory site. The perimeter network contains two Exchange Server 2010 Edge Transport servers.
You plan to deploy an Exchange Server 2010 organization on the internal
network.
You need to plan the deployment of Hub Transport server roles to meet the following requirements:
If a single Hub Transport server fails, e-mail messages from the Internet must be delivered to the
Mailbox servers.
If a single Hub Transport server fails, users must be able to send e-mail messages to other users that
have mailboxes on the same Mailbox server.
A. Deploy one Edge Transport server on the internal network, and then configure EdgeSync
synchronization.
B. Deploy one Hub Transport server on the internal network, and then configure EdgeSync
synchronization.
C. Deploy one Hub Transport server on the internal network and one Hub Transport server on the
perimeter network.
D. Deploy two Hub Transport servers on the internal network.
Answer: D
QUESTION 38
You need to recommend a client access solution that meets the following requirements:
Reduces the time required for users to reconnect to user mailboxes if a single Client Access server fails
Prevents users from being prompted for authentication if a single Client Access server fails
A. Client Access server array and hardware load balancer

B. database availability group (DAG) and hardware load-balancer
C. failover clustering and database availability group (DAG)
D. Windows Network Load Balancing and failover clustering
Answer: A
Understanding Load Balancing in Exchange 2010
Load balancing is a way to manage which of your servers receive traffic. Load balancing provides failover
redundancy to ensure your users continue to receive Exchange service in case of computer failure. It also
enables your deployment to handle more traffic than one server can process while offering a single host
name for your clients.
In addition to load balancing, Microsoft Exchange Server 2010 provides several solutions for switchover and
failover redundancy. These solutions include the following:
High availability and site resilience You can deploy two Active Directory sites in separate geographic
locations, keep the mailbox data synchronized between the two, and have one of the sites take on the entire
load if the other fails. Exchange 2010 uses database availability groups (DAGs) to keep multiple copies of
your mailboxes on different servers synchronized.
Online mailbox moves In an online mailbox move, end users can access their e-mail accounts during the
move. Users are only locked out of their accounts for a brief time at the end of the process, when the final
synchronization occurs. Online mailbox moves are supported between Exchange 2010 databases and
between Exchange Server 2007 Service Pack 3 (SP3) or a later version of Exchange 2007 and Exchange
2010 databases. You can perform online mailbox moves across forests or in the same forest.
Shadow redundancy Shadow redundancy protects the availability and recoverability of messages while
they're in transit. With shadow redundancy, the deletion of a message from the transport databases is
delayed until the transport server verifies that all the next hops for that message have completed. If any of
the next hops fail before reporting successful delivery, the message is resubmitted for delivery to the hop
that didn't complete.
Load balancing serves two primary purposes. It reduces the impact of a single Client Access server failure
within one of your Active Directory sites. In addition, load balancing ensures that the load on your Client
Access server and Hub Transport computers is evenly distributed. Architectural Changes in Exchange 2010
Load Balancing
Several changes in Exchange 2010 make load balancing important for your organization. The Exchange
RPC Client Access service and the Exchange Address Book service on the Client Access server role
improve the user's experience during Mailbox failovers by moving the connection endpoints for mailbox
access from Outlook and other MAPI clients to the Client Access server role instead of to the Mailbox
server role. In earlier versions of Exchange, Outlook connected directly to the Mailbox server hosting the
user's mailbox, and directory connections were either proxied through the Mailbox server role or referred
directly to a particular Active Directory global catalog server. Now that these connections are handled by the
Client Access server role, both external and internal Outlook connections must be load balanced across the
array of Client Access servers in a deployment to achieve fault tolerance.
A load-balanced array of Client Access servers is recommended for each Active Directory site and for each
version of Exchange. It isn't possible to share one load-balanced array of Client Access servers for multiple
Active Directory sites or to mix different versions of Exchange or service pack versions of Exchange within
the same array. When you install Exchange 2010 within your existing organization and configure a legacy
namespace for coexistence with previous versions of Exchange, your clients will automatically connect to
the Exchange 2010 Client Access server or server array. The Exchange 2010 Client Access server or Client
Access server array will then proxy or redirect client requests for mailboxes on older Exchange versions to
either Exchange 2003 front-end servers or Exchange 2007 Client Access servers that match the mailbox
version
QUESTION 39
You have an Exchange Server 2010 organization. The network contains an Exchange Server 2010 Mailbox
server named Server1. All mailboxes are stored on Server1.
You perform a Typical installation of Exchange Server 2010 on a new server named Server2.
You plan to implement redundancy for mailbox access.
You need to recommend a solution that ensures that client computers can reconnect to their mailbox within
five minutes if Server1 fails.
A. Configure cluster continuous replication (CCR). Implement a file share witness.

B. Configure a Network Load Balancing cluster that includes Server1 and Server2. Implement Active
Directory-integrated DNS zones.
C. Configure a database availability group (DAG) that includes Server1 and Server2. Set the time to live
(TTL) for the DNS record.
D. Configure a database availability group (DAG) that includes Server1 and Server2. Use the same
certificate for both servers.
Answer: C
QUESTION 40
You have a main office and five branch offices. The offices connect to each other by using a WAN link.
An Active Directory site exists for each office. Each site has a separate IP site link to all other sites. The
main office site is configured as a hub site. You have an Exchange Server 2010 organization. You discover
that messages sent between offices are not routed through the Hub Transport servers in the main office.
You need to ensure that all messages sent between offices are routed through the Hub Transport servers in
the main office.
What should you do?
A. Change all IP site links to SMTP site links.

B. Modify the Exchange-specific cost for each site link.
C. From the Hub Transport servers in each site, create a journal rule.
D. From the Hub Transport servers in each site, create a transport rule.
Answer: B
You can set an Exchange cost on an Active Directory IP site link in Microsoft Exchange Server 2010. By
default, Exchange uses the cost assigned to an IP site link for Active Directory replication purposes to
compute a routing topology.
Looking for other management tasks related to managing message routing? Check out Managing Message
Routing.
QUESTION 41
You have an Exchange Server 2003 organization. All servers have 32-bit hardware. You plan to transition to
Exchange Server 2010 and deploy new Mailbox servers.
Mailbox servers.
A. Number of concurrent connections to Outlook Web App

Number of mailbox databases
Memory utilization
B. Number of concurrent connections to Outlook Web App
RPC latency
Disk I/O latency
C. Number of concurrent MAPI connections
Size of mailbox databases
Number of mailboxes
D. Number of mailboxes
Disk I/O latency
RPC latency
Answer: C
QUESTION 42

A. A. an access rule for TCP ports 135, 389, and 993

Answer: C
QUESTION 43
Your network consists of an Active Directory forest named contoso.com. Contoso.com has an Exchange
Server 2010 organization.
A subsidiary company has a separate Active Directory forest named fabrikam.com. Fabrikam.com has an
Exchange Server 2007 organization. You plan to consolidate both organizations.
Your company’s consolidation strategy includes the following requirements:
Support costs must be minimized

Mailbox access must be easily shared between users
All e-mail messages must be hosted on Exchange Server 2010 mailbox servers
You need to recommend a solution to meet the requirements of the consolidation strategy.
A. Move all recipients from fabrikam.com to contoso.com.

B. Transition all servers in fabrikam.com to Exchange Server 2010.
C. In contoso.com, create a resource mailbox for each recipient in fabrikam.com.
D. Move all computer accounts for the Exchange servers in fabrikam.com to contoso.com. On each server,
run Setup.com /M:RecoverServer.
Answer: A
QUESTION 44
Your network consists of a single Active Directory forest. You have an Exchange Server 2003 organization.
You need to create a plan to transition the organization to Exchange Server 2010. The plan must meet the
Ensure that e-mail messages can be sent between all users in the organization
Ensure that administrators can modify address lists from Exchange Server 2010 servers
Ensure that users who are moved to Exchange Server 2010 can access all public folders in the
organization
A. Two Send connectors a sharing policy address lists that use OPATH
B. Two Send connectors public folder replication new address lists
C. A two-way routing group connector a sharing policy new address lists
D. A two-way routing group connector public folder replication address lists that use OPATH
Answer: D
QUESTION 45
You have an Exchange Server 2010 organization. Your company acquires another company that has an
requirements:
A. Implement Active Directory Federation Services (AD FS). Run the Microsoft Exchange Inter-
Organization Replication tool
B. Implement Microsoft Identity Lifecycle Manager (ILM) 2007. Create a two-way cross-forest trust between
both organizations
C. Create a federation trust between both organizations. Implement Microsoft Identity Lifecycle Manager
(ILM) 2007. Run the New Organization Relationship wizard
D. Create a two-way cross-forest trust between both organizations. Implement Active Directory Federation
Services (AD FS). Run the Microsoft Exchange Inter-Organization Replication tool
Answer: C
identity Lifecycle Manager (ILM) 2007 enables IT organizations to reduce the cost of managing the identity
and access lifecycle by providing a single view of a user's identity across the heterogeneous enterprise and
through the automation of common tasks. ILM 2007 builds on the metadirectory and user provisioning
capabilities in Microsoft Identity Integration Server 2003 (MIIS 2003) and adds new capabilities for
managing strong credentials such as smartcards with Certificate Lifecycle Manager 2007 (CLM 2007). ILM
2007 provides an integrated approach that pulls together metadirectory, certificate and password
management, and user provisioning across Windows® and other enterprise systems.
ILM 2007 has two central components, one that includes metadirectory and user provisioning capabilities
and another for certificate and smart card management.
QUESTION 46
You have an Exchange Server 2003 organization. You plan to transition the organization to Exchange
Server 2010. You need to recommend a plan that allows the Exchange Server 2003 servers to coexist with
The plan must meet the following requirements:
Server 2003 server
Server 2010 server
A. Implement Personal Archives.

B. Implement Universal Group Membership Caching.
C. Use only Exchange Server 2003 servers for the expansion of distribution groups.
D. Use only Exchange Server 2010 Hub Transport servers for the expansion of distribution groups.
Answer: D
QUESTION 47
that contains a Hub Transport server named Hub1. Hub1 receives all e-mail messages that are sent to your
organization from the Internet. A new company security policy states that domain-joined servers must not
be accessible directly from the Internet.


LDS).
Answer: A
QUESTION 48
Users can only access Site1 from the Internet. In each site, you plan to deploy a Mailbox server and a Hub
Transport server.
the Internet

Answer: B
QUESTION 49
You have an Exchange Server 2010 organization named contoso.com. Your company plans to provide
business continuity services for a company named Fabrikam.
Fabrikam has an Exchange Server 2007 organization and uses the fabrikam.com SMTP domain. You need
to configure your organization to queue and relay all e-mail messages sent to fabrikam.com from the
Internet.
What should you do?
public DNS domain.
public DNS domain.
Answer: D
QUESTION 50


Answer: B
Exam K
QUESTION 1
Mailbox server, one Client Access server, and one Hub Transport server. One Edge Transport server
resides in the perimeter network.
You are designing a disaster recovery solution for the Edge Transport server. The solution must provide the
ability to perform the following tasks:
Restore the Edge Transport server configuration.

Restore log files and transport queue databases.
Backup and restore only the minimum amount of data.
A. Export the Edge Transport server configuration by using the ExportEdgeConfig.ps1 script.
Perform a system state backup of the Edge Transport server and back up the exported server
configuration.
B. Export the Edge Transport server configuration by using the ExportEdgeConfig.ps1 script.
Perform a system state backup of a domain controller and back up the exported server configuration.
C. Perform a system state backup of the Edge Transport server and an export of the Edge
Subscription file server by using Windows Server Backup.
D. Perform a full backup of the Edge Transport server by using Windows Server Backup.
Answer: D
You can't use Setup /m:RecoverServer to recover an Edge Transport server.
Exchange 2010 Edge Transport Server Backup and Recovery
What Needs to be Backed Up on Edge Transport Servers
To plan for backup and recovery of the Edge Transport server you first need to understand where the
server stores its configuration and data.
Active Directory Lightweight Directory Service – each Edge Transport server runs its own instance of
AD LDS, which is used to store a subset of information about recipients in the Exchange organization, as
well as information about the connectors that are established between the Edge Transport server and the
Hub Transport servers for mail flow. The AD LDS database and log files are stored on the file system of the
server.
Edge Configuration – the Edge Transport server configuration can be exported to an XML file for cloning
between servers and for recovery purposes. The Edge configuration file is stored on the file system of the
server. This does not include the Edge Subscription information that connects the Edge Transport server to
System State – the system state contains information such as service startup and dependency settings in
the registry, which is important if any settings have been modified from the defaults. The System State is
also important if extra third party applications or agents have been installed on the Edge Transport server,
local security policies have been applied, administrative accounts or groups created or modified, and a
range of other items that may be important in a recovery.
Other Files – other files such as transport queue databases and log files are also stored on the file system.
Backing up Everything
A full system backup of the server encompasses all of the required information for a recovery, however this
takes longer to backup and consumes the most backup storage.
This makes it impractical if frequent backups are required throughout the day, for example in a high volume
email environment the transport queue databases might be backed up every 5 minutes to reduce the risk of
losing in-transit emails if the server crashed.
Backing up the Minimum
A backup of just the Edge Transport configuration is the most efficient in terms of time frames and storage
space, and can be run only when a configuration change has been made.
However the recovery time may be longer because a new host would need to be provisioned from scratch
to import the config.
There may also be more manual intervention required because importing the configuration to a new server
still requires the Edge Subscription to be set up again. In addition, this backup strategy does not protect
the transport queue databases, log files, or any third party applications and agents installed on the
server.
QUESTION 2
A corporate environment includes Exchange Server 2010. The environment is configured as shown in the
following table.
The company is planning to test a complete site failover.
Ensure that users can connect to their mailboxes in the disaster recovery site by using Microsoft Outlook
2010.
Minimize downtime during the site failover.
Minimize client connectivity issues after the site failover.
A. Prior to the site failover, raise the time to live (TTL) value of exchange.contoso.com to the maximum
value. After the site failover, update exchange.contoso.com to point to DR-MBX1.
B. Prior to the site failover, lower the time to live (TTL) value of exchange.contoso.com to the minimum
value. After the site failover, update exchange.contoso.com to point to DR-HTCAS1.
C. Add a DNS record pointing exchange.contoso.com to the DR-HTCAS1 server.
D. Add a DNS record pointing exchange.contoso.com to the DR-MBX1 server.
Answer: B
QUESTION 3
A corporate environment includes Exchange Server 2010 deployed at the company headquarters and at a
branch office. Each location includes one Mailbox server, one Client Access server, and one Hub Transport
server. Each location has two Edge Transport servers in the perimeter
network. The current MX record preferences and Edge Transport servers are shown in the following table.
Balance external email between the headquarters and branch office locations.
Balance email delivered to each location between the location’s Edge Transport servers
A. Update the MX record preference for ET-BR03 to 10, and remove the MX records for ET-HQ02 and ET-
BR04.
B. Update the MX record preference for ET-HQ02 to 10, for ET-BR03 to 10, and for ET-BR04 to 10.
C. Update the MX record preference for ET-HQ02 to 10, for ET-BR03 to 20, and for ET-BR04 to 20.
D. Update the MX record preference for ET-HQ02 to 10, and remove the MX records for ET-BR03 and ET-
BR04.
Answer: B
QUESTION 4
A corporate environment includes Exchange Server 2010 SP1 deployed in a primary datacenter and in a
secondary datacenter. The datacenters are in separate Active Directory Domain Services (AD DS) sites.
Each datacenter includes AD DS domain controllers, Global Catalog servers, DNS servers, and two
Mailbox servers. The primary datacenter contains one file share witness. All Mailbox servers are members
of one database availability group (DAG). Each datacenter has independent Internet access. A dedicated
high-speed network connection
exists between the datacenters.
You are designing a failover plan. You have the following requirements:
Provide a highly available solution in the event that the primary datacenter fails.
Provide mailbox access for employees through the secondary datacenter.
Ensure that each Mailbox database is active in only one location at a time.
Ensure that failback to the primary datacenter completes gracefully.
You need to design a solution that meets the requirements
A. Configure the AutoDatabaseMountDial property to Lossless on all Mailbox servers before an outage
occurs. During an outage, ensure that all Exchange services in the primary datacenter are running,
validate the health of the secondary datacenter Exchange servers, and restart the secondary datacenter
Mailbox servers.
B. Configure the AutoDatabaseMountDial property to BestAvailability on all Mailbox servers before an
outage occurs. During an outage, stop and disable any running Exchange services in the primary
datacenter, validate the health of the secondary datacenter Exchange servers, and restart the
secondary datacenter Mailbox servers.
C. Enable datacenter activation coordination (DAC) mode before an outage occurs. During an outage, stop
and disable any running Exchange services in the primary datacenter, validate the health of the
D. Disable datacenter activation coordination (DAC) mode before an outage occurs. During an outage,
ensure that all Exchange services in the primary datacenter are running, validate the health of the
secondary datacenter Exchange servers, and activate the secondary datacenter
Mailbox servers.
Answer: C
QUESTION 5
A corporate environment includes Exchange Server 2010. Two teams of support technicians manage
mailboxes for the organization.
The Tier 1 support team must manage mailboxes for all users other than those in the Executive
Organizational Unit (OU).
The Tier 2 support team must manage mailboxes for all users in the Executive OU.
A. Create an exclusive scope for the Tier 2 support team.

B. Create an explicit scope for the Tier 1 support team.
C. Create an exclusive scope for the Tier 1 support team.
D. Create a configuration scope for the Tier 2 support team.
Answer: A
QUESTION 6
You need to recommend a solution for preventing a specific group of users from changing their AD DS
passwords in Outlook Web App (OWA). The solution must not affect other users.
A. Create a new Outlook Web App mailbox policy

B. Configure the authentication settings on the OWA virtual directory
C. Configure OWA virtual directory segmentation
D. Create a new managed folder mailbox policy
Answer: A
QUESTION 7
Client computers and the Exchange servers are joined to a single AD DS domain.When users connect to
Outlook Web App (OWA) from their client computers, they are prompted
for their credentials.
You need to recommend a solution that allows users to connect to OWA from their client computers without
being prompted for credentials.
A. Basic authentication
B. Digest authentication for Windows domain servers
C. forms-based authentication
D. integrated Windows authentication
Answer: D
You can configure Integrated Windows authentication for Outlook Web App in Microsoft Exchange Server
2010. Integrated Windows authentication enables the server to authenticate users who are signed in to the
network without prompting them for their user name and password and without transmitting information that
isn't encrypted over the network.
QUESTION 8
A corporate environment includes a main office and a branch office. The company plans to deploy
Exchange Server 2010. The Mailbox servers will be part of a single database availability group (DAG) that
spans both locations. There is only intermittent connectivity
between the two locations.
You need to recommend a public folder database solution that enables users from either location to
consistently access public folders.
Which two actions should you recommend? (Each correct answer presents part of the solution. Choose
two.)
A. Create a single public folder database in the branch office and add it as a replica for the public folders.
B. Configure public folder referrals between the main office and the branch office.
C. Create a single public folder database in the main office and add it as a replica for the public folders.
D. Configure cross-site RPC Client Access on the DAG.
Answer: AC
QUESTION 9
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1 and an Active
Directory Domain Services (AD DS) domain.
The company plans to move some users to a cloud-based Exchange Server 2010 SP1 environment.
The migration process must meet the following requirements:
Integrate the on-premise environment with the cloud-based environment.

Migrate all existing mailbox items.
Authenticate all users by using their AD DS credentials.
Share calendar availability information among all users.
You need to recommend a tool for gathering information and verifying that the requirements can be met.
Which tool should you recommend?
A. Exchange Deployment Assistant

B. Exchange Best Practices Analyzer
C. Exchange Pre-Deployment Analyzer
D. Exchange Remote Connectivity Analyzer
Answer: A
QUESTION 10
A corporate environment includes Exchange Server 2010. All employees connect to their mailboxes by
using a web browser.
You need to recommend a solution that will force only a specific group of employees to use WebReady
Document Viewing when connecting to their mailboxes.
A. Configure an Outlook Web App mailbox policy.

B. Configure the Outlook Web App virtual directory on all Client Access servers.
C. Create and configure a Group Policy Object (GPO) and link it to the Organizational Unit (OU) where the
computer accounts for the employees reside.
D. Create and configure a Group Policy Object (GPO) and link it to the Organizational Unit (OU) where the
user accounts for the employees reside.
Answer: A
WebReady Document Viewing lets users access file attachments in Microsoft Office Outlook Web App.
Users can access common file types such as Microsoft Word documents without having the application
installed.
You can manage WebReady Document Viewing for Outlook Web App in Microsoft Exchange Server 2010.
When you manage WebReady Document Viewing, you can specify files that you want users to be able to
access within Outlook Web App for private and public computers. However, you can't specify individual
settings for only private or public computers.
By default, public computer file access isn't enabled for Outlook Web App. Therefore, when users select the
This is a public or shared computer option or the This is a private computer option on the Outlook Web
App sign-in page, they won't be able to access files attached to e-mail messages.
QUESTION 11
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1. Client
computers run Microsoft Outlook 2010. Contractors use a cloud-based Exchange Server 2010 SP1 service
and have email accounts on the contractors.contoso.com domain.
Employees cannot view calendar availability information for contractors from their client computers.
You need to recommend the first step in sharing calendar availability information between employees and
contractors.
A. Create a sharing policy.

B. Create an organization relationship.
C. Create a federation trust.
D. Create a forest trust.
Answer: C
QUESTION 12
A corporate environment will include Exchange Server 2010 in a single Active Directory DomainServices
(AD DS) domain. The AD DS site topology and Exchange Server topology are configured as shown in the
exhibit. (Click the Exhibit button.)
You need to recommend an approach for the placement of the Client Access servers.
Which two actions should you recommend?
(Each correct answer presents part of the solution.Choose two.)
Exhibit:
A. Deploy only one Client Access server in Site B.
B. Deploy one Client Access server in Site A.
C. Deploy two Client Access servers in Site B.
D. Deploy one Client Access server in Site C.
Answer: BD
QUESTION 13
(AD DS) domain. The primary DNS suffix of the domain controllers is not the same as the DNS domain
name.
You are designing the Exchange Server 2010 deployment plan.
You need to recommend a solution that allows Exchange Server 2010 servers to access the domain
controllers.

A. Modify the DNS-Host-Name AD DS attribute on the domain object container.
B. Modify the NETBIOS-Name AD DS attribute on the Exchange Server computer objects.
C. Modify the msDS-AllowedDNSSuffixes AD DS attribute on the domain object container.
D. Modify the msDS-AdditionalDnsHostName AD DS attribute on the domain object container.
Answer: C
Allow Exchange 2010 servers to access domain controllers that are disjoint
To allow Exchange 2010 servers to access domain controllers that are disjoint, you must modify the msDS-
AllowedDNSSuffixes Active Directory attribute on the domain object container. You must add both of the
DNS suffixes to the attribute. For detailed steps about how to modify the attribute, see The computer's
primary DNS suffix does not match the FQDN of the domain where it resides.
QUESTION 14
You have an Active Directory forest that contains one site.
You plan to deploy an Exchange organization. All servers in the organization will have Exchange Server
2010 Service Pack 1 (SP1) installed.
The relevant Mailbox servers are configured as shown in the following table.
Each Mailbox server will host 2,000 mailboxes.
Corporate policy states that the servers must have a maximum write latency of 100 ms and an average
write latency of 10 ms.
The hardware vendor for the planned deployment provides test hardware.
You need to recommend a solution to ensure that the planned deployment meets the requirements of the
corporate policy.
A. Identify the workload at which the hardware can deliver acceptable latency by using the Jetstress tool.
B. Gather a baseline of the disk I/O usage by using the Windows Performance Monitor.
C. Calculate the number of IOPS required for the planned deployment by using the Exchange 2010
Mailbox Server Role Requirements Calculator.
D. Test the performance of the hardware under a simulated user workload by using the Loadgen tool.
Answer: A
QUESTION 15
A company has an on-premise Exchange Server 2007 SP2 environment. Client computers run Microsoft
Outlook 2010.
The company plans to migrate to a cloud-based Microsoft Exchange Server 2010 SP1 service. You need to
recommend a solution for ensuring that Outlook locates the cloud-based servers when users check
calendar availability information.
A. Add a CNAME record.

B. Add an MX record.
C. Synchronize the AD DS directory from the on-premise environment.
D. Synchronize the AD DS directory from the cloud-based environment.
Answer: A
What you need to do is add a CNAME record with the host value of Autodiscover. So the full record would
be autodiscover.domain.com. Once you have that CNAME you need to point it to autodiscover.outlook.com.
The way you know this works is to do an NSLOOKUP:
nslookup autodiscover.domain.com
You should see something like this:
Server: dns.corp.domain.com
Address: 192.168.1.10
Non-authoritative answer:
Name: autodiscover.outlook.com
Address: 65.55.94.54
QUESTION 16
Pack 1 (SP1) installed. The Exchange organization contains two Hub Transport servers, two Client Access
servers, and two Mailbox servers. All Exchange servers are located on the internal network.
Your company plans to use Microsoft Exchange Hosted Services for message hygiene.
You need to recommend changes to the Exchange organization to meet the following requirements:
Ensure that the company can send e-mail messages if a single server fails.
Ensure that the company can receive e-mail messages if a single server fails.
Prevent Internet hosts from initiating connections directly to servers on the internal network.
Which of the following changes is the best recommendation? (More than one answer choice may achieve
A. Move the two Hub Transport servers to the perimeter network.
Update the public Mail Exchanger (MX) records to point to the Exchange Hosted Services servers.
Configure Exchange Hosted Services to forward e-mail to the new servers.
Configure the internal firewall to allow communication from the Hub Transport servers to the internal
network.
Create an additional Send connector.
B. Deploy two new Edge Transport servers on the perimeter network.
Update the public Mail Exchanger (MX) records to point to the Exchange Hosted Services servers.
Configure Exchange Hosted Services to forward e-mail to the new servers.
Configure the internal firewall to allow communication from the Edge Transport servers to the internal
network.
Enable EdgeSync synchronization.
C. Deploy two new Hub Transport servers on the perimeter network.
Update the public Mail Exchanger (MX) records to point to the new Hub Transport servers.
Configure the internal firewall to allow communication from the Hub Transport servers to the internal
network.
Create an additional Send connector.
D. Deploy two new Edge Transport servers on the perimeter network.
Update the public Mail Exchanger (MX) records to point to the new Edge Transport servers.
Configure the internal firewall to allow communication from the Edge Transport servers to the internal
network.
Enable EdgeSync synchronization.
Answer: B
QUESTION 17
(AD DS) domain.
The company intends to transition to Exchange Server 2010. The Exchange 2003 Recipient Update Service
(RUS) must function properly after you update the AD DS schema for Exchange Server 2010.
You need to recommend a solution for preparing the environment before updating the schema.
A. Add each Exchange Server 2010 Mailbox server to the Exchange Enterprise Servers group in AD DS.
B. Run the setup /PrepareLegacyExchangePermissions command.
C. Run the setup /PrepareDomain command.
D. Add each Exchange Server 2010 server to the Exchange Domain Servers group in AD DS.
Answer: B
QUESTION 18
You are transitioning an Exchange Server environment from Exchange Server 2007 SP2 to Exchange
Server 2010. You deploy all Exchange Server 2010 Client Access servers and Hub Transport servers, and
move Internet mail flow from Exchange Server 2007 SP2 to Exchange
Server 2010. All mailboxes are on Exchange Server 2007 SP2.
Each message sent to a specific distribution group must be approved by an executive assistant.
A. Configure the message delivery restrictions for the distribution group.

B. Create an Exchange Server 2010 Hub Transport rule, and set an Exchange Server 2007 SP2 Hub
Transport server as the expansion server for the distribution group.
C. Designate the executive assistant as the manager of the distribution group.
D. Create an Exchange Server 2010 Hub Transport rule, and set an Exchange Server 2010 Hub Transport
server as the expansion server for the distribution group.
Answer: D
QUESTION 19
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1 and client
computers that run Microsoft Outlook 2010. An Active Directory Domain Services (AD DS) domain named
contoso.com contains user accounts for all employees.
The company plans to move the mailboxes of the Sales team members to a cloud-based Exchange Server
2010 SP1 service provider. Sales team members will have primary email addresses of contoso.com and
secondary email addresses of cloud.contoso.com.
You need to recommend a solution for ensuring that the Autodiscover service continues to configure
Outlook for all users.
A. Run the Export-AutoDiscoverConfig cmdlet.

B. Mail-enable the on-premise AD DS user accounts of the Sales team members with email addresses of
cloud.contoso.com.
C. Create a new Autodiscover virtual directory.
D. Configure the ExternalUrl property of the Autodiscover virtual directory to autodiscover.cloud.contoso.
com.
Answer: B
QUESTION 20
A corporate environment includes Exchange Server 2010. Support technicians do not have access to email
message status information. Support technicians must currently escalate user requests for email message
status to Exchange Server
administrators.
You need to recommend a solution that allows support technicians to display email message status in the
Exchange Control Panel (ECP).
A. Grant the support technicians Read access to the SMTP protocol log files.
B. Assign the support technicians to the Message Tracking role.
C. Grant the support technicians Read access to the SMTP connectivity log files.
D. Assign the support technicians to the Records Management role.
Answer: B
The Message Tracking management role enables administrators to track messages in an organization.
This management role is one of several built-in roles in the Role Based Access Control (RBAC)
permissions model in Microsoft Exchange Server 2010. Management roles, which are assigned to one or
more management role groups, management role assignment policies, users, or universal security groups
(USG), act as a logical grouping of cmdlets or scripts that are combined to provide access to view or modify
the configuration of Exchange 2010 components, such as mailboxes, transport rules, and recipients. If a
cmdlet or script and its parameters, together called a management role entry, are included on a role, that
cmdlet or script and its parameters can be run by those assigned the role. For more information about
management roles and management role entries, see Understanding Management Roles.
QUESTION 21
(AD DS) domain. Client computers run Microsoft Outlook 2010.
You need to recommend an approach for identifying when a mailbox is accessed by someone other than
the mailbox owner.
A. Run a report from the Exchange Control Panel (ECP).

B. Run the Get-LogonStatistics cmdlet.
C. Search the message tracking logs.
D. Run the Search-AdminAuditLog cmdlet.
Answer: A
QUESTION 22
2010 using Standard Client Access Licenses (CALs).
You need to recommend a solution that allows long-term message archival and minimizes hardware costs.
two.)
A. Apply a retention policy tag to each mailbox.

B. Utilize personal archives that are stored in a cloud-based Exchange Server 2010 SP1 environment.
C. Acquire an Enterprise CAL for each user.
D. Create a retention policy tag and set the age limit for retention.
Answer: BC
QUESTION 23
A corporate environment includes Exchange Server 2010. Client computers run Microsoft Outlook 2010.
In the current environment, when users need to recover Outlook items that have been permanently deleted
from the Deleted Items folder, administrators must recover the items from a backup of the Exchange Server
environment.
Do not require administrators to recover items from the Exchange Server backups.
Enable online recovery by administrators of permanently deleted items.
Automatically purge items after a specific period of time.
A. Implement litigation hold.

B. Configure single item recovery.
C. Create a retention policy.
D. Create a recovery database.
Answer: B
QUESTION 24
DS) domain.
Multiple auditing teams search mailboxes from the Exchange Control Panel (ECP) for specific types of
content.
You need to recommend a solution that restricts access to the results of a specific search to a specific
auditing team.
A. Create an AD DS security group for each auditing team. Assign the security groups to the Legal Hold
role.
B. Create an arbitration mailbox for each auditing team and grant each team Read permissions to its
designated mailbox.
C. Create an AD DS security group for each auditing team. Assign the security groups to the Message
Tracking role.
D. Create a discovery mailbox for each auditing team and grant each team Read permissions to its
designated mailbox.
Answer: D
The exchange setup creates a default discovery mailbox, which will be enough for small organizations. For
large companies, they may need multiple discovery mailboxes as the searches are performed frequently
and the results are kept for a longer period of time.
Creating a new discovery mailbox is simple enough. Run the command below in Shell (you can’t use EMC).
New-Mailbox “Discovery Mailbox 2” –UserPrincipalName discoverymailbox2@domain.local –Discovery
The key is that the switch “-discovery” needs to be added. Apart from that, the command is the same as
creating a new user mailbox.
Once the mailbox has been created, you need to assign full access to the “Discovery Management” group.
It is easy enough to do it from the console. Right click the mailbox, select “Manage Full Access Permission”
and add the group.
QUESTION 25
A corporate environment includes Exchange Server 2010. Client computers run Microsoft Outlook 2010.
Log actions taken by delegates or administrators on a users mailbox.

Log when email messages are moved to the Deleted Items folder by users other than the
mailbox owner.
A. Use the Set-AdminAuditLogConfig cmdlet.

B. Use the New-MailboxAuditLogSearch cmdlet.
C. Use the Set-Mailbox cmdlet.
D. Use the Set-MailboxAuditBypassAssociation cmdlet.
Answer: C
Section: Powershell
Use the Set-Mailbox cmdlet to modify the settings of an existing mailbox. You can use this cmdlet for one
mailbox at a time. To perform bulk management, you can pipeline the output of various Get- cmdlets (for
example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a single-line
command. You can also use the Set-Mailbox cmdlet in scripts.
QUESTION 26
A company that is running Exchange Server 2010 merges with a company that is running Exchange Server
2007. After the merger, all external email will be delivered by the Exchange Server 2010 Hub Transport
server.
The company intends to keep both Exchange Server environments active for the next year. You are
designing an infrastructure deployment plan.
Ensure that users with Exchange Server 2010 mailboxes can send external email messages to any
domain.
Ensure that users with Exchange Server 2007 mailboxes can send external email messages to only
specific domains.
A. Configure transport rules on the Exchange Server 2010 Hub Transport server.
B. Configure remote domains on the Exchange Server 2010 Hub Transport server.
C. Configure accepted domains on the Exchange Server 2007 Hub Transport server.
D. Configure transport rules on the Exchange Server 2007 Hub Transport server.
Answer: A
Block Users Sending to Specific Domains with Exchange Server 2010
In some scenarios an organization will want to prevent email users from sending messages to certain
external domain names. This can be achieved with Exchange Server 2010 using a Transport Rule.
Open the Exchange Management Console and navigate to Organization Config/Hub Transport.
Start a New Transport Rule. Give the rule an appropriate name and description.
Choose conditions of “From users that are inside the organization” and “When a recipients address
contains specific words“. Click on “specific words” and add the domain name you want to block, for
example “@fabrikam” (without quotes). You can enter several domain names in this list.
Click Next and choose actions of “Send rejection message to sender…“.

Enter a rejection message and an enhanced status code so that the sender or the IT admins can easily tell
why the email was rejected.
Complete the Transport Rule wizard and test the new rule by trying to send an email to that domain name.
You should now receive a bounce message from the Exchange server with the text that you configured.
QUESTION 27
A corporate environment includes Exchange Server 2010 SP1 and client computers that run Microsoft
Outlook 2010.
You create a Hierarchical Address Book (HAB).
Organizational groups must be added to the HAB and organized alphabetically.
You need to recommend a solution for adding and alphabetizing the organizational groups.
two.)
A. Modify the PhoneticDisplayName parameter of the security groups.

B. Create security groups for the organizational groups and designate them as members of the HAB.
C. Create distribution groups for the organizational groups and designate them as members of the HAB.
D. Modify the DisplayName parameter of the distribution groups.
Answer: CD
Understanding Hierarchical Address Books
The hierarchical address book (HAB) is a feature in Microsoft Exchange Server 2010 and the Microsoft
Outlook 2010 address book that enables end users to browse for recipients in their Exchange organization
using an organizational hierarchy. In most Exchange 2010 deployments, users are limited to the default
global address list (GAL) and its associated recipient properties. Additionally, the structure of the GAL often
doesn't accurately reflect the management or seniority relationships among recipients in your organization.
Being able to customize an HAB that maps to your organization's unique business structure provides your
users with an efficient method for locating internal recipients.
Using Hierarchical Address Books
In an HAB, your root organization (for example, Contoso, Ltd) is used as the top-level tier. Under this top-
level tier, you can add several child tiers to create a customized HAB that's segmented by division,
department, or any other organizational tier you want to specify. The following figure illustrates an HAB for
Contoso, Ltd with the following structure:
The top-level tier represents the root organization Contoso, Ltd.

The second-level child tiers represent the business divisions within Contoso, Ltd: Corporate Office,
Product Support Organization, and Sales & Marketing Organization.
The third-level child tiers represent departments within the Corporate Office division: Human Resources,
Accounting Group, and Administration Group.
Example HAB for Contoso, Ltd
You can provide an additional level of hierarchical structure by using the SeniorityIndex parameter. When
creating an HAB, use the SeniorityIndex parameter to rank individual recipients or organizational groups by
seniority within these organizational tiers. This ranking specifies the order in which the recipients or groups
are displayed in the HAB. For example, in the preceding example, the SeniorityIndex parameter for the
recipients in the Corporate Office division is set to the following:
100 for David Hamilton

50 for Rajesh M. Patel
25 for Amy Alberts
Note:
If the SeniorityIndex parameter isn't set or is equal for two or more users, the HAB sorting order uses the
PhoneticDisplayName parameter value to list the users in ascending alphabetical order. If the
PhoneticDisplayName parameter value isn't set, the HAB sorting order defaults to the DisplayName
parameter value and lists the users in ascending alphabetical order.
Configuring Hierarchical Address Books
Detailed instructions for creating HABs are included in the topic Configure Hierarchical Address Books. The
general steps are as follows:
Create a distribution group that will be used for the root organization (top-level tier). If desired, you can
use an existing organizational unit in your Exchange forest for the distribution group.
Create distribution groups for the child tiers and designate them as members of the HAB. Modify the
SeniorityIndex parameter of these groups so they're listed in the proper hierarchical order within the root
organization.
Add organization members. Modify the SeniorityIndex parameter of the members so they're listed in the
proper hierarchical order within the child tiers.
For accessibility purposes, you can use the PhoneticDisplayName parameter, which specifies a phonetic
pronunciation of the DisplayName parameter. To learn more about the PhoneticDisplayName parameter
and speech recognition, see Understanding Automatic Speech Recognition Directory Lookups.
QUESTION 28
A corporate environment includes deployments of Exchange Server 2010 in North America and Europe. All
client computers connect to an Active Directory Domain Services (AD DS) domain named contoso.com.
The topology of the Exchange organization is shown in the following table.
Users access Outlook Web App (OWA) by browsing to https://owa.contoso.com/owa. The configuration of
the OWA virtual directory URLs on each Client Access server is shown in the following table.
Users with mailboxes hosted on server MB02 cannot remotely connect to their mailboxes by using OWA.
You need to recommend a solution that allows the users to remotely connect to their mailboxes.
A. Set the ExternalUrl property on the CAHT01 OWA virtual directory to https://caht02.contoso.com/owa.
B. Set the InternalUrl property on the CAHT01 OWA virtual directory to https://owa.contoso.com/owa.
C. Set the ExternalUrl property on the CAHT02 OWA virtual directory to $null.
D. Set the InternalUrl property on the CAHT02 OWA virtual directory to $null.
Answer: C
QUESTION 29
Your network contains a perimeter network and an internal network. You are designing an Exchange
organization for a company named Contoso, Ltd. All servers in the organization will have Exchange Server
2010 Service Pack 1 (SP1) installed.
Contoso plans to use a third-party message hygiene solution on the Internet to relay all inbound SMTP e-
mail to the Exchange servers.
You need to recommend an inbound SMTP e-mail deployment solution for the Exchange organization. The
solution must ensure that all Exchange servers can be managed by using Group Policies.
A. Deploy Edge Transport servers on the perimeter network

Deploy Hub Transport servers on the internal network
Join the Edge Transport servers to a separate Active Directory forest on the perimeter network
Join the Hub Transport servers to the internal Active Directory forest
B. Deploy Edge Transport servers and Hub Transport servers on the internal network
Join the Hub Transport servers to the internal Active Directory forest
C. Deploy a reverse proxy server on the perimeter network
Deploy Edge Transport servers and Hub Transport servers on the internal network
Join the Hub Transport servers and the Edge Transport servers to the internal Active Directory
forest.
D. Deploy a reverse proxy server, Edge Transport servers, and Hub Transport servers on the perimeter
network
Join the Hub Transport servers to the internal Active Directory forest.
Answer: A
QUESTION 30
A corporate environment includes Active Directory Domain Services (AD DS). The environment consists of
an internal network and a perimeter network. AD DS is deployed only on the internal network.
The company intends to utilize a service providers cloud-based Exchange Server 2010 SP1 email service.
Maximize the security of the design.

Use the minimum permissions required to perform directory synchronization.
You need to recommend a solution for directory synchronization between the corporate environment and
the service providers environment.
two.)
A. Install the directory synchronization tool on a computer in the perimeter network.

B. Install the directory synchronization tool on a computer on the internal network.
C. Create a directory synchronization service account with membership in the Domain Users group.
D. Create a directory synchronization service account with membership in the Domain Admins group.
Answer: BC
QUESTION 31
DS). Journaling is in use for all inbound and outbound email messages. The company intends to transition
to Exchange Server 2010 SP1.
During the coexistence, you will have the following requirements:
Export new journal and transport rules created in the Exchange Server 2007 SP2 system.
Ensure that the exported rules are available for import in the Exchange Server 2010 SP1 environment.
two.)
A. From the Exchange Server 2010 SP1 Hub Transport server, export the journal rules.
B. From the Exchange Server 2007 SP2 Hub Transport server, export the transport rules.
C. From the Exchange Server 2010 SP1 Hub Transport server, export the transport rules.
D. From the Exchange Server 2007 SP2 Hub Transport server, export the journal rules.
Answer: AC
QUESTION 32
A company has an Exchange Server 2010 environment that includes several shared mailboxes. You need
to recommend a solution for enabling multiple users to act as the mailbox owner when sending mail from a
shared mailbox.
A. Assign FullAccess permissions for the shared mailbox to the users

B. Assign SendAs permissions for the shared mailbox to the users
C. Add the users to a management role group as delegates
D. Add the users to the shared mailbox as delegates
Answer: B
QUESTION 33
DS).
Members of the Legal security group must be able to do the following:
Perform keyword searches across all mailboxes.

Store the search results in a secure mailbox.
Which two actions should you recommend? (Each correct answer presents part of the solution.Choose
two.)
A. Perform searches from the Exchange Control Panel, and export search results to a discovery mailbox.
B. Add members of the Legal security group to the Organization Management role group.
C. Perform searches by running the Export-Mailbox cmdlet, and export search results to a discovery
mailbox.
D. Add members of the Legal security group to the Discovery Management role group.
Answer: AD
QUESTION 34
A corporate environment includes Exchange Server 2010. You need to recommend a solution that enables
only support technicians to manage their Exchange Server 2010 distribution group configurations.
A. Replace the default role assignment policy.

B. Add a management role group delegate.
C. Create a management role assignment policy.
D. Add a management role.
Answer: C
Understanding Management Role Assignment Policies

A management role assignment policy is a collection of one or more end-user management roles that
enables end users to manage their own Microsoft Exchange Server 2010 mailbox and distribution group
configuration. Role assignment policies, which are part of the Role Based Access Control (RBAC)
permissions model in Exchange 2010, enable you to control what specific mailbox and distribution group
configuration settings your end users can modify. Different groups of users can have role assignment
policies specialized to them.
Note:
This topic focuses on advanced RBAC functionality. If you want to manage basic Exchange 2010
permissions, such as using the Exchange Control Panel (ECP) to add and remove members to and from
role groups, create and modify role groups, or create and modify role assignment policies, see
Understanding Permissions.
The following are the various layers that make up the role assignment policy model:
Mailbox Mailboxes are assigned a single role assignment policy. When a mailbox is assigned a role
assignment policy, the assignments between management roles and a role assignment policy are applied to
the mailbox. This grants the mailbox all of the permissions provided by the management roles.
Management role assignment policy The management role assignment policy is a special object in
Exchange 2010. Users are associated with a role assignment policy when their mailboxes are created, or if
you change the role assignment policy on a mailbox. This is also what you assign end-user management
roles to. The combination of all the roles on a role assignment policy defines everything that the user can
manage on his or her mailbox or distribution groups.
Management role assignment A management role assignment is the link between a management role
and a role assignment policy. Assigning a management role to a role assignment policy grants the ability to
use the cmdlets and parameters defined in the management role. When you create a role assignment
between a role assignment policy and a management role, you can't specify any scope. The scope applied
by the assignment is based on the management role and is either Self or MyGAL. For more information,
see Understanding Management Role Assignments.
Management role A management role is a container for a grouping of management role entries. Roles
are used to define the specific tasks that a user can do with his or her mailbox or distribution groups. A
management role entry is a cmdlet, script, or special permission that enables each specific task in a
management role to be performed. You can only use end-user management roles with role assignment
policies. For more information, see Understanding Management Roles.
Management role entry Management role entries are the individual entries on a management role that
determine what cmdlets and parameters are available to the management role and the role group. Each
role entry consists of a single cmdlet and the parameters that can be accessed by the management role.
QUESTION 35
Client Access servers that are load balanced by a hardware load balancer. The load balancer is configured
to perform SSL offloading only when users access Outlook Web App
(OWA).
You need to recommend a solution for ensuring that passwords are never transmitted in clear text when
users access OWA.
A. Modify the internal URI on the Client Access servers.

B. Enable integrated Windows authentication.
C. Modify the external URI on the Client Access servers.
D. Enable forms-based authentication.
Answer: B
QUESTION 36
A corporate environment includes client computers that run Windows 7 and Microsoft Outlook 2010. The
client computers are joined to an Active Directory Domain Services (AD DS) domain. Email services are
provided by a cloud-based Exchange Server 2010 SP1 service provider.
You need to recommend a method for automatically protecting email messages that contain the phrase Top
Secret in the subject line from being read by unauthorized users. In addition, you need to ensure that those
messages are protected in the message senders Sent Items folder.
A. Implement message classification and an associated transport rule.

B. Use Active Directory Rights Management Services (AD RMS) and Information Rights Management
(IRM) transport rules.
C. Use Active Directory Rights Management Services (AD RMS) and Outlook protection rules.
D. Use Secure/Multipurpose Internet Mail Extensions (S/MIME).
Answer: C
Understanding Outlook Protection Rules

Information workers exchange sensitive information such as financial reports and data, customer and
employee information, and confidential product information and specifications, by e-mail everyday. In
Microsoft Exchange Server 2010, Microsoft Outlook, and Microsoft Office Outlook Web App, users can
apply Information Rights Management (IRM) protection to messages by applying an Active Directory Rights
Management Services (AD RMS) rights policy template. This requires an AD RMS deployment in the
organization. For more information about AD RMS, see Active Directory Rights Management Services.
However, when left to the discretion of users, messages may be sent in clear text without IRM protection. In
organizations that use e-mail as a hosted service, there's a risk of information leakage as a message
leaves the client and is routed and stored outside the boundaries of an organization. Although e-mail
hosting companies may have well-defined procedures and checks to help mitigate the risk of information
leakage, after a message leaves the boundary of an organization, the organization loses control of the
information. Outlook protection rules can help protect against this type of information leakage.
Automatic IRM Protection in Outlook 2010
In Exchange 2010, Outlook protection rules help your organization protect against the risk of information
leakage by automatically applying IRM-protection to messages in Outlook 2010. Messages are IRM-
protected before they leave the Outlook client. This protection is also applied to any attachments using
supported file formats.
When you create Outlook protection rules on an Exchange 2010 server, the rules are automatically
distributed to Outlook 2010 by using Exchange Web Services. For Outlook 2010 to apply the rule, the AD
RMS rights policy template you specify must be available on users' computers.
Important:
If a rights policy template is removed from the AD RMS server, you must modify any Outlook protection
rules that use the removed template. If an Outlook protection rule continues to use a rights policy template
that's been removed, and transport decryption is enabled in the organization, the Decryption agent will fail to
decrypt the message protected with a template that's no longer available. If transport decryption is
configured as mandatory, the Hub Transport server will reject the message and send a non-delivery report
(NDR) to the sender. For more details about transport decryption, see Understanding Transport Decryption.
For more details about AD RMS rights policy templates, see AD RMS Policy Template Considerations.
In Windows Server 2008, rights policy templates can be archived instead of deleted. Archived templates
can still be used to license content, but when you create or modify an Outlook protection rule, archived
templates aren't included in the list of templates.
Outlook protection rules are similar to transport protection rules. Both are applied based on message
conditions, and both protect messages by applying an AD RMS rights protection template. However,
transport protection rules are applied on the Hub Transport server by the Transport Rules agent. Outlook
protection rules are applied in Outlook 2010, before the message leaves the user's computer. Messages
protected by an Outlook protection rule enter the transport pipeline with IRM protection already applied.
Additionally, messages protected with an Outlook protection rule are also saved in an encrypted format in
the Sent Items folder of the sender's mailbox.
QUESTION 37
Client computers run Windows 7 and Microsoft Outlook 2010.
A transport rule is configured to apply a disclaimer to all outbound email messages. The transport rule is not
applying the disclaimer to encrypted email messages.
You need to recommend a solution that allows the existing transport rule to apply the disclaimer to
encrypted email messages.
A. Mutual Transport Layer Security (MTLS)

B. message classification
C. Active Directory Rights Management Services (AD RMS)
Answer: C
Understanding Transport Protection Rules

E-mail messages and attachments increasingly contain business critical information such as product
specifications, business strategy documents, and financial data, or personally identifiable information (PII)
such as contact details, social security numbers, credit card numbers, and employee records. There are a
number of industry-specific and local regulations in many parts of the world that govern the collection,
storage, and disclosure of PII.
To help protect sensitive information, organizations create messaging policies that provide guidelines about
how to handle this information. In Exchange Server 2010, you can use transport protection rules to
implement these messaging policies by inspecting message content, encrypting sensitive e-mail content,
and using rights management to control access to the content.
Transport Protection Rules and AD RMS
Transport protection rules allow you to use transport rules to IRM-protect messages by applying an Active
Directory Rights Management Services (AD RMS) rights policy template.
Note:
AD RMS is an information protection technology that works with Rights Management Service (RMS)-
enabled applications and clients to protect sensitive information online and offline. To use IRM protection in
an on-premise Exchange deployment, Exchange 2010 requires an on-premise deployment of the Windows
Server 2008 operating system AD RMS.
AD RMS uses XML-based policy templates to allow compatible IRM-enabled applications to apply
consistent protection policies. In Windows Server 2008, the AD RMS server exposes a Web service that
can be used to enumerate and acquire templates. Exchange 2010 ships with the Do Not Forward template.
When the Do Not Forward template is applied to a message, only the recipients addressed in the message
can decrypt the message. The recipients can't forward the message to anyone else, copy content from the
message, or print the message.
Additional RMS templates can be created in the on-premises AD RMS deployment to meet rights protection
requirements in your organization.
Important:
If a rights policy template is removed from the AD RMS server, you must modify any transport protection
rules that use the removed template. If a transport protection rule continues to use a rights policy template
that's been removed, the AD RMS server will fail to license the content to any of the recipients, and a non-
delivery report (NDR) will be delivered to the sender.
In Windows Server 2008, rights policy templates can be archived instead of deleted. Archived templates
can still be used to license content, but when you create or modify a transport protection rule, archived
templates aren't included in the list of templates.
For more information about creating AD RMS templates, see AD RMS Rights Policy Templates Deployment
Step-by-Step Guide.
QUESTION 38
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1 with stand-
alone Edge Transport servers in a perimeter network.
The company plans to move a subset of Exchange users to a cloud-based Exchange Server 2010 SP1
service.
The security team has the following requirements:
Manage mailbox audit logging for the on-premise and cloud-based Exchange servers.
Search message tracking logs for all on-premise Exchange servers.
A. Use group policy to manage audit settings. Add the security team members to the local Administrators
group on each of the on-premise Exchange servers.
B. Add the security team members to the Organization Management, Recipient Management, and Records
Management management role groups in both environments. Add the security team members to the
local Administrators group on each of the on-premise Exchange servers.
C. Use group policy to manage audit settings. Add the security team members to the Server Management
management role group in both environments.
D. Add the security team members to the Organization Management, Recipient Management, Records
Management, and Server Management management role groups in both environments.
Answer: B
QUESTION 39
A corporate environment includes Exchange Server 2010. Users currently access mailboxes remotely by
using Outlook Web App (OWA). You need to recommend a method of identifying the browser types and
versions used to access OWA.
A. Analyze the message tracking log files.

B. Analyze the IIS log files.
C. Run the Exchange Remote Connectivity Analyzer.
D. Run the Tracking Log Explorer.
Answer: B
QUESTION 40
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1. The company
intends to migrate to a cloud-based Exchange Server 2010 SP1 service.
The security team needs to perform the following tasks:
Search multiple mailboxes for messages that meet specific criteria.

Store search results in a specific mailbox.
You need to recommend a solution for enabling security team members to perform the tasks.
To which group should you recommend the security team members be assigned?
A. the Domain Admins security group

B. the Discovery Management role-based access control (RBAC) role group
C. the Enterprise Admins security group
D. the Records Management role-based access control (RBAC) role group
Answer: B
QUESTION 41
Mailbox server, one Client Access server, one Hub Transport server, and one Edge Transport server.
You need to recommend a solution for inserting specific text in every email message as it is sent.
A. Create a transport rule on the Hub Transport server.

B. Create a send connector on the Hub Transport server.
C. Create a transport rule by using an Active Directory Rights Management Services (AD RMS) template.
D. Create a transport rule on the Edge Transport server.
Answer: A
QUESTION 42
A corporate environment will include Exchange Server 2010. You are designing a deployment plan for the
Mailbox servers.
You need to recommend the minimum amount of physical memory that supports the following
requirements:
Use single-role Mailbox servers

Each Mailbox server must support 22.5 GB of database cache
How much memory should you recommend?
A. 64 GB
B. 24 GB
C. 48 GB
D. 32 GB
Answer: D
QUESTION 43
organization will have Exchange Server 2010 Service Pack 1 (SP1) installed.
Contoso has a partner company named Fabrikam, Inc. Fabrikam has an Exchange organization that
contains only Exchange Server 2010 SP1 servers.
You plan to configure a federation trust between Fabrikam and Contoso.
You need to recommend a certificate for the federation trust.
Which of the following certificates is the best recommendation? (More than one answer choice may achieve
A. a certificate from a third-party certification authority (CA)

B. the self-signed certificate automatically generated by the Exchange 2010 Setup wizard
C. the self-signed certificate automatically generated by the New Federation Trust wizard
D. a certificate from an internal certification authority (CA)
Answer: C
QUESTION 44
Office Outlook 2010.
You are designing a sharing solution for your organization and a partner organization. The partner
organization also uses Exchange Server 2010.
You need to recommend a strategy for sharing information with the partner organization to meet the
Provide cross-organizational access to user contacts

Provide cross-organizational access to free\busy information
A. Implementing Microsoft Identify Lifecycle Manager (ILM) 2007

B. Implementing Federated Delegation
C. Running the Microsoft Exchange Inter-Organization Replication tool
D. Creating cross-forest trusts
Answer: B
QUESTION 45
Contoso, Ltd. has an Exchange Server 2010 environment that accepts email for the contoso.com email
domain. Fabrikam, Inc. has an Exchange Server 2010 environment that accepts mail for the fabrikam.com
email domain.
Contoso acquires Fabrikam and establishes an internal network connection between the two companies.
After the acquisition, only the Contoso Exchange Server environment accepts external email. You have the
Retain existing fabrikam.com email addresses.
Enable users in both Exchange Server environments to receive mail at contoso.com email addresses.
Which two actions should you recommend? (Each correct answer presents part of the solution.Choose
two.)
A. Create an internal relay accepted domain for contoso.com.

B. Create an external relay accepted domain for contoso.com.
C. Create an internal receive connector.
D. Create an internal send connector.
Answer: AD
QUESTION 46
two Client Access servers, two Hub Transport servers, and two Mailbox servers on the internal network,
and two Edge Transport servers in a perimeter network. An edge subscription is in place between the Hub
Transport servers and the Edge Transport servers.
When an Edge Transport server fails, messages accepted by that server are not delivered.
You need to recommend a solution for ensuring that messages accepted by either Edge Transport server
are attempted for delivery if either Edge Transport server fails.
A. Enable shadow redundancy.

B. Create a new remote domain.
C. Create a new send connector.
D. Enable back pressure.
Answer: A
Understanding Shadow Redundancy

High availability strategies for Exchange have focused on the availability and recoverability of data stored in
mailbox databases. When you implement a highly available solution for your Mailbox servers, the e-mail
messages won't be lost, and they can easily be recovered after a failure, after they arrive in a mailbox.
However, these strategies didn't extend to messages while they're in transit. If a Hub Transport server fails
while processing messages and can't be recovered, data loss could occur. As the volume of messages
processed by Hub Transport servers increases, potential data loss becomes an increasing concern for
administrators.
Microsoft Exchange Server 2007 introduced the transport dumpster feature for the Hub Transport server
role. An Exchange 2007 Hub Transport server maintains a queue of messages delivered recently to
recipients whose mailboxes are on a clustered mailbox server. When a failover is experienced, the
clustered mailbox server automatically requests every Hub Transport server in the Active Directory site to
resubmit mail from the transport dumpster queue. This prevents mail from being lost during the time taken
for the cluster to fail over. While this does provide a basic level of transport redundancy, it's only available
for message delivery in a cluster continuous replication (CCR) environment and doesn't address potential
message loss when messages are in transit between Hub Transport and Edge Transport servers.
Exchange Server 2010 introduces the shadow redundancy feature to provide redundancy for messages
for the entire time they're in transit. The solution involves a technique similar to the transport dumpster. With
shadow redundancy, the deletion of a message from the transport databases is delayed until the transport
server verifies that all of the next hops for that message have completed delivery. If any of the next hops fail
before reporting back successful delivery, the message is resubmitted for delivery to that next hop.
Shadow redundancy provides the following benefits:
It eliminates the reliance on the state of any specific Hub Transport or Edge Transport server. As long
as redundant message paths exist in your routing topology, any transport server becomes disposable.
If a transport server fails, you can remove it from production without emptying its queues or losing
messages.
If you want to upgrade a Hub Transport or Edge Transport server, you can bring that server
offline at any time without the risk of losing messages.
It eliminates the need for storage hardware redundancy for transport servers.
It consumes less bandwidth than creating duplicate copies of messages on multiple servers. The only
additional network traffic generated with shadow redundancy is the exchange of discard status
between transport servers. Discard status is the information each transport server maintains. It indicates
when a message is ready to be discarded from the transport database.
It provides resilience and simplifies recovery from a transport server failure.
Shadow redundancy is implemented by extending the SMTP service. The service extensions allow SMTP
hosts to negotiate shadow redundancy support and exchange discard status for shadow messages.
QUESTION 47
Your company has offices in New York and Miami. The offices connect to each other by using a dedicated
WAN link. Each office has a direct connection to the Internet. An Active Directory site exists for each office.
Each office contains one Mailbox server, two Hub Transport servers, and two Client Access servers. All
servers have Exchange Server 2010 Service Pack 1 (SP1) installed and run Windows Server 2008 R2. The
Mailbox servers are configured as shown in the following table.
You need to recommend a high-availability solution for the Mailbox servers that meets the following
requirements:
The mailbox databases must be automatically available if a single Mailbox server fails.
The mailbox databases must be automatically available if the WAN link between the offices fails.
The mailbox databases must be available if all of the Exchange servers in an office become unavailable,
after an administrator performs a manual failover.
A. Add a Mailbox server to each office.

Create one database availability group (DAG).
Add all Mailbox servers to the DAG.
Add a file share witness to the Miami office.
Create a copy of each mailbox database.
B. Add a Mailbox server to each office.
Create two database availability groups (DAGs).
Add one Mailbox server from each office to each DAG.
Add a file share witness to each office.
C. Add two Mailbox servers to the Miami office.
Add one Mailbox server to the New York office.
Create two database availability groups (DAGs).
Add all of the Mailbox servers in the Miami office to one of the DAGs.
Add all of the Mailbox servers in the New York office to the other DAG.
Add a file share witness to each office.
D. Add two Mailbox servers to each office.
Create one database availability group (DAG).
Add all of the Mailbox servers in the Miami office to the DAG.
Add a file share witness to the New York office.
Answer: B
QUESTION 48
A corporate environment will include Exchange Server 2010 in two Active Directory Domain Services (AD
DS) sites.
You need to recommend a solution that provides a single connection point for all Outlook Web App (OWA)
connections.
A. Deploy one Client Access server array for each AD DS site.

B. Deploy one Client Access server array.
C. Configure a hardware load balancer for the Client Access servers.
D. Configure Autodiscover in each AD DS site for a common internal URL.
Answer: C
Answers to the 10 most Common Questions on the Exchange CAS-Array.
During my stay at TechEd 2010 in New Orleans, I had to work the Exchange Server 2010 Flexibility and
Reliability booth. Although most questions were on the Exchange DAG, the second most popular discussion
was around the Client Access Server (CAS) and CAS-Arrays.
Hence, the 10 most predominant questions (and of course, the answers to them);
Q1. Is it true that there can be only 1 CAS Array?
A1. There can be only 1 CAS Array per Active Directory Site. The name of the CAS Array is stored as a
string on the AD-Site object. When you use the Powershell command New-ClientAccessArray you see that
you have to provide an AD-Site by means of the –Site parameter.
Q2. Can I create a CAS Array when I need it, or do I need to set it up in advance?
A2. No, you can create a CAS Array whenever you need it. But keep in mind that an Exchange Database is
‘linked’ to a certain CAS Server or CAS Array. If you do not create a CAS Array up front, and decide to
create one after Exchange databases have been created, you have to manually ‘link’ the existing database
to the CAS Array. (This can be done with the Powershell commandlet Set-MailboxDatase; Get-
MailboxDatase | Set-MailboxDatabase –RPCClientAccessServer ‘cas-array.domain.local’) Otherwise,
clients will keep using the first CAS Server rather then the CAS arrray for accessing the mailbox server.
Luckily, you can have a CAS array with only one server. Since best practice is to install the CAS Server
before creating an Exchange 2010 mailbox server, create the CAS right after creating the CAS server.
Q3. Is it true that there can be only 8 servers in a CAS Array?

A3. No. There can be any number of CAS servers in a CAS Array. But since many use Microsoft’s Network
Load Balancing for load balancing client access to the servers, they are limited to 8 servers; it a limit
imposed by Microsoft Network Load Balancing, not by the CAS Array design).
Q4. Can I stretch a CAS Array over multiple IP-Subnets?

A4. Depends. There can be only one CAS Array per AD-Site. So if both IP Subnets are in a different AD-
Site, you cannot.
Q5. Do I need a Hardware Load Balancer in front of my CAS Array?

A5. Not necessarily. Depending on the clients you want to support (EAS, POP, IMAP, OWA, Outlook, RPC
over HTTPS) certain load balancing solutions are better suited then others. I have seen Microsoft Network
Load Balancing seen used with success, whilst others have problems with this ‘free’ solution. All different
protocols require different affinity implementations on the load balancer, some protocols support redirection,
some support proxying.
Q6.Do I need CAS arrays in my primary site and my DR site?

A6. Most probably yes. Although DAG’s can span sites, you need to set up a CAS array in your primary
site and in your DR site.
Q7. If my DAG fails over to my DR site, will my clients still be able to connect?
A7. Most probably not. Remember; You will have a different CAS Array (with a different CAS Array name)
in the DR Site. Since the mailbox database is linked to a specific CAS Array, if the primary site fails, the
databases might be up and running in the DR site, but the clients will still try to access the CAS Array in the
failed site. So you need to change the RPCClientAccessServer on the mailbox databases that are now in
the DR site. If you set it to the name of the CAS Array in the DR site, client will now need to access the
database by means of the CAS Array name in the DR Site. This can be done by means of autodiscovery,
but if you have older Outlook clients, you have to change the outlook profile. Furthermore, take DNS into
account in such a scenario; start by lowering the TTL of the DNS records of the CAS Array’s name so that
in case of a failure you can change DNS records fast. (That’s also important for all other clients besides of
Outlook!)
Q8. If I upgrade from Exchange Server 2003 or 2007 to Exchange Server 2010, can I replace the old
CAS servers or Front-Ends with Exchange 2010 CAS servers first?
A8. No. An Exchange Server 2010 CAS server will not serve mailboxes that are running on older versions
of Exchange. So if you still have mailboxes on let’s say Exchange 2007 servers, you will need an Exchange
Server 2007 CAS server to service those clients. If you try to access the Exchange 2007 mailbox through
the Exchange 2010 CAS server, the server will redirect the client to the Exchange 2007 CAS (if the protocol
supports it). So in stead of replacing the ‘old’ CAS servers, install NEW CAS servers. This introduces some
extra complexity; since the new CAS server(s) or CAS array cannot have the same name as the old CAS
Server(s) or array, you need to introduce a new namespace or DNS name. And, because of that, you might
have to purchase new certificates. Yes, the CAS role is the most tricky role in the Exchange portfolio of
server roles…
Q9. How many CAS Servers do I need?

A9. Although this answer depends on a lot of important factors like server sizing, protocols used, client
profile, etc. there is a rule of thumb here; You will need approximately 3 CAS servers for each 4 mailbox
servers.
Q10. How many certificates (of what sort) do I need for my CAS Servers?
A10. It all depends. For one single CAS array you will obviously need at least one certificate; a certificate
that has the name of the CAS ARRAY. That certificate can be used on all servers in the CAS Array. If you
have let’s say 2 CAS arrays in 2 sites, and each CAS array serves as a fallback for the other CAS array, it is
recommended that you purchase a SAN certificate with the names of both CAS arrays in it. Install that
certificate on all CAS servers in both arrays/sites. But there could be other scenario’s that would require you
to put more names on the SAN certificate. You can also use wildcard certificates, but make sure that all
your clients support wild card certificates. For example, most older Windows Mobile devices will have
problems with wildcard certificates. Always make sure that the root CA of the certificate is trusted by the
device you use.
QUESTION 49
A corporate environment includes a two-node Exchange Server 2010 Client Access server array.
You are designing a disaster recovery plan for the Client Access servers. The plan must meet the following
requirements:
Back up the SSL certificates.

Back up the Windows Network Load Balancing (NLB) configuration.
Back up only the minimum amount of data.
You need to recommend the components to back up on each Client Access server.
A. the system state and the registry

B. only the system state
C. the registry and the system volume
D. the system state and the system volume
Answer: D
Pass4Sure had B as the correct answer however I feel that D is the more appropriate answer for this
question
Exchange Server 2010 Client Access Server Backup and Recovery
The Exchange Server 2010 Client Access Server role is responsible for client connectivity to mailboxes. All
client connection methods are provided by the Client Access server, including:
MAPI (eg connecting via Outlook on the LAN)

HTTPS (eg Outlook Web App, ActiveSync, or Outlook Anywhere)
IMAP
POP3
The only client connections to Mailbox server resources that the Client Access server does not provide are
Outlook clients connecting to Public Folder databases. Outlook connects directly to the Mailbox server for
public folders.
What Needs to be Backed Up on Client Access Servers?
To plan for backup and recovery of the Client Access server you should start by knowing where the server
stores its configuration and data.
Active Directory – the majority of the Client Access server configuration is stored in Active Directory. For
example the internal and external URL settings of the OWA virtual directory are stored in Active Directory.
Exchange 2010 Client Access server settings stored in Active Directory
However not all of the settings for these Client Access server features are stored in Active Directory.
System State – the system state of the Client Access server stores important information such as the SSL
certificates installed on the server, and service configuration information (eg dependencies and startup
options). If the server is a member of an Exchange 2010 CAS array the NLB configuration is also stored in
the system state. Finally if there are other applications installed on the server then those will likely have
settings stored in the registry as well.
File System – because of the Client Access server’s integration with IIS there are multiple configuration
files stored on the file system itself for components such as the OWA virtual directory. The IIS root config
file (aka the IIS metabase) is also stored in the file system.
Planning the Client Access Server Backup

As you plan the Client Access server backup strategy there are different techniques that you can consider
depending on your requirements.
Backing up Everything
A full system backup of the Exchange 2010 Client Access server, along with a working Active Directory, will
have all of the required information to recover the Client Access server. Naturally this backup takes the
longest to run, and will use up the most backup storage.
Backup up the Minimum

To reduce backup storage and keep the backup time frame shorter the minimum data on the Client Access
server can be backed up. This involves backing up the system state of the server, and configuration files
stored in the \ClientAccess path of the Exchange Server 2010 installation folder (C:\Program Files
\Microsoft\Exchange Server\V14 by default).
Backing up Nothing
It may be practical to not back up the Client Access server at all if:
There are multiple, redundant Client Access servers deployed (ie Client Access Server Array)
The SSL certificates are exported or retrievable from elsewhere
Customizations to the Client Access server virtual directories can be quickly reapplied using an existing
script
If all of those conditions are true then the Client Access server may not need to be backed up at all.
QUESTION 50
A company deploys Exchange Server 2010. The environment includes three datacenters located in New
York, Dallas and Miami. Each datacenter is configured as an Active Directory Domain Services (AD DS)
site. Each site has one Client Access server, one Hub Transport server and one Mailbox server. The
Mailbox servers in New York and Dallas are configured in a database availability group (DAG).
Ensure that mail flow is not interrupted if any one Hub Transport server fails.
Deploy the minimum number of additional servers.
A. Deploy one additional Hub Transport server in New York and one additional Hub Transport server in
Dallas.
B. Add the Hub Transport role to the Client Access server in Miami.
C. Deploy one additional Hub Transport server in each site.
D. Deploy one additional Hub Transport server in Miami.
Answer: C
QUESTION 51
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1 and an Active
Directory Domain Services (AD DS) domain.
The company plans to move some users to a cloud-based Exchange Server 2010 SP1 environment.
The migration process must meet the following requirements:
Integrate the on-premise environment with the cloud-based environment.

Migrate all existing mailbox items.
Authenticate all users by using their AD DS credentials.
Share calendar availability information among all users.
You need to recommend a tool for gathering information and verifying that the requirements can be met.
Which tool should you recommend?
A. Exchange Deployment Assistant

B. Exchange Best Practices Analyzer
C. Exchange Pre-Deployment Analyzer
D. Exchange Remote Connectivity Analyzer
Answer: A
Exam L
QUESTION 1
A corporate environment will include Exchange Server 2010.
You are planning capacity for the Mailbox servers. You require 800 GB of disk space for mailbox content.
You need to recommend the minimum amount of additional space required for content indexing.
A. 160 GB
B. 96 GB
C. 120 GB
D. 80 GB
Answer: D
Content Indexing
Content indexing creates an index, or catalog, that allows users to easily and quickly search through their
mail items rather than manually search through the mailbox. Exchange 2010 creates an index that is about
10 percent of the total database size, which is placed on the same LUN as the database. Therefore, an
additional 10 percent needs to be factored into the database LUN size for content indexing.
http://technet.microsoft.com/en-us/library/ee832796.aspx
QUESTION 2
Pack 1 (SP1) installed. The organization contains the servers configured as shown in the
following table.
You plan to deploy a line-of-business application named App1. App1 will have a built-in SMTP service that
will send e-mail messages to users in the Exchange organization.
You need to recommend a message routing solution that meets the following requirements:
Ensures that App1 can send e-mail messages to internal users.

Prevents other servers on the internal network from sending e-mail messages to internal users.
Ensures that each e-mail message received by the Exchange organization is scanned for viruses.
You install Microsoft Forefront Protection 2010 for Exchange Server on both Edge Transport servers.
A. On Edge1, create a new internal Receive connector.
From the properties of the new Receive connector, configure the Remote Network settings to include
the IP address of App1, and then add the Anonymous users permission group to the Receive connector.
From the properties of the default internal Receive connector on Edge1, exclude the IP addresses of the
internal network.
On the server that hosts App1, configure the SMTP service to relay e-mail to Edge1.
B. On Hub1, install Forefront Protection 2010 for Exchange Server.
On Hub1, create a new internal Receive connector, and then configure the Remote Network settings to
include the IP address of App1.
On the server that hosts App1, configure the SMTP service to relay e-mail directly to Hub1.
C. From the properties of the default Receive connector on Edge1, configure the Remote Network settings
to include the IP address of App1, and then add the Anonymous users permission group to the Receive
connector.
On the server that hosts App1, configure the SMTP service to relay e-mail to Edge1.
D. On Hub1, install Forefront Protection 2010 for Exchange Server.
On Hub1, add the Anonymous users permission group to the default Receive connector.
On an internal DNS server, create a Mail Exchanger (MX) record that points to Hub1.
On the server that hosts App1, configure the SMTP service to relay e-mail by using DNS name
resolution.
Answer: B
Pass4sure had A as the answer but I think B is the better answer
The App will be contained on the network and will only send email to the users in the Exchange
Environment. It will not send external email. Therefore I do not see how this App server is going to send
email to the Edge Servers and then back into the network to users.
QUESTION 3
A company has an on-premise Exchange Server 2010 SP1 environment. Client computers are joined to an
Active Directory Domain Services (AD DS) domain. Some users are hosted in a cloud-based Exchange
Server 2010 SP1 environment. An organization relationship exists
between the on-premise and cloud-based environments.
Administrative assistants with mailboxes in the on-premise environment must be able to view contacts in
cloud-based user mailboxes.
A. a federation trust
B. a sharing policy
C. a remote domain
D. an Outlook protection rule
Answer: B
Create a Sharing Policy

You can use sharing policies to control how users in your organization can share calendar and contact
information with users outside your Exchange organization. Sharing policies support the sharing of calendar
and contact information with external federated organizations, external non-federated organizations, and
individuals with Internet access. To configure recipients to use a specific sharing policy, see Apply a
Sharing Policy to Mailboxes.
Note:
For sharing policies between federated organizations, only Microsoft Outlook 2010 and Microsoft Office
Outlook Web App users can create sharing invitations.
QUESTION 4
An organization plans to deploy Exchange Server 2010 in multiple Active Directory Domain Services (AD
DS) sites. The locations of the Client Access servers are as shown in the following table.
Users will access Autodiscover, Outlook Web App (OWA), Exchange ActiveSync, and Outlook Anywhere
only over the Internet through the URL mail.contoso.com.
Users must be able to connect to all of the services via an SSL connection without receiving errors or
warning messages.
You need to recommend an SSL certificate configuration. In addition, you need to minimize the number of
certificates purchased.
two.)
A. Use the existing self-signed certificate on CAS02.

B. Use the existing self-signed certificate on CAS01.
C. Purchase a third-party SSL certificate for CAS01 containing the autodiscover.contoso.com and mail.
contoso.com FQDNs.
D. Purchase a third-party SSL certificate for CAS02 containing the autodiscover.contoso.com and mail.
contoso.com FQDNs.
Answer: AC
QUESTION 5
Contoso, Ltd. has an Exchange Server 2010 environment. Fabrikam, Inc. has an Exchange Server 2007
environment.
Contoso acquires Fabrikam. Contoso plans to migrate the email accounts of the Fabrikam employees to
the existing Contoso Exchange Server environment. Fabrikam employees will have new Contoso email
addresses and will also maintain their existing Fabrikam email addresses for a
period of time.
You need to recommend a solution for ensuring that replies to email messages sent by Fabrikam
employees prior to the migration are directed to the migrated mailboxes.

A. In the Exchange Management Console (EMC) in the Contoso Exchange Server environment, set the
primary email address to the Fabrikam email address.
B. After the mailbox migration, run the Update-EmailAddressPolicy cmdlet for each email address policy.
C. Export the legacyExchangeDN attributes from the Fabrikam mailboxes and add them as custom X500
addresses on the new Contoso mailboxes.
D. In the Exchange Management Console (EMC) in the Contoso Exchange Server environment, add the
Fabrikam domain name to the Accepted Domains list as an authoritative domain.
Answer: C
LegacyExchangeDN / x500 Addresses
Target Audience: Hosted Microsoft Exchange Users
Things you need to know if you are moving from an external Exchange environment to Rackspace's
Hosted Exchange 2007
An Exchange server uses an internal addressing scheme that routes messages between mailboxes it
hosts. These addresses are known as LegacyExchangeDN addresses or they are sometimes referred to as
x500 addresses. When you send and receive messages on your current providers Exchange service these
LegacyExchangeDN addresses are saved with sent and received messages in your inbox. They are also
saved within your AutoComplete cache in Outlook. When you reply to or forward existing emails that are
migrated over to our system, without first importing the x500 addresses, a bounce will likely be returned if
Outlook uses the old x500 address. The bounce will resemble the following non-delivery report:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diagnostic information for administrators:
Generating server: IAD2HUB06.mex02.mlsrvr.com
IMCEAEX-_O=FIRST+20ORGANIZATION_OU=FIRST+20ADMINISTRATIVE
+20GROUP_CN=RECIPIENTS_CN=user@mex02.mlsrvr.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you still have access to your old Exchange server, you or your current provider will need to export your
LegacyExchangeDN and provide the CSV file to us via a support ticket. We will then get our Exchange
engineering specialists to upload the LegacyExchangeDN export into our environment. This will ensure that
when you reply to or forward existing messages, even if the x500 is referenced, it will deliver to the
correponding mailbox. For a quick reference the following can be keyed into a Exchange server to retrieve
the legacy data:
QUESTION 6
A corporate environment includes Exchange Server 2003 SP2. Client computers run Microsoft Office
Outlook 2003.
You deploy Exchange Server 2010 in the existing Exchange organization, and then install Exchange Server
2010 SP1 on all the Exchange Server 2010 servers. The company intends to move mailboxes from
Exchange Server 2003 SP2 to Exchange Server 2010 SP1.
You need to recommend a solution for ensuring that after their mailboxes are moved, users can open their
mailboxes by using Outlook 2003.
A. Obtain and install an SSL certificate for each Exchange Server 2010 SP1 Client Access server.
B. Configure Outlook 2003 to encrypt data between Outlook and the Exchange server.
C. Obtain and install an SSL certificate for each Exchange Server 2010 SP1 Mailbox server.
D. Configure Outlook 2003 to use NTLM authentication.
Answer: B
QUESTION 7
A corporate environment will include client computers that run Microsoft Outlook 2010. Email services will
be provided to some users by a cloud-based Exchange Server 2010 SP1 service provider and to other
users by an on-premise deployment of Exchange Server 2010 SP1.
You need to recommend a solution that will allow users in the cloud-based environment to receive internal
Out of Office replies from users in the on-premise environment.
A. Create an accepted domain.

B. Create a transport rule.
C. Create a remote domain.
D. Create an organization relationship.
Answer: D
Note PAss4Sure had C as the correct answer - however I feel that D is the better answer as most
likely there is a federated trust
Create an Organization Relationship

You can create an organization relationship with an external federated Microsoft Exchange Server 2010
organization for the purpose of sharing calendar availability (free/busy) information.
Note:
Creating an organization relationship is one of several steps in setting up federated delegation in your
Exchange 2010 organization. To review all the steps, see Configure Federated Delegation.
QUESTION 8
Hub Transport servers, two Client Access servers, and two Mailbox servers on the internal network and two
stand-alone Edge Transport servers in the perimeter network. The
Mailbox servers are in a database availability group (DAG).
You are designing a solution to allow a third-party application to send email messages to both internal users
and external users.
Ensure that the third-party application can use domain-based NTLM authentication method for outgoing
messages.
Ensure that if only one server has a hardware failure, all outgoing messages are accepted for delivery.
Minimize the cost of the solution.

A. Configure DNS round-robin rotation for SMTP connections to the Mailbox servers
B. Deploy a hardware load balancer for SMTP connections to the Edge Transport servers
C. Configure DNS round-robin rotation for SMTP connections to the Edge Transport servers
D. Deploy a hardware load balancer for SMTP connections to the Hub Transport servers
Answer: D
QUESTION 9
You are designing an Exchange Server 2010 environment. The environment will include three datacenters,
located in Seattle, Dallas, and Miami.
Each datacenter will have a separate Active Directory Domain Services (AD DS) site. The Seattle and
Miami datacenters will each contain two Mailbox servers. The Dallas datacenter will not contain Mailbox
servers. All Mailbox servers will be members of a single database availability
group (DAG).
You need to recommend the minimum file share witness configuration necessary to ensure that if the
Seattle datacenter fails, the DAG will continue to function.
A. No file share witnesses are necessary.

B. Place one file share witness in the Seattle datacenter.
C. Place one file share witness in the Seattle datacenter and one alternate file share witness in the Miami
datacenter.
D. Place one file share witness in the Dallas datacenter.
Answer: D
QUESTION 10
Edge Transport servers and two Hub Transport servers. The Edge Transport servers process Safe Sender
List information from Exchange users and have multiple IP Allow list entries.
An edge subscription is in place between the Edge Transport servers and the Hub Transport servers.
You need to recommend a solution for configuring a replacement Edge Transport server.
Recover all the send connector, receive connector, and accepted domains settings.
Recover all the IP Allow list entries.
Continue to process Safe Sender List information.
A. Configure a new Edge Transport server, restore from a Windows system state backup, and then use
B. Configure a new Edge Transport server, create and import a new edge subscription, and then use
C. Configure a new Edge Transport server, create and import a new edge subscription, and then restore
from a Windows system state backup.
D. Restore from a Windows system state backup, configure a new Edge Transport server, and then use
Answer: A
Pass4sure had B as the correct answer but I think that A is the better answer
What Needs to be Backed Up on Edge Transport Servers
To plan for backup and recovery of the Edge Transport server you first need to understand where the
server stores its configuration and data.
Active Directory Lightweight Directory Service – each Edge Transport server runs its own instance of
AD LDS, which is used to store a subset of information about recipients in the Exchange organization, as
well as information about the connectors that are established between the Edge Transport server and the
Hub Transport servers for mail flow. The AD LDS database and log files are stored on the file system of the
server.
Edge Configuration – the Edge Transport server configuration can be exported to an XML file for cloning
between servers and for recovery purposes. The Edge configuration file is stored on the file system of the
server. This does not include the Edge Subscription information that connects the Edge Transport server to
System State – the system state contains information such as service startup and dependency settings in
the registry, which is important if any settings have been modified from the defaults. The System State is
also important if extra third party applications or agents have been installed on the Edge Transport server,
local security policies have been applied, administrative accounts or groups created or modified, and a
range of other items that may be important in a recovery.
http://exchangeserverpro.com/exchange-2010-edge-transport-server-backup-and-recovery
Understanding Edge Transport Server Cloned Configuration

The Microsoft Exchange Server 2010 Edge Transport server role stores its configuration information in
Active Directory Lightweight Directory Services (AD LDS). You can install more than one Edge Transport
server in the perimeter network and use Domain Name System (DNS) round robin, a simple mechanism
that's used by DNS servers to share and distribute loads for network resources, to help balance network
traffic among the Edge Transport servers.
To make sure that all Edge Transport servers that you deploy are using the same configuration information,
you can use the provided cloned configuration scripts in the Exchange Management Shell to duplicate the
configuration of a source server to a target server.
You use cloned configuration to deploy new Edge Transport servers based on a configured source
server. The configuration information for the source server is duplicated and then exported to an XML file.
The XML file is then imported to the target server.
This topic provides an overview of the cloned configuration process. For detailed steps about configuring
your Edge Transport servers using cloned configuration, see Configure Edge Transport Server Using
Cloned Configuration.
QUESTION 11
Client Access server, one Edge Transport server, one Hub Transport server, and one Mailbox server.
Email communication between employees in two specific departments is not permitted. You need to
recommend a solution for ensuring that email messages from employees in either department are never
sent to employees in the other department.

B. Create a transport rule on the Hub Transport server.
D. Configure litigation hold on the mailboxes of the employees in both departments.
Answer: B
QUESTION 12
A corporate environment includes Exchange Server 2010 SP1.
You need to recommend a solution for recording which administrators access specific mailboxes.
A. Enable administrator audit logging.

B. Increase the mailbox logging level.
C. Enable mailbox audit logging.
D. Enable object access auditing.
Answer: C
Understanding Mailbox Audit Logging

Because mailboxes can potentially contain sensitive, high business impact (HBI) information and personally
identifiable information (PII), it's important that you track who logs on to the mailboxes in your organization
and what actions are taken. It's especially important to track access to mailboxes by users other than the
mailbox owner. These users are referred to as delegate users.
Using mailbox audit logging, you can log mailbox access by mailbox owners, delegates (including
administrators with full mailbox access permissions), and administrators. Mailboxes are considered to be
accessed by an administrator only in the following scenarios:
Discovery search is used to search a mailbox.
The New-MailboxExportRequest cmdlet is used to export a mailbox.

Microsoft Exchange Server MAPI Editor is used to access the mailbox.
When you enable audit logging for a mailbox, you can specify which user actions (for example, accessing,
moving, or deleting a message) should be logged for a logon type (administrator, delegate user, or owner).
The audit log entries also include important information such as the client IP address, host name, and
process or client used to access the mailbox. For items that are moved, the entry includes the name of the
destination folder.
QUESTION 13
2010.
Minimize the amount of effort required to apply retention tags to email messages.
Ensure that the solution functions across all folders in a mailbox.
A. Enable AutoTagging for mailboxes.

B. Implement personal tags for each users mailbox.
C. Use the Managed Folder Assistant to process mailbox folders.
D. Modify the retention policy tag by reducing the age limit for retention.
Answer: A
Enable AutoTagging For a Mailbox
[This is pre-release documentation and subject to change in future releases. This topic's current status is:
Editing.]
Applies to: Exchange Server 2010Topic Last Modified: 2009-06-02
AutoTagging automatically assigns retention tags to items in the mailbox based on a user's past tagging
behavior. These procedures show how users can enable AutoTagging for their own mailbox from the
Exchange Control Panel, and how administrators can enable AutoTagging for one or more users using the
Exchange shell.
Prerequisites
A retention policy has been assigned to the mailbox
Use ECP to enable AutoTagging for your mailbox

Use the shell to enable AutoTagging for one or more users
QUESTION 14
A corporate environment includes Exchange Server 2010 SP1.
The company plans to implement messaging records management (MRM).
You need to recommend an implementation plan that meets the following requirements:
Enable users to mark their own messages for retention.

Delete messages that have no retention value.
A. Apply a default policy tag to each user's mailbox and use personal tags.
B. Apply a litigation hold to each users mailbox and configure transport rules.
C. Apply a litigation hold to each users mailbox and configure Outlook rules.
D. Apply a default policy tag only to each user's Inbox and use personal tags.
Answer: A
QUESTION 15
(AD DS) domain named contoso.com. The Client Access server, cas01.contoso.com, has an SSL
certificate. The SSL certificate includes mail.contoso.com and
autodiscover.contoso.com. Outlook Anywhere is disabled. Client computers run Microsoft Office Outlook
2007.
After you transition the Exchange Server environment to Exchange Server 2010, Outlook displays a
warning message indicating that the SSL certificate is not trusted for connections to cas01.contoso.com.
You need to recommend an approach to resolving the problem.
A. Set the Client Access server AutoDiscoverServiceInternalUri property to autodiscover.contoso.com.

B. Set the Client Access server array FQDN property to mail.contoso.com.
C. Set the Autodiscover virtual directory ExternalUrl property to autodiscover.contoso.com.
D. Set the Autodiscover virtual directory InternalUrl property to mail.contoso.com.
Answer: A
QUESTION 16
A corporate environment includes Exchange Server 2010 and client computers that run Microsoft Outlook
2010.
The Exchange Server environment includes public folders.
Specific users must be able to perform the following tasks:
Create subfolders in the public folder hierarchy

Delete only items they create in the subfolders
You need to recommend a solution that enables the users to perform the tasks.
A. Assign the users to the Editor role.

B. Assign the users to the Owner role.
C. Assign the users to the PublishingEditor role.
D. Assign the users to the PublishingAuthor role.
Answer: D
QUESTION 17
A corporate environment includes Exchange Server 2010. Users access mailboxes by using Microsoft
Office Outlook 2003 in Cached Exchange Mode.
You need to recommend a solution for enabling users to access the global address list (GAL) when working
offline.
A. Configure public folder distribution of the offline address book.

B. Configure web-based distribution of the offline address book.
C. Add the All Users address list to the offline address book.
D. Modify the offline address book update schedule.
Answer: A
QUESTION 18
environment is configured as shown in the following table.
The company plans to move the European employee email accounts to a cloud-based Exchange Server
2010 SP1 service provider.
Route incoming messages to the appropriate Exchange Server environment.

Ensure that all employees retain their current email addresses.
Ensure that MX records do not change.
You need to recommend a solution for meeting the requirements.
A. Configure address rewriting. Configure send connectors for the on-premise Edge Transport server and
B. Configure an external relay domain for tailspintoys.com. Configure send connectors for the on premise
C. Configure address rewriting. Configure send connectors for the on-premise Hub Transport server and
D. Configure an external relay domain for wingtiptoys.com. Configure send connectors for the on premise
Answer: B
QUESTION 19
(AD DS) forest with two domains. The forest functional level is set to Windows 2000. The domain functional
level of Domain1 is set to Windows 2000 mixed. The domain functional level of Domain 2 is set to Windows
2000 native.
The AD DS infrastructure is shown in the following table.
The company plans to transition to Exchange Server 2010 SP1. The new infrastructure must support
Windows Server 2003 SP1 domain controllers. You need to recommend a solution for preparing the
existing AD DS infrastructure to support Exchange Server 2010 SP1.
Which two actions should you recommend? (Each correct answer presents part of the solutions. Choose
two.)
A. Raise the functional level of Domain1 to Windows 2000 native. Raise the functional level of the forest to
B. Replace DC3 and DC4 with domain controllers running Windows Server 2008.
C. Raise the functional level of Domain1 to Windows 2008 R2. Raise the functional level of the forest to
D. Replace DC2 and DC4 with domain controllers running Windows Server 2008 R2.
Answer: AB
QUESTION 20
A company has an on-premise Exchange Server 2010 SP1 environment and an Active Directory Domain
Services (AD DS) domain. Client computers run Microsoft Office Outlook 2003. The company plans to
migrate mailboxes to a cloud-based Exchange Server 2010 SP1 service.
You need to recommend a solution for ensuring that the global address list (GAL) in the on premise and
cloud-based environments are identical.
A. Synchronize the AD DS directory from the cloud-based environment.

B. Install and configure the Exchange Online Connector for Office Outlook 2003 in the on-premise
environment.
C. Install and configure an SMTP connector in the cloud-based environment.
D. Synchronize the AD DS directory from the on-premise environment.
Answer: D
QUESTION 21
A company named Contoso Ltd. has three offices. Each office is configured as an Active Directory site and
contains multiple Exchange servers. Each office has a team of network support technicians.
You are designing an Exchange organization for Contoso. All servers in the organization will have
Exchange Server 2010 Service Pack 1 (SP1) installed.
You need to implement a security solution to ensure that the team of network support technicians can
manage the Exchange servers in its respective office only.
A. Three custom scopes and three management role groups

B. One management role and three Active Directory security groups
C. One custom scope and one management role group
D. Three custom scopes, three management roles, and three Active Directory security groups
Answer: A
QUESTION 22
An organization plans to utilize an on-premise Exchange Server 2010 SP1 environment for employees and
a cloud-based Exchange Server 2010 SP1 service for contractors.
You need to recommend an anti-spam solution that meets the following requirements:
Minimize the amount of spam received by the on-premise servers.

Ensure that internal and external email delivery remains fully functional.
A. Point the MX records for the domain to the cloud-based servers. Configure the allowed IP addresses on
the send connector of the on-premise servers.
B. Point the MX records for the domain to the on-premise servers. Configure the allowed IP addresses on
the send connector of the cloud-based servers.
C. Point the MX records for the domain to the on-premise servers. Restrict the allowed IP addresses on the
receive connector of the cloud-based servers.
D. Point the MX records for the domain to the cloud-based servers. Restrict the allowed IP addresses on
the receive connector of the on-premise servers.
Answer: D
QUESTION 23
A corporate environment includes an on-premise deployment of Exchange Server 2010 SP1. The company
needs to share calendar availability information with a partner. The partner is using a cloud-based
Exchange Server 2010 SP1 service.
You need to recommend a solution for sharing calendar availability information for all employees with the
partner.

A. Create a federation trust and a TXT DNS record. Then create an organization relationship with the
partner.
B. Create a federation trust and a CNAME DNS record. Then create an organization relationship with the
partner.
C. Add the partner’s domain as an accepted domain. Then create a TXT DNS record and a transport rule.
D. Add the partner’s domain
Answer: A
QUESTION 24
(AD DS) domain. The AD DS site topology is configured as shown in the exhibit. (Click the Exhibit button.)
You are designing the Exchange Server deployment plan.
Deploy Exchange Server 2010 servers in two AD DS sites.

Maximize the security of the Exchange Server deployment.
two.)
Exhibit:
A. Configure DC2 as a read-only global catalog server.
B. Configure DC3 as a writable global catalog server.
C. Deploy a Mailbox server, a Hub Transport server, and a Client Access server in Site A and in Site B.
D. Deploy a Mailbox server, a Hub Transport server, and a Client Access server in Site A and in Site C.
Answer: BD
QUESTION 25
You are the Nutex Corporation's Exchange 2010 administrator. The Chief Information Officer (CIO) is
apprehensive about applying upgrades and service packs until they are needed.
What would be reasons to apply SP1 to the Exchange 2010 servers in the organization?
A. To preserve mailbox items that may have been deleted or edited by users
B. To use annotations to associate a case number or another unique identifier with a message
C. To get an estimate of search results to determine the total number and size of items returned by a
discovery search
D. To enable search results of multiple mailbox servers to copy only one instance of a unique message to
the discovery mailbox on a mailbox server running Exchange 2010 or Exchange 2010 SP1
E. To enable discovery searches of items placed on hold
Answer: BC
The following are reasons to upgrade to Exchange 2010 SP1:
You can use annotations to associate a case number or another unique identifier with a message.
You can get an estimate of search results to determine the total number and size of items returned by a
discovery search.
Discovery managers can perform a discovery search across the cloud or on-premise servers. With
Exchange 2010 SP1, a discovery manager could get an estimate of the size of the search results before
running the search, and add annotations to messages. Annotations allow a discovery manager to add
annotations to the message. For example, a discovery manager can associate a unique identifier with a
message such as a case number. The discovery manger could then search for all items with that number.
Exchange 2010 SP1 does not enable search results of multiple mailbox servers to copy only one instance
of a unique message to the discovery mailbox on a mailbox server running Exchange 2010. Exchange 2010
SP1 contains a feature called deduplication that only works on a discovery mailbox located on an Exchange
2010 SP1 Mailbox server. Deduplication copies only one instance of a unique message to a discovery
mailbox, reducing the size of the discovery mailbox size.
Exchange 2010 already includes the litigation hold feature. Litigation hold preserves mailbox contents for
discovery requests until a lawsuit has been concluded. A litigation hold will do the following:
Keep user's mailbox items in an unaltered state

Keeps mailbox items that may have been edited or deleted
Keeps mailbox items automatically deleted by MRM
QUESTION 26
Active Directory domain named nutex.com. All Exchange server roles are running Exchange 2010 SP1.
You have each server role on a separate subnet. The routers used to create the subnets have firewall
capabilities.
Which ports should be open on the firewall? (Choose two.)
A. You should consider opening TCP port 25, TCP port 135, TCP port 389, TCP port 443, TCP port 993,
and TCP ports 5060 to 5062 for the Hub Transport server to communicate with other Exchange server
roles and other services.
B. You should consider opening TCP port 53, TCP port 389, TCP port 443, TCP port 993, and TCP port
995 for the Client Access server to communicate with other Exchange server roles and other services.
C. You should consider opening TCP port 135, TCP port 389, TCP port 443, and TCP port 3268 for the
Mailbox server to communicate with other Exchange server roles and other services.
D. You should consider opening TCP port 25, TCP port 88, TCP port 389, TCP port 443, TCP port 3268,
and UDP ports 1024 to 65535 for the Unified Messaging server to communicate with other Exchange
server roles and other services.
Answer: BD
You should consider opening TCP port 25, TCP port 88, TCP port 389, TCP port 443, TCP port 3268, and
UDP ports 1024 to 65535 for the Unified Messaging server to communicate with other Exchange server
roles and other services. The Unified Messaging server needs to have TCP port 25 open for SMTP
communication with the Transport server. TCP port 88 is used for Kerberos communication. TCP port 389
is used for LDAP communication with Active Directory. TCP port 443 is used for SSL communication used
by the Unified Messaging Web service. UDP ports 1024 to 65535 are used for Unified Messaging Phone
interaction.
You should consider opening TCP port 53, TCP port 389, TCP port 443, TCP port 993, and TCP port 995
for the Client Access server to communicate with other Exchange server roles and other services. TCP port
53 is used to communicate with the DNS server. TCP port 389 is used for LDAP communication with Active
Directory. TCP port 443 is used for SSL communication used by Exchange Web services. TCP port 995 is
used for secure communication with POP3. TCP port 993 is used for secure communication with IMAP4.
You should not open TCP port 993 and TCP 5060 to 5062 for the Hub Transport server to communicate
with other Exchange server roles. A Hub Transport server will use the following:
TCP port 25 for SMTP communications.

TCP port 135 to communicate with a Mailbox server via MAPI
TCP port 389 to allow communications with Active Directory
TCP port 443 for HTTPS communications with an Active Directory Rights Management Services server
TCP port 993 is used for secure IMAP4 communication. IMAP4 is used for communication with Client
Access server. TCP 5060 to 5062 is used for communication from a Client Access server to a Unified
Messaging server. You should not consider opening TCP port 443 for the Mailbox server to communicate
with other Exchange server roles and other services. TCP port 443 is not used by the Mailbox server. TCP
port 3268 is used by the Mailbox server for LDAP access to a global catalog server.
QUESTION 27
You have successfully migrated from an on-premise Exchange 2010 organization to Exchange Online. All
clients use Microsoft Office 365.
You want to capture all edits made to user Michelle Smith's mailbox for 17 days. You want to have a rolling
legal hold to preserve the data in the mailbox, with the data not affected by any of Michelle Smith's actions.
What should you do?
A. Run the following cmdlet:

Set-Mailbox -identity "Michelle Smith" -SingleItemRecoveryEnabled $true
B. Contact the Office 365 help desk
C. Upgrade to an Exchange Online (Plan 2) subscription and contact the Office 365 help desk
D. Upgrade to an Exchange Archiving subscription and contact the Office 365 help desk
Answer: B
You should contact the Office 365 help desk to enable a Single Item Recovery (SIR) for 17 days. SIR is
enabled by default on all mailboxes in Exchange Online with a 14-day retention period. To extend or
decrease the SIR period, you must contact the Office 365 help desk.
You should not run Set-Mailbox -identity "Michelle Smith" -SingleItemRecoveryEnabled $true. This action
will enable SIR for an on-premise account. SIR is not enabled by default on an on-premise account. In this
scenario, you have upgrade Exchange 2010 to Exchange online so all accounts are in the cloudbased
service.
You do not need to upgrade to an Exchange Online (Plan 2) subscription and contact the Office 365 help
desk. A SIR can be placed on account with an Exchange Online (Plan 1) subscription if you want to have a
rolling legal
hold of 30 days or less.
You do not need to upgrade to an Exchange Archiving subscription and contact the Office 365 help desk.
An Exchange Archiving subscription provides a personal e-mail archive for users who have mailboxes on
Exchange Server 2010 and is not a requirement to have a SIR.
QUESTION 28
A company named Contoso, Ltd. has offices in Montreal, Seattle, and Denver. An Active Directory site
exists for each office. Only the Montreal site is connected to the Internet.
You are designing an Exchange organization for Contoso. All servers in the organization will have
Exchange Server 2010 Service Pack 1 (SP1) installed.
Each office will contain two Exchange servers that each has the Mailbox, Hub Transport, and Client Access
server roles installed.
You need to recommend a deployment solution for the Client Access servers.
A. One Client Access server array in each office Round-robin DNS in each office
B. A load balancing solution in each office Round-robin DNS in the Montreal office
C. One Client Access server array in each office A load balancing solution in each office
D. One Client Access server array that contains all of the Client Access servers A load balancing solution
in the Montreal office
Answer: C
QUESTION 29
A corporate environment includes Exchange Server 2010 with multiple Client Access servers.
Employees connect to the Exchange Server environment from their Exchange ActiveSync–enabled mobile
devices.
You need to recommend a solution for preventing the mobile devices from using removable storage.
A. Configure the ActiveSync virtual directory on all Client Access servers.

B. Create an Exchange ActiveSync mailbox policy and apply the policy to all mailboxes.
C. Create a Group Policy Object (GPO) that enforces the use of BitLocker To Go and apply the GPO to all
users.
D. Create a Group Policy Object (GPO) that enforces the use of BitLocker To Go and apply the GPO to all
member servers.
Answer: B
QUESTION 30
A corporate environment includes an on-premise implementation of Exchange Server 2010 SP1. The
company intends to use a cloud-based Exchange Server 2010 SP1 provider to provide email service for the
Sales team. All other mailboxes will remain in the on-premise environment.
Ensure that all users can access mailboxes by using corporate Active Directory Domain Services (AD
DS) credentials.
Ensure that all users can access a global address list (GAL) that includes all email addresses.
You need to recommend a coexistence solution that meets the requirements.
two.)
A. Implement Active Directory Federation Services 2.0 (AD FS 2.0).

B. Implement Microsoft Forefront Unified Access Gateway 2010 (UAG 2010).
C. Synchronize AD DS from the on-premise environment to the cloud-based environment.
D. Synchronize AD DS from the cloud-based environment to the on-premise environment.
Answer: AC
QUESTION 31
A corporate environment includes Exchange Server 2010. Client computers run Windows 7 and Microsoft
Outlook 2010. The client computers are joined to an Active Directory Domain Services (AD DS) domain.
You need to recommend an email security solution that meets the following requirements:
Protect email messages from being read by unauthorized users.

Protect attachments, including text files, PDF files, and XPS files.
Encrypt selected email messages when they are sent.
A. message classification
B. Mutual Transport Layer Security (MTLS)
C. Secure/Multipurpose Internet Mail Extensions (S/MIME)
D. Active Directory Rights Management Services (AD RMS)
Answer: C
QUESTION 32
organization will have Exchange Server 2010 Service Pack 1 (SP1) installed. Users connect to their
mailboxes by using either Microsoft Office Outlook 2003, Microsoft Office
Outlook 2007, or Microsoft Outlook 2010.
You need to recommend a solution that protects confidential e-mail messages against eavesdropping and
tampering. The e-mail messages must be protected while they are in transit and once they are stored.
A. Deploy Active Directory Rights Management Services (AD RMS), and then create transport rules based
on message classifications.
B. Deploy certificates from a trusted root certification authority (CA) on all transport servers, and then
configure Domain Security.
C. Issue X.509 digital certificates to all users, and then instruct the users to protect their confidential e-mail
messages by using S/MIME.
D. Require RPC encryption for all mailbox databases, and then instruct all Outlook 2003 users to connect
by using Outlook Web App (OWA) only.
E. Deploy Active Directory Rights Management Services (AD RMS), and then instruct users to protect their
confidential e-mail messages by using Outlook Protection Rules.
Answer: C
QUESTION 33
You have a Microsoft Forefront Threat Management Gateway (TMG) 2010 server that provides all Internet
access for your company.

B. Deploy a second TMG server and create a TMG array.
Answer: B
QUESTION 34
one Hub Transport server, one Client Access server, and one Mailbox server. You are designing an
infrastructure for a secondary datacenter that will provide site resiliency for
the primary datacenter that contains the existing Exchange Server environment.
Ensure that employees can access email if the primary datacenter fails.
Ensure that each Mailbox database is active in only one datacenter at a time.
Minimize the number of Exchange servers required.
two.)
A. In the secondary datacenter, deploy one server with the Hub Transport, Client Access, and Mailbox
roles. Create a database availability group (DAG) that spans both datacenters.
B. In the secondary datacenter, deploy one server with the Hub Transport and Client Access roles, and one
server with the Mailbox role. Create a database availability group (DAG) that spans both datacenters.
C. Enable datacenter activation coordination (DAC) mode.
D. Disable datacenter activation coordination (DAC) mode.
Answer: AC
QUESTION 35
DS) domain. Client computers run Windows 7 and Microsoft Outlook 2010.
Inspect all sent email messages.

Automatically apply Information Rights Management (IRM) protection to all email messages marked as
Company Confidential.
A. Deploy Active Directory Rights Management Services (AD RMS) and then create a transport rule.
B. Deploy Active Directory Rights Management Services (AD RMS) and then create an Outlook protection
rule.
C. Deploy a digital certificate to each Exchange server and then implement Mutual TransportLayer Security
(MTLS).
D. Deploy a digital certificate to each Outlook user and then use Secure/Multipurpose Internet Mail
Extensions (S/MIME).
Answer: A
QUESTION 36
Mailbox server, one Client Access server, one Hub Transport server, and one Edge Transport server. The
Mailbox server has a single database with multiple mailboxes.
Record all email messages sent to and from only specific users.
Store copies of only the recorded messages in one designated mailbox.

B. Configure journaling on the Mailbox server database.
D. Configure a litigation hold on the mailbox of each affected employee.
Answer: A
QUESTION 37
You are designing the Exchange organization for Margies Travel.
You need to ensure that all of the emails sent to the Internet by the Margie’s Travel users have return email
addresses in the required format.
Case Study Title (Case Study):

Contoso Ltd
Company Overview
Contoso, Ltd. is a wholesale travel agency.
Physical Locations
The company has offices in New York and Seattle. Each office has a call center. All IT staff and help desk
staff are located in the New York office.
Existing Environment
Contoso has a single domain named contoso.com. An Active Directory site exists for each office. The sites
connect to each other by using a high-speed WAN link. The WAN link has an average utilization rate of 90
percent during business hours.
The domain contains three domain controllers. The domain controllers are configured as shown in the
following table.
The network has an Exchange Server 2010 Service Pack 1 (SPl) organization that contains four servers.
Each mailbox database is 400 GB.
All of the servers have the following hardware configurations:

64 GB of RAM
One dual quad-core Intel Xeon processor
Two l-gigabit per second Ethernet network adapters
One RAID 10 disk array that has 12 300-GB, 15,000-RPM SAS disks for data
one RAID 1 disk array that has two 73-GB, 10,000-RPM SAS disks for program files
One RAID 1 disk array that has two 73-GB, 10,000-RPM SAS disks for the operating system
Requirements
Business Goals
Contoso has the following general requirements that must be considered for all technology deployments:
Minimize costs whenever possible.

Minimize administrative effort whenever possible.
Minimize traffic on the WAN link between the offices.
Planned Changes
Contoso acquires a company named Margie's Travel. Margie's Travel has 3,000 employees.
Margie's Travel has the following email infrastructure:
A call center, where 200 employees work

UNIX-based email hosts that users access by using POP3 and SMTP
Three departments that use the SMTP domains of margiestravel.com, east.margiestravel.com,
and blueyonderairlinesxam. Users are assigned only one email address that uses the SMTP domain of
their department
You plan to deploy a new Exchange Server 2010 SP1 organization to Margie's Travel. The new email
infrastructure must meet the following implementation requirements:
All employees must have access to their mailbox if a single server fails.
Call center employees must use windows Internet Explorer 8 to access their mailbox.
The administration of the Margie's Travel Exchange organization must be performed by a dedicated
team.
Call center employees must be prevented from accessing the calendar or journal features of Outlook
Web App.
All employees who do not work in the call center must have access to all of the Outlook web App
features.
All email messages sent to recipients outside of Margie's Travel must have a return address in the
user@margiestravel.com format.
The new email infrastructure for Margie's Travel must meet the following security requirements:
Contoso administrators must be prevented from viewing or modifying the settings of the mailboxes of
Margie's Travel users.
All inbound and outbound Internet email to and from the Margie's Travel domains must be routed
through the Hub Transport servers of Contoso.
All email messages that contain confidential customer information must be encrypted automatically
while in transit and the recipients of the messages must be prevented from forwarding them to other
users.
Compliance Requirements
Contoso must meet the following compliance requirements:
Each email message sent by an attorney from the Contoso legal department must be approved by the
manager of the legal department.
Attorneys must be able to classify email messages as "attorney-client privileged".
All messages classified as "attorney-client privileged" must contain a legal disclaimer automatically.
User Requirements
All users who have a portable computer use Microsoft Outlook 2010 when they work online and offline.
When the users work offline, they must be able to read existing email messages and create new email
messages.
Users who have a large mailbox must minimize the amount of hard disk space used by the mailbox on their
portable computer.
A. a Hub Transport server and address rewrite entries

B. an Edge Transport server and address rewrite entries
C. an Edge Transport server and Edge Transport rules
D. a Hub Transport server and Hub Transport rules
Answer: B
Section: testlet case study
the question states What should you include in the design
Hub Transport cannot be used for address rewrites. see below and transport rules on either the Hub
Transport or the Edge Transport will not work
You use address rewriting to present a consistent appearance to external recipients of messages from your
Exchange 2010 organization. Address rewriting can be valuable to organizations that use third-party
vendors to provide e-mail support and services. Customers and partners expect e-mail messages to come
from the organization, not a third-party vendor. Similarly, after a merger or acquisition, an organization might
want all e-mail messages to appear to come from the single new organization. The address rewriting
feature frees organizations to structure their businesses by business requirements instead of by technical
requirements or limitations.
You can also use address rewriting to enable appropriate routing of inbound messages from outside your
Exchange 2010 organization to internal recipients. Address rewriting enables replies to messages that were
rewritten to be correctly routed to the original sender of the rewritten message.
You configure Address Rewriting agents on the Receive connector and Send connector on a computer that
has the Edge Transport server role installed.
QUESTION 38
You need to recommend changes to the Active Directory infrastructure of Contoso. The changes must
ensure that users in all of the offices can access their local mailbox if a WAN link fails.

Contoso Ltd
Company Overview
Physical Locations
following table.
64 GB of RAM
Requirements
Business Goals

Planned Changes

their department
team.
Web App.
features.
users.
User Requirements
messages.
portable computer.
A. Deploy a read-only global catalog server to the Seattle site.

B. Deploy a read-only global catalog server to the New York site.
C. Enable universal group membership caching in the Seattle site.
D. Disable the global catalog on DC2.
E. Enable the global catalog on DC3.
F. Enable universal group membership caching in the New York site.
Answer: E
QUESTION 39
You need to recommend changes to the Exchange organization of Contoso. The changes must ensure that
users can connect to their mailbox if a single Exchange server fails. The solution must meet the business
requirements of Contoso. What should you recommend? (Choose all that
apply.)

Contoso Ltd
Company Overview
Physical Locations
following table.
64 GB of RAM
Requirements
Business Goals

Planned Changes

their department
team.
Web App.
features.
users.
User Requirements
messages.
portable computer.
A. Deploy a new hardware load balancer to each site and create a Client Access array in each site.
B. Deploy an alternate file share witness to each Mailbox server and enable Datacenter Activation
Coordination (DAC) mode.
C. Create a database availability group (DAG) that contains all of the Mailbox servers. Create four
database copies of each mailbox database.
D. Create a Network Load Balancing cluster in each site. Create a Client Access array in each site.
E. Create a database availability group (DAG) for each site. Add the Mailbox servers of each site to the
respective DAG. Create two database copies of each mailbox database.
Answer: AE
QUESTION 40
You need to recommend changes to the Exchange organization of Contoso. The solution must meet the
compliance requirements and the business goals of Contoso. What should you include in the
recommendation? (Choose all that apply.)

Contoso Ltd
Company Overview
Physical Locations
following table.
64 GB of RAM
Requirements
Business Goals

Planned Changes

their department
team.
Web App.
features.
users.
User Requirements
messages.
portable computer.
A. journal rules
B. message classification templates
C. Hub Transport rules
D. Edge Transport rules
E. Secure MIME
F. moderated recipients
Answer: BCF
Understanding Message Classifications

Message classifications are a Microsoft Exchange Server 2010 and Microsoft Office Outlook 2007 feature
intended to help organizations comply with their e-mail policies and regulatory responsibilities. When a
message is classified, the message contains specific metadata that describes the intended use or
audience of the message. Outlook 2007 or Microsoft Office Outlook Web App may act on this metadata by
displaying a user-friendly description of the classification to senders and receivers of a classified message.
In Exchange 2010, the Microsoft Exchange Transport service may act on the metadata if there's a transport
rule that meets specific criteria that you have configured.
The following list provides a brief description of some of the message classification fields that you can set:
Display name This property specifies the display name for the message classification instance. The display
name appears in the Permission menu in Outlook 2007 and Outlook Web App and is used by Outlook and
Outlook Web App users to select the appropriate message classification before a message is sent. The
display name is also displayed in the recipient description that appears in the InfoBar in an Outlook
message. The parameter name for this property is DisplayName.
Sender description This property explains to the sender what the message classification is intended to
achieve. The text that you enter for this field is used by Outlook and Outlook Web App users to select the
appropriate message classification before a message is sent. The parameter name for this property is
SenderDescription.
Recipient description This property explains to the recipient what the message classification was intended
to achieve. The text that you enter for this field is viewed by Outlook and Outlook Web App users when they
receive a message that has this message classification. The parameter name for this property is
RecipientDescription.
Locale This field specifies a culture code to create a locale-specific version of the message classification.
For more information about the locale field, see "Localizing Message Classification Instances for Different
Languages and Locales" later in this topic. The parameter name for this property is Locale.
After Outlook 2007 is enabled to accept the default message classifications, users can apply message
classification to messages that they send. Senders see the sender description in the InfoBar in Outlook
2007. By using the Exchange Management Shell, you can customize the sender description for each
message classification and locale.
Note:
Outlook Web App requires no special configuration to display or use message classifications.
Three message classifications are enabled in Exchange 2010 by default:
Attachment Removed This classification notifies recipients when attachments have been removed from
the message.
Originator Requested Alternate Recipient Mail This classification notifies recipients that the message
has been redirected from delivery to the original addressed recipient.
Partner Mail This classification notifies recipients that the message was encrypted and delivered through a
secure connector.
When you configure a recipient for moderation, all messages sent to that recipient are subject to approval
by the designated moderators. For more information about how Exchange 2010 handles recipient
moderation, see Understanding Moderated Transport.
Automatic Protection Using Transport Protection Rules
Messages containing business critical information or PII can be identified by using a combination of
transport rule conditions, including regular expressions to identify text patterns such as social security
numbers. Organizations require different levels of protection for sensitive information. Some information
may be restricted to employees, contractors, or partners; while other information may be restricted only to
full-time employees. The desired level of protection can be applied to messages by applying an appropriate
rights policy template. For example, users may mark messages or e-mail attachments as Company
Confidential. As illustrated in the following figure, you can create a transport protection rule to inspect
message content for the words "Company Confidential", and automatically IRM-protect the message.
Create a transport protection rule

For more information about creating transport rules to enforce rights protection, see Create a Transport
Protection Rule.
QUESTION 41
You need to recommend changes to the mailboxes to meet the user requirements for the portable
computers.

Contoso Ltd
Company Overview
Physical Locations
following table.
64 GB of RAM
Requirements
Business Goals

Planned Changes

their department
team.
Web App.
features.
users.
User Requirements
messages.
portable computer.
A. message classifications
B. message size limits
D. disabled Cached Exchange Mode
E. folder redirection
Answer: C
QUESTION 42
You need to recommend a Client Access solution for Margie’s Travel. The solution must meet the business
goals of Contoso. The solution must also meet the implementation requirements of Margie’s Travel.

Contoso Ltd
Company Overview
Physical Locations
following table.
64 GB of RAM
Requirements
Business Goals

Planned Changes

their department
team.
Web App.
features.
users.
User Requirements
messages.
portable computer.
A. One Client Access server and one Outlook Web App policy
B. Two Client Access servers and one Outlook Web App policy
C. Two Client Access servers and two Outlook Web App policies
D. One Client Access server and two Outlook Web App policies
Answer: C
team.
Web App.
features.
QUESTION 43
You need to recommend changes to the Exchange organization of Contoso. The changes must support the
SMTP domains of Margie’s Travel. The solution must meet the security requirements of Margie’s Travel.

Contoso Ltd
Company Overview
Physical Locations
following table.
64 GB of RAM
Requirements
Business Goals

Planned Changes

their department
team.
Web App.
features.
users.
User Requirements
messages.
portable computer.
A. Create an accepted domain for each Margie’s Travel domain and configure the new domains as
authoritative domains.
B. Create an accepted domain for each Margie’s Travel domain and configure the new domains as
external relay domains.
C. Create an accepted domain for each Margie’s Travel domain and configure the new domains as internal
relay domains.
D. Create a remote domain named margiestravel.com and configure support for all child domains.
Answer: C
QUESTION 44
You need to recommend changes to the network infrastructure to support the planned changes for Margie's
Travel.
What should you recommend creating?

Contoso Ltd
Company Overview
Physical Locations
following table.
64 GB of RAM
Requirements
Business Goals

Planned Changes

their department
team.
Web App.
features.
users.
User Requirements
messages.
portable computer.
A. A new Active Directory forest named margiestravel.com

B. A new domain named margiestravel.contoso.com in the contoso.com forest
C. Three organization units (OUs) named margiestravel.com, east.margiestravel.com, and
blueyonderairlines.com
D. A new domain named margiestravel.com in the contoso.com forest
Answer: A
QUESTION 45
You plan to deploy Microsoft Forefront Online Protection for Exchange (FOPE).
You need to recommend changes to the environment to ensure that inbound email messages from the
Internet are scanned by FOPE.

Fabrikam Inc
Company Overview
Fabrikam Inc. is a leading manufacturer of children's toys.
Physical Locations
Fabrikam has a main office in Seattle and a manufacturing plant in Los Angeles. The offices connect to
each other by using a heavily congested high-speed WAN link. Each office has a dedicated connection to
the Internet. Research and development personnel are located in both the Seattle office and the Los
Angeles office.
Active Directory Environment
Fabrikam has an Active Directory forest that contains one domain name fabrikam.com. The Active Directory
forest has the following configurations:

All domain controllers run Windows Server 2003 x86 Service Pack 2 (SP2).
The functional level of the forest and the domain is Windows Server 2003 interim.
All of the user accounts for the users in the Seattle office are located in an organizational unit (OU)
named Users\Seattle.
All of the user accounts for the users in the Los Angeles offices are located in an organizational unit
(OU) named Users\Los Angeles.
Both offices have a help desk staff. The help desk staff in each office is responsible for managing all of
the users in its respective office.
Messaging Environment
Fabrikam has an Exchange Server 2003 Service Pack 2 (SP2) organization that has the following
configurations:
A 500-MB mailbox quota for all users

An SMTP connector that has the following configurations:
Address space: *
Delivery: DNS
Local bridgehead: SEA-BE-1
Fabrikam has a partner company named Tailspin Toys; The Fabrikam Exchange servers are configured as
ETRN servers for tailspintoys.com.
The Exchange organization contains four servers. The servers are configured as shown in the following
table.
Requirements
Business Goals
Fabrikam has the following business goals:
Minimize hardware costs.

Minimize administrative effort.
Minimize WAN link utilization between the two offices.
Planned Changes
Fabrikam plans to migrate to Exchange Server 2010 Service Pack 1 (SP1).

You plan to deploy a Hub Transport server named SEA-HUB-1 in the Seattle site.
You plan to deploy a Hub Transport server named LA-HUB-1 in the Los Angeles site.
Archiving Requirements
Email messages that are older than 180 days must be moved automatically to a distinct mailbox database.
Security Requirements
Fabrikam must meet the following security requirements:
Anti-spam filtering must be performed on all email messages before the messages enter the network.
The help desk staff must be prevented from modifying user accounts for users located in remote offices.
The number of permissions assigned to the members of a group named Exchange Server
Troubleshooters must be minimized.
Redundancy Requirements
Fabrikam must meet the following redundancy requirements:
A copy of all the mailbox databases must exist in both sites.

The impact on users must be minimized if a single server fails.
Users must be able to send and receive messages if a single server fails.
All of the mailbox databases must be available if the WAN link fails between the offices.
Problem Statements
The WAN link between the Seattle office and the Los Angeles office is heavily congested. During
normal business hours, the average round-trip time for packets to travel across the WAN link is 200 ms.
The portable computer of the manager of the accounting department recently experienced a hard disk
failure. The hard disk failure resulted in the loss of more than two years of email and other personal
data.
A. Modify the sender policy framework (SPF) record of Fabrikam to point to FOPE.
B. Implement Microsoft Forefront Threat Management Gateway (TMG), and then create a federation trust.
C. Modify the mail exchange (MX) records of Fabrikam to point to FOPE.
D. Implement Forefront Protection 2010 for Exchange Server, and then create a sharing policy.
Answer: C
QUESTION 46
You are evaluating the implementation of database availability groups (DAGs). You need to recommend a
DAG implementation that meets the redundancy requirements of Fabrikam.

Fabrikam Inc
Company Overview
Physical Locations
Angeles office.

configurations:
Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. Add one Mailbox server to each site. Create two DAGs. Add one Mailbox server to each DAG.
B. Add one Mailbox server to each site. Create one DAG that contains both Mailbox servers.
C. Add two Mailbox servers to each site. Create one DAG for each site. Add the Mailbox servers for each
site to their respective DAG.
D. Add two Mailbox servers to each site. Create two DAGs. Add one Mailbox server from each site to each
DAG.
Answer: C
QUESTION 47
The members of the Exchange Servers Troubleshooters group plan to run the Test-MailFlow cmdlet
regularly.
You need to identify which Role Based Access Control (RBAC) management role must be assigned to the
Exchange Server Troubleshooters group. The solution must meet the security requirements of Fabrikam.
Which role should you identify?

Fabrikam Inc
Company Overview
Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. Organization Management
B. Help Desk
C. Server Management
D. View-Only Organization Management
E. Recipient Management
Answer: D
QUESTION 48
You need to recommend a message routing design for the period during which Fabrikam transitions from
Exchange Server 2003 to Exchange Server 2010 SP1. The solution must meet the business goals of
Fabrikam. What should you include in the recommendation?
(Choose all that apply.)

Fabrikam Inc
Company Overview
Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. a scoped Send connector that uses SEA-HUB-1 as the source server

B. a scoped Send connector that uses LA-BE-1 as the source server
C. a linked connector for each Send connector
D. a scoped Send connector that uses LA-HUB-1 as the source server
E. a scoped Send connector that uses SEA-BE-1 as the source server
F. an Exchange hub site for each site
Answer: AD
QUESTION 49
You need to recommend changes to the existing Active Directory infrastructure to support the planned
Exchange Server 2010 SP1 deployment. The solution must meet the business goals of Fabrikam.

Fabrikam Inc
Company Overview
Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. Upgrade one global catalog server in each site to Windows Server 2008 R2.
B. Raise the functional level of the forest.
C. Raise the functional level of the domain.
D. Upgrade all of the global catalog servers to Windows Server 2008 R2.
E. Upgrade all of the domain controllers to Windows Server 2008 R2.
Answer: BC
QUESTION 50
You need to recommend a solution that meets the archiving requirements of Fabrikam.

Fabrikam Inc
Company Overview
Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. recovery databases and Personal Archives

B. single item recovery and retention policies
C. single item recovery and litigation holds
D. Personal Archives and litigation holds
E. Personal Archives and retention policies
Answer: E
Pass4Sure had D as the answer but I think that E is the better answer - I do not see the need for Litigation
holds
QUESTION 51
You need to recommend a routing group configuration that meets the business requirements of Fabrikam.

Fabrikam Inc
Company Overview
Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. One routing group for each office that contains all of the Exchange servers in that office
B. One routing group that contains all of the Exchange Server 2003 servers and all of the Exchange Server
2010 SP1 servers
C. One routing group for each office that contains only the Exchange Server 2003 servers in that office and
one routing group that contains all of the Exchange Server 2010 SP1 servers
D. One routing group for each office that contains only the Exchange Server 2003 servers in that office and
one routing group for each office that contains only the Exchange Server 2010 SP1 servers in that office
Answer: C
QUESTION 52
You are evaluating the implementation of SEA-HUB1 and LA-HUB1.
You need to recommend a Hub Transport server topology that meets the redundancy
requirements of Fabrikam. The solution must also support the business goals of Fabrikam.

Fabrikam Inc
Company Overview
Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. Deploy SEA-HUB1 and an additional Hub Transport server named SEA-HUB2 to the Seattle site.
Deploy LA-HUB1 and an additional Hub Transport server named LA-HUB2 to the Los Angeles site.
Deploy a hardware load balancer to each site. Configure the virtual IP address of the load balancer to
point to the Hub Transport servers.
B. Deploy SEA-HUB1 to the Seattle site. Deploy LA-HUB1 to the Los Angeles site. Create one Send
connector in each site.
C. Deploy SEA-HUB1 to the Seattle site. Deploy LA-HUB1 to the Los Angeles site. Deploy a hardware load
balancer to each site. Configure the virtual IP address of the load balancer to point to the Hub Transport
servers.
D. Deploy SEA-HUB1 and an additional Hub Transport server named SEA-HUB2 to the Seattle site.
Deploy LA-HUB1 and an additional Hub Transport server named LA-HUB2 to the Los Angeles site.
Create one Send connector in each site.
Answer: D
QUESTION 53
You need to recommend a Client Access server design that meets the redundancy requirements of
Fabrikam.

Fabrikam Inc
Company Overview
Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. A. Two Client Access arrays

Four Client Access servers
DNS round robin
B. Two Client Access arrays
Four Client Access servers
Two hardware load balancers
C. Four Client Access servers
One hardware load balancer
DNS round robin
D. One Client Access array
Two Client Access servers
One hardware load balancer
Answer: B
QUESTION 54
You are evaluating the implementation of Exchange Server 2010 SP1 Edge Transport servers and Hub
Transport servers.
You need to recommend a solution to ensure that the Exchange Server 2010 SP1 servers can queue email
messages for tailspintoys.com.

Fabrikam Inc
Company Overview

Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. an external relay domain

B. an authoritative domain
C. a remote domain
D. an email address policy
Answer: A
QUESTION 55
You need to recommend an administrative solution for the help desk staff. The solution must meet the
security requirements of Fabrikam.

Fabrikam Inc
Company Overview

Physical Locations
Angeles office.

configurations:

Address space: *
Delivery: DNS
table.
Requirements
Business Goals

Planned Changes


Problem Statements
data.
A. a split permissions model

B. built-in security groups
C. direct role assignments
D. management role groups
Answer: D
QUESTION 56
You need to recommend changes to the network infrastructure to meet the security requirements of A.
Datum.
What should you recommend creating?

Litware, Inc
Company Overview
Litware, Inc. is a manufacturing company.

Physical Locations
The company has offices in Bangkok and Tokyo. Each office has a sales department. All network support
staff is located in the Bangkok office.
Litware has a forest that contains a single domain named litwareinc.com. An Active Directory site exists for
each office. The sites connect to each other by using a high-speed WAN link. The WAN link has an
average net available bandwidth of 15 percent during business hours.
following table.
The network has an Exchange Server 2010 Service Pack 1 (SP1) organization that contains four
servers. The servers are configured as shown in the following table.
32 GB of RAM
Two dual quad-core Intel Xeon processors
Two 1-gigabit per second network adapters
One RAID 10 disk array that has 12 300-GB, 1S,000-RPM SAS disks for data
One RAID 1 disk array that has two 73-GB, 10,000-RPM SAS disks for program files
Requirements
Business Goals
Litware has the following general requirements that must be considered for all technology deployments:

Minimize traffic on the WAN link between the Bangkok and Tokyo offices.
Planned Changes
Litware acquires a management company named A. Datum Corporation. A. Datum has 2,500 employees.
A. Datum has the following email infrastructure:
A sales department, in which 150 employees work

A third-party email infrastructure that is used for IMAP4 and SMTP
Three other departments that use the SMTP domains ofadatum.com, asia.adatum.com, and contoso.
com. Users are assigned only one email address that uses the SMTP domain of their department
You plan to deploy a new Exchange Server 2010 SP1 organization for A. Datum. The new email
Sales department employees must use Windows Internet Explorer 8 to access their mailbox,
Sales department employees must be prevented from accessing the calendar or journal features of
Outlook Web App.
All employees who do not work in the sales department must have access to all of the Outlook Web App
features.
All email messages sent to recipients outside of A. Datum must have a return address in the
user@adatum.com format.
The administration of the A, Datum Exchange organization must be performed by a dedicated team of
administrators.
The Exchange administration team for A. Datum must be distinct from the Exchange administration
team of Litware.
The new email infrastructure for A. Datum must meet the following security requirements:
Litware administrators must be prevented from viewing or modifying the settings of the mailboxes of A.
Datum users.
All inbound and outbound Internet email to and from the A. Datum domains must be routed through the
Hub Transport servers of Litware.
All email messages that contain financial information must be encrypted automatically while in transit
and the recipients of the messages must be prevented from forwarding them to users outside of the
company’ s financial department.
Litware must meet the following compliance requirements:
Each email message sent by an attorney from the Litware legal department must be approved by the
All email messages classified as "attorney-client privileged" must contain a legal disclaimer
automatically.
User Requirements
messages.
portable computer.
A. A new domain named adatum.com in the litwareinc.com forest
B. A new Active Directory forest named adatum.com
C. A new domain named adatum.litwareinc.com in the litwareinc.com forest
D. Three organization units (OUs) named adatum.com, asia.adatum.com, and contoso.com
Answer: B
QUESTION 57
You need to recommend changes to the Exchange organization of Litware. The changes must support the
SMTP domains of A. Datum. The solution must meet the security requirements of A. Datum.

Litware, Inc
Company Overview
Physical Locations
following table.
32 GB of RAM
Requirements
Business Goals

Planned Changes

Outlook Web App.
features.
administrators.
team of Litware.
Datum users.
automatically.
User Requirements
messages.
portable computer.
A. Create an accepted domain for each A. Datum SMTP domain and configure the new domains as
internal relay domains.
B. Create an accepted domain for each A. Datum SMTP domain and configure the new domains as
external relay domains.
C. Create a remote domain for each A. Datum SMTP domain.
D. Create an accepted domain for each A. Datum SMTP domain and configure the new domains as
authoritative domains
Answer: A
QUESTION 58
You need to recommend changes to the Active Directory infrastructure of Litware. The changes must
ensure that users in all of the offices can access their local mailbox if a WAN link fails.

Litware, Inc
Company Overview
Physical Locations
following table.
32 GB of RAM
Requirements
Business Goals

Planned Changes

Outlook Web App.
features.
administrators.
team of Litware.
Datum users.
automatically.
User Requirements
messages.
portable computer.
A. Enable universal group membership caching in the Tokyo site.

B. Deploy a read-only global catalog server to the Bangkok site.
C. Enable the global catalog on Server3.
D. Disable the global catalog on Server2.
E. Enable universal group membership caching in the Bangkok
F. Deploy a read-only global catalog server to the Tokyo site.
Answer: C
QUESTION 59
You need to recommend a solution to minimize the number of remote SMTP hosts that identify email
messages sent by A. Datum users as spam.

Litware, Inc
Company Overview
Physical Locations
following table.
32 GB of RAM
Requirements
Business Goals

Planned Changes

Outlook Web App.
features.
administrators.
team of Litware.
Datum users.
automatically.
User Requirements
messages.
portable computer
A. A. a service location (SRV) record in the public DNS zone of the liware.com domain
B. B. a sender policy framework (SPF) record in the internal DNS zone of the litwareinc.com domain
C. C. a sender policy framework (SPF) record in the public DNS zone of the adatum.com domain
D. D. a sender policy framework (SPF) record in the internal DNS zone of the adatum.com domain
E. E. a sender policy framework (SPF) record in the public DNS zone of the litwareinc.com domain
F. F. a service location (SRV) record in the public DNS zone of the adatum.com domain
Answer: C
QUESTION 60
You need to recommend changes to the mailboxes to meet the user requirements of the portable
computers.

Litware, Inc
Company Overview
Physical Locations
following table.
32 GB of RAM
Requirements
Business Goals

Planned Changes

Outlook Web App.
features.
administrators.
team of Litware.
Datum users.
automatically.
User Requirements
messages.
portable computer
A. disabled Cached Exchange Mode

B. disabled Outlook Anywhere
D. deleted Mailbox retention
E. message size limits
Answer: C
QUESTION 61
You need to recommend changes to the Active Directory infrastructure of Litware. The changes
must ensure that users in all of the offices can access their local mailbox if a WAN link fails.

Litware, Inc
Company Overview
Physical Locations
following table.
32 GB of RAM
Requirements
Business Goals

Planned Changes

Outlook Web App.
features.
administrators.
team of Litware.
Datum users.
automatically.
User Requirements
messages.
portable computer
A. Enable the global catalog on Server3.

B. Deploy a read-only global catalog server to the Tokyo site.
C. Disable the global catalog on Server2.
D. Enable universal group membership caching in the Bangkok site.
E. Deploy a read-only global catalog server to the Bangkok site.
F. Enable universal group membership caching in the Tokyo site.
Answer: A
QUESTION 62
You need to recommend changes to the Exchange organization of Litware.
The solution must meet the compliance requirements and the business goals of Litware.

Litware, Inc
Company Overview
Physical Locations
following table.
32 GB of RAM
Requirements
Business Goals

Planned Changes

Outlook Web App.
features.
administrators.
team of Litware.
Datum users.
automatically.
User Requirements
messages.
portable computer
A. Edge Transport rules, Secure MIME, and moderated recipients

B. journal rules, message classification templates, and moderated recipients
C. journal rules, Secure MIME, and moderated recipients
D. Hub Transport rules, message classification templates, and moderated recipients
Answer: D
QUESTION 63
You need to recommend a Client Access solution for A. Datum. The solution must meet the business goals
of Litware. The solution must also meet the implementation requirements of A. Datum.

Litware, Inc
Company Overview
Physical Locations
following table.
32 GB of RAM
Requirements
Business Goals

Planned Changes

Three other departments that use the SMTP domains of adatum.com, asia.adatum.com, and contoso.
Outlook Web App.
features.
administrators.
team of Litware.
Datum users.
automatically.
User Requirements
messages.
portable computer
A. Two Client Access servers and two Outlook Web App policies
B. Two Client Access servers and one Outlook Web App policy
C. One Client Access server and one Outlook Web App policy
D. One Client Access server and two Outlook Web App policies
Answer: A
QUESTION 64
You need to recommend a Hub Transport server solution that meets the security requirements of A. Datum.
The solution must meet the business goals of Litware.

Litware, Inc
Company Overview

Physical Locations
following table.
32 GB of RAM
Requirements
Business Goals

Planned Changes

Outlook Web App.
features.
administrators.
team of Litware.
Datum users.
automatically.
User Requirements
messages.
portable computer
A. NTFS permissions
B. Secure MIME
C. Hub Transport rules
D. Authorization Manager
E. Active Directory Rights Management Services (AD RMS)
Answer: CE
QUESTION 65
You are designing the Exchange Server 2010 SP1 organization for A. Datum. You need to ensure that all of
the email sent to the Internet by the A. Datum users has a return email address in the required format.

Datum Corporation
Company Overview
A. Datum Corporation is a leading insurance company.
Physical Locations
A. Datum has a main office in Tokyo and a manufacturing plant in Bangkok. The offices connect to each
other by using a heavily congested high-speed WAN link. Each office has a dedicated connection to the
Internet. Research and development personnel are located in both the Tokyo office and the Bangkok office.
A. Datum has an Active Directory forest that contains one domain named adatum.com. The Active Directory

All of the user accounts for the users in the Tokyo office are located in an organizational unit (OU)
named Users\Tokyo.
All of the user accounts for the users in the Bangkok office are located in an organizational unit (OU)
named Users\Bangkok.
Each office has a human resources team. The human resources team in each office is responsible for
managing all of the users in its respective office.
A. Datum has an Exchange Server 2003 Service Pack 2 (SP2) organization that has the following
configurations:

Address space: *
Delivery: DNS
Local bridgehead: TOK-BE-1
A. Datum has a partner company named Humongous Insurance. The A. Datum Exchange servers are
configured as ETRN servers for humongousinsurance.com. The Exchange organization contains six
servers. The servers are configured as shown in the
following table.
Requirements
Business Goals
A. Datum has the following business goals:

Planned Changes
A. Datum plans to migrate to Exchange Server 2010 Service Pack 1 (SP1). Each office will contain
Exchange servers.
You plan to deploy a Hub Transport server named TOK-HUB-1 in the Tokyo site.
You plan to deploy a Hub Transport server named BAN-HUB-1 in the Bangkok site.
A. Datum must meet the following security requirements:
The human resources teams must be allowed to modify only the user accounts of the users in their
respective office.
The number of permissions assigned to the members of a group named Exchange Secondary Support
Staff must be minimized.
A. Datum must meet the following redundancy requirements:

Users must be able to send and receive email messages if a single server fails.
Problem Statements
The WAN link between the Tokyo office and the Bangkok office is heavily congested. During normal
business hours, the average round-trip time for packets to travel across the WAN link is 185 ms.
The portable computer of the manager of the finance department recently experienced a hard disk failure.
The hard disk failure resulted in the loss of more than three years of email.
A. an Edge Transport server, three Edge Transport rules, and an email address policy.
B. an Edge Transport server and address rewrite entries.
C. a Hub Transport server and address rewrite entries.
D. a Hub Transport server, three Hub Transport rules, and an email address policy.
Answer: B
QUESTION 66
You are evaluating the implementation of Exchange Server 2010 SP1 Edge Transport servers and Hub
Transport servers in adatum.com.
You need to recommend a solution to ensure that the Exchange Server 2010 SP1 servers can queue email
messages for humongousinsurance.com.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. an authoritative domain
B. a retention policy
C. a remote domain
D. an external relay domain
Answer: D
QUESTION 67
You are evaluating the implementation of database availability groups (DAGs).
You need to recommend a DAG implementation that meets the redundancy requirements of A. Datum.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. Add two Mailbox servers to each site. Create one DAG for each site. Add the Mailbox servers for each
site to their respective DAG.
B. Add one Mailbox server to each site. Create one DAG that contains both Mailbox servers.
C. Add one Mailbox server to each site. Create two DAGs. Add one Mailbox server to each DAG.
D. Add two Mailbox servers to each site. Create two DAGs. Add one Mailbox server from each site to each
DAG.
Answer: A
QUESTION 68
You need to recommend changes to the existing Active Directory infrastructure to support the
planned Exchange Server 2010 SP1 deployment. The solution must meet the business goals of A.
Datum.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. Upgrade one global catalog server in each site to Windows Server 2008 R2.
B. Raise the functional level of the domain.
C. Raise the functional level of the forest.
D. Upgrade all of the global catalog servers to Windows Server 2003 x64 Edition.
E. Upgrade all of the domain controllers to Windows Server 2003 x64 Edition.
Answer: BC
QUESTION 69
You need to recommend a message routing design for the period during which A. Datum
transitions from Exchange Server 2003 to Exchange Server 2010 SP1. The solution must meet
the business goals of A. Datum.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. an Exchange hub site for each site and a Send connector that uses TOK-HUB1 and BANHUB1 as the
source servers
B. a scoped Send connector that uses TOK-BE-1 as the source server and a scoped Send connector that
uses BAN-BE-1 as the source server
C. an Exchange hub site for each site and Exchange-specific site link costs
D. a scoped Send connector that uses TOK-HUB-1 as the source server and a scoped Send connector
that uses BAN-HUB-1 as the source server
Answer: B
QUESTION 70
You need to recommend an administrative solution for the human resources teams. The solution
must meet the security requirements of A. Datum.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. a split permissions model

B. built-in security groups and distribution groups
C. management role groups
D. direct role assignments
Answer: C
QUESTION 71
You are evaluating the implementation of TOK-HUB1 and BAN-HUB1.
You need to recommend a Hub Transport server topology that meets the redundancy requirements of A.
Datum. The solution must also support the business goals of A. Datum.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. Deploy TOK-HUB1 to the Tokyo site. Deploy BAN-HUB1 to the Bangkok site. Create one Send
connector in each site.
B. Deploy TOK-HUB1 to the Tokyo site. Deploy BAN-HUB1 to the Bangkok site. Deploy a hardware load
balancer to each site. Configure the virtual IP address of the load balancer to point to the Hub Transport
servers.
C. Deploy TOK-HUB1 and an additional Hub Transport server named TOK-HUB2 to the Tokyo site. Deploy
BAN-HUB1 and an additional Hub Transport server named BAN-HUB2 to the Bangkok site. Deploy a
hardware load balancer to each site. Configure the virtual IP address of
the load balancer to point to the Hub Transport servers.
D. Deploy TOK-HUB1 and an additional Hub Transport server named TOK-HUB2 to the Tokyo site. Deploy
BAN-HUB1 and an additional Hub Transport server named BAN-HUB2 to the Bangkok site. Create one
Send connector in each site.
Answer: D
QUESTION 72
You need to recommend a routing group configuration that meets the business requirements of A. Datum.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. one routing group for each office that contains all of the Exchange servers in that office
B. one routing group that contains all of the Exchange Server 2003 servers and all of the Exchange Server
2010 SP1 servers
C. one routing group for each office that contains only the Exchange Server 2003 servers in that office and
one routing group for each office that contains only the Exchange Server 2010 SP1 servers in that office
D. one routing group for each office that contains only the Exchange Server 2003 servers in that office and
one routing group that contains all of the Exchange Server 2010 SP1 servers
Answer: D
QUESTION 73
You need to recommend a solution that meets the archiving requirements of A. Datum.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. recovery databases and Personal Archives

B. single item recovery and recovery databases
C. single item recovery and litigation holds
D. Personal Archives and retention policies
Answer: D
QUESTION 74
You plan to deploy Microsoft Forefront Online Protection for Exchange (FOPE).
You need to recommend changes to the environment to ensure that inbound email messages from the
Internet are scanned by FOPE.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. Implement Microsoft Forefront Threat Management Gateway (TMG), and then create a sharing policy.
B. Implement Microsoft Forefront Threat Management Gateway (TMG), and then create a federation trust.
C. Modify the mail exchange (MX) records of A. Datum to point to FOPE.
D. Modify the sender policy framework (SPF) record of A. Datum to point to FOPE.
E. Implement Forefront Protection 2010 for Exchange Server, and then create an organization relationship.
Answer: C
QUESTION 75
You need to recommend a Client Access server design that meets the redundancy requirements of A.
Datum.

Datum Corporation
Company Overview
Physical Locations

named Users\Tokyo.
configurations:

Address space: *
Delivery: DNS
following table.
Requirements
Business Goals

Planned Changes
Exchange servers.
respective office.

Problem Statements
A. • Four Client Access servers

• One hardware load balancer
• DNS round robin and subnet prioritization
B. • Two Client Access arrays
• Four Client Access servers
• DNS round robin and subnet prioritization
C. • Two Client Access arrays
• Four Client Access servers
• Two hardware load balancers
D. • One Client Access array

• Two Client Access servers
• One hardware load balancer
Answer: C

(WWW Mcseccna Com) 70-663 by Mandy PDF

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

(WWW Mcseccna Com) 70-663 by Mandy PDF

Загружено:

Авторское право:

Доступные форматы

CertifyMe

A. Recommend SATA hard disks in a storage area network (SAN).

The CIO requires that the following conditions be met:

You should do the following:

You should not do the following:

You should not do the following:

You do not have to do the following:

A. Create a two-way transitive trust from nutex.com to verigon.com.

What must you do FIRST?

What should the LUN capacity be?

All other answers are incorrect.

Modify the default sharing policy

You should do the following:

Allow sharing of availability information

Contacts sharing only

What must you configure as the BEST option?

A. Recommend SATA hard disks in a storage area network (SAN).

Recommend SATA hard disks in a direct attached storage (DAS).

A. the Exchange Server Load Generator (LoadGen) 2010 tool

the Exchange Server Jetstress 2010 tool

What should you propose as the BEST option?

Allow sharing of availability information

Contacts sharing only

Migrate 600 out of 2200 mailboxes to Exchange Online (Office 365)

What type of migration should you use?

All mailboxes should be cloud-based mailboxes

What should you do? (Choose two.)

A. Perform a cutover migration

You should do the following:

Perform a cutover migration

You should not do the following:

What should you propose?

What solution should you propose?

What must you deploy? (Choose two.)

What group is created by setup /PrepareDomain to avoid installation errors?

A. The Windows Authorization Access group

Modify the configuration of all server roles

The CIO wants the following requirements to be met:

What is the BEST option?

A. configure remote domains

What should you do?

What must you do?

A. Create SMTP connectors to Exchange 2003 routing groups

What should you do?

A. Ensure that IIS logging is enabled

What should you do?

A. Change the e-mail address policies.

What should you propose?

You do the following:

A. Set up a new federation trust using a trusted certificate

Set up a new federation trust using a trusted certificate

Get-FederationInformation livemail.nutex.com | New-OrganizationRelationship -

The following configures the Outlook Live organizational relationship:

Get-FederationInformation nutex.com | New-OrganizationRelationship -Name "On-

Allow sharing of availability information

Contacts sharing only

Outlook Anywhere and RPC over HTTP

What ports do you propose to open?

All other answers are incorrect.

What should you do?

A. Add Dave to the Exchange Install Domain Servers group.

The CIO instructs you to accomplish the following: